Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 23:25:58 |
Threat Intelligence Services Are Universally Valued by IT Staff (lien direct) |
Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 21:32:18 |
Why We\'re Getting Vulnerability Management Wrong (lien direct) |
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management. |
Vulnerability
Patching
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 18:55:54 |
APT Groups Swarming on VMware Servers with Log4Shell (lien direct) |
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 16:23:29 |
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say (lien direct) |
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable - but is "attackability" the best method for prioritizing bugs? |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 14:00:00 |
7 Steps to Stronger SaaS Security (lien direct) |
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 12:25:50 |
The Cybersecurity Talent Shortage Is a Myth (lien direct) |
We have a tech innovation problem, not a staff retention (or recruitment) problem. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-24 12:00:00 |
Without Conti On The Scene, LockBit 2.0 Leads Ransomware Attacks (lien direct) |
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-23 19:58:43 |
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft (lien direct) |
Bronze Starlight's use of multiple ransomware families and its victim-targeting suggest there's more to the group's activities than just financial gain, security vendor says. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-23 18:45:31 |
Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings (lien direct) |
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-23 17:33:09 |
Pair of Brand-New Cybersecurity Bills Become Law (lien direct) |
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-23 12:00:00 |
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security (lien direct) |
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page. |
Guideline
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-23 01:24:30 |
Organizations Battling Phishing Malware, Viruses the Most (lien direct) |
Organizations may not encounter malware targeting cloud systems or networking equipment frequently, but the array of malware they encounter just occasionally are no less disruptive or damaging. That is where the focus needs to be. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-22 20:33:50 |
Microsoft 365 Users in US Face Raging Spate of Attacks (lien direct) |
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-22 18:19:36 |
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts (lien direct) |
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-21 20:57:06 |
China-Linked ToddyCat APT Pioneers Novel Spyware (lien direct) |
ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-21 14:30:40 |
BRATA Android Malware Evolves Into an APT (lien direct) |
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities. |
Malware
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-20 16:32:08 |
DDoS Attacks Delay Putin Speech at Russian Economic Forum (lien direct) |
A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-17 20:40:00 |
Ransomware and Phishing Remain IT\'s Biggest Concerns (lien direct) |
Security teams - who are already fighting off malware challenges - are also facing renewed attacks on cloud assets and remote systems. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-17 18:30:00 |
Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware (lien direct) |
Most of the attacks involve the use of automated exploits, security vendor says. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-17 14:00:00 |
Can We Make a Global Agreement to Halt Attacks on Our Energy Infrastructure? (lien direct) |
The energy sector remains susceptible to both espionage between nation-states and cybercrime, and recent developments keep pointing toward more attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-17 13:00:00 |
Tackling 5 Challenges Facing Critical National Infrastructure Today (lien direct) |
The stakes are high when protecting CNI from destructive malware and other threats. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-16 20:34:43 |
Microsoft 365 Function Leaves SharePoint, OneDrive Files Open to Ransomware Attacks (lien direct) |
SharePoint and OneDrive libraries can be encrypted in ransomware attack, researchers say. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-16 19:09:44 |
Android Spyware \'Hermit\' Discovered in Targeted Attacks (lien direct) |
The commercial-grade surveillance software initially was used by law enforcement authorities in Italy in 2019, according to a new report. |
|
APT 37
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-16 17:00:00 |
RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure (lien direct) |
A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-15 20:49:28 |
\'Hertzbleed\' Side-Channel Attack Threatens Cryptographic Keys for Servers (lien direct) |
A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-14 20:15:27 |
DDoS Subscription Service Operator Gets 2 Years in Prison (lien direct) |
The distributed denial-as-a-service websites were behind more than 200K attacks on targets including schools and hospitals. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-13 20:23:16 |
Kaiser Permanente Breach Exposes Data on 70K Patients (lien direct) |
Employee email compromise potentially exposed patients' medical information, including lab test results and dates of services. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-13 19:43:16 |
Exposed Travis CI API Leaves All Free-Tier Users Open to Attack (lien direct) |
Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-13 13:59:07 |
DoS Vulnerability Allows Easy Envoy Proxy Crashes (lien direct) |
The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-10 19:21:39 |
Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry (lien direct) |
A Linux-based banking Trojan is a master at staying under the radar. |
Malware
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-10 16:53:33 |
New Linux Malware \'Nearly Impossible to Detect\' (lien direct) |
So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-10 11:00:00 |
Design Weakness Discovered in Apple M1 Kernel Protections (lien direct) |
The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-09 20:30:00 |
Prevent Breaches and Malware With Proactive Defenses (lien direct) |
Darktrace's Mike Beck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about risk management. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-09 18:30:04 |
Emotet Banking Trojan Resurfaces, Skating Past Email Security (lien direct) |
The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-09 15:15:24 |
Why AIs Will Become Hackers (lien direct) |
At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems - and what that will mean for us. |
Hack
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-08 22:41:41 |
China-Sponsored Cyberattackers Target Networking Gear to Build Widespread Attack Infrastructure (lien direct) |
Compromised routers, VPNs, and NAS devices from Cisco, Citrix, Pulse, Zyxel, and others are all being used as part of an extensive cyber espionage campaign. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-08 22:19:13 |
Cracking the Email Security Code: 12 Best Practices for Small and Midsize Businesses (lien direct) |
It only takes one successful attack to spell disaster for a company. Learn how to protect your company with this email security best practice guide. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-07 23:15:04 |
An Emerging Threat: Attacking 5G Via Network Slices (lien direct) |
A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-07 13:38:41 |
Akamai Launches New Malware Protection for Uploaded Files (lien direct) |
Edge-based solution detects and blocks malicious files uploaded to Web apps and APIs. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-07 13:00:00 |
Fortinet Unveils New Digital Risk Protection Offering (lien direct) |
FortiRecon combines machine learning, automation, and human intelligence to continually monitor an organization's external attack surface. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-06 22:16:45 |
Ransomware\'s ROI Retreat Will Drive More BEC Attacks (lien direct) |
Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-06 16:38:31 |
IBM to Buy Attack Surface-Management Firm Randori (lien direct) |
Randori's attack surface management software to be integrated into IBM Security QRadar extended detection and response (XDR) features. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-06 14:00:00 |
Are You Ready for a Breach in Your Organization\'s Slack Workspace? (lien direct) |
A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-03 17:19:26 |
Iconium Software Releases DataLenz v1.3 for IBM zSystems (lien direct) |
DataLenz delivers real-time, machine learning-based breach detection with user behavior modeling for IBM zSystems. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-03 16:50:16 |
Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium (lien direct) |
The attack on Israeli organizations is the latest in a long line of attempts to compromise supply chains, as the APT looks to leverage that access to target a multitude of potential victims. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-02 20:54:49 |
Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach (lien direct) |
79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-02 15:00:09 |
\'Clipminer\' Malware Actors Steal $1.7 Million Using Clipboard Hijackingp (lien direct) |
The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking. |
Malware
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-02 13:00:02 |
Neutralizing Novel Trickbot Attacks With AI (lien direct) |
Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-01 21:30:59 |
Hunting for Threats Using Network Traffic Flows (lien direct) |
SeclarityIO's NetworkSage platform analyzes network traffic data to identify attacks before they become real problems. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-06-01 21:08:04 |
FluBot Android Malware Operation Disrupted, Infrastructure Seized (lien direct) |
Security researchers have described the malware as among the fastest-spreading mobile threats in recent years. |
Malware
Threat
|
|
|