What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-25 14:19:46 | The (Nation) State of Cyber: 64% of Businesses Suspect They\'ve Been Targeted or Impacted by Nation-State Attacks (lien direct) | According to new Venafi research, two-thirds of organizations have changed cyber strategy in response to war in Ukraine. | |||
|
2022-08-25 14:00:00 | What You Need to Know About the Psychology Behind Cyber Resilience (lien direct) | Understanding how and why people respond to cyber threats is key to building cyber workforce resilience. | |||
|
2022-08-25 13:56:23 | Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report (lien direct) | Increase driven by increasingly sophisticated cyberattacks as well as increase in mobile-based business-critical applications, according to report. | |||
|
2022-08-25 13:03:36 | Optiv\'s Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants (lien direct) | Optiv's Black Employee Network offers the scholarship, paid out over 4 years, for students seeking a career in the cybersecurity/information security industry. | |||
|
2022-08-25 13:00:00 | Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug (lien direct) | The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022. | |||
|
2022-08-25 13:00:00 | New Exterro FTK Update Accelerates Mobile Digital Forensics (lien direct) | The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence. | |||
|
2022-08-24 19:59:35 | CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit (lien direct) | The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice. | |||
|
2022-08-24 19:29:23 | Efficient \'MagicWeb\' Malware Subverts AD FS Authentication, Microsoft Warns (lien direct) | The Russia-backed Nobelium APT has pioneered a post-exploitation tool allowing attackers to authenticate as any user. | Malware Tool | ||
|
2022-08-24 18:01:50 | Ransomware Gang Demands $10M in Attack on French Hospital (lien direct) | Center Hospitalier Sud Francilien (CHSF), a hospital outside of Paris, has redirected incoming patients to other medical facilities in the wake of a ransomware attack that began on Aug. 21. | Ransomware | ||
|
2022-08-24 17:33:27 | VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data (lien direct) | An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks. | Threat | ||
|
2022-08-24 17:00:00 | New Zero-Trust Maturity Data: Charting Your Own Organization (lien direct) | Every organization is on a zero-trust journey. Learn about how critical identity is to your security evolution, and how your organization can move forward. | |||
|
2022-08-24 17:00:00 | Facing the New Security Challenges That Come With Cloud (lien direct) | Organizations relying on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities do so at their peril. | |||
|
2022-08-24 15:30:01 | Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account (lien direct) | In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials. | Threat | ||
|
2022-08-24 14:40:00 | Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack (lien direct) | SolarWinds CISO Tim Brown explains how organizations can prepare for eventualities like the nation-state attack on his company's software. | |||
|
2022-08-24 14:38:30 | Acronis\' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023 (lien direct) | Increasing complexity in IT continues to lead to breaches and compromises, highlighting the need for more holistic approaches to cyber protection. | Ransomware Threat Guideline | ||
|
2022-08-24 14:00:00 | Why Empathy Is the Key to Better Threat Modeling (lien direct) | Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between security and development teams. | Threat | ||
|
2022-08-24 13:46:20 | CyberRatings.org Announces New Web Browser Test Results for 2022 (lien direct) | Three of the world's leading browsers were measured for phishing and malware protection, with time to block and protection over time as key metrics in test scores. | Malware Guideline | ||
|
2022-08-24 13:10:36 | Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats (lien direct) | New research report reveals financial organizations are failing to act despite majority experiencing a firmware-related breach. | |||
|
2022-08-23 21:08:10 | DevSecOps Gains Traction - but Security Still Lags (lien direct) | Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds. | |||
|
2022-08-23 20:00:00 | Thoma Bravo Buying Spree Highlights Hot Investor Interest in IAM Market (lien direct) | M&A activity in the identity and access management (IAM) space has continued at a steady clip so far this year. | |||
|
2022-08-23 17:44:14 | Mudge Blows Whistle on Alleged Twitter Security Nightmare (lien direct) | Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries. | |||
|
2022-08-23 16:50:56 | Secure Code Warrior Spotlights the Importance of Developer Security Skills with 2nd Annual Devlympics Competition (lien direct) | The global secure coding competition will be held In October, during Cybersecurity Awareness Month. | |||
|
2022-08-23 16:15:00 | One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious (lien direct) | The scans used by the Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, while creating plentiful false positives. | Malware | ||
|
2022-08-23 15:30:21 | Coalfire Federal Among First Authorized to Conduct CMMC Assessments (lien direct) | Company fortifies its ability to help organizations prepare and obtain CMMC certification. | ★★★★ | ||
|
2022-08-23 14:00:00 | Apathy is Your Company\'s Biggest Cybersecurity Vulnerability - Here\'s How to Combat It (lien direct) | Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect. | Vulnerability Guideline | ★★ | |
|
2022-08-23 13:25:00 | Meta Takes Offensive Posture With Privacy Red Team (lien direct) | Engineering manager Scott Tenaglia describes how Meta extended the security red team model to aggressively protect data privacy. | ★★★★ | ||
|
2022-08-23 13:20:42 | Novant Health Notifies Patients of Potential Data Privacy Incident (lien direct) | Patients face possible disclosure of protected health information (PHI) to Meta, Facebook's parent company, resulting from an incorrect configuration of an online tracking tool. | |||
|
2022-08-23 11:57:26 | Charming Kitten APT Wields New Scraper to Steal Email Inboxes (lien direct) | Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo!, and Microsoft Outlook accounts using previously acquired credentials. | Tool | Yahoo APT 35 | |
|
2022-08-22 22:07:52 | Fake DDoS Protection Alerts Distribute Dangerous RAT (lien direct) | Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks. | |||
|
2022-08-22 20:30:34 | Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to \'runZero\' (lien direct) | HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves. | Tool | ||
|
2022-08-22 20:00:00 | For Penetration Security Testing, Alternative Cloud Offers Something Others Don\'t (lien direct) | Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing. | |||
|
2022-08-22 19:31:29 | Sophos Identifies Potential Tag-Team Ransomware Activity (lien direct) | Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos' John Shier. | Ransomware | ||
|
2022-08-22 19:31:29 | Cybersecurity Solutions Must Evolve, Says Netography CEO (lien direct) | Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography. | |||
|
2022-08-22 18:31:29 | InQuest: Adding File Detection and Response to the Security Arsenal (lien direct) | InQuest's Pedram Amini takes a deep dive into file detection and response as a way to prevent file-borne attacks. | |||
|
2022-08-22 17:31:29 | Secureworks: How To Distinguish Hype From Reality With AI in SecOps (lien direct) | Secureworks' Nash Borges describes how his team has applied AI and ML to threat detection. | Threat | ||
|
2022-08-22 16:32:52 | New \'BianLian\' Ransomware Variant on the Rise (lien direct) | Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language. | Ransomware Malware | ||
|
2022-08-22 16:31:29 | Tanium: Taking A Deeper Cut At Converged Endpoint Management (lien direct) | Tanium's Chris Hollenbeck explains how converged endpoint management helps overcome obstacles to endpoint visibility. | |||
|
2022-08-22 15:31:29 | Pentera Helps Enterprises Reduce Their Security Exposure (lien direct) | Pentera's Omer Zucker outlines exposure management's biggest challenges in closing security gaps. | |||
|
2022-08-22 14:31:29 | Cisco: All Intelligence is Not Created Equal (lien direct) | Threat intel has changed over the years and that's changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco. | Threat | ||
|
2022-08-22 14:00:00 | Identity Security Pain Points and What Can Be Done (lien direct) | Replacing passwords is not as easy as people think, but there is hope. | |||
|
2022-08-22 13:30:00 | How Qualys Reduces Risk and Enables Tool Consolidation (lien direct) | Sumedh Thakar, CEO of Qualys, explains how moving to a cloud-based asset management platform can simplify their strategies and improve overall security. | Tool | ||
|
2022-08-22 12:00:00 | Expiring Root Certificates Threaten IoT in the Enterprise (lien direct) | What happens when businesses' smart devices break? CSOs have things to fix beyond security holes. | |||
|
2022-08-21 19:31:29 | Mimecast: Mitigating Risk Across a Complex Threat Landscape (lien direct) | Garret O'Hara of Mimecast discusses how companies can bolster security of their Microsoft 365 and Google Workspace environments, since cloud services often add complexity. | Threat | ||
|
2022-08-21 13:31:29 | Banyan Recommends Phased Approach When Introducing Zero Trust (lien direct) | Banyan Security's Jayanth Gummaraju makes the case for why zero trust is superior to VPN technology. | |||
|
2022-08-20 19:28:29 | DeepSurface Adds Risk-Based Approach to Vulnerability Management (lien direct) | DeepSurface's Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help. | Vulnerability | ||
|
2022-08-20 13:31:29 | The HEAT Is On, Says Menlo Security (lien direct) | Neko Papez, senior manager, cybersecurity strategy for Menlo Security, helps customers understand if they're vulnerable to highly evasive adaptive threats (HEAT). | |||
|
2022-08-20 01:06:53 | PIXM: Stopping Targeted Phishing Attacks With \'Computer Vision\' (lien direct) | Chris Cleveland, founder of PIXM, talks about phishers' evasive maneuvers and how organizations can tap Computer Vision to keep email and its users safe. | |||
|
2022-08-20 00:11:12 | Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits (lien direct) | The countermeasure, which compares the time and voltage at which circuits are activated, is being implemented in 12th Gen Intel Core processors. | |||
|
2022-08-20 00:00:00 | NIST Weighs in on AI Risk (lien direct) | NIST is developing the AI Risk Management Framework and a companion playbook to help organizations navigate algorithmic bias and risk. | ★★★ | ||
|
2022-08-19 21:19:28 | Patch Now: 2 Apple Zero-Days Exploited in Wild (lien direct) | The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response. |
To see everything:
