What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-23 17:39:00 | LastPass Cops to Massive Breach Including Customer Vault Data (lien direct) | The follow-on attack from August's source-code breach could fuel future campaigns against LastPass customers. | LastPass | ★ | |
|
2022-12-23 17:15:00 | Videoconferencing Worries Grow, With SMBs in Cyberattack Crosshairs (lien direct) | Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources. | ★★★ | ||
|
2022-12-23 15:12:00 | Google: With Cloud Comes APIs & Security Headaches (lien direct) | APIs are key to cloud transformation, but two Google surveys find that cyberattacks targeting them are reaching a tipping point, even as general cloud security issues abound. | ★★★ | ||
|
2022-12-23 15:00:00 | Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (lien direct) | To stay safer, restrict access to data, monitor for breaches in the supply chain, track relevant data that is sold on the Dark Web, and implement best safety practices. | Ransomware | ★★★ | |
|
2022-12-23 00:01:00 | Security Is a Second-Class Citizen in High-Performance Computing (lien direct) | Vendors and operators attempt to balance power and security, but right now, power is the highest goal. | ★★★★ | ||
|
2022-12-23 00:00:00 | What Kind of Data Gets Stolen When a Developer is Compromised? (lien direct) | What is the worst that can happen when a developer's machine is compromised? Depending on the developer's position, attackers gain access to nearly everything: SSH keys, credentials, access to CI/CD pipelines and production infrastructure, the works. | ★★★ | ||
|
2022-12-22 21:23:00 | New Brand of Security Threats Surface in the Cloud (lien direct) | Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach. | Threat | ★★★ | |
|
2022-12-22 21:07:00 | Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers (lien direct) | "Largest attack of its kind": A potent Southeast Asian e-commerce fraud ring has declared war on US retailers, targeting billions in goods in just the past month and forcing mules into its scheme. | ★★★ | ||
|
2022-12-22 21:00:00 | Biden Signs Post-Quantum Cybersecurity Guidelines Into Law (lien direct) | The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC. | ★★★ | ||
|
2022-12-22 15:31:00 | Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc. (lien direct) | Pas de details / No more details | ★★★ | ||
|
2022-12-22 15:09:19 | Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses (lien direct) | With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare. | ★★★ | ||
|
2022-12-22 15:00:01 | Google WordPress Plug-in Bug Allows AWS Metadata Theft (lien direct) | A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands. | Vulnerability | ★★★ | |
|
2022-12-22 15:00:00 | \'Sextortion,\' Business Disruption, and a Massive Attack: What Could Be in Store for 2023 (lien direct) | Our growing interconnectedness poses almost as many challenges as it does benefits. | ★★★ | ||
|
2022-12-22 15:00:00 | Threat Modeling in the Age of OpenAI\'s Chatbot (lien direct) | New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work. | Threat | ★★★ | |
|
2022-12-22 14:03:02 | Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (lien direct) | Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices. | Threat | ★★★ | |
|
2022-12-21 22:00:00 | Supply Chain Risks Got You Down? Keep Calm and Get Strategic! (lien direct) | Security leaders must maintain an effective cybersecurity strategy to help filter some of the noise on new vulnerabilities. | Guideline | ★★★ | |
|
2022-12-21 20:45:00 | Ransomware Attackers Bypass Microsoft\'s ProxyNotShell Mitigations With Fresh Exploit (lien direct) | The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers. | Ransomware | ★★★★ | |
|
2022-12-21 20:12:00 | Heartland Alliance Provides Notice of Data Security Incident (lien direct) | Pas de details / No more details | ★★ | ||
|
2022-12-21 20:00:00 | Best Practices for Securing and Governing Your Multicloud Deployment (lien direct) | Organizations can start by integrating functions like detection, prioritization, and remediation on to a single platform. | ★★★ | ||
|
2022-12-21 18:38:26 | (Déjà vu) Name That Toon: Kiss and Tell (lien direct) | Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. | ★★ | ||
|
2022-12-21 18:00:00 | \'Russian Hackers\' Help Fraudsters Hijack JFK Airport\'s Taxi Dispatch (lien direct) | DoJ charges allege they hacked into the taxi dispatch system for profit, selling the ability for cab drivers to skip the line for picking up a fare at JFK terminals. | ★★★ | ||
|
2022-12-21 16:32:00 | Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists (lien direct) | Pas de details / No more details | ★★★ | ||
|
2022-12-21 15:51:51 | Understanding the 3 Classes of Kubernetes Risk (lien direct) | The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated. | Uber | ★★ | |
|
2022-12-21 15:51:30 | How to Run Kubernetes More Securely (lien direct) | The open source container tool is quite popular among developers - and threat actors. Here are a few ways DevOps teams can take control. | Tool Threat | Uber | ★★ |
|
2022-12-21 15:03:30 | Godfather Banking Trojan Masquerades as Legitimate Google Play App (lien direct) | The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads. | Malware | ★★★ | |
|
2022-12-21 15:00:00 | Why Security Teams Shouldn\'t Snooze on MFA Fatigue (lien direct) | Employee education, biometric and adaptive authentication, and zero trust can go a long way in strengthening security. | ★★ | ||
|
2022-12-20 23:30:00 | Give Yourself the Gift of Secure Holiday E-Commerce (lien direct) | Automating your defenses can bring good tidings of great joy. | ★★ | ||
|
2022-12-20 23:00:00 | Paying Ransom: Why Manufacturers Shell Out to Cybercriminals (lien direct) | Lower cybersecurity awareness coupled with vulnerable OT gear makes manufacturers tempting targets, but zero trust can blunt attackers' advantages. | ★★ | ||
|
2022-12-20 21:34:00 | Bfore.Ai Releases \'The King, The Knight & The Snowball\' - Cybersecurity Book for Children (lien direct) | This unique fairytale is available for free just before Christmas to enjoy with the entire family. | ★★★★ | ||
|
2022-12-20 21:00:04 | Microsoft Warns on \'Achilles\' macOS Gatekeeper Bypass (lien direct) | The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs. | ★★★ | ||
|
2022-12-20 20:12:00 | Raspberry Robin Worm Targets Telcos & Governments (lien direct) | With 10 layers of obfuscation and fake payloads, the Raspberry Robin worm is nesting its way deep into organizations. | ★★★★ | ||
|
2022-12-20 19:34:00 | NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine (lien direct) | Security Service-backed Trident Ursa APT group shakes up tactics in its relentless cyberattacks against Ukraine. | ★★★ | ||
|
2022-12-20 19:22:00 | Searchlight Security Changes Name to Searchlight Cyber and Launches New Brand (lien direct) | Searchlight Cyber announces rebrand that reflects its status as a fast-growing cybersecurity business. | ★★ | ||
|
2022-12-20 19:20:00 | How AI/ML Can Thwart DDoS Attacks (lien direct) | When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of distributed denial-of-service detection and mitigation. | ★★ | ||
|
2022-12-20 18:00:00 | Coming to a SOC Near You: New Browsers, \'Posture\' Management, Virtual Assistants (lien direct) | Startups are coalescing around effective data loss prevention, reducing data attack surfaces, and viable AI automation. | ★★ | ||
|
2022-12-20 17:52:00 | Cybersecurity Company VMRay Extends Series B Investment to a Total of $34M USD to Drive Growth into New Markets (lien direct) | VMRay announces the closing of a Series B led by global alternative asset manager Tikehau Capital, which will fuel further expansion of the product portfolio to target a broader set of market segments. | ★★ | ||
|
2022-12-20 15:44:52 | \'Blindside\' Attack Subverts EDR Platforms From Windows Kernel (lien direct) | The technique loads a nonmonitored and unhooked DLL, and leverages debug techniques that could allow for running arbitrary code. | ★★★ | ||
|
2022-12-20 15:00:00 | Protecting Hospital Networks From \'Code Dark\' Scenarios (lien direct) | Asset inventory, behavioral baselining, and automated response are all key to keeping patients healthy and safe. | ★★ | ||
|
2022-12-20 14:41:52 | AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range (lien direct) | Threat actors can take over victims' cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks. | Threat | ★★ | |
|
2022-12-19 22:50:00 | Are 100% Security Guarantees Possible? (lien direct) | Large vendors are commoditizing capabilities that claim to provide absolute security guarantees backed up by formal verification. How significant are these promises? | ★★ | ||
|
2022-12-19 21:28:00 | Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (lien direct) | Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks. | Malware | ★★ | |
|
2022-12-19 21:01:00 | T-Mobile Carrier Scammer Gets Decade in the Slammer (lien direct) | A mobile phone store owner stole T-Mobile employee credentials to "unlock" phones for resale, earning him millions in illicit profits. | ★★★ | ||
|
2022-12-19 21:00:00 | Threat Intelligence Through Web Scraping (lien direct) | Bright Data CEO Or Lenchner discusses how security teams are utilizing public Web data networks to safeguard their organizations from digital risks. | Threat | ★★ | |
|
2022-12-19 18:00:00 | Fortnite Developer Epic Games Slapped With $275M Penalty (lien direct) | Epic Games has been fined for violating children's online privacy, banned from using collected data. | ★★ | ||
|
2022-12-19 17:40:59 | Malicious Python Trojan Impersonates SentinelOne Security Client (lien direct) | A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem. | ★★★ | ||
|
2022-12-19 16:09:36 | Security Skills Command Premiums in Tight Market (lien direct) | Recession fears notwithstanding, cybersecurity skills - both credentialed and noncredentialed - continue to attract higher pay and more job security. | ★★★ | ||
|
2022-12-19 15:00:00 | Rethinking Risk After the FTX Debacle (lien direct) | Risk is no longer a single entity, but rather an interconnected web of resources, assets, and users. | ★★★ | ||
|
2022-12-19 14:00:00 | Holiday Spam, Phishing Campaigns Challenge Retailers (lien direct) | Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays. | Threat | ★★ | |
|
2022-12-16 23:00:00 | GitHub Expands Secret Scanning, 2FA Across Platform (lien direct) | Microsoft-owned GitHub is taking steps to secure the open source software ecosystem by rolling out security features to protect code repositories. | ★★★ | ||
|
2022-12-16 21:57:02 | Cyber Threats Loom as 5B People Prepare to Watch World Cup Final (lien direct) | The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history - but will cybercriminals score a hat trick off its state-of-the-art digital footprint? | ★★ |
To see everything:
