What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-09-22 05:00:48 | 10 Exemples d'escroque 10 Real-World Business Email Compromise (BEC) Scam Examples (lien direct) |
Business email compromise (BEC) is an email scam where malicious actors impersonate a trusted source using a spoofed, lookalike or compromised account. Fraudsters send targeted emails to employees, business partners or customers. The recipients, believing the emails are legitimate, then take actions that lead to scammers gaining access to sensitive data, funds or accounts. Notably, most BEC attacks result in fraudulent wire transfer or financial payment. The FBI\'s Internet Crime Complaint Center reports that businesses lost more than $2.7 billion to BEC scams in 2022. That\'s more than one-quarter of all the cyber crime-related financial losses for that year. Proofpoint research for the 2023 State of the Phish report showed that 75% percent of organizations experienced at least one BEC attack last year. BEC is often hard to detect because there is no malicious payload, such as URL or attachment. And yet, it\'s easy to understand why BEC scams are so successful. Just take a closer look at the various social engineering tactics used in the following 10 recent BEC attacks, which are a testament to fraudsters\' creativity, ingenuity and persistence. #1: Fraudster steals more than 1,000 unpublished manuscripts What happened: Filippo Bernardini, an employee at the U.K. operation of publishing company Simon & Schuster, impersonated book agents, editors, authors and others for years in a quest to obtain unpublished manuscripts. The book thief\'s aim: to read new works before anyone else. BEC strategy: Bernardini registered more than 160 fake internet domains to send emails from slightly altered, official-looking email addresses. A key factor in his success was his insider knowledge of the publishing world. #2: Real estate firm loses €38 million to international gang of fraudsters What happened: A real estate developer in Paris, Sefri-Cime, was targeted by an international email “CEO fraud” gang in December 2022. The group managed to steal €38 million through one BEC scam, which they then laundered through bank accounts in various countries, including China and Israel. BEC strategy: The firm\'s CFO received an email from someone claiming to be a lawyer at a well-known French accounting firm. Within days, the fraudster had gained the CFO\'s trust and began to make successful requests for large and urgent transfers of millions of euros. #3: Eagle Mountain City, Utah, sends $1.13 million to vendor impersonator What happened: This rapidly growing, master-planned community had so many new projects underway that busy city officials grew accustomed to receiving requests for large payments from various vendors-and thus, became less vigilant about looking out for potential scams. BEC strategy: In August 2022, Eagle Mountain was engaged in a construction project to widen a major road. During an email exchange between city officials and its construction vendor, BEC scammers inserted themselves into an email thread and impersonated the vendor. The cyber criminals persuaded a staff member to transfer an electronic payment to them instead. #4: Fraudsters steal $2.8 million from Grand Rapids Public Schools in Michigan What happened: A California couple defrauded a Midwestern school district and went on a spending spree with the stolen funds. It all started when they gained access to an email account of the school district\'s benefits manager. It all began to unravel after an insurance company inquired about the missing funds. BEC strategy: The fraudsters monitored correspondence between the district and its health insurance vendor about monthly insurance payments. They then sent an email to a district finance specialist asking them to change the wiring information for those payments. That person complied, which resulted in two large payments being sent to the bank account of a California nail salon that the couple owned. #5: CFO impersonator defrauds Children\'s Healthcare of Atlanta of $3.6 million What happened: This pediatric care provider\'s experience with B | Malware Threat | ★★ | |
|
2023-09-22 05:00:22 | Nébuleuse: une plate-forme ML de nouvelle génération Nebula: A Next-Gen ML Platform (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. Cyber threats are increasing in their frequency and sophistication. And for a cybersecurity firm like Proofpoint, staying ahead of threats requires us to deploy new machine learning (ML) models at an unprecedented pace. The complexity and sheer volume of these models can be overwhelming. In previous blog posts, we discussed our approach to ML with Proofpoint Aegis, our threat protection platform. In this blog, we look at Nebula, our next-generation ML platform. It is designed to provide a robust solution for the rapid development and deployment of ML models. The challenges We live and breathe supervised machine learning at Proofpoint. And we face active adversaries who attempt to bypass our systems. As such, we have a few unique considerations for our ML process: Speed of disruption. Attackers move fast, and that demands that we be agile in our response. Manual tracking of attacker patterns alone isn\'t feasible; automation is essential. Growing complexity. Threats are becoming more multifaceted. As they do, the number of ML models we need escalates. A consistent and scalable modeling infrastructure is vital. Real-time requirements. It is essential to block threats before they can reach their intended targets. To be effective on that front, our platform must meet unique latency needs and support optimized deployment options for real-time inference. In other ML settings, like processing medical radiographs, data is more stable, so model quality can be expected to perform consistently over time. In the cybersecurity setting, we can\'t make such assumptions. We must move fast to update our models as new cyber attacks arise. Below is a high-level overview of our supervised learning process and the five steps involved. A supervised learning workflow, showing steps 1-5. Data scientists want to optimize this process so they can bootstrap new projects with ease. But other stakeholders have a vested interest, too. For example: Project managers need to understand project timelines for new systems or changes to existing projects. Security teams prefer system reuse to minimize the complexity of security reviews and decrease the attack surface. Finance teams want to understand the cost of bringing new ML systems online. Proofpoint needed an ML platform to address the needs of various stakeholders. So, we built Nebula. The Nebula solution We broke the ML lifecycle into three components-modeling, training and inference. And we developed modular infrastructure for each part. While these parts work together seamlessly, engineering teams can also use each one independently. The three modules of the Nebula platform-modeling, training and inference. These components are infrastructure as code. So, they can be deployed in multiple environments for testing, and every team or project can spin up an isolated environment to segment data. Nebula is opinionated. It\'s “opinionated” because “common use cases” and “the right thing” are subjective and hence require an opinion on what qualifies as such. It offers easy paths to deploy common use cases with the ability to create new variants as needed. The platform makes it easy to do the right thing-and hard to do the wrong thing. The ML lifecycle: experimentation, training and inference Let\'s walk through the ML lifecycle at a high level. Data scientists develop ML systems in the modeling environment. This environment isn\'t just a clean room; it\'s an instantiation of the full ML lifecycle- experimentation, training and inference. Once a data scientist has a model they like, they can initiate the training and inference logic in the training environment. That environment\'s strict polici | Threat Medical Cloud | ★★★ | |
|
2023-09-21 10:08:29 | Quelle est la force de mon mot de passe?Un guide pour permettre à vos employés de définir des mots de passe solides How Strong Is My Password? A Guide to Enable Your Employees to Set Strong Passwords (lien direct) |
Have you seen the meme about needing to rename your dog now that your password has been stolen? We all have ways to make everyday tasks feel easy and comfortable-and setting up passwords for accounts and services often falls into this category. Many passwords are used daily, or multiple times in a day, so people want passwords that are easy to remember and fast to type. As security professionals, we recognize that password strength is a safeguard for personal and professional data. Weak passwords are more easily guessed or cracked. However, the question of "How strong is my password?" is often overlooked by the average person, like your employees. We might also recognize that password effectiveness is on a downward slope. Features like multifactor authentication (MFA) add a security layer, but people get frustrated with the additional task. Also, complex attacks such as MFA-bypass techniques and reverse proxy services such as EvilProxy can increasingly get past this account protection. It\'s essential for security professionals to continually evaluate and adapt newer approaches such as FIDO authentication and other passwordless methods. In this article, we will help you motivate your employees to do their part by providing effective strategies that will help them create stronger passwords and gauge their strength. Security consequences at work and home How do you explain the consequences of using a weak password? It\'s helpful to emphasize that employees might accidentally expose sensitive information that hurts them both professionally and personally. At work, a weak password might give access to office computers or the company network. The attackers can install malicious software (malware) which could lead to financial loss, data loss or data theft for your organization. Depending on the size and impact, this breach could negatively affect the company\'s health and reputation-and ultimately that person\'s job. At home, a weak password might give access to personal accounts such as banks, credit cards, emails and social media. This credential exposure could hurt not only the person but also their family members, colleagues or friends. For instance, threat actor getting into their Venmo account will see their personal credit card data and the history of transactions with people they know. We are creatures of habit, so the way you set work passwords at work is often the way you set personal passwords. It\'s natural for people to be most concerned about their home life, so there is great impact in relating the domino effect of password security. Four common mistakes of weak passwords Before you explain how to set a strong password, it\'s useful to share the common mistakes that people make in creating weak passwords. You can evaluate the weakness of a password by looking at whether it is personal, ordinary, simple and predictable. Here are four essential password “DON\'Ts”: Don\'t use identifying words. Avoid words that are personally identifying or publicly available such as your name, birthday, street address, email address or account username. Attackers can leverage a person\'s background and history for educated password guesses-especially if that attacker is someone who knows you. Don\'t use family words. For similar reasons, avoid names, numbers and dates that identify your children, animals or parents such as their age, name or birthday. Don\'t use real words. Avoid words that are straightforward or straight from the dictionary, such as “puppy” or “puppydog” or “puppy1.” Attackers can run software that processes every word in a dictionary to crack passwords. Don\'t use simple patterns. Avoid a string of characters that are consecutive numbers or a part of the alphabet, such as “1011121314” or “ghijklmn.” Attackers can run comprehensive lists of frequently used passwords to test against a password. In summary: A weak password uses personally identifying words, family dates or names, dictionary words, or simple character s | Tool Threat | ★★ | |
|
2023-09-21 05:00:51 | Le retour de la livraison directe des ransomwares? The Return of Direct Ransomware Delivery? (lien direct) |
Si vous avez lu notre guide de survie à Ransomware mis à jour, vous savez déjà que le ransomware moderne est rarement livré directement par e-mail.De nos jours, les gangs de ransomware préfèrent s'associer avec les courtiers d'accès initiaux (IAB).Les IAB fonctionnent en distribuant des logiciels malveillants dans des campagnes à haut volume, puis en vendant un accès à des systèmes compromis.Mais il y a encore des cas de bord où les acteurs de la menace essaient de couper l'intermédiaire et de livrer directement des ransomwares.
Un exemple récent de ceci est Knight ou Knight Lite Ransomware (une version rebaptisée du cyclops ransomware-as-a-Service).En août 2023, les chercheurs de Proofpoint ont vu plusieurs campagnes dans lesquelles Knight a été livré directement par e-mail.Ces campagnes étaient principalement à faible volume, avec moins de 500 messages, bien qu'une campagne en contenait plus de 1 000.Les campagnes ont principalement ciblé les utilisateurs anglophones, mais nous avons également noté des campagnes ciblant les utilisateurs en Italie et en Allemagne dans ces langues.
Un leurre sur le thème de la facture a envoyé une récente campagne Knight.
Les leurres e-mail de ces campagnes ont inclus des faux messages d'un site Web de voyage bien connu destiné aux organisations hôtelières, ainsi qu'à des leurres de facturation plus standard.Les e-mails contiennent une pièce jointe HTML qui charge une interface de navigateur dans le navigateur usurpant le site légitime.Cette interface invite ensuite la victime à cliquer et à télécharger un fichier exécutable ou xll zippé contenant le ransomware.Dans certaines campagnes ultérieures ciblant les utilisateurs italiens, la chaîne d'attaque a été modifiée pour inclure un fichier zip interstitiel contenant soit un LNK reliant à un partage WebDAV ou à un XLL, qui installent tous deux un téléchargeur.Cela installe à son tour la charge utile Knight.Le téléchargeur utilisé dans ces chaînes d'attaque ultérieurs n'a pas été vu auparavant dans nos données, et nos chercheurs enquêtent.Dans toutes les chaînes d'attaque, une fois installées, Knight Ransomware commence un mouvement latéral, en scrutant des adresses IP privées en tant que précurseur pour chiffrer les appareils en réseau.
Les fichiers sont chiffrés par une extension .Knight_L, et une note de rançon est laissée des sommes exigeantes allant de 5 000 $ à 15 000 $ en Bitcoin.L'acteur de menace fournit un lien vers un site contenant des instructions supplémentaires et une adresse e-mail pour les informer lorsqu'un paiement a été effectué.Actuellement, il n'y a rien pour indiquer que les données sont exfiltrées et chiffrées.
Capture d'écran de la page Web Knight Ransomware Tor.
Le paysage des menaces a considérablement changé depuis l'époque des campagnes de ransomwares à volume à volume élevé.En fait, les campagnes de Knight récentes sont la première fois depuis 2021 que les chercheurs à preuves ont vu la livraison de ransomwares par courriel dans les semaines consécutives en utilisant les mêmes caractéristiques de la campagne.Mais avec une perturbation récente dans le botnet de logiciel malveillant à grande échelle QBOT-A à grande échelle couramment utilisé par de nombreux attaquants IABS-Ransomware peuvent décider de revoir ces méthodes de livraison.
Pour plus d'informations sur le paysage des ransomwares en développement, consultez le Guide de survie des ransomwares et abonnez-vous à notre blog de menace.
If you\'ve read our updated Ransomware Survival Guide, you already know that modern ransomware is rarely delivered directly by email. These days, ransomware gangs prefer to partner with initial access brokers (IABs). IABs operate by distributing malware in high volume campaigns and then selling access to compromised systems. But there are still some edge cases where threat actors try to cut out the middleman and deliver ransomware directly. A recent example of this is Knight or Knight Li |
Ransomware Malware Threat | ★★ | |
|
2023-09-20 05:00:47 | Toutes les vulnérabilités ne sont pas créées égales: les risques d'identité et les menaces sont la nouvelle vulnérabilité Not All Vulnerabilities Are Created Equal: Identity Risks and Threats Are the New Vulnerability (lien direct) |
If the history of cyber threats has taught us anything, it\'s that the game is always changing. The bad actors show us a move. We counter the move. Then, the bad actors show us a new one. Today, that “new move” is the vulnerable state of identities. Attackers realize that even if the network and every endpoint and device are secured, they can still compromise an enterprise\'s resources by gaining access to one privileged account. There is a lot of opportunity to do that, too. Within companies, one in six endpoints has an exploitable identity risk, as research for the Analyzing Identity Risks (AIR) Research Report from Proofpoint found. “Well, that escalated quickly.” The latest Data Breach Investigations Report from Verizon highlights the risks of complex attacks that involve system intrusion. It also underscores the need to disrupt the attacker once they are inside your environment. Once they have that access, they will look for ways to escalate privileges and maintain persistence. And they will search for paths that will allow them to move across the business so that they can achieve their goals, whatever they may be.hey may be. This problem is getting worse because managing enterprise identities and the systems to secure them is complex. Another complication is the constant changes to accounts and their configurations. Attackers are becoming more focused on privileged identity account takeover (ATO) attacks, which allow them to compromise businesses with ease and speed. At least, as compared with the time, effort and cost that may be required to exploit a software vulnerability (a common vulnerability and exposure or CVE). We should expect this trend to continue, given that ATOs have reduced attacker dwell times from months to days. And there is little risk that attackers will be detected before they are able to complete their crimes. How can IT and security leaders and their teams respond? A “back to the basics” approach can help. Shifting the focus to identity protection Security teams work to protect their networks, systems and endpoints in their infrastructure, and they have continued moving up the stack to secure applications. Now, we need to focus more on ways to improve how we protect identities. That is why an identity threat detection and response (ITDR) strategy is so essential today. We tend to think of security in battle terms; as such, identity is the next “hill” we need to defend. As we have done with the network, endpoint and application hills in the past, we should apply basic cyber hygiene and security posture practices to help prevent identity risk. There is value in using preventative and detective controls in this effort, but the former type of control is preferred. (It can cost less to deploy, too.) In other words, as we take this next hill to secure identity threats, we should keep in mind that an ounce of prevention is worth a pound of cure. Identity as a vulnerability management asset type Businesses should consider managing remediation of the identity vulnerabilities that are most often attacked in the same or a similar way to how they manage the millions of other vulnerabilities across their other asset types (network, host, application, etc.). We need to treat identity risk as an asset type. Its vulnerability management should be included in the process for prioritizing vulnerabilities that need remediation. A requirement for doing this is the ability to scan the environment on a continuous basis to discover identities that are vulnerable now-and learn why are at risk. Proofpoint SpotlightTM provides a solution. It enables: The continuous discovery of identity threats and vulnerability management Their automated prioritization based on the risk they pose Visibility into the context of each vulnerability And Spotlight enables fully automated remediation of vulnerabilities where the remediation creates no risk of business interruption. Prioritizing remediation efforts across asset types Most enterprises have millions of vulnerabilities across their | Data Breach Vulnerability Threat Prediction | ★★ | |
|
2023-09-20 05:00:00 | Les logiciels malveillants chinois apparaissent sérieusement dans le paysage des menaces de cybercriminalité Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (lien direct) |
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators. Overview Since early 2023, Proofpoint observed an increase in the email distribution of malware associated with suspected Chinese cybercrime activity. This includes the attempted delivery of the Sainbox Remote Access Trojan (RAT) – a variant of the commodity trojan Gh0stRAT – and the newly identified ValleyRAT malware. After years of this malware not appearing in Proofpoint threat data, its appearance in multiple campaigns over the last six months is notable. The phrase “Chinese-themed” is used to describe any of the observed content related to this malicious activity, including lures, malware, targeting, and any metadata that contains Chinese language usage. Campaigns are generally low-volume and are typically sent to global organizations with operations in China. The email subjects and content are usually written in Chinese, and are typically related to business themes like invoices, payments, and new products. The targeted users have Chinese-language names spelled with Chinese-language characters, or specific company email addresses that appear to align with businesses\' operations in China. Although most campaigns have targeted Chinese speaking users, Proofpoint observed one campaign targeting Japanese organizations, suggesting a potential expansion of activity. These recently identified activity clusters have demonstrated flexible delivery methods, leveraging both simple and moderately complex techniques. Commonly, the emails contain URLs linking to compressed executables that are responsible for installing the malware. However, Proofpoint has also observed Sainbox RAT and ValleyRAT delivered via Excel and PDF attachments containing URLs linking to compressed executables. Proofpoint researchers assess those multiple campaigns delivering Sainbox RAT and ValleyRAT contain some similar tactics, techniques, and procedures (TTPs). However, research into additional activity clusters utilizing these malwares demonstrate enough variety in infrastructure, sender domains, email content, targeting, and payloads that researchers currently conclude that all use of these malwares and associated campaigns are not attributable to the same cluster, but likely multiple distinct activity sets. The emergence and uptick of both novel and older Chinese-themed malware demonstrates a new trend in the overall 2023 threat landscape. A blend of historic malware such as Sainbox – a variant of the older Gh0stRAT malware – and the newly uncovered ValleyRAT may challenge the dominance that the Russian-speaking cybercrime market has on the threat landscape. However, the Chinese-themed malware is currently mostly targeted toward users that likely speak Chinese. Proofpoint continues to monitor for evidence of increasing adoption across other languages. For network defenders, we include several indicators of compromise and Emerging Threats detections to provide the community with the ability to cover these threats. Campaign Details Proofpoint has observed over 30 campaigns in 2023 leveraging malware typically associated with Chinese cybercrime activity. Nearly all lures are in Chinese, although Proofpoint has also observed messages in Japanese targeting organizations in that country. Gh0stRAT / Sainbox Proofpoint has observed an increase in a variant of Gh0stRAT Proofpoint researchers refer to as Sainbox. Sainbox was first i | Malware Tool Threat Prediction | ★★★ | |
|
2023-09-19 05:00:12 | Pourquoi les données sur les soins de santé sont difficiles à protéger et quoi faire à ce sujet Why Healthcare Data Is Difficult to Protect-and What to Do About It (lien direct) |
Hospitals, clinics, health insurance providers and biotech firms have long been targets for cyber criminals. They handle data like protected health information (PHI), intellectual property (IP), clinical trial data and payment card data, giving attackers many options to cash in. And as healthcare institutions embrace the cloud, remote work and telehealth, the risks of attacks on this data only increase. Besides outside attackers, insider risk is another concern in an industry where employees face high and sustained levels of stress. And then there\'s the increasing risk of ransomware. In the 2022 Internet Crime Report from the FBI\'s Internet Crime Complaint Center, healthcare was called out as the critical infrastructure industry hardest hit by ransomware attacks. In this blog, we\'ll take a look at some of the information protection challenges faced by the healthcare industry today. And we\'ll look at some solutions. Healthcare data breach costs Not only are data breaches in healthcare on the rise, but the costs for these breaches are high for this industry, too. IBM\'s Cost of a Data Breach Report 2023 says that the average cost of a healthcare data breach in the past year was $11 million. These costs can include: Ransoms paid Systems remediation Noncompliance fines Litigation Brand degradation There\'s a high cost in terms of disruptions to patient care as well. System downtime or compromised data integrity due to cyber attacks can put patients at risk. For example, when Prospect Medical Holdings faced a recent cyber attack, its hospitals had to shut down their IT networks to prevent the attack\'s spread. They also needed to revert to paper charts. The Rhysida ransomware gang claimed responsibility for that attack, where a wealth of data, including 500,000 Social Security numbers, patient files, and legal documents, was stolen. Information protection challenges in healthcare Healthcare firms face many challenges in protecting sensitive data. They include: Insider threats and electronic health record (EHR) snooping What are some insider threats that can lead to data breaches in healthcare? Here\'s a short list of examples: Employees might sneak a peek at the medical records of a famous patient and share the details with the media. Careless workers could click on phishing emails and open the door to data theft. Malicious insiders can sell patient data on the dark web. Departing employees can take valuable research data with them to help along own careers. A growing attack surface due to cloud adoption Most healthcare businesses are increasing their use of cloud services. This move is helping them to improve patient care by making information more accessible. But broad sharing of files in cloud-based collaboration platforms increases the risk of a healthcare data breach. It is a significant risk, too. Proofpoint threat intelligence shows that in 2022, 62% of all businesses were compromised via cloud account takeover. Data at risk across multiple data loss channels When EHRs are housed on-premises, patient records can still be accessed, shared and stored on remote endpoint and cloud-based collaboration and email systems. And as healthcare data travels across larger geographies, protecting it becomes much more of a challenge. How Proofpoint can help Our information protection platform, Proofpoint Sigma, provides unmatched visibility and control over sensitive data across email, cloud, web and endpoints. This unified platform allows healthcare businesses to manage data risk, while saving time and reducing operational costs. We can help protect your data from accidental disclosure, malicious attacks and insider risk. As the healthcare industry continues to adopt remote work and telehealth, there is one particular Proofpoint solution that stands out for its ability to help safeguard data. That\'s Proofpoint Insider Threat Management (ITM). It monitors user and data activity on endpoints. And it allows security teams to detect, investigate and respond to potential data l | Ransomware Data Breach Threat Medical Cloud | ★★ | |
|
2023-09-18 05:00:09 | Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment (lien direct) |
Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents. While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats. That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery). “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” Source: 2023 Gartner Market Guide for Email Security The rise of cloud-based email security solutions Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market. Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses. The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them. Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs. Post-delivery deployment (API-based model) In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats. Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive. Pre-delivery deployment (MX-based model) This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in | Ransomware Data Breach Malware Tool Threat Prediction Cloud | ★★★ | |
|
2023-09-15 09:50:31 | L'avenir de l'autonomisation de la conscience de la cybersécurité: 5 cas d'utilisation pour une IA générative pour augmenter votre programme The Future of Empowering Cybersecurity Awareness: 5 Use Cases for Generative AI to Boost Your Program (lien direct) |
Social engineering threats are increasingly difficult to distinguish from real media. What\'s worse, they can be released with great speed and at scale. That\'s because attackers can now use new forms of artificial intelligence (AI), like generative AI, to create convincing impostor articles, images, videos and audio. They can also create compelling phishing emails, as well as believable spoof browser pages and deepfake videos. These well-crafted attacks developed with generative AI are creating new security risks. They can penetrate protective defense layers by exploiting human vulnerabilities, like trust and emotional response. That\'s the buzz about generative AI. The good news is that the future is wide open to fight fire with fire. There are great possibilities for using a custom-built generative AI tool to help improve your company\'s cybersecurity awareness program. And in this post, we look at five ways your organization might do that, now or in the future. Let\'s imagine together how generative AI might help you to improve end users\' learning engagement and reduce human risk. 1. Get faster alerts about threats If your company\'s threat intelligence exposes a well-designed credential attack targeting employees, you need to be quick to alert and educate users and leadership about the threat. In the future, your company might bring in a generative AI tool that can deliver relevant warnings and alerts to your audiences faster. Generative AI applications can analyze huge amounts of data about emerging threats at greater speed and with more accuracy than traditional methods. Security awareness administrators might run queries such as: “Analyze internal credential phishing attacks for the past two weeks” “List BEC attacks for credentials targeting companies like mine right now” In just a few minutes, the tool could summarize current credential compromise threats and the specific “tells” to look for. You could then ask your generative AI tool to create actionable reporting about that threat data on the fly, which saves time because you\'re not setting up dashboards. Then, you use the tool to push out threat alerts to the business. It could also produce standard communications like email messages and social channel notifications. You might engage people further by using generative AI to create an eye-catching infographic or a short, animated video in just seconds or minutes. No need to wait days or weeks for a designer to produce that visual content. 2. Design awareness campaigns more nimbly Say that your security awareness team is planning a campaign to teach employees how to spot attacks targeting their credentials, as AI makes phishing emails more difficult to spot. Your security awareness platform or learning management system (LMS) has a huge library of content you can tap for this effort-but your team is already overworked. In the future, you might adapt a generative AI tool to reduce the manual workload by finding what information is most relevant and providing suggestions for how to use it. A generative AI application could scan your content library for training modules and awareness materials. For instance, an administrator could make queries such as: “Sort existing articles for the three biggest risks of credential theft” “Suggest training assignments that educate about document attachments” By applying this generative AI use case to searching and filtering, you would shortcut the long and tedious process of looking for material, reading each piece for context, choosing the most relevant content, and deciding how to organize what you\'ve selected. You could also ask the generative AI tool to recommend critical topics missing in the available content. The AI might even produce the basis for a tailored and personalized security campaign to help keep your people engaged. For instance, you could ask the tool to sort content based on nonstandard factors you consider interesting, such as mentioning a geographic region or holiday season. 3. Produce | Tool Vulnerability Threat | ChatGPT ChatGPT | ★★ |
|
2023-09-14 05:00:42 | Maximiser les soins aux patients: sécuriser le cheval de travail des e-mails des portails de santé, des plateformes et des applications Maximizing Patient Care: Securing the Email Workhorse of Healthcare Portals, Platforms and Applications (lien direct) |
In the modern healthcare industry, healthcare portals, platforms and applications serve as tireless workers. They operate around the clock, making sure that crucial information reaches patients and providers. At the heart of it all is email-an unsung hero that delivers appointment reminders, test results, progress updates and more. Healthcare portals, platforms and applications and many of the emails they send contain sensitive data. That means they are a top target for cyber criminals. And data breaches can be expensive for healthcare businesses. Research from IBM shows that the average cost of a healthcare data breach-$10.93 million-is the highest of any industry. In addition, IBM reports that since 2020 data breach costs have increased 53.3% for the industry. In this post, we explore how a Proofpoint solution-Secure Email Relay-can help healthcare institutions to safeguard patient information that is transmitted via these channels. Healthcare technology in use today First, let\'s look at some of the main types of healthcare portals, platforms and applications that are in use today. Patient portals. Patient portals have transformed the patient and provider relationship by placing medical information at patients\' fingertips. They are a gateway to access medical records, view test results and schedule appointments. And they offer patients a direct line to communicate with their healthcare team. The automated emails that patient portals send to patients help to streamline engagement. They provide useful information and updates that help people stay informed and feel more empowered. Electronic health record (EHR) systems. EHR applications have revolutionized how healthcare providers manage and share patient information with each other. These apps are digital repositories that hold detailed records of patients\' medical journeys-data that is used to make medical decisions. EHR apps send automated emails to enhance how providers collaborate on patient care. Providers receive appointment reminders, critical test results and other vital notifications through these systems. Health and wellness apps. For many people, health and wellness apps are trusted companions. These apps can help them track fitness goals, monitor their nutrition and access mental health support, to name a few services. Automated emails from these apps can act as virtual cheerleaders, too. They provide users with reminders, progress updates and the motivation to stick with their goals. Telemedicine platforms. Telemedicine platforms offer patients access to virtual medical consultations. They rely on seamless communication-and emails are key to that experience. Patients receive emails to remind them about appointments, get instructions on how to join virtual consultations, and more. The unseen protector: security in healthcare emails Healthcare providers need to safeguard patient information, and that includes when they rely on healthcare portals, platforms and applications to send emails to their patients. Proofpoint Secure Email Relay (SER) is a tool that can help them protect that data. SER is more than an email relay. It is a security-centric solution that can ensure sensitive data is only exchanged within a healthcare ecosystem. The solution is designed to consolidate and secure transactional emails that originate from various clinical and business apps. SER acts as a guardian. It helps to ensure that compromised third-party entities cannot exploit domains to send malicious emails-which is a go-to tactic for many attackers. Key features and benefits of Proofpoint SER Here are more details about what the SER solution includes. Closed system architecture Proofpoint SER features a closed-system approach. That means it permits only verified and trusted entities to use the email relay service. This stringent measure can lead to a drastic reduction in the risk associated with vulnerable or compromised email service providers. No more worrying about unauthorized users sending emails in your business\'s name. Enhanced security contro | Data Breach Tool Medical Cloud | ★★ |
To see everything:
Our RSS (filtrered)
