Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 19:03:43 |
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims (lien direct) |
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 17:17:05 |
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (lien direct) |
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 14:00:00 |
Cyber Resiliency Isn\'t Just About Technology, It\'s About People (lien direct) |
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 21:28:13 |
Easing the Cyber-Skills Crisis With Staff Augmentation (lien direct) |
Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 18:34:08 |
China\'s APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (lien direct) |
The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access. |
Tool
Threat
|
APT 41
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 18:23:04 |
Mac Attack: North Korea\'s Lazarus APT Targets Apple\'s M1 Chip (lien direct) |
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims. |
|
APT 38
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 17:17:25 |
5 Russia-Linked Groups Target Ukraine in Cyberwar (lien direct) |
Information on the attributed cyberattacks conducted since the beginning of the Russia-Ukraine war shows that a handful of groups conducted more than two dozen attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 14:42:38 |
Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out (lien direct) |
How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 14:38:22 |
Summertime Blues: TA558 Ramps Up Attacks on Hospitality, Travel Sectors (lien direct) |
The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 14:00:00 |
How to Upskill Tech Staff to Meet Cybersecurity Needs (lien direct) |
Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 13:42:55 |
OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain (lien direct) |
Hosts next OpenSSF Day in Dublin. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 01:00:00 |
Google Cloud Adds Curated Detection to Chronicle (lien direct) |
The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 18:49:19 |
Google Chrome Zero-Day Found Exploited in the Wild (lien direct) |
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 18:39:51 |
\'DarkTortilla\' Malware Wraps in Sophistication for High-Volume RAT Infections (lien direct) |
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 17:00:00 |
When Countries Are Attacked: Making the Case for More Private-Public Cooperation (lien direct) |
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 16:35:51 |
\'Operation Sugarush\' Mounts Concerning Spy Effort on Shipping, Healthcare Industries (lien direct) |
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets. |
Threat
|
|
★★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 16:17:26 |
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure (lien direct) |
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say. |
Guideline
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 15:35:39 |
Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint (lien direct) |
All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 15:10:07 |
ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market (lien direct) |
Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 15:00:39 |
AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale (lien direct) |
Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 14:00:00 |
7 Smart Ways to Secure Your E-Commerce Site (lien direct) |
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 00:14:37 |
Microsoft Rolls Out Tamper Protection for Macs (lien direct) |
The tamper protection feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 19:54:24 |
Microsoft Disrupts Russian Group\'s Multiyear Cyber-Espionage Campaign (lien direct) |
"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 19:33:55 |
DEF CON: A Woman\'s First Experience (lien direct) |
Omdia Senior Analyst Hollie Hennessy goes over her first experience of DEF CON as a woman in cybersecurity. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 19:08:11 |
Clop Ransomware Gang Breaches Water Utility, Just Not the Right One (lien direct) |
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 18:51:56 |
Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox (lien direct) |
Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 17:00:00 |
(Déjà vu) Name That Toon: Vicious Circle (lien direct) |
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 14:49:26 |
With Plunge in Value, Cryptocurrency Crimes Decline in 2022 (lien direct) |
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 14:39:57 |
Windows Vulnerability Could Crack DC Server Credentials Open (lien direct) |
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 14:00:00 |
Lessons From the Cybersecurity Trenches (lien direct) |
Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-16 13:39:55 |
SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit (lien direct) |
Heads of CIA and CISA headline event at DC Convention Center. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-15 21:28:15 |
DEF CON 30: Hackers Come Home to Vibrant Community (lien direct) |
After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-15 18:56:45 |
Most Q2 Attacks Targeted Old Microsoft Vulnerabilities (lien direct) |
The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-15 18:35:07 |
Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management (lien direct) |
ZTNA brings only marginal benefits unless you ensure that the third parties you authorize are not already compromised. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-15 14:00:00 |
How and Why to Apply OSINT to Protect the Enterprise (lien direct) |
Here's how to flip the tide and tap open source intelligence to protect your users. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-12 22:00:00 |
Cybercriminals Weaponizing Ransomware Data For BEC Attacks (lien direct) |
Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks. |
Ransomware
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-12 20:18:21 |
Patch Madness: Vendor Bug Advisories Are Broken, So Broken (lien direct) |
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-12 16:53:57 |
Software Supply Chain Chalks Up a Security Win With New Crypto Effort (lien direct) |
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-12 14:58:10 |
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (lien direct) |
Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability. |
Ransomware
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-12 14:00:00 |
How to Clear Security Obstacles and Achieve Cloud Nirvana (lien direct) |
Back-end complexity of cloud computing means there's plenty of potential for security problems. Here's how to get a better handle on SaaS application security. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 23:54:33 |
Microsoft: We Don\'t Want to Zero-Day Our Customers (lien direct) |
The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse -- it is, she says, to protect customers. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 23:38:32 |
Krebs: Taiwan, Geopolitical Headwinds Loom Large (lien direct) |
During a keynote at Black Hat 2022, former CISA director Chris Krebs outlined the biggest risk areas for the public and private sectors for the next few years. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 22:54:13 |
After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks (lien direct) |
In her keynote address at Black Hat USA 2022, Kim Zetter gives scathing rebuke of Colonial Pipeline attack. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 18:00:00 |
Supply-Chain Security Startup Phylum Wins the First Black Hat Innovation Spotlight (lien direct) |
Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 17:31:33 |
Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage (lien direct) |
Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 17:20:00 |
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls (lien direct) |
More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 16:21:18 |
New Cross-Industry Group Launches Open Cybersecurity Framework (lien direct) |
18 companies led by Amazon and Splunk announced the OCSF framework, to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 15:55:17 |
Cisco Confirms Data Breach, Hacked Files Leaked (lien direct) |
Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 14:00:00 |
The Time Is Now for IoT Security Standards (lien direct) |
Industry standards would provide predictable and understandable IoT security frameworks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-11 12:37:17 |
New Open Source Tools Launched for Adversary Simulation (lien direct) |
The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares. |
|
|
|