Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-24 17:00:00 |
Facing the New Security Challenges That Come With Cloud (lien direct) |
Organizations relying on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities do so at their peril. |
|
|
|
|
2022-08-24 15:30:01 |
Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account (lien direct) |
In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials. |
Threat
|
|
|
|
2022-08-24 14:40:00 |
Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack (lien direct) |
SolarWinds CISO Tim Brown explains how organizations can prepare for eventualities like the nation-state attack on his company's software. |
|
|
|
|
2022-08-24 14:38:30 |
Acronis\' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023 (lien direct) |
Increasing complexity in IT continues to lead to breaches and compromises, highlighting the need for more holistic approaches to cyber protection. |
Ransomware
Threat
Guideline
|
|
|
|
2022-08-24 14:00:00 |
Why Empathy Is the Key to Better Threat Modeling (lien direct) |
Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between security and development teams. |
Threat
|
|
|
|
2022-08-24 13:46:20 |
CyberRatings.org Announces New Web Browser Test Results for 2022 (lien direct) |
Three of the world's leading browsers were measured for phishing and malware protection, with time to block and protection over time as key metrics in test scores. |
Malware
Guideline
|
|
|
|
2022-08-24 13:10:36 |
Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats (lien direct) |
New research report reveals financial organizations are failing to act despite majority experiencing a firmware-related breach. |
|
|
|
|
2022-08-23 21:08:10 |
DevSecOps Gains Traction - but Security Still Lags (lien direct) |
Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds. |
|
|
|
|
2022-08-23 20:00:00 |
Thoma Bravo Buying Spree Highlights Hot Investor Interest in IAM Market (lien direct) |
M&A activity in the identity and access management (IAM) space has continued at a steady clip so far this year. |
|
|
|
|
2022-08-23 17:44:14 |
Mudge Blows Whistle on Alleged Twitter Security Nightmare (lien direct) |
Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries. |
|
|
|
|
2022-08-23 16:50:56 |
Secure Code Warrior Spotlights the Importance of Developer Security Skills with 2nd Annual Devlympics Competition (lien direct) |
The global secure coding competition will be held In October, during Cybersecurity Awareness Month. |
|
|
|
|
2022-08-23 16:15:00 |
One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious (lien direct) |
The scans used by the Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, while creating plentiful false positives. |
Malware
|
|
|
|
2022-08-23 15:30:21 |
Coalfire Federal Among First Authorized to Conduct CMMC Assessments (lien direct) |
Company fortifies its ability to help organizations prepare and obtain CMMC certification. |
|
|
★★★★
|
|
2022-08-23 14:00:00 |
Apathy is Your Company\'s Biggest Cybersecurity Vulnerability - Here\'s How to Combat It (lien direct) |
Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect. |
Vulnerability
Guideline
|
|
★★
|
|
2022-08-23 13:25:00 |
Meta Takes Offensive Posture With Privacy Red Team (lien direct) |
Engineering manager Scott Tenaglia describes how Meta extended the security red team model to aggressively protect data privacy. |
|
|
★★★★
|
|
2022-08-23 13:20:42 |
Novant Health Notifies Patients of Potential Data Privacy Incident (lien direct) |
Patients face possible disclosure of protected health information (PHI) to Meta, Facebook's parent company, resulting from an incorrect configuration of an online tracking tool. |
|
|
|
|
2022-08-23 11:57:26 |
Charming Kitten APT Wields New Scraper to Steal Email Inboxes (lien direct) |
Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo!, and Microsoft Outlook accounts using previously acquired credentials. |
Tool
|
Yahoo
APT 35
|
|
|
2022-08-22 22:07:52 |
Fake DDoS Protection Alerts Distribute Dangerous RAT (lien direct) |
Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks. |
|
|
|
|
2022-08-22 20:30:34 |
Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to \'runZero\' (lien direct) |
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves. |
Tool
|
|
|
|
2022-08-22 20:00:00 |
For Penetration Security Testing, Alternative Cloud Offers Something Others Don\'t (lien direct) |
Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing. |
|
|
|
|
2022-08-22 19:31:29 |
Sophos Identifies Potential Tag-Team Ransomware Activity (lien direct) |
Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos' John Shier. |
Ransomware
|
|
|
|
2022-08-22 19:31:29 |
Cybersecurity Solutions Must Evolve, Says Netography CEO (lien direct) |
Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography. |
|
|
|
|
2022-08-22 18:31:29 |
InQuest: Adding File Detection and Response to the Security Arsenal (lien direct) |
InQuest's Pedram Amini takes a deep dive into file detection and response as a way to prevent file-borne attacks. |
|
|
|
|
2022-08-22 17:31:29 |
Secureworks: How To Distinguish Hype From Reality With AI in SecOps (lien direct) |
Secureworks' Nash Borges describes how his team has applied AI and ML to threat detection. |
Threat
|
|
|
|
2022-08-22 16:32:52 |
New \'BianLian\' Ransomware Variant on the Rise (lien direct) |
Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language. |
Ransomware
Malware
|
|
|
|
2022-08-22 16:31:29 |
Tanium: Taking A Deeper Cut At Converged Endpoint Management (lien direct) |
Tanium's Chris Hollenbeck explains how converged endpoint management helps overcome obstacles to endpoint visibility. |
|
|
|
|
2022-08-22 15:31:29 |
Pentera Helps Enterprises Reduce Their Security Exposure (lien direct) |
Pentera's Omer Zucker outlines exposure management's biggest challenges in closing security gaps. |
|
|
|
|
2022-08-22 14:31:29 |
Cisco: All Intelligence is Not Created Equal (lien direct) |
Threat intel has changed over the years and that's changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco. |
Threat
|
|
|
|
2022-08-22 14:00:00 |
Identity Security Pain Points and What Can Be Done (lien direct) |
Replacing passwords is not as easy as people think, but there is hope. |
|
|
|
|
2022-08-22 13:30:00 |
How Qualys Reduces Risk and Enables Tool Consolidation (lien direct) |
Sumedh Thakar, CEO of Qualys, explains how moving to a cloud-based asset management platform can simplify their strategies and improve overall security. |
Tool
|
|
|
|
2022-08-22 12:00:00 |
Expiring Root Certificates Threaten IoT in the Enterprise (lien direct) |
What happens when businesses' smart devices break? CSOs have things to fix beyond security holes. |
|
|
|
|
2022-08-21 19:31:29 |
Mimecast: Mitigating Risk Across a Complex Threat Landscape (lien direct) |
Garret O'Hara of Mimecast discusses how companies can bolster security of their Microsoft 365 and Google Workspace environments, since cloud services often add complexity. |
Threat
|
|
|
|
2022-08-21 13:31:29 |
Banyan Recommends Phased Approach When Introducing Zero Trust (lien direct) |
Banyan Security's Jayanth Gummaraju makes the case for why zero trust is superior to VPN technology. |
|
|
|
|
2022-08-20 19:28:29 |
DeepSurface Adds Risk-Based Approach to Vulnerability Management (lien direct) |
DeepSurface's Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help. |
Vulnerability
|
|
|
|
2022-08-20 13:31:29 |
The HEAT Is On, Says Menlo Security (lien direct) |
Neko Papez, senior manager, cybersecurity strategy for Menlo Security, helps customers understand if they're vulnerable to highly evasive adaptive threats (HEAT). |
|
|
|
|
2022-08-20 01:06:53 |
PIXM: Stopping Targeted Phishing Attacks With \'Computer Vision\' (lien direct) |
Chris Cleveland, founder of PIXM, talks about phishers' evasive maneuvers and how organizations can tap Computer Vision to keep email and its users safe. |
|
|
|
|
2022-08-20 00:11:12 |
Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits (lien direct) |
The countermeasure, which compares the time and voltage at which circuits are activated, is being implemented in 12th Gen Intel Core processors. |
|
|
|
|
2022-08-20 00:00:00 |
NIST Weighs in on AI Risk (lien direct) |
NIST is developing the AI Risk Management Framework and a companion playbook to help organizations navigate algorithmic bias and risk. |
|
|
★★★
|
|
2022-08-19 21:19:28 |
Patch Now: 2 Apple Zero-Days Exploited in Wild (lien direct) |
The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response. |
|
|
|
|
2022-08-19 19:03:43 |
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims (lien direct) |
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA. |
|
|
|
|
2022-08-19 17:17:05 |
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (lien direct) |
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group. |
Ransomware
|
|
|
|
2022-08-19 14:00:00 |
Cyber Resiliency Isn\'t Just About Technology, It\'s About People (lien direct) |
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel. |
|
|
|
|
2022-08-18 21:28:13 |
Easing the Cyber-Skills Crisis With Staff Augmentation (lien direct) |
Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise. |
|
|
|
|
2022-08-18 18:34:08 |
China\'s APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (lien direct) |
The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access. |
Tool
Threat
|
APT 41
|
|
|
2022-08-18 18:23:04 |
Mac Attack: North Korea\'s Lazarus APT Targets Apple\'s M1 Chip (lien direct) |
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims. |
|
APT 38
|
|
|
2022-08-18 17:17:25 |
5 Russia-Linked Groups Target Ukraine in Cyberwar (lien direct) |
Information on the attributed cyberattacks conducted since the beginning of the Russia-Ukraine war shows that a handful of groups conducted more than two dozen attacks. |
|
|
|
|
2022-08-18 14:42:38 |
Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out (lien direct) |
How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk. |
|
|
|
|
2022-08-18 14:38:22 |
Summertime Blues: TA558 Ramps Up Attacks on Hospitality, Travel Sectors (lien direct) |
The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history. |
Malware
|
|
|
|
2022-08-18 14:00:00 |
How to Upskill Tech Staff to Meet Cybersecurity Needs (lien direct) |
Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff. |
|
|
|
|
2022-08-18 13:42:55 |
OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain (lien direct) |
Hosts next OpenSSF Day in Dublin. |
|
|
|