Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-24 13:10:36 |
Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats (lien direct) |
New research report reveals financial organizations are failing to act despite majority experiencing a firmware-related breach. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 21:08:10 |
DevSecOps Gains Traction - but Security Still Lags (lien direct) |
Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 20:00:00 |
Thoma Bravo Buying Spree Highlights Hot Investor Interest in IAM Market (lien direct) |
M&A activity in the identity and access management (IAM) space has continued at a steady clip so far this year. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 17:44:14 |
Mudge Blows Whistle on Alleged Twitter Security Nightmare (lien direct) |
Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 16:50:56 |
Secure Code Warrior Spotlights the Importance of Developer Security Skills with 2nd Annual Devlympics Competition (lien direct) |
The global secure coding competition will be held In October, during Cybersecurity Awareness Month. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 16:15:00 |
One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious (lien direct) |
The scans used by the Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, while creating plentiful false positives. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 15:30:21 |
Coalfire Federal Among First Authorized to Conduct CMMC Assessments (lien direct) |
Company fortifies its ability to help organizations prepare and obtain CMMC certification. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 14:00:00 |
Apathy is Your Company\'s Biggest Cybersecurity Vulnerability - Here\'s How to Combat It (lien direct) |
Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect. |
Vulnerability
Guideline
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 13:25:00 |
Meta Takes Offensive Posture With Privacy Red Team (lien direct) |
Engineering manager Scott Tenaglia describes how Meta extended the security red team model to aggressively protect data privacy. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 13:20:42 |
Novant Health Notifies Patients of Potential Data Privacy Incident (lien direct) |
Patients face possible disclosure of protected health information (PHI) to Meta, Facebook's parent company, resulting from an incorrect configuration of an online tracking tool. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-23 11:57:26 |
Charming Kitten APT Wields New Scraper to Steal Email Inboxes (lien direct) |
Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo!, and Microsoft Outlook accounts using previously acquired credentials. |
Tool
|
Yahoo
APT 35
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 22:07:52 |
Fake DDoS Protection Alerts Distribute Dangerous RAT (lien direct) |
Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 20:30:34 |
Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to \'runZero\' (lien direct) |
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 20:00:00 |
For Penetration Security Testing, Alternative Cloud Offers Something Others Don\'t (lien direct) |
Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 19:31:29 |
Sophos Identifies Potential Tag-Team Ransomware Activity (lien direct) |
Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos' John Shier. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 19:31:29 |
Cybersecurity Solutions Must Evolve, Says Netography CEO (lien direct) |
Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 18:31:29 |
InQuest: Adding File Detection and Response to the Security Arsenal (lien direct) |
InQuest's Pedram Amini takes a deep dive into file detection and response as a way to prevent file-borne attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 17:31:29 |
Secureworks: How To Distinguish Hype From Reality With AI in SecOps (lien direct) |
Secureworks' Nash Borges describes how his team has applied AI and ML to threat detection. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 16:32:52 |
New \'BianLian\' Ransomware Variant on the Rise (lien direct) |
Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language. |
Ransomware
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 16:31:29 |
Tanium: Taking A Deeper Cut At Converged Endpoint Management (lien direct) |
Tanium's Chris Hollenbeck explains how converged endpoint management helps overcome obstacles to endpoint visibility. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 15:31:29 |
Pentera Helps Enterprises Reduce Their Security Exposure (lien direct) |
Pentera's Omer Zucker outlines exposure management's biggest challenges in closing security gaps. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 14:31:29 |
Cisco: All Intelligence is Not Created Equal (lien direct) |
Threat intel has changed over the years and that's changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 14:00:00 |
Identity Security Pain Points and What Can Be Done (lien direct) |
Replacing passwords is not as easy as people think, but there is hope. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 13:30:00 |
How Qualys Reduces Risk and Enables Tool Consolidation (lien direct) |
Sumedh Thakar, CEO of Qualys, explains how moving to a cloud-based asset management platform can simplify their strategies and improve overall security. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-22 12:00:00 |
Expiring Root Certificates Threaten IoT in the Enterprise (lien direct) |
What happens when businesses' smart devices break? CSOs have things to fix beyond security holes. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-21 19:31:29 |
Mimecast: Mitigating Risk Across a Complex Threat Landscape (lien direct) |
Garret O'Hara of Mimecast discusses how companies can bolster security of their Microsoft 365 and Google Workspace environments, since cloud services often add complexity. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-21 13:31:29 |
Banyan Recommends Phased Approach When Introducing Zero Trust (lien direct) |
Banyan Security's Jayanth Gummaraju makes the case for why zero trust is superior to VPN technology. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-20 19:28:29 |
DeepSurface Adds Risk-Based Approach to Vulnerability Management (lien direct) |
DeepSurface's Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-20 13:31:29 |
The HEAT Is On, Says Menlo Security (lien direct) |
Neko Papez, senior manager, cybersecurity strategy for Menlo Security, helps customers understand if they're vulnerable to highly evasive adaptive threats (HEAT). |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-20 01:06:53 |
PIXM: Stopping Targeted Phishing Attacks With \'Computer Vision\' (lien direct) |
Chris Cleveland, founder of PIXM, talks about phishers' evasive maneuvers and how organizations can tap Computer Vision to keep email and its users safe. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-20 00:11:12 |
Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits (lien direct) |
The countermeasure, which compares the time and voltage at which circuits are activated, is being implemented in 12th Gen Intel Core processors. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-20 00:00:00 |
NIST Weighs in on AI Risk (lien direct) |
NIST is developing the AI Risk Management Framework and a companion playbook to help organizations navigate algorithmic bias and risk. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 21:19:28 |
Patch Now: 2 Apple Zero-Days Exploited in Wild (lien direct) |
The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 19:03:43 |
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims (lien direct) |
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 17:17:05 |
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (lien direct) |
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-19 14:00:00 |
Cyber Resiliency Isn\'t Just About Technology, It\'s About People (lien direct) |
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 21:28:13 |
Easing the Cyber-Skills Crisis With Staff Augmentation (lien direct) |
Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 18:34:08 |
China\'s APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (lien direct) |
The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access. |
Tool
Threat
|
APT 41
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 18:23:04 |
Mac Attack: North Korea\'s Lazarus APT Targets Apple\'s M1 Chip (lien direct) |
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims. |
|
APT 38
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 17:17:25 |
5 Russia-Linked Groups Target Ukraine in Cyberwar (lien direct) |
Information on the attributed cyberattacks conducted since the beginning of the Russia-Ukraine war shows that a handful of groups conducted more than two dozen attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 14:42:38 |
Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out (lien direct) |
How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 14:38:22 |
Summertime Blues: TA558 Ramps Up Attacks on Hospitality, Travel Sectors (lien direct) |
The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 14:00:00 |
How to Upskill Tech Staff to Meet Cybersecurity Needs (lien direct) |
Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 13:42:55 |
OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain (lien direct) |
Hosts next OpenSSF Day in Dublin. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-18 01:00:00 |
Google Cloud Adds Curated Detection to Chronicle (lien direct) |
The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 18:49:19 |
Google Chrome Zero-Day Found Exploited in the Wild (lien direct) |
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 18:39:51 |
\'DarkTortilla\' Malware Wraps in Sophistication for High-Volume RAT Infections (lien direct) |
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 17:00:00 |
When Countries Are Attacked: Making the Case for More Private-Public Cooperation (lien direct) |
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 16:35:51 |
\'Operation Sugarush\' Mounts Concerning Spy Effort on Shipping, Healthcare Industries (lien direct) |
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets. |
Threat
|
|
★★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-17 16:17:26 |
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure (lien direct) |
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say. |
Guideline
|
|
|