Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-05-15 07:09:38 |
Intel partagé: des airbags aux logiciels malveillants: la cyber-sécurité des véhicules survient à l'ère des voitures connectées SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars (lien direct) |
Dans un monde de plus en plus interconnecté, l'évolution de l'industrie automobile présente une perspective passionnante mais intimidante.
lié: Règles de confidentialité pour les véhicules
Alors que les véhicules continuent d'offrir des fonctionnalités modernes telles que la connectivité de l'application à la voiture, l'accès à la télécommande et le logiciel d'aide à la conduite, & # 8230; (plus…)
In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect.
Related: Privacy rules for vehicles
As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, … (more…) |
|
|
★★★
|
|
2023-04-20 15:15:39 |
RSAC CHAT au coin du feu: la façon dont les Intel opportuns du cyber souterrain améliorent les contre-mesures RSAC Fireside Chat: How timely intel from the cyber underground improves counter measures (lien direct) |
Une bonne intelligence dans n'importe quel théâtre de guerre est inestimable.Les informations rapides et précises sont à la base d'une défense robuste et peuvent informer de puissantes contre-attaques.
lié: Ukraine frappé par des DDOS amplifiés
Ce fut le cas pendant la Seconde Guerre mondiale dans le & # 8230;(Plus…)
Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks.
Related: Ukraine hit by amplified DDoS
This was the case during World War II in The … (more…) |
|
|
★★
|
|
2023-04-17 07:55:41 |
Essai d'invité: les 10 meilleurs déficits de cybersécurité qui mettent les PME, les entreprises à risque élevé GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk (lien direct) |
Aucune organisation n'est à l'abri des menaces de cybersécurité.Même les entreprises les plus bien protégées peuvent être susceptibles d'être attaques si elles ne font pas attention à une approche proactive de la cybersécurité.
lié: Pourquoi la formation en temps opportun est un incontournable
que & # 8217; s pourquoi les entreprises de & # 8230; (Plus…)
No organization is immune to cybersecurity threats. Even the most well-protected companies can be susceptible to attacks if they are not careful about a proactive approach towards cyber security.
Related: Why timely training is a must-have
That’s why businesses of … (more…) |
|
|
★★
|
|
2023-04-12 07:01:47 |
Ma prise de vue: l'armement de Poutine \\ des ransomwares montre pourquoi la sécurité du réseau a besoin d'une refonte MY TAKE: Putin\\'s weaponizing of ransomware shows why network security needs an overhaul (lien direct) |
À 10 h PDT, le mercredi 19 avril prochain th , j'ai le privilège d'apparaître en tant que panéliste invité spécial et haut-parleur de Spotligh> Derrière le podcast Shield Cybersecurity.
lié: L'âge d'or du cyber espionnage & # 8230;(Plus…)
At 10 am PDT, next Wednesday, April 19th, I\'ll have the privilege of appearing as a special guest panelist and spotlight speaker on Virtual Guardian\'s monthly Behind the Shield cybersecurity podcast.
Related: The Golden Age of cyber spying … (more…) |
Ransomware
|
|
★★★
|
|
2023-04-10 07:24:43 |
Essai d'invité: la cyber-hygiène n'a pas besoin d'être morne - pourquoi engager la formation est beaucoup plus efficace GUEST ESSAY: Cyber hygiene need not be dreary - why engaging training is much more effective (lien direct) |
Insouiller une culture de la cybersécurité dans votre organisation exige que vos employés maintiennent un niveau élevé de connaissances et de sensibilisation aux risques de cybersécurité - et cela prend un programme de sensibilisation à la sécurité efficace, percutant et continu.
lié: Déploiement des employés comme humain & # 8230; (plus…)
Instilling a culture of cyber security at your organization requires your people to maintain a high level of knowledge and awareness about cyber security risks-and that takes an effective, impactful, and ongoing security awareness program.
Related: Deploying employees as human … (more…) |
|
|
★★
|
|
2023-04-03 07:01:47 |
Essai d'invité: le rôle avancé \\ 'VM \\' est parfaitement adapté pour jouer dans la lutte contre les cyberattaques modernes GUEST ESSAY: The role advanced \\'VM\\' is ideally suited to play in combating modern cyber attacks (lien direct) |
Les cyberattaques modernes sont ingénieuses & # 8212;et la gestion traditionnelle de la vulnérabilité, ou VM, n'est tout simplement plus très efficace.
lié: Adopter une approche d'évaluation des risques de la machine virtuelle
Contrairement à une cyberattaque typique qui exploite une vulnérabilité logicielle, les cyberattaques récentes exploitent d'autres & # 8230; (Plus…)
Modern cyber attacks are ingenious — and traditional vulnerability management, or VM, simply is no longer very effective.
Related: Taking a risk-assessment approach to VM
Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other … (more…) |
Vulnerability
|
|
★★
|
|
2023-03-28 07:17:38 |
Essai d'invité: Antiguarecon & # 8211;Un appel pour s'entraîner et promouvoir la prochaine génération de cyber-guerriers [GUEST ESSAY: AntiguaRecon – A call to train and promote the next generation of cyber warriors] (lien direct) |
Imaginez être un jeune qui veut une carrière, quel que soit le type que vous pouvez trouver, en tant que professionnel de la cybersécurité.
lié: pour stimuler la sécurité
lié bien que vous soyez né avec un esprit agile et analytique, vous avez très limité & # 8230; (plus…)
Imagine being a young person who wants a career, of whatever type you can find, as a cybersecurity professional.
Related: Up-skilling workers to boost security
Related Although you were born with an agile and analytical mind, you have very limited … (more…) |
|
|
★★
|
|
2023-03-22 17:41:21 |
Chat au coin du feu: les régulateurs bancaires américains appellent les API comme incarnant une surface d'attaque pleine de risques [FIRESIDE CHAT: U.S. banking regulators call out APIs as embodying an attack surface full of risk] (lien direct) |
Les API ont été un épingle à coiffure en ce qui concerne l'accélération de la transformation numérique & # 8212;mais ils ont également élargi de façon exponentielle la surface d'attaque des réseaux commerciaux modernes.
lié: Pourquoi & # 8216; Attack Surface Management & # 8217;est devenu crucial
L'écart de prestations de VS-VS en résulte n'a pas surprenant d'attirer & # 8230; (plus…)
APIs have been a linchpin as far as accelerating digital transformation — but they\'ve also exponentially expanded the attack surface of modern business networks.
Related: Why ‘attack surface management’ has become crucial
The resultant benefits-vs-risks gap has not surprisingly attracted … (more…) |
General Information
|
|
★★
|
|
2023-03-08 16:53:57 |
GUEST ESSAY: Five stages to attain API security - and mitigate attack surface exposures (lien direct) |
APIs (Application Programming Interfaces) play a critical role in digital transformation by enabling communication and data exchange between different systems and applications.
Related: It’s all about attack surface management
APIs help digital transformation by enabling faster and more efficient business … (more…) |
|
|
★★★
|
|
2023-02-22 07:01:38 |
AUTHOR Q&A: China\'s spy balloons reflect a cyber warfare strategy America must counter (lien direct) |
The attack surface of company networks is as expansive and porous as ever.
Related: Preparing for ‘quantum’ hacks
That being so, a new book, Fixing American Cybersecurity, could be a long overdue stake in the ground.
This is a … (more…) |
|
|
★★
|
|
2023-02-21 07:31:13 |
GUEST ESSAY: Too many SMBs continue to pay ransomware crooks - exacerbating the problem (lien direct) |
Well-placed malware can cause crippling losses – especially for small and mid-sized businesses.
Related: Threat detection for SMBs improves
Not only do cyberattacks cost SMBs money, but the damage to a brand's reputation can also hurt growth and trigger the … (more…) |
Ransomware
Malware
|
|
★★
|
|
2023-02-15 07:23:17 |
SHARED INTEL: The expect impacts of Pres. Biden\'s imminent National Cybersecurity Strategy (lien direct) |
The United States will soon get some long-awaited cybersecurity updates.
Related: Spies use Tik Tok, balloons
That's because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already … (more…) |
|
|
★★
|
|
2023-02-07 11:48:31 |
GUEST ESSAY: Advanced tools are ready to help SMBs defend Microsoft 365, Google Workspace (lien direct) |
Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond.
Related: Deploying human sensors
Additionally, with … (more…) |
|
|
★★
|
|
2023-02-06 16:49:30 |
GUEST ESSAY: The common thread between China\'s spy balloons and Congress banning Tik Tok (lien direct) |
The decision by the House of Representatives to ban TikTok from federal devices is noteworthy, especially as the Chinese spy balloon crisis unfolds.
Related: The Golden Age of cyber espionage
On December 23, 2022, Congress, in a bipartisan spending bill, … (more…) |
|
|
★★
|
|
2022-12-08 11:22:33 |
GUEST ESSAY: Here\'s how and why \'trust\' presents an existential threat to cybersecurity (lien direct) |
Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises.
Related: Deploying employees as human sensors
Recent research from … (more…) |
Threat
|
|
★★
|
|
2022-11-21 07:01:43 |
GUEST ESSAY - Security practices companies must embrace to stop AI-infused cyber attacks (lien direct) |
Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically?
Related: Bio digital twin can eradicate heart failure
Cyber-attacks would become much more dangerous and much harder to detect. … (more…) |
|
|
|
|
2022-08-29 16:27:31 |
GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers (lien direct) |
Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents.
Related: Damage caused by ‘business logic’ hacking
This is according to Verizon’s latest 2022 Data Breach Investigations Report (DBIR).
In … (more…) |
Data Breach
Guideline
|
|
|
|
2022-08-23 19:02:50 |
GUEST ESSAY: A breakdown of the cyber risks intrinsic to ubiquitous social media apps (lien direct) |
More than half of the world-58.4 percent or 4.62 billion people-use social media.
Related: Deploying human sensors to stop phishing.
And while that’s incredible for staying connected with friends, organizing rallies, and sharing important messages, it’s also the reason … (more…) |
|
|
|
|
2022-08-17 07:18:02 |
Black Hat Fireside Chat: MSSPs are well-positioned to help companies achieve cyber resiliency (lien direct) |
Network security is in dire straits. Security teams must defend an expanding attack surface, skilled IT professionals are scarce and threat actors are having a field day.
Related: The role of attack surface management
That said, Managed Security Services Providers … (more…) |
Threat
|
|
|
|
2022-08-15 17:33:24 |
Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace (lien direct) |
The top ransomware gangs have become so relentless that it's not unusual for two or more of them to attack the same company within a few days – or even a few hours.
Related: How ‘IABs’ foster ransomware
And if … (more…) |
Ransomware
|
|
|
|
2022-07-27 07:11:00 |
FIRESIDE CHAT: \'Attack surface management\' has become the centerpiece of cybersecurity (lien direct) |
Post Covid 19, attack surface management has become the focal point of defending company networks.
Related: The importance of ‘SaaS posture management’
As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and … (more…) |
|
|
|
|
2022-07-14 16:39:00 |
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant - \'DeepSea phishing\' (lien direct) |
Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises.
Related: Deploying human sensors
Phishing comes with a simple premise – … (more…) |
|
|
|
|
2022-07-05 07:00:03 |
GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever (lien direct) |
Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the '101' for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all … (more…) |
Tool
|
|
|
|
2022-06-28 10:21:34 |
Fireside chat: The inevitable replacement of VPNs by \'ZTNA\' - zero trust network access (lien direct) |
Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon.
This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles.… (more…) |
|
|
|
|
2022-06-27 11:54:56 |
GUEST ESSAY: The many benefits of infusing application security during software \'runtime\' (lien direct) |
Vulnerabilities in web applications are the leading cause of high-profile breaches.
Related: Log4J's big lesson
Log4j, a widely publicized zero day vulnerability, was first identified in late 2021, yet security teams are still racing to patch and protect their enterprise … (more…) |
Guideline
|
|
|
|
2022-06-23 10:25:32 |
GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks (lien direct) |
The U.S. Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting.
Related: Making third-party risk audits actionable
Seeking to minimize cybersecurity threat effects, the SEC has proposed several amendments requiring organizations to … (more…) |
Threat
|
|
|
|
2022-06-22 10:48:33 |
Q&A: The lesser role VPNs now play for enterprises, SMBs - in a post-pandemic world (lien direct) |
During the first two decades of this century, virtual private networks -VPNs-served as a cornerstone of network security.
Related: Deploying human sensors
VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow … (more…) |
|
|
|
|
2022-06-21 14:31:04 |
Fireside chat: New \'SASE\' weapon chokes off ransomware before attack spreads laterally (lien direct) |
It's stunning that the ransomware plague persists.
Related: ‘SASE’ blends connectivity and security
Verizon's Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos' State of Ransomware survey shows victims … (more…) |
Ransomware
Data Breach
|
|
|
|
2022-06-20 19:35:40 |
GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web (lien direct) |
The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what's going on there.
Related: 'IABs' spread ransomware
Planning your roadmap, executing your projects, … (more…) |
Threat
|
|
|
|
2022-06-20 11:58:52 |
RSAC insights: How IABs - initial access brokers - help sustain, accelerate the ransomware plague (lien direct) |
Specialization continues to advance apace in the cybercriminal ecosystem.
Related: How cybercriminals leverage digital transformation
Initial access brokers, or IABs, are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered … (more…) |
Ransomware
|
|
|
|
2022-06-16 12:03:40 |
GUEST ESSAY: Five steps to improving identity management - and reinforcing network security (lien direct) |
The identity management market has grown to $13 billion and counting. While intuition would tell you enterprises have identity under control, that is far from reality.
Related: Taking a zero-trust approach to access management
Current events, such as the … (more…) |
|
|
|
|
2022-06-13 10:10:39 |
SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 - why there\'s more to come (lien direct) |
At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation.
Related: Taking API proliferation seriously
Last year saw an unprecedented … (more…) |
|
|
|
|
2022-06-09 10:39:45 |
GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly (lien direct) |
What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role.
Related: The coming of bio-digital twins
Unlike many younger users online, they may have accumulated savings over their lives … (more…) |
Threat
|
|
|
|
2022-06-07 20:01:34 |
GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage (lien direct) |
Writing a code can be compared to writing a letter.
Related: Political apps promote division
When we write a letter, we write it in the language we speak - and the one that the recipient understands. When writing a code, … (more…) |
|
|
|
|
2022-06-06 13:45:45 |
RSAC insights: \'CAASM\' tools and practices get into the nitty gritty of closing network security gaps (lien direct) |
Reducing the attack surface of a company's network should, by now, be a top priority for all organizations.
Related: Why security teams ought to embrace complexity
As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help … (more…) |
Tool
|
|
|
|
2022-06-06 11:15:39 |
RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks (lien direct) |
Pity the poor CISO at any enterprise you care to name.
Related: The rise of 'XDR'
As their organizations migrate deeper into an intensively interconnected digital ecosystem, CISOs must deal with cyber attacks raining down on all fronts. Many are … (more…) |
|
|
|
|
2022-06-03 13:03:24 |
RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares (lien direct) |
The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing.
Related: Covid 19 ruses used in email attacks
At RSA Conference 2022, which takes place next week in … (more…) |
Malware
|
|
|
|
2022-06-03 10:30:04 |
RSAC insights: Software tampering escalates as bad actors take advantage of \'dependency confusion\' (lien direct) |
It's not difficult to visualize how companies interconnecting to cloud resources at a breakneck pace contribute to the outward expansion of their networks' attack surface.
Related: Why ‘SBOM’ is gaining traction
If that wasn't bad enough, the attack surface companies … (more…) |
|
|
|
|
2022-06-02 12:50:37 |
RSAC insights: How \'TPRM\' can help shrink security skills gap - while protecting supply chains (lien direct) |
Third-Party Risk Management (TPRM) has been around since the mid-1990s – and has become something of an auditing nightmare.
Related: A call to share risk assessments
Big banks and insurance companies instilled the practice of requesting their third-party … (more…) |
|
|
|
|
2022-06-02 10:12:52 |
RSAC insights: \'SaaS security posture management\' - SSPM - has emerged as a networking must-have (lien direct) |
Companies have come to depend on Software as a Service – SaaS — like never before.
Related: Managed security services catch on
From Office 365 to Zoom to Salesforce.com, cloud-hosted software applications have come to make up the nerve center … (more…) |
|
|
|
|
2022-06-01 11:35:12 |
RSAC insights: Concentric AI directs Google\'s search techniques towards locking down data sprawl (lien direct) |
In order to extract value from the Internet, data sprawl first must get reined in. This has always been the case.
Related: Equipping SOCs for the long haul
What good is connecting applications, servers and networks across the public cloud … (more…) |
|
|
|
|
2022-05-31 10:54:34 |
RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach (lien direct) |
Vulnerability management, or VM, has long been an essential, if decidedly mundane, component of network security.
Related: Log4J’s long-run risks
That's changing — dramatically. Advanced VM tools and practices are rapidly emerging to help companies mitigate a sprawling array of … (more…) |
Tool
Vulnerability
|
|
|
|
2022-05-30 11:20:02 |
GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles (lien direct) |
It's no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats.
Related: Deploying employees as threat sensors
Meanwhile, 200,000 well-trained and technically skilled … (more…) |
Threat
|
|
|
|
2022-05-26 11:51:38 |
GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers (lien direct) |
In today’s times, we are more aware of cyberattacks as these have become front-page news. We most recently witnessed this as Russia invaded Ukraine. Cyberattacks were used as the first salvo before any bullet or missile was fired.
Related: The … (more…) |
|
|
|
|
2022-05-25 12:19:35 |
GUEST ESSAY: Deploying \'XDR\' can help companies avoid the security \'vendor-silo\' trap (lien direct) |
According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats.
Related: Taking a 'risk-base' approach to security compliance
However, because they … (more…) |
|
|
|
|
2022-05-24 11:17:21 |
MY TAKE: Businesses gravitate to \'passwordless\' authentication - widespread consumer use up next (lien direct) |
Google, Microsoft and Apple are bitter arch-rivals who don't often see eye-to-eye.
Related: Microsoft advocates regulation of facial recognition tools
Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.… (more…) |
|
|
|
|
2022-05-23 11:44:36 |
MY TAKE: \'Digital trust\' has a huge role to play mitigating cybersecurity threats, going forward (lien direct) |
Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption.
Related: Leveraging PKI to advance electronic signatures
It used to be that trusting the connection between a workstation and … (more…) |
|
|
|
|
2022-05-20 11:36:09 |
GUEST ESSAY: Here\'s why managed security services - MSS and MSSP - are catching on (lien direct) |
The unification revolution of cybersecurity solutions has started – and managed security service providers are leading the way. Managed security services (MSS) refer to a service model that enable the monitoring and managing of security technologies, systems, or even software-as-a-service … (more…) |
Guideline
|
|
|
|
2022-05-19 07:56:44 |
GUEST ESSAY: A primer on content management systems (CMS) - and how to secure them (lien direct) |
You very likely will interact with a content management system (CMS) multiple times today.
Related: How ‘business logic’ hackers steal from companies
For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them … (more…) |
|
|
|
|
2022-05-18 11:47:33 |
MY TAKE: How \'CAASM\' can help security teams embrace complexity – instead of trying to tame it (lien direct) |
The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly.
Related: Stopping attack surface expansion
And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot … (more…) |
|
|
|