Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-02 22:05:24 |
Thousands of Mobile Apps Leaking Twitter API Keys (lien direct) |
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. |
|
|
★★★★★
|
|
2022-08-02 22:03:15 |
Large Language AI Models Have Real Security Benefits (lien direct) |
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find. |
Malware
|
|
★★★★
|
|
2022-08-02 21:04:50 |
Massive New Phishing Campaign Targets Microsoft Email Service Users (lien direct) |
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection. |
|
|
|
|
2022-08-02 20:30:17 |
From Babuk Source Code to Darkside Custom Listings - Exposing a Thriving Ransomware Marketplace on the Dark Web (lien direct) |
Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices. |
Ransomware
|
|
★★★★★
|
|
2022-08-02 20:04:29 |
Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals (lien direct) |
Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed. |
|
|
★★★★
|
|
2022-08-02 19:31:09 |
Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges (lien direct) |
Launches industry's first ZTNA Migration Tool and ZTNA Buyback Program, setting the stage for migration away from ZTNA 1.0. |
Tool
|
|
|
|
2022-08-02 18:30:40 |
T-Mobile Store Owner Made $25M Using Stolen Employee Credentials (lien direct) |
Now-convicted phone dealer reset locked and blocked phones on various mobile networks. |
|
|
|
|
2022-08-02 17:05:52 |
Microsoft Intros New Attack Surface Management, Threat Intel Tools (lien direct) |
Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts. |
Threat
|
|
|
|
2022-08-02 17:00:00 |
Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk (lien direct) |
To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control. |
|
|
|
|
2022-08-02 16:00:00 |
VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware (lien direct) |
Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal. |
Malware
Threat
|
|
|
|
2022-08-02 15:24:02 |
Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps (lien direct) |
With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety. |
Threat
|
|
|
|
2022-08-02 14:50:20 |
Cybrary Lands $25 Million in New Funding Round (lien direct) |
Series C investment from BuildGroup and Gula Tech Adventures, along with appointment of Kevin Mandia to the board of directors, will propel a new chapter of company growth. |
|
|
|
|
2022-08-02 14:50:20 |
BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features (lien direct) |
In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification. |
Malware
|
|
|
|
2022-08-02 14:00:00 |
5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats (lien direct) |
From adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure. |
|
|
|
|
2022-08-02 13:53:09 |
CREST Defensible Penetration Test Released (lien direct) |
CREST provides commercially defensible scoping, delivery, and sign-off
recommendations for penetration tests. |
|
|
|
|
2022-08-01 20:47:34 |
DoJ: Foreign Adversaries Breach US Federal Court Records (lien direct) |
A Justice Department official testifies to a House committee that the cyberattack is a "significant concern." |
|
|
|
|
2022-08-01 19:36:53 |
Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat (lien direct) |
Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company. |
|
|
|
|
2022-08-01 18:57:23 |
Credential Canaries Create Minefield for Attackers (lien direct) |
Canary tokens - also known as honey tokens - force attackers to second-guess their potential good fortune when they come across user and application secrets. |
|
|
|
|
2022-08-01 17:42:46 |
Chromium Browsers Allow Data Exfiltration via Bookmark Syncing (lien direct) |
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment - or for sneaking in malicious code and attack tools. |
|
|
|
|
2022-08-01 16:41:05 |
(Déjà vu) Name That Edge Toon: Up a Tree (lien direct) |
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. |
|
|
|
|
2022-08-01 14:00:00 |
For Big Tech, Neutrality Is Not an Option - and Never Really Was (lien direct) |
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out. |
|
|
★★★
|
|
2022-07-29 20:56:01 |
AWS Focuses on Identity Access Management at re:Inforce (lien direct) |
Identity and access management was front and center at AWS re:inforce this week. |
|
|
|
|
2022-07-29 20:28:35 |
Attackers Have \'Favorite\' Vulnerabilities to Exploit (lien direct) |
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed. |
|
|
|
|
2022-07-29 19:58:38 |
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More (lien direct) |
Dark Reading's digest of other "don't-miss" stories of the week - including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move. |
|
|
|
|
2022-07-29 18:33:45 |
Why Bug-Bounty Programs Are Failing Everyone (lien direct) |
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. |
|
|
★★★
|
|
2022-07-29 16:56:27 |
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization (lien direct) |
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams. |
|
|
|
|
2022-07-29 16:55:15 |
Amazon Adds Malware Detection to GuardDuty TDR Service (lien direct) |
The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week. |
Malware
|
|
|
|
2022-07-29 15:43:19 |
Big Questions Remain Around Massive Shanghai Police Data Breach (lien direct) |
Why was PII belonging to nearly 1 billion people housed in a single, open database? Why didn't anyone notice it was downloaded? |
Data Breach
|
|
|
|
2022-07-29 14:06:33 |
Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info (lien direct) |
The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository. |
Malware
|
|
|
|
2022-07-29 14:00:00 |
3 Tips for Creating a Security Culture (lien direct) |
Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound. |
|
|
|
|
2022-07-28 18:22:00 |
Patch Now: Atlassian Confluence Bug Under Active Exploit (lien direct) |
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data. |
|
|
|
|
2022-07-28 16:41:06 |
APT-Like Phishing Threat Mirrors Landing Pages (lien direct) |
By dynamically mirroring an organization's login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. |
Threat
|
|
|
|
2022-07-28 14:00:00 |
What Women Should Know Before Joining the Cybersecurity Industry (lien direct) |
Three observations about our industry that might help demystify security for women entrants. |
|
|
★★★★★
|
|
2022-07-28 09:00:00 |
In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement (lien direct) |
With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections. |
Malware
Threat
|
|
|
|
2022-07-28 00:44:02 |
When Human Security Meets PerimeterX (lien direct) |
Dark Reading's analysis suggests that the merger between Human Security and PerimeterX will bring modern defense strategies to disrupt cybercrime and fraud. |
|
|
|
|
2022-07-27 23:31:55 |
OneTouchPoint, Inc. Provides Notice of Data Privacy Event (lien direct) |
. |
|
|
★★★★
|
|
2022-07-27 23:10:52 |
Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face (lien direct) |
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. |
Vulnerability
|
|
★★★★
|
|
2022-07-27 18:49:47 |
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware (lien direct) |
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests. |
Tool
|
|
|
|
2022-07-27 17:42:03 |
US Offers $10M Double-Reward for North Korea Cyberattacker Info (lien direct) |
North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure. |
|
|
|
|
2022-07-27 17:21:51 |
Average Data Breach Costs Soar to $4.4M in 2022 (lien direct) |
Call it a 'cyber-tax': Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services. |
Data Breach
|
|
|
|
2022-07-27 17:00:00 |
Is Your Home or Small Business Built on Secure Foundations? Think Again… (lien direct) |
Did you know that the standard router relied upon in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoing initiative from the foundation that is designed to better secure the devices. |
|
|
|
|
2022-07-27 16:10:39 |
First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC (lien direct) |
New careers in IT open up for former footballers. |
|
|
|
|
2022-07-27 14:00:00 |
The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications (lien direct) |
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states. |
Tool
|
|
|
|
2022-07-27 13:48:22 |
No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices (lien direct) |
. |
|
|
|
|
2022-07-27 13:30:00 |
8 Hot Summer Fiction Reads for Cybersecurity Pros (lien direct) |
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts. |
|
|
|
|
2022-07-26 22:40:47 |
Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics (lien direct) |
. |
|
|
★★★★
|
|
2022-07-26 22:23:55 |
Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media (lien direct) |
Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook. |
|
|
★★★★
|
|
2022-07-26 21:01:14 |
LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top (lien direct) |
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter. |
Ransomware
Malware
|
|
|
|
2022-07-26 20:53:03 |
Microsoft Tops Brands Phishers Prefer (lien direct) |
Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds. |
|
|
|
|
2022-07-26 20:45:00 |
Economic Downturn Raises Risk of Insiders Going Rogue (lien direct) |
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says. |
|
|
|