What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-02 23:26:00 | Axis Security Acquisition Strengthens Aruba\'s SASE Solutions With Integrated Cloud Security and SD-WAN (lien direct) | Pas de details / No more details | Cloud | ★★★ | |
 |
2023-03-02 19:10:00 | Hackers Exploit Containerized Environments to Steals Proprietary Data and Software (lien direct) | A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials," Sysdig said in a new report. The advanced cloud attack also entailed the | Cloud | ★★★★ | |
|
2023-03-02 17:05:00 | 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (lien direct) | As a primary working interface, the browser plays a significant role in today's corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing | Cloud | ★★★ | |
|
2023-03-02 17:00:00 | New Report: Inside the High Risk of Third-Party SaaS Apps (lien direct) | A new report from Adaptive Shield looks at the how volume of applications being connected to the SaaS stack and the risk they represent to company data. | Cloud | ★★★ | |
 |
2023-03-02 14:01:01 | HR software giant Personio takes its bug bounty program to the next level (lien direct) | >Arnau Estebanell, senior application security engineer at Personio, discusses the important role bug bounties can play in the security of SaaS businesses. Personio is an European tech company that develops software to simplify HR management processes. Following a successful invite-only bug bounty that launched last year with Intigriti, the company has taken the next step […] | Cloud | ★★ | |
 |
2023-03-02 00:00:00 | ThreatSync, la solution XDR de WatchGuard, simplifie la réponse à incident (lien direct) | Paris, le 02 mars 2023 - WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, annonce le lancement de sa solution ThreatSync, une solution XDR complète et simple d\'utilisation intégrée à l\\«Architecture Unified Security Platform & Reg;De Watchguard Qui Apporte la Technologie Detection et réponse prolongée (XDR)aux produits de sécurité réseau et endpoint de WatchGuard. WatchGuard ThreatSync dote les entreprises de capacités XDR permettant de centraliser les détections multiproduits et de gérer la réponse automatisée aux menaces à partir d\'une seule et même interface. Cette solution simplifie la cybersécurité tout en améliorant la visibilité et en permettant de réagir plus rapidement aux menaces dans toute l\'organisation, réduisant ainsi les risques et les coûts. " La sécurisation de réseaux complexes, dans un environnement de menaces de cybersécurité en constante évolution, nécessite d\'avoir une visibilité unifiée et des capacités de réponse rapides et intégrées ", explique Ricardo Arroyo, Principal Product Manager chez WatchGuard Technologies. " Avec ThreatSync, nos partenaires et nos clients disposent de réelles capacités XDR grâce au stack consolidé de WatchGuard. Non seulement ThreatSync simplifie la cybersécurité et leur permet de travailler de manière plus efficace et performante, mais il réduit également les risques et les coûts - tout en offrant un degré de précision supérieur, qu\'il serait impossible d\'atteindre autrement. " Pour les MSP, XDR réduit la charge de travail en permettant aux équipes de partager leurs connaissances à partir d\'une seule et même plateforme de sécurité. Dans le même temps, XDR renforce la protection et améliore les résultats en combinant différentes couches de sécurité. Principales caractéristiques de la solution ThreatSync de WatchGuard : Zéro configuration - Les produits de sécurité WatchGuard sont réputés pour être faciles à déployer et à gérer. De l\'octroi de licences aux opérations, cette simplicité renforce l\'efficacité et s\'inscrit parfaitement dans la mission de l\'éditeur : fournir une plateforme facilitant tous les aspects de la sécurité des systèmes. Composant clé de la plateforme de sécurité unifiée de WatchGuard, ThreatSync fournit une plateforme multiproduit entièrement intégrée, réduisant les coûts de configuration et de déploiement interne de plusieurs solutions distinctes. Sécurité complète - WatchGuard offre un portefeuille complet de produits et services de sécurité, fonctionnant de concert pour protéger les environnements, les utilisateurs et les appareils. ThreatSync s\'appuie sur le savoir-faire de WatchGuard en matière de sécurité du réseau et des endpoints (EDR) pour permettre des détections croisées, qui sont recueillies et transformées en informations exploitables en temps réel depuis une interface unique, conçue précisément pour permettre aux fournisseurs de services de gérer de bout en bout la sécurité de leurs clients. Visibilité unifiée sur les menaces - ThreatSync augmente la précision et accélère la détection en unifiant automatiquement les données sur les menaces de l\'ensemble des solutions WatchGuard au sein d\'une seule interface, avec une expérience utilisateur adaptée aux équipe | Threat Cloud | ★★ | |
 |
2023-03-02 00:00:00 | Phishing as a Service Stimulates Cybercrime (lien direct) | With phishing attacks at an all-time high, phishing as a service (PhaaS) is turning this once-skilled practice into a pay-to-play industry. Understanding the latest attack tactics is critical to improving your email security strategy. | Cloud | ★★★ | |
|
2023-03-01 22:50:00 | (Déjà vu) DoControl\'s 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets (lien direct) | Volume of SaaS assets and events magnifies risks associated with manual management and remediation. | Threat Cloud | ★ | |
|
2023-03-01 18:33:26 | What Happened in That Cyberattack? With Some Cloud Services, You May Never Know (lien direct) | More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics. | Cloud | ★★★ | |
 |
2023-03-01 16:07:08 | DoControl\'s 2023 SaaS Security Threat Landscape Report Finds 50% of Enterprises and 75% of Mid-market Organizations Have Exposed Public SaaS Assets (lien direct) | DoControl's 2023 SaaS Security Threat Landscape Report Finds 50% of Enterprises and 75% of Mid-market Organizations Have Exposed Public SaaS Assets Volume of assets and events magnifies impracticality of manual management and remediation which leave organizations widely exposed to threat - Special Reports | Threat Cloud | ★★ | |
 |
2023-03-01 15:30:00 | Public SaaS Assets Are a Major Risk For Medium, Large Firms (lien direct) | The findings come from DoControl's latest SaaS Security Threat Landscape report | Threat Cloud | ★★ | |
 |
2023-03-01 15:25:58 | Mainframe : IBM veut rendre z/OS (plus) intelligent (lien direct) | IBM veut faire de z/OS un système d'exploitation hybride cloud "imprégné" par l'intelligence artificielle et en faciliter la gestion en libre service. | Cloud | ★★★ | |
 |
2023-03-01 11:59:44 | 8 ways to secure Chrome browser for Google Workspace users (lien direct) | Posted by Kiran Nair, Product Manager, Chrome Browser Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost. Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android. You also get deep visibility into your browser fleet including which browsers are out of date, which extensions your users are using and bringing insight to potential security blindspots in your enterprise. Managing Chrome from the cloud allows Google Workspace admins to enforce enterprise protections and policies to the whole browser on fully managed devices, which no longer requires a user to sign into Chrome to have policies enforced. You can also enforce policies that apply when your managed users sign in to Chrome browser on any Windows, Mac, or Linux computer (via Chrome Browser user-level management) --not just on corporate managed devices.  This enables you to keep your corporate data and users safe, whether they are accessing work resources from fully managed, personal, or unmanaged devices used by your vendors. Getting started is easy. If your organization hasn't already, check out this guide for steps on how to enroll your devices. 2. Enforce built-in protections against Phishing, Ransomware & Malware Chrome uses Google's Safe Browsing technology to help protect billions of devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing is enabled by default for all users when they download Chrome. As an administrator, you can prevent your users from disabling Safe Browsing by enforcing the SafeBrowsingProtectionLevel policy.  Over the past few years, we've seen threats on the web becoming increasingly sophisticated. Turning on Enhanced Safe Browsing will substantially increase protection |
Ransomware Malware Tool Threat Guideline Cloud | ★★★ | |
 |
2023-03-01 11:00:04 | How To Reduce Security Risks Posed by Cloud Identities? (lien direct) | >By Andrei Dankevich – Product Marketing Manager Cloud Security The history of cloud computing goes all the way back to the1950s when the world was introduced to shared and distributed architectures with technologies like mainframe computing, for example, the IBM 701 Defense Calculator. In the subsequent years, computer scientists innovated and introduced utility computing, grid… | Cloud | ★★ | |
 |
2023-03-01 09:43:00 | Not Dead Yet - The Evolution of the Data Center (lien direct) | To protect today's dynamic application journey, organizations need data center and cloud security solutions that can be natively integrated across major cloud platforms and technologies. | Cloud | ★★ | |
 |
2023-03-01 07:00:00 | Why Organisations Must Get to Grips With Cloud Delivered Malware (lien direct) | >Netskope has just published the Monthly Threat Report for February, with this month's report focused on what is going on in Europe. I don't intend to summarise the report in this blog, instead I want to zoom in and study a continuing trend that was highlighted in there; one that is unfortunately heading in the […] | Malware Threat Prediction Cloud | ★★★ | |
|
2023-02-28 22:32:00 | LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation (lien direct) | The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. | Cloud | LastPass | ★★ |
|
2023-02-28 17:43:44 | Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist (lien direct) | The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. | Cloud | Uber | ★★ |
|
2023-02-28 17:10:09 | MultiCloud-Umfrage: Herausforderung MultiCloud Security (lien direct) | Die Ergebnisse der MultiCloud-Umfrage des SANS Institutes, Anbieter von Cybersicherheitsschulungen und -zertifizierungen, zeigen, dass Cloud Agnostic Security-Strategien gefragt sind. Viele Befragte gaben an, dass sich ihre Organisationen aktiv für Multi-Cloud entscheiden, um die besten Dienste für ihre Ziele zum besten Preis zu nutzen. Sie portieren viele Workloads in Echtzeit von einer Cloud in eine andere, um die Kosteneinsparungen zu maximieren. Andere arbeiten mit Organisationen die durch Fusionen und Übernahmen organisch zu Multicloud wurden. - Sonderberichte / cybersecurite_home_gauche, Sonderberichte | Cloud | ★ | |
 |
2023-02-28 16:30:00 | Perspectives mandiantes de la Munich Cyber Security Conference 2023 Mandiant Perspectives from the Munich Cyber Security Conference 2023 (lien direct) |
Les cyber-capacités sont un outil de plus en plus important de Statecraft avec les opérations d'aujourd'hui reflétant de plus en plus les ambitions stratégiques et géopolitiques des sponsors gouvernementaux.Il est essentiel de connecter les défenseurs et les décideurs du réseau.
La Conférence de cybersécurité de Munich (MCSC) fournit donc un échange de bienvenue pour discuter des défis naissants auxquels la communauté de la cybersécurité est confrontée.La vice-présidente de l'intelligence mandiante Sandra Joyce et Google Cloud Ciso Phil Venables ont pris la parole lors de l'événement de cette année.
Ce billet de blog décrit les plats à retenir de MCSC 2023 et comment mandiant, maintenant une pièce
Cyber capabilities are an increasingly important tool of statecraft with today\'s operations increasingly reflecting the strategic and geopolitical ambitions of government sponsors. This makes it essential to connect network defenders and policymakers. The Munich Cyber Security Conference (MCSC), therefore, provides a welcome exchange to discuss nascent challenges facing the cyber security community. Both Mandiant Intelligence VP Sandra Joyce, and Google Cloud CISO Phil Venables spoke at this year\'s event. This blog post outlines key takeaways from MCSC 2023 and how Mandiant, now a part |
Tool Cloud Conference | ★★ | |
 |
2023-02-28 16:15:00 | Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, DLL sideloading, Infostealers, Phishing, Social engineering, and Tunneling. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
WinorDLL64: A Backdoor From The Vast Lazarus Arsenal?
(published: February 23, 2023)
When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group.
Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations.
MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery | |
Ransomware Malware Tool Threat Medical Medical Cloud | APT 38 | ★ |
 |
2023-02-28 09:42:43 | LastPass DevOps Engineer Breached To Steal Password Vault Data (lien direct) | LastPass DevOps engineers were compromised because they had access to the decryption keys. LastPass detailed an “organized second attack” in which a threat actor took data from Amazon AWS cloud storage servers for two months. Threat actors obtained partially encrypted password vault data and customer data from LastPass in December. The well-known password manager LastPass […] | Threat Cloud | LastPass | ★ |
|
2023-02-27 22:00:00 | Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform (lien direct) | Cloud security vendor Wiz has raised $900 million since its founding in 2020. | Cloud | ★★★ | |
 |
2023-02-27 20:40:56 | LastPass: DevOps engineer hacked to steal password vault data in 2022 breach (lien direct) | LastPass revealed more information on a "coordinated second attack," where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. [...] | Threat Cloud | LastPass | ★★ |
 |
2023-02-27 20:40:16 | LastPass Says DevOps Engineer Home Computer Hacked (lien direct) | >LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. | Malware Cloud | LastPass | ★ |
|
2023-02-27 20:09:00 | Shocking Findings from the 2023 Third-Party App Access Report (lien direct) | Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don't even realize | Cloud | ★★★★ | |
|
2023-02-27 16:08:32 | Strengthening Defenses Against Advanced Cloud and Email Threats with Netskope and Mimecast (lien direct) | >The widespread adoption of cloud transformation and hybrid work are increasing the attack surface while attacks get increasingly sophisticated. Attacks targeting cloud infrastructure and email-borne threats have soared to unprecedented levels, making it critical for organizations to protect sensitive data regardless of where it may be stored. Traditional security architectures were not designed to protect […] | Cloud | ★★ | |
 |
2023-02-27 15:15:11 | CVE-2023-22860 (lien direct) | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | Vulnerability Guideline Cloud | ||
|
2023-02-27 14:59:23 | Paul Martini, CEO of iboss comment new federal cyber recommendations (lien direct) | After the recent cybersecurity recommendations from the U.S. National Security Telecommunications Advisory Committee which at a high level is advocating for better collaboration and consensus in government cybersecurity standards. Paul Martini, CEO of cloud cybersecurity company iboss, shares his opinion on the recommendations. - Opinion | Cloud | ★★ | |
|
2023-02-27 14:56:57 | Etude Threat Labs Netskope : les entreprises européennes ciblées par des chevaux de Troie (lien direct) | Etude Threat Labs Netskope : les entreprises européennes ciblées par des chevaux de Troie ● Les attaquants utilisent de plus en plus les applications cloud comme vecteurs de diffusion de malwares en Europe avec une hausse de 33 % à 53 % en une année. ● Totalisant 78 % des menaces bloquées en 2022, les chevaux de Troie ont constitué le type de malware le plus répandu en Europe, suivis par les exploits, les backdoors et les téléchargements furtifs. ● Microsoft OneDrive est l'application cloud la plus populaire en Europe, talonnée par Google Drive. Les produits et services qui forment Google Workspace sont davantage utilisés en Europe que dans le reste du monde. - Malwares | Malware Threat Cloud | ★★★ | |
|
2023-02-27 11:49:41 | QNAP Offering $20,000 Rewards via New Bug Bounty Program (lien direct) | >New QNAP Systems bug bounty program covers vulnerabilities in applications, cloud services, and operating systems. | Cloud | ★★★ | |
|
2023-02-25 00:15:11 | CVE-2023-25816 (lien direct) | Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. | Cloud | ||
|
2023-02-25 00:15:11 | CVE-2023-25821 (lien direct) | Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | Cloud | ||
|
2023-02-24 21:19:00 | Tackling Software Supply Chain Issues With CNAPP (lien direct) | The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain. | Cloud | ★★★ | |
|
2023-02-24 19:31:00 | How to Tackle the Top SaaS Challenges of 2023 (lien direct) | Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a goldmine for hackers. But don't panic just yet. With the right knowledge and tools, you can protect your company's | Cloud | ★★★ | |
 |
2023-02-24 00:00:00 | 2022 Review: Trend Transforms to SaaS Cybersecurity (lien direct) | Transformation to a SaaS-based cybersecurity vendor | Prediction Cloud | ★★ | |
|
2023-02-23 20:15:13 | CVE-2023-20011 (lien direct) | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. | Vulnerability Cloud | ||
|
2023-02-23 20:15:13 | CVE-2023-23917 (lien direct) | A prototype pollution vulnerability exists in Rocket.Chat server | Vulnerability Cloud | ||
|
2023-02-23 17:00:00 | Top Takeaways From CloudNativeSecurityCon 2023 (lien direct) | CloudNativeSecurityCon North America 2023 was a vendor-neutral cloud-native security conference. Here's why it was important. | Cloud | ★★★★ | |
|
2023-02-21 16:42:47 | (Déjà vu) Applications : pourquoi faire un audit de vos actifs logiciels (lien direct) | La moitié du parc logiciel installé et des applications SaaS sous licence n'est pas utilisée par les collaborateurs, selon Nexthink. | Cloud | ★★ | |
 |
2023-02-21 09:00:00 | La meilleure approche pour écrire des applications natives Secure Cloud The Best Approach to Writing Secure Cloud Native Apps (lien direct) |
Avec Sonar et la méthodologie Clean As Code, les développeurs peuvent avoir un impact direct sur la sécurité des applications natives cloud qu'ils créent.
With Sonar and the Clean as You Code methodology, developers can directly impact the security of the cloud native apps they create. |
Cloud | ★★ | |
 |
2023-02-21 01:00:00 | HWP Malware Using the Steganography Technique: RedEyes (ScarCruft) (lien direct) | In January, the ASEC (AhnLab Security Emergency response Center) analysis team discovered that the RedEyes threat group (also known as APT37, ScarCruft) had been distributing malware by exploiting the HWP EPS (Encapsulated PostScript) vulnerability (CVE-2017-8291). This report will share the RedEyes group’s latest activity in Korea. 1. Overview The RedEyes group is known for targeting specific individuals and not corporations, stealing not only personal PC information but also the mobile phone data of their targets. A distinct characteristic of the... | Malware Vulnerability Threat Cloud | APT 37 | ★★★ |
 |
2023-02-17 07:45:42 | 3 Ways Visualization Improves Cloud Asset Management and Security (lien direct) | Public cloud services and cloud assets are agile and dynamic environments. Close oversight of these assets is a critical component of your asset management and security practices. While it's important to understand the relationships and potential vulnerabilities of your cloud assets, the practice of managing these systems is complicated by the ever-changing nature of cloud […] | Cloud | ★★★ | |
 |
2023-02-16 10:55:24 | Espionage WIP26 |Les acteurs de la menace abusent des infrastructures cloud dans les attaques de télécommunications ciblées WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks (lien direct) |
Un nouveau cluster de menaces a ciblé les fournisseurs de télécommunications au Moyen-Orient et abusé des services cloud Microsoft, Google et Dropbox.
A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services. |
Threat Cloud | ★★★ | |
|
2023-02-16 00:00:00 | WatchGuard lance une nouvelle gamme de firewalls pour améliorer la sécurité unifiée des entreprises distantes et multisites (lien direct) | Paris, le 16 février 2023 - WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, annonce la sortie de ses nouveaux firewalls Firebox T25/T25-W, T45/T45-POE/T45-W-POE et T85-POE en version tabletop. Propulsés par l'architecture Unified Security Platform® de WatchGuard pour offrir une sécurité complète et une gestion simplifiée via WatchGuard Cloud, ces nouveaux firewalls sont conçus pour offrir les performances dont les environnements professionnels distants et multisites ont besoin pour mieux se protéger contre les menaces de sécurité réseau les plus récentes. Avec plus de mémoire et des vitesses de traitement plus rapides pour un meilleur débit, cette nouvelle gamme d'appliances Firebox permet aux partenaires WatchGuard, MSP et administrateurs informatiques de sécuriser les succursales, les équipements de bureau, les appareils distants, les logiciels de point de vente et les utilisateurs distants contre les menaces complexes et émergentes, tout en réduisant autant que possible les exigences de configuration et de gestion du réseau. " Les environnements informatiques de tous types et de toutes tailles sont confrontés à des cybermenaces avancées et sophistiquées mais les PME et les succursales ne disposent généralement pas de compétences dédiées pour configurer, installer et gérer les solutions de sécurité réseau ", explique Ryan Poutre, Product Manager chez WatchGuard Technologies. " Cette nouvelle génération de Firebox tire pleinement parti de l'architecture de notre plateforme de sécurité unifiée. Les MSP peuvent ainsi proposer les solutions robustes et la gestion simplifiée dont ils ont besoin pour répondre aux besoins d'un large éventail de clients et de scénarios de déploiement. " Grâce à des services de sécurité comme APTBlocker (sandbox malware detection) et ThreatSync (partage des connaissances entre l'endpoint et le réseau), les nouvelles Firebox sont idéales pour les petites entreprises qui ne disposent pas d'une équipe de sécurité dédiée. En plus d'offrir une protection avancée contre les logiciels malveillants en environnement multisites, les nouvelles solutions intègrent des fonctionnalités SD-WAN pour optimiser les performances du réseau en distribuant dynamiquement le trafic réseau sur plusieurs connexions en fonction de politiques définies. Ces nouvelles Firebox tirent parti des dernières mises à jour de WatchGuard Cloud pour afficher graphiquement et en temps réel l'état des liens SD-WAN et de tout basculement. Elles prennent également en charge les dernières fonctionnalités Fireware pour le partage de la charge sur plusieurs liens. Ces capacités sont incluses dans toutes les offres de services de WatchGuard. " Les appliances Firebox portables de WatchGuard nous offrent toutes les fonctionnalités et la protection de sécurité des appliances en rack, et nous rendent plus efficaces avec le provisioning Zero Touch pour déployer et configurer les appareils, mettre à jour le firmware et appliquer les politiques après qu'un utilisateur distant ait activé un appareil. Nous pouvons rapidement déployer et configurer le SD-WAN via WatchGuard Cloud à partir de sites distants ", explique Troy Midwood, Chief Technology Officer chez Aabyss. " Ces appliances sont un autre exemple de l'attention que WatchGuard porte à l'élaboration d'excellents produits qui soutiennent notre activité MSP ". Les principales caractéristiques de chacune des nouvelles appliances Firebox : WatchGuard Firebox T25/T25-W : fourn | Malware Tool Threat Cloud | ★★ | |
|
2023-02-15 20:29:00 | North Korea\'s APT37 Targeting Southern Counterpart with New M2RAT Malware (lien direct) | The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State Security (MSS) unlike the Lazarus and | Malware Threat Cloud | APT 38 APT 37 | ★★ |
|
2023-02-15 10:06:57 | RedEyes Hackers Adopts New Malware, Steals Data From Devices (lien direct) | The APT37 threat group targets people for intelligence gathering using the new elusive “M2RAT” malware and steganography. North Korea’s APT37, sometimes referred to as “RedEyes” or “ScarCruft,” is a hacker collective thought to be funded by the government. The hacker gang was observed in 2022 using Internet Explorer zero-day vulnerabilities to distribute a wide range […] | Malware Threat Cloud | APT 37 | ★★ |
|
2023-02-14 17:37:57 | RedEyes hackers use new malware to steal data from Windows, phones (lien direct) | The APT37 threat group (aka 'RedEyes' or 'ScarCruft') has been spotted using a new evasive malware named 'M2RAT' along with steganography to attack specific individuals for intelligence collection. [...] | Malware Threat Cloud | APT 37 | ★★ |
|
2023-02-01 15:00:00 | Ajouter une visibilité du nuage à votre programme de gestion de surface d'attaque Add Cloud Visibility to Your Attack Surface Management Program (lien direct) |
La surface d'attaque externe se développe au-delà du DNS et des domaines pour inclure des ressources et des applications hébergées dans le nuage.Pour les organisations ayant des empreintes sur site et dans deux ou plusieurs environnements cloud, la réalisation d'une visibilité continue et centralisée de tous les actifs possédés est lourd, ce qui a conduit les équipes de sécurité à basculer entre les consoles pour bricoler ensemble une vue de la surface d'attaque.
Ajoutant au défi, l'accélération de l'adoption des nuages a donné un nombre croissant de applications entrant des instances de cloud avant que l'équipe de sécurité puisse les évaluer pour le risque . observations du monde réel indic
The external attack surface expands beyond DNS and domains to include resources and applications hosted in the cloud. For organizations with footprints on-prem and in two or more cloud environments, achieving continuous and centralized visibility of all owned assets is cumbersome, leading security teams to toggle between consoles to cobble together a view of the attack surface. Adding to the challenge, the acceleration of cloud adoption has yielded an increasing number of applications entering cloud instances before the security team can assess them for risk. Real-world observations indic |
Cloud | ★★★ | |
|
2023-01-18 00:00:00 | WatchGuard nomme Simon Yeo Senior Vice President of Operations (lien direct) | Paris - le 18 janvier 2023 - WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, annonce la nomination de Simon Yeo en tant que nouveau Senior Vice President of Operations de l'éditeur. Simon dirigera les opérations liées au Cloud, à la sécurité, aux systèmes et à l'infrastructure IT de WatchGuard. Vétéran de l'industrie technologique avec plus de trois décennies d'expérience, l'expertise professionnelle de Simon Yeo couvre les domaines du Cloud public et privé, du datacenter, de l'ingénierie réseau, du DevOps, des systèmes IT d'entreprise, de la sécurité, etc. " Simon apporte à WatchGuard une expertise approfondie du secteur de la technologie et un mode de management axé sur les personnes, la collaboration et l'intégrité ", explique Prakash Panjwani, CEO de WatchGuard Technologies. " Ses précieuses compétences en sécurité, sa connaissance des produits WatchGuard et son approche du marché, ainsi que son expertise en matière de transformation numérique font de lui le candidat idéal pour ce rôle. Nous sommes ravis d'accueillir Simon dans l'équipe dirigeante de WatchGuard. " Avant de rejoindre WatchGuard, Simon Yeo a occupé pendant six ans le poste de CIO chez Barracuda Networks. Il a supervisé diverses initiatives stratégiques, notamment la transformation numérique de l'entreprise, la migration du Cloud privé vers le cloud public, et la transformation des programmes de sécurité et de conformité. Simon Yeo a également occupé des postes de direction chez Upwork, Tout.com, Meebo et LoudCloud. Passionné de technologie depuis toujours, Simon Yeo est titulaire d'une licence en informatique et ingénierie de l'UCLA et d'une maîtrise en informatique de l'université de Stanford. " WatchGuard est un leader reconnu en matière de cybersécurité, avec une culture de travail remarquablement collaborative ", se réjouit Simon Yeo. " Je suis enthousiaste à l'idée d'endosser ce nouveau rôle et j'ai hâte de travailler avec les équipes de WatchGuard, afin de d'accélérer la modernisation des systèmes et les processus, et de la transformation du Cloud” | Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
