Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-02 14:00:00 |
The Makings of a Successful Threat-Hunting Program (lien direct) |
Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-02 13:25:31 |
Ragnar Locker Brags About TAP Air Portugal Breach (lien direct) |
TAP assures its customers that it stopped data theft in a recent cyberattack, but the Ragnar Locker ransomware group says it made off with user info. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-02 00:00:00 |
Ghost Data Increases Enterprise Business Risk (lien direct) |
IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 20:36:00 |
Neopets Hackers Had Network Access for 18 Months (lien direct) |
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 20:35:00 |
Threat Actor Phishing PyPI Users Identified (lien direct) |
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 19:49:52 |
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (lien direct) |
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices. |
Vulnerability
Patching
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 19:49:07 |
New Guidelines Spell Out How to Test IoT Security Products (lien direct) |
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 16:52:30 |
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects (lien direct) |
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 14:45:27 |
Apple Quietly Releases Another Patch for Zero-Day RCE Bug (lien direct) |
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices. |
Malware
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 14:18:21 |
(ISC)(2) Launches \'Certified in Cybersecurity\' Entry-Level Certification to Address Global Workforce Gap (lien direct) |
After a rigorous pilot program, the association's newest certification is officially operational. More than 1,500 pilot participants who passed the exam are on the path to full certification. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-09-01 14:00:00 |
Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (lien direct) |
Cloud breaches are inevitable - and so is cloud ransomware. (Second of two parts.) |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 23:20:23 |
Closing the Security Gap Opened by the Rise of No-Code Tools (lien direct) |
No-code startups such as Mine PrivacyOps say they offer best of both worlds - quick development and compliance with privacy laws. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 20:10:59 |
Google Fixes 24 Vulnerabilities with New Chrome Update (lien direct) |
But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 20:09:09 |
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack (lien direct) |
The ongoing campaign is spreading worldwide, using the lure of a fully functional Google Translate application for desktops that has helped the threat stay undetected for months. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 18:00:00 |
The Pros and Cons of Managed Firewalls (lien direct) |
Managed firewalls are increasingly popular. This post examines the strengths and weaknesses of managed firewalls to help your team decide on the right approach. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 18:00:00 |
James Webb Telescope Images Loaded With Malware Are Evading EDR (lien direct) |
New Golang cyberattacks use deep space images and a new obfuscator to target systems - undetected. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 17:00:00 |
OpenText Goes All-in on Cybersecurity Size and Scale With Micro Focus Purchase (lien direct) |
OpenText makes a $6 billion bet that bigger is better in security and that cybersecurity platform plays are the future. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 16:41:05 |
(ISC)² Opens Global Enrollment for \'1 Million Certified in Cybersecurity\' Initiative (lien direct) |
(ISC)² pledges to expand and diversify the cybersecurity workforce by providing free "(ISC)² Certified in Cybersecurity" education and exams to 1 million people worldwide. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 16:00:00 |
TikTok for Android Bug Allows Single-Click Account Hijack (lien direct) |
A security vulnerability (CVE-2022-28799) in one of TikTok for Android's deeplinks could affect billions of users, Microsoft warns. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 14:00:00 |
The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks (lien direct) |
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.) |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-31 13:29:17 |
SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform (lien direct) |
Next-gen platform delivers adaptive and robust, continuous authentication with identity orchestration and a frictionless user experience. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 22:21:30 |
New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries (lien direct) |
New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 20:51:39 |
Don\'t Let \'Perfect\' Be the Enemy of a Good AppSec Program (lien direct) |
These five suggestions provide a great place to start building a scalable and affordable program for creating secure apps. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 20:00:00 |
Malicious Chrome Extensions Plague 1.4M Users (lien direct) |
Analysts find five cookie-stuffing extensions, including one that's Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 17:34:37 |
(Déjà vu) Chinese Hackers Target Energy Sector in Australia, South China Sea (lien direct) |
The phishing campaign deploying a ScanBox reconnaissance framework has targeted the Australian government and companies maintaining wind turbines in the South China Sea. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 17:00:00 |
Security Culture: An OT Survival Story (lien direct) |
The relationship between information technology and operational technology will need top-down support if a holistic security culture is to truly thrive. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 15:04:28 |
Cohesity Research Reveals that Reliance on Legacy Technology Is Undermining How Organizations Respond to Ransomware (lien direct) |
Nearly half of respondents say their company relies on outdated backup and recovery infrastructure - in some cases dating back to the 1990s, before today's sophisticated cyberattacks. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 14:16:23 |
Phishing Campaign Targets PyPI Users to Distribute Malicious Code (lien direct) |
The first-of-its-kind campaign threatens to remove code packages if developers don't submit their code to a "validation" process. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 14:00:00 |
Building a Strong SOC Starts With People (lien direct) |
A people-first approach reduces fatigue and burnout, and it empowers employees to seek out development opportunities, which helps retention. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 13:33:35 |
Google Expands Bug Bounties to Its Open Source Projects (lien direct) |
The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects - with a focus on critical software such as Go and Angular. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 13:17:48 |
Cerberus Sentinel Announces Acquisition of CUATROi (lien direct) |
US cybersecurity services firm expands services in Latin America. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-30 00:26:06 |
A Peek Into CISA\'s Post-Quantum Cryptography Roadmap (lien direct) |
To help organizations with their plans, NIST and the Department of Homeland Security developed the Post-Quantum Cryptography Roadmap. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-29 19:00:00 |
Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web (lien direct) |
Documents appear to show that Israeli spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-29 16:55:33 |
3 Ways No-Code Developers Can Shoot Themselves in the Foot (lien direct) |
Low/no-code tools allow citizen developers to design creative solutions to address immediate problems, but without sufficient training and oversight, the technology can make it easy to make security mistakes. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-29 14:34:05 |
Cyber-Insurance Firms Limit Payouts, Risk Obsolescence (lien direct) |
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-29 14:21:47 |
NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor (lien direct) |
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-29 14:00:00 |
The 3 Questions CISOs Must Ask to Protect Their Sensitive Data (lien direct) |
CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-29 13:00:00 |
Microsoft 365 Empowers Business Users to Shoot Themselves in the Foot (lien direct) |
Citizen development allows users to design creative solutions for immediate problems, but it requires training and oversight to avoid security holes. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-26 17:37:45 |
LastPass Suffers Data Breach, Source Code Stolen (lien direct) |
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later. |
|
LastPass
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-26 15:45:25 |
\'Sliver\' Emerges as Cobalt Strike Alternative for Malicious C2 (lien direct) |
Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns. |
Ransomware
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-26 14:05:18 |
\'No-Party\' Data Architectures Promise More Control, Better Security (lien direct) |
Consumers gain control of their data while companies build better relationships with their customers - but third-party ad-tech firms will likely continue to stand in the way. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-26 14:00:00 |
How DevSecOps Empowers Citizen Developers (lien direct) |
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-26 13:18:17 |
Endpoint Protection / Antivirus Products Tested for Malware Protection (lien direct) |
Six out of the eight products achieved an "A" rating or higher for blocking malware attacks. Reports are provided to the community for free. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-26 13:02:52 |
Capital One Joins Open Source Security Foundation (lien direct) |
OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-25 18:55:21 |
Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack (lien direct) |
The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean and Mailchimp. |
|
APT 32
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-25 16:09:19 |
ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users (lien direct) |
Online Security autonomously blocks malicious URLs, extensions, ad trackers, and pop-ups 24/7, protecting consumers from complex and rapidly evolving cyber threats online. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-25 15:13:42 |
More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem (lien direct) |
As cryptocurrency valuations make strikes less lucrative, ransomware gangs like the new RedAlert and Monster groups are modifying their tools to attack across platforms. |
Ransomware
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-25 15:00:42 |
Wyden Renews Call to Encrypt Twitter DMs, Secure Americans\' Data From Unfriendly Foreign Governments (lien direct) |
Following whistleblower complaint, Oregon senator renews commitment to passing bipartisan legislation to address the national security risks. |
|
|
★★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-25 15:00:00 |
Senior-Level Women Leaders in Cybersecurity Form New Nonprofit (lien direct) |
The Forte Group, which gained momentum as an informal organization during the pandemic, will offer career development and advocacy for women execs in cybersecurity as well as newcomers. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-25 14:39:12 |
Cyberstarts Closes $60M in Seed Fund III (lien direct) |
Venture firm hires former Splunk CEO to spearhead new GTM advisory board and help portfolio companies scale up. |
|
|
★★
|