What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-02-26 17:18:53 | Cinq Nations Eyes préviennent d'évolution des pratiques de cyberespionnage russes ciblant les environnements cloud Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments (lien direct) |
> L'avis émis par le Centre national de cybersécurité du Royaume-Uni décompose les tactiques et les techniques de SVR Hacking Ops.
>The advisory issued by the U.K.\'s National Cyber Security Centre breaks down tactics and techniques from SVR hacking ops. |
Cloud | TYPEFRAME | ★★★ |
 |
2024-02-26 17:15:00 | CISA Issues Alert sur les tactiques d'infiltration des nuages d'APT29 \\ CISA Issues Alert on APT29\\'s Cloud Infiltration Tactics (lien direct) |
Connu sous le nom de Midnight Blizzard, les dukes ou l'ours confortable, le groupe a été identifié comme une entité russe opérant probablement sous le SVR
Known as Midnight Blizzard, the Dukes or Cozy Bear, the group has been identified as a Russian entity likely operating under the SVR |
Cloud | APT 29 | ★★ |
 |
2024-02-26 16:43:37 | Genetec lance Security Center SaaS (lien direct) | Genetec introduit une solution SaaS unifiée à l'échelle des entreprises Security Center SaaS redéfinit les possibilités pour la sécurité physique basée sur le cloud. - Produits | Cloud | ★★ | |
 |
2024-02-26 15:21:00 | Les chevaux de Troie bancaires ciblent l'Amérique latine et l'Europe via Google Cloud Run Banking Trojans Target Latin America and Europe Through Google Cloud Run (lien direct) |
Les chercheurs en cybersécurité mettent en garde contre un pic dans les campagnes de phishing par e-mail qui armement le service Google Cloud Run pour livrer divers chevaux de Troie bancaires tels que & nbsp; Astaroth & nbsp; (aka guildma), & nbsp; mekotio et & nbsp; Ousaban & nbsp; (aka javali) to ciblers à travers letin; OUSABAN & NBSP; (AKA JAVALI) pour cibler à travers le latin;Amérique (Latam) et Europe.
"Les chaînes d'infection associées à ces familles de logiciels malveillants comportent l'utilisation de malveillants
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious |
Malware Cloud | ★★ | |
 |
2024-02-26 13:56:26 | Russie Cyber Spies derrière Solarwinds Breach adoptant de nouvelles tactiques, avertissez cinq agences Eyes Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies (lien direct) |
Les cyber-espions russes derrière la violation de Solarwinds adaptent leurs techniques pour pirater des organisations qui ont déplacé leurs réseaux dans des environnements hébergés dans le cloud, les responsables occidentaux avertissent.L'hébergement cloud a posé un défi pour les pirates, car il a effectivement réduit la surface d'attaque en termes de capacité à exploiter les vulnérabilités logicielles que les organisations
The Russian cyber spies behind the SolarWinds breach are adapting their techniques to hack into organizations that have moved their networks into cloud-hosted environments, Western officials are warning. Cloud hosting has posed a challenge to hackers because it has effectively reduced the attack surface in terms of their ability to exploit software vulnerabilities that organizations |
Hack Vulnerability Threat Cloud | ★★★ | |
 |
2024-02-26 13:00:31 | Sécuriser la route à venir: aborder les erreurs de configuration du cloud persistant dans l'industrie automobile Securing the Road Ahead: Addressing Persistent Cloud Misconfigurations in the Automotive Industry (lien direct) |
> Explorez une paire d'expositions de sécurité de l'industrie automobile et comment les outils de sécurité appropriés auraient pu empêcher ces mêmes anciens problèmes \\ 'de se produire.Plus tôt ce mois-ci, BMW a été encore une autre victime de dangereux erronés dans leur stockage cloud, qui exposent des clés privées et des données sensibles.Selon un récent article de TechCrunch, un seau de stockage Azure public contenait des «fichiers de script qui comprenaient des informations d'accès, des clés secrètes pour accéder aux adresses de godet privées et des détails sur d'autres services cloud».Pour être juste, BMW n'est pas seul dans ces questions, en fait, selon le rapport de sécurité du cloud de point de contrôle de 2023, [& # 8230;]
>Explore a pair of security exposures from the automotive industry and how the proper security tools could have prevented these \'same old issues\' from happening. Earlier this month, BMW was yet another victim of dangerous misconfigurations in their cloud storage, which exposed private keys and sensitive data. According to a recent article by TechCrunch, a public Azure storage bucket held “script files that included access information, secret keys for accessing private bucket addresses, and details about other cloud services.” To be fair, BMW is not alone in these issues, in fact, according to the 2023 Check Point Cloud Security Report, […] |
Tool Cloud | ★★ | |
 |
2024-02-26 05:03:36 | Les tenants et aboutissants de la confidentialité des données, partie 2: confidentialité par conception en protection de l'information The Ins and Outs of Data Privacy, Part 2: Privacy by Design in Information Protection (lien direct) |
This is the second blog in a two-part series about data privacy. In our previous post, we discussed how data privacy has become increasingly important. And we covered why data loss protection (DLP) and insider threat management (ITM) tools are critical to ensuring data privacy. The shift to “work from anywhere” and the increase in cloud adoption have caused a rise in data loss and insider threats. To defend data from careless, malicious and compromised insiders-and the harm that they cause-security teams must implement data security tools like data loss prevention (DLP) and insider threat management (ITM) platforms. These tools monitor and control how employees interact with data. At the same time, companies are collecting more and more data about employees themselves, like protected health information (PHI). The abundance of all this data-which is being collected and processed in the cloud-creates a critical challenge for security teams. They must protect employee privacy without impeding productivity. In this post, we\'ll explore the topic of privacy by design, which aims to strike a balance between these two challenges. We\'ll cover why it\'s so important. And we\'ll discuss how Proofpoint Information Protection can help you build a modern DLP program and comply with data privacy laws. Why privacy by design matters for DLP and ITM Privacy by design is a framework that embeds privacy into the design of IT systems, infrastructure and business processes. Privacy is not an afterthought. It is considered right from the start-in the initial design phase. What\'s more, it\'s a core component that integrates visibility, transparency and user-centricity into its design. In short, privacy by design ensures that everything is built with the user in mind. Privacy by design is important to DLP and ITM because it helps to: Protect employee rights. Personal data is sacred. Employees expect their personal data to be safe and their rights protected. When a company takes a proactive, transparent approach to data privacy, it helps maintain trust with employees. Comply with privacy laws. Data privacy laws protect people by requiring businesses to keep their data safe and avoid sharing it unethically with third parties. These laws often require companies to tell users exactly how their data is used and collected, and to notify them in the event of a data breach. Failure to comply can lead to hefty fines and penalties, which can damage a firm\'s finances and brand image. Prevent bias in investigations. When user data is kept secure and private, it ensures insider threat investigations maintain their integrity and objectivity. If a user is identified, it could influence a security analyst\'s response to an incident. User privacy helps take emotion and subjectivity out of the picture. Ensure data privacy with Proofpoint DLP and ITM Proofpoint Information Protection includes administration and access controls. These controls can help your business keep data private and meet compliance requirements. Data residency and storage Proofpoint uses regional data centers in the U.S., Europe, Australia and Japan to meet data privacy and data residency requirements. You can control exactly where your data is stored at all of these data centers. For example, you can group your endpoints and map each group to a regional data center. This ensures that data on all those endpoints are stored in that regional center. So, a U.S. realm can manage U.S. endpoint data, which is sent to the U.S. data center. Attribute-based access controls Attribute-based access controls give you a flexible and easy way to manage access to data. You can use these controls to ensure that security analysts have visibility into data on a need-to-know basis only. For instance, you can write granular policies and assign access so that a U.S.-based security analyst can only see U.S. data. They cannot see data in Europe or the Asia-Pacific region. And when an analyst needs to access a specific user\'s data for an | Data Breach Tool Threat Cloud | ★★ | |
 |
2024-02-23 20:51:22 | Astaroth, Mekotio & Ousaban abusant Google Cloud Run dans les campagnes de logiciels malveillants axés sur LATAM Astaroth, Mekotio & Ousaban Abusing Google Cloud Run in LATAM-Focused Malware Campaigns (lien direct) |
#### Description
Depuis septembre 2023, Cisco Talos a observé une augmentation significative du volume de courriels malveillants tirant parti du service Google Cloud Run pour infecter les victimes potentielles avec des chevaux de Troie bancaires.
Les chaînes d'infection associées à ces familles de logiciels malveillants présentent l'utilisation de installateurs Microsoft malveillants (MSIS) qui fonctionnent comme des gouttes ou des téléchargeurs pour la charge utile des logiciels malveillants finaux.Les campagnes de distribution pour ces familles de logiciels malveillants sont liées, Astaroth et Mekotio distribués sous le même projet Google Cloud et Google Cloud Storage Bucket.Ousaban est également abandonné dans le cadre du processus d'infection Astaroth.
Le malware est distribué par e-mails qui sont envoyés à l'aide de thèmes liés aux factures ou aux documents financiers et fiscaux, et se présentent parfois comme étant envoyés par l'agence fiscale du gouvernement local dans le pays ciblé.Les e-mails contiennent des hyperliens vers Google Cloud Run, qui peuvent être identifiés en raison de l'utilisation de l'application Run [.] Comme domaine de niveau supérieur (TLD).Lorsque les victimes accèdent à ces hyperliens, elles sont redirigées vers les services Web d'exécution du cloud déployés par les acteurs de la menace et ont livré les composants nécessaires pour initier le processus d'infection.
#### URL de référence (s)
1. https://blog.talosintelligence.com/google-cloud-run-abuse/
#### Date de publication
20 février 2024
#### Auteurs)
Edmund Brumaghin
Ashley Shen
Holger Unterbrink
Guilherme Veree
#### Description Since September 2023, Cisco Talos have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. The infection chains associated with these malware families feature the use of malicious Microsoft Installers (MSIs) that function as droppers or downloaders for the final malware payload(s). The distribution campaigns for these malware families are related, with Astaroth and Mekotio being distributed under the same Google Cloud Project and Google Cloud storage bucket. Ousaban is also being dropped as part of the Astaroth infection process. The malware is being distributed via emails that are being sent using themes related to invoices or financial and tax documents, and sometimes pose as being sent from the local government tax agency in the country being targeted. The emails contain hyperlinks to Google Cloud Run, which can be identified due to the use of run[.]app as the top-level domain (TLD). When victims access these hyperlinks, they are redirected to the Cloud Run web services deployed by the threat actors and delivered the components necessary to initiate the infection process. #### Reference URL(s) 1. https://blog.talosintelligence.com/google-cloud-run-abuse/ #### Publication Date February 20, 2024 #### Author(s) Edmund Brumaghin Ashley Shen Holger Unterbrink Guilherme Venere |
Malware Threat Cloud | ★★ | |
 |
2024-02-23 11:00:00 | Détection des connexions anormales O365 et des techniques d'évasion Detecting anomalous O365 logins and evasion techniques (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summary Businesses across multiple industries, regardless of size, are at risk of being targeted with Microsoft 365 phishing campaigns. These campaigns trick users into visiting fake Microsoft login page where threat actors capture the user’s credentials. Even accounts with MFA can be victim to these types of attacks. There are several ways in which MFA is being bypassed with these types of campaigns. MFA Fatigue is one of the ways threat actors are bypassing MFA and this method attempts to exploit human error by repeatedly logging in with the stolen credentials causing an overwhelming number of MFA prompts in attempts to get the user to approve the login. Another MFA bypass technique is SIM Swapping. A SIM card is a small chip that your mobile carrier uses to hold identification information to tie your phone to you and your mobile carrier. Threat actors have found a weakness in this because there are scenarios where a customer may need a new SIM card (for example, they lost their phone). Carriers can transfer your identification information from your old SIM card to new one. SIM Swapping is when a threat actor abuses this feature and impersonates you to convince your mobile carrier to switch your phone number to a SIM card that is in the threat actor’s possession. This then allows the threat actor to receive MFA codes sent to your number via phone call or SMS. | Tool Threat Mobile Cloud | ★★★ | |
 |
2024-02-23 00:00:00 | Des millions d'URL malveillants indétectables générés via les services de violence du cloud public et du Web 3.0 Millions of Undetectable Malicious URLs Generated Via the Abuse of Public Cloud and Web 3.0 Services (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summary Businesses across multiple industries, regardless of size, are at risk of being targeted with Microsoft 365 phishing campaigns. These campaigns trick users into visiting fake Microsoft login page where threat actors capture the user’s credentials. Even accounts with MFA can be victim to these types of attacks. There are several ways in which MFA is being bypassed with these types of campaigns. MFA Fatigue is one of the ways threat actors are bypassing MFA and this method attempts to exploit human error by repeatedly logging in with the stolen credentials causing an overwhelming number of MFA prompts in attempts to get the user to approve the login. Another MFA bypass technique is SIM Swapping. A SIM card is a small chip that your mobile carrier uses to hold identification information to tie your phone to you and your mobile carrier. Threat actors have found a weakness in this because there are scenarios where a customer may need a new SIM card (for example, they lost their phone). Carriers can transfer your identification information from your old SIM card to new one. SIM Swapping is when a threat actor abuses this feature and impersonates you to convince your mobile carrier to switch your phone number to a SIM card that is in the threat actor’s possession. This then allows the threat actor to receive MFA codes sent to your number via phone call or SMS. | Cloud | ★★ | |
 |
2024-02-22 16:53:12 | UOB, Samsung Back Singapore \\'s Startale Labs en 7 millions de dollars web3 push UOB, Samsung Back Singapore\\'s Startale Labs in $7 Million Web3 Push (lien direct) |
par owais sultan
Startale Labs, le développeur derrière les principaux produits Web3 du Japon comme Astar Network et Startale Web3 Cloud, a sécurisé & # 8230;
Ceci est un article de HackRead.com Lire le post original: UOB, Samsung Back Singapour & # 8217; s startale labs en 7 millions de dollars web3 push
By Owais Sultan Startale Labs, the developer behind Japan’s leading Web3 products like Astar Network and Startale Web3 Cloud, has secured… This is a post from HackRead.com Read the original post: UOB, Samsung Back Singapore’s Startale Labs in $7 Million Web3 Push |
Cloud | ★★ | |
 |
2024-02-22 16:00:00 | Résoudre le défi de l'expérience utilisateur Sase avec la gestion de l'expérience numérique proactive (P-DEM) Solving the SASE User Experience Challenge with Proactive Digital Experience Management (P-DEM) (lien direct) |
> La transformation numérique et ses défis à l'époque de la transformation numérique de la transformation numérique, les organisations se déplacent rapidement vers une infrastructure numérique distribuée et dynamique.Cette nouvelle réalité est caractérisée par des effectifs hybrides, des logiciels en tant que service (SaaS) et l'hébergement cloud.Bien que cette transformation apporte de nombreux avantages, il introduit également des défis importants pour les organisations informatiques, en particulier en termes [& # 8230;]
>Digital transformation and its challenges In today’s era of digital transformation, organizations are rapidly shifting towards a distributed and dynamic digital infrastructure. This new reality is characterized by hybrid workforces, software as a service (SaaS), and cloud hosting. While this transformation brings numerous benefits, it also introduces significant challenges for IT organizations, particularly in terms […] |
Cloud | ★★ | |
 |
2024-02-22 14:20:48 | La sécurisation de l\'infrastructure cloud exige un nouvel état d\'esprit (lien direct) | Compte tenu du rôle majeur que joue le cloud de nos jours dans la transformation des organisations, sa sécurité représente une préoccupation cruciale. Pour anticiper et/ou combler les failles de sécurité, les différents acteurs qui sont partie prenante doivent adopter ensemble, et sans tarder, un nouvel état d'esprit. | Cloud | ★★ | |
 |
2024-02-22 14:06:16 | Dans quelle mesure la gestion des identités dans le cloud étend-elle la surface d\'attaque ? (lien direct) | Le recours à un fournisseur d'identité (IdP) cloud étend notre surface d'attaque. Néanmoins une question se pose : dans quelle mesure cette approche étend-elle votre surface d'attaque ?... | Cloud | ★★ | |
|
2024-02-22 10:39:09 | Genetec Inc. annonce Security Center SaaS (lien direct) | Genetec introduit une solution SaaS unifiée à l'échelle des entreprises. Security Center SaaS redéfinit les possibilités pour la sécurité physique basée sur le cloud. - Produits | Cloud | ★★ | |
|
2024-02-22 08:30:00 | Les entreprises augmentent la cybersécurité à mesure que les budgets augmentent en 2024 Businesses Increase Cybersecurity as Budgets Surge in 2024 (lien direct) |
Plus des deux tiers des décideurs informatiques augmentent les budgets de la cybersécurité en 2024, la priorisation de la sécurité du cloud et de la réponse aux incidents à mesure que les cyber-menaces augmentent
Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate |
Cloud | ★★ | |
|
2024-02-21 20:25:27 | Types d'applications SaaS: catégories et exemples Types of SaaS Applications: Categories and Examples (lien direct) |
> Par uzair amir
Découvrez différents types de solutions SaaS et les catégories SaaS les plus utilisées pour créer votre propre & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Types d'applications SaaS: catégories et exemples
>By Uzair Amir Learn about different types of SaaS solutions and the most widely used SaaS categories to create your own… This is a post from HackRead.com Read the original post: Types of SaaS Applications: Categories and Examples |
Cloud | ★★ | |
|
2024-02-21 17:00:00 | 6 façons de simplifier la gouvernance de l'identité SaaS 6 Ways to Simplify SaaS Identity Governance (lien direct) |
Les applications SaaS constituant désormais la grande majorité des technologies utilisées par les employés de la plupart des organisations, les tâches liées à la gouvernance de l'identité doivent se produire dans une myriade d'applications SaaS individuelles.Cela présente un énorme défi pour les équipes informatiques centralisées qui sont finalement tenues responsables de la gestion et de la sécurisation de l'accès aux applications, mais ne peuvent pas devenir des experts dans les nuances des natifs
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can\'t possibly become experts in the nuances of the native |
Cloud | ★★ | |
|
2024-02-21 13:17:39 | Baromètre CESIN : comment évolue la perception de la menace sur le cloud ? (lien direct) | Quelle vision les RSSI ont-ils de la menace cyber liée au cloud ? Des tendaces se dégagent de l'analyse des résultats du baromètre CESIN sur la période 2017-2024. | Cloud | ★★ | |
|
2024-02-21 11:00:00 | Le SoC moderne de Next Gen propulsé par l'IA The modern next gen SOC powered by AI (lien direct) |
AI is among the most disruptive technologies of our time. While AI/ML has been around for decades, it has become a hot topic with continued innovations in generative AI (GenAI) from start-up OpenAI to tech giants like Microsoft, Google, and Meta. When large language models (LLMs) combined with big data and behavior analytics, AI/ML can supercharge productivity and scale operations across every sector from healthcare to manufacturing, transportation, retail, finance, government & defense, telecommunications, media, entertainment, and more. Within the cybersecurity industry, SentinelOne, Palo Alto Networks, Cisco, Fortinet and others are pioneering AI in Cybersecurity. In a research report of the global markets by Allied Market Research, AI in Cybersecurity is estimated to surge to $154.8 billion in 2032 from $19.2 billion in 2022, rising at a CAGR of 23.6%. Challenges of the traditional SOC SIEM One of the challenges with the traditional Security Operations Center (SOC) is SOC analysts are overwhelmed by the sheer number of alerts that come from Security Information Event Management (SIEM). Security teams are bombarded with low fidelity alerts and spend considerable time separating them from high fidelity alerts. The alerts come from almost any sources across the enterprise and is further compounded with too many point solutions and with multi-vendor environment. The numerous tools and lack of integration across multiple vendor product solutions often require a great deal of manual investigation and analysis. The pressure that comes with having to keep up with vendor training and correlate data and logs into meaningful insights becomes burdensome. While multi-vendor, multi-source, and multi-layered security solutions provides a lot of data, without ML and security analytics, it also creates a lot of noise and a disparate view of the threat landscape with insufficient context. SOAR Traditional Security Orchestration and Automation Response (SOAR) platforms used by mature security operations teams to develop run playbooks that automate action responses from a library of APIs for an ecosystem of security solution is complex and expensive to implement, manage, and maintain. Often SOCs are playing catch up on coding and funding development cost for run playbooks making it challenging to maintain and scale the operations to respond to new attacks quickly and efficiently. XDR Extended Detection and Response (XDR) solves a lot of these challenges with siloed security solutions by providing a unified view with more visibility and better context from a single holistic data lake across the entire ecosystem. XDR provides prevention as well as detection and response with integration and automation capabilities across endpoint, cloud, and network. Its automation capabilities can incorporate basic common SOAR like functions to API connected security tools. It collects enriched data from multiple sources and applies big data and ML based analysis to enable response of policy enforcement using security controls throughout the infrastructure. AI in the modern next gen SOC The use of AI and ML are increasingly essential to cyber operations to proactively identify anomalies and defend against cyber threats in a hyperconnected digital world. Canalys research estimates suggest that more than 7 | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★ | |
|
2024-02-21 10:09:28 | CrowdStrike Global Threat Report 2024 : de l\'intrusion à la brèche en moins de trois minutes, l\'infrastructure cloud attaquée (lien direct) | CrowdStrike Global Threat Report 2024 : de l'intrusion à la brèche en moins de trois minutes, l'infrastructure cloud attaquée Le rapport 2024 indique que les cyberadversaires cherchent à perturber les élections et à exploiter la technologie de l'IA générative - Investigations | Threat Studies Cloud | ★★★★ | |
|
2024-02-21 09:59:09 | Série de passerelles quantum Force Point dévoile Check Point Unveils Quantum Force Gateway Series (lien direct) |
Vérifier le point dévoile Quantum Force Gateway Series - le cloud ultime alimenté par AI - Solution de sécurité livrée
Quantum Force établit de nouvelles normes avec une prévention des menaces inégalée, une efficacité supérieure et une gestion transparente pour l'ère numérique, l'autonomisation des entreprises de toutes tailles avec une technologie de pare-feu de nouvelle génération
-
revues de produits
Check Point Unveils Quantum Force Gateway Series - The Ultimate AI-Powered Cloud - Delivered Security Solution Quantum Force sets new standards with unmatched Threat Prevention, superior efficiency, and seamless management for the digital age, empowering businesses of all sizes with Next-Generation Firewall technology - Product Reviews |
Threat Cloud | ★★ | |
|
2024-02-21 07:00:42 | Mesh hybride et la plate-forme de point de contrôle de Point Infinity Hybrid Mesh and the Check Point Infinity Platform (lien direct) |
> Gartner a récemment reconnu le point de contrôle en tant que fournisseur représentatif pour les plates-formes de pare-feu hybrides («maillage hybride»).Ce blog explore ce qu'est le maillage hybride et comment la plate-forme de contrôle de Point Infinity tient la promesse d'une stratégie de cybersécurité qui vous permet de répondre aux besoins de demain.L'hybride est la nouvelle norme.Et votre sécurité?Les effectifs hybrides, les nuages et les réseaux sont là pour rester, car près d'un tiers des employés à temps plein travaillent dans un modèle hybride tandis que près de la moitié des charges de travail résident dans le cloud.Chacun de ces environnements nécessite son propre type de pare-feu: les pare-feu virtuels sécurissent [& # 8230;]
>Gartner has recently recognized Check Point as a Representative Vendor for Hybrid Mesh Firewall Platforms (“Hybrid Mesh”). This blog explores what hybrid mesh is and how the Check Point Infinity Platform delivers on the promise of a cyber security strategy that lets you meet tomorrow\'s needs with confidence. Hybrid is the New Norm. How About Your Security? Hybrid workforces, clouds and networks are here to stay, as almost a third of full-time employees work in a hybrid model while nearly half of workloads reside in the cloud. Each of these environments requires its own type of firewall: Virtual firewalls secure […] |
Cloud | ★ | |
 |
2024-02-21 00:00:00 | Dévoiler l'évaluation de l'échéance du programme d'intelligence de cyber-menace de Maniant Unveiling Mandiant\\'s Cyber Threat Intelligence Program Maturity Assessment (lien direct) |
Dans le cadre de l'engagement continu de Google Cloud \\ à améliorer l'état global de cybersécurité pour la société, Mandiant publie aujourd'hui publiquement un Discovery des capacités d'intelligence basées sur les web (ICD) pour aider les organisations commerciales et gouvernementales à évaluerLa maturité de leur programme d'intelligence cyber-menace (CTI).La CIM est conçue pour fournir aux praticiens de la cybersécurité et aux dirigeants du renseignement des menaces une estimation de la façon dont le programme CTI \\ de l'organisation crée un impact organisationnel positif et réduit le risque pour l'entreprise.La CIM joue un critique
As part of Google Cloud\'s continuing commitment to improving the overall state of cybersecurity for society, today Mandiant is publicly releasing a web-based Intelligence Capability Discovery (ICD) to help commercial and governmental organizations evaluate the maturity of their cyber threat intelligence (CTI) program. The ICD is designed to provide cyber security practitioners and threat intelligence leaders with an estimate of how effectively and efficiently the organization\'s CTI program is creating a positive organizational impact and reducing risk for the business. The ICD plays a critical |
Threat Cloud Commercial | ★★★ | |
 |
2024-02-20 20:41:11 | Le service Cloud Run de Google \\ répartit plusieurs chevaux de Troie bancaires Google\\'s Cloud Run Service Spreads Several Bank Trojans (lien direct) |
Une campagne de logiciels malveillants en plein essor abuse de Google Cloud Run et cible l'Amérique latine, avec des indications qu'elle se propage à d'autres régions, préviennent les chercheurs.
A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it\'s spreading to other regions, researchers warn. |
Malware Cloud | ★★ | |
|
2024-02-20 16:23:00 | Compliance SaaS dans le cadre de la cybersécurité du NIST SaaS Compliance through the NIST Cybersecurity Framework (lien direct) |
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world\'s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.
One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world\'s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS. One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a |
Cloud | ★★ | |
|
2024-02-20 11:00:00 | Un guide fondamental pour la sécurité des points finaux A fundamental guide to endpoint security (lien direct) |
Anyone that utilizes technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so it is necessary that the methods of detecting and preventing these threats do so at an even more rapid pace.
However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. The way in which we work has changed not just in where but also in how. Today employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations including on these devices, within corporate data centers, and in the cloud. This means that organizations likely need more than one technology to defend their endpoints against security breach or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine which are ideal for your particular environment. This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences, and explain how they can complement each other. This is not intended to be an exhaustive list and it should be noted that there are some technologies that may fall into more than one category, for example, endpoint and cloud security.
Four key endpoint security technologies
To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers. Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment. But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds.
Although this may seem trivial, it is important to note because they all represent entry points into the network that can be exploited and opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter:
Unified endpoint management (UEM) or mobile device management (MDM): There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once the devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located.
A key feature of both UEM and MDM is that they allow an organization to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest O |
Ransomware Malware Tool Vulnerability Threat Mobile Medical Cloud | ★★ | |
|
2024-02-19 16:00:00 | Statistiques de laboratoire de menace de netskope pour janvier 2024 Netskope Threat Labs Stats for January 2024 (lien direct) |
> Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Cet article vise à fournir une intelligence stratégique et exploitable sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Résumé OneDrive et SharePoint étaient à nouveau en haut de la liste des principales applications cloud utilisées pour les téléchargements de logiciels malveillants, [& # 8230;]
>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary OneDrive and SharePoint were again in the top of the list of top cloud apps used for malware downloads, […] |
Malware Threat Cloud | ★★ | |
|
2024-02-19 11:04:12 | (In)sécurité du cloud : les 5 tendances à surveiller en 2024 (lien direct) | Les grandes tendances de 2024 s'articulent autour de l'exploitation de la puissance de l'IA générative ainsi qu'une adoption accrue de la souveraineté du cloud et de l'architecture maillée de cybersécurité interopérable entre le cloud, l'IT/OT et le edge. | Industrial Cloud | ★★ | |
|
2024-02-19 08:22:06 | Faites confiance à un copilote d'IA pour éviter les turbulences d'attaque des ransomwares Trust an AI co-pilot to help avoid ransomware attack turbulence (lien direct) |
Mark Appleton, directeur de la clientèle chez Cloud UK aussi: Faites confiance à un copilote d'IA pour éviter les ransomwares d'attaque de turbulence
-
opinion
Mark Appleton, Chief Customer Officer at ALSO Cloud UK: Trust an AI co-pilot to help avoid ransomware attack turbulence - Opinion |
Ransomware Cloud | ★★ | |
|
2024-02-16 20:41:12 | SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud (lien direct) | #### Description
Les chercheurs de Sentinelone ont découvert un nouveau script Python appelé SNS Sender qui utilise AWS Simple Notification Service (SNS) pour envoyer des messages SMS en vrac dans le but de spammer des liens de phishing, également connus sous le nom de swishing.
Il s'agit du premier script observé à l'aide d'AWS SNS, et on pense que l'acteur derrière cet outil utilise des services cloud pour envoyer des messages de phishing SMS en vrac.L'auteur du script est connu par l'alias Arduino_Das et est prolifique dans la scène du kit Phish.
Le script nécessite une liste de liens de phishing nommés links.txt dans son répertoire de travail.SNS Sender prend également plusieurs arguments entrés en entrée: un fichier texte contenant une liste de clés d'accès AWS, de secrets et de région délimitées par un côlon;un fichier texte contenant une liste de numéros de téléphone à cibler;un ID de l'expéditeur, similaire à un nom d'affichage pour un message;et le contenu du message.Le script remplace toutes les occurrences de la chaîne dans la variable de contenu du message par une URL du fichier links.txt, qui arme le message en tant que SMS de phishing.L'acteur derrière cet outil a été lié à de nombreux kits de phishing utilisés pour cibler les victimes \\ 'Informations personnellement identifiables (PII) et les détails de la carte de paiement sous le couvert d'un message de laUnited States Postal Service (USPS) concernant une livraison de colis manquée.
#### URL de référence (s)
1. https://www.sentinelone.com/labs/sns-sender-active-campaignes-se détendre
#### Date de publication
15 février 2024
#### Auteurs)
Alex Delamotte
#### Description SentinelOne researchers have discovered a new Python script called SNS Sender that uses AWS Simple Notification Service (SNS) to send bulk SMS messages for the purpose of spamming phishing links, also known as Smishing. This is the first script observed using AWS SNS, and it is believed that the actor behind this tool is using cloud services to send bulk SMS phishing messages. The script author is known by the alias ARDUINO_DAS and is prolific in the phish kit scene. The script requires a list of phishing links named links.txt in its working directory. SNS Sender also takes several arguments that are entered as input: a text file containing a list of AWS access keys, secrets, and region delimited by a colon; a text file containing a list of phone numbers to target; a sender ID, similar to a display name for a message; and the message content. The script replaces any occurrences of the string in the message content variable with a URL from the links.txt file, which weaponizes the message as a phishing SMS. The actor behind this tool has been linked to many phishing kits used to target victims\' personally identifiable information (PII) and payment card details under the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery. #### Reference URL(s) 1. https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ #### Publication Date February 15, 2024 #### Author(s) Alex Delamotte |
Spam Tool Cloud | ★★★ | |
|
2024-02-16 15:05:43 | J'ai passé plus d'une décennie dans les ventes fédérales pour la sécurité.Voici pourquoi j'ai rejoint NetSkope. I\\'ve Spent More Than a Decade in Federal Sales for Security. Here\\'s Why I Joined Netskope. (lien direct) |
> Tout au long de ma carrière, j'ai bien connu à la fois l'espace du gouvernement fédéral et le monde de la sécurité du cloud.La vente de sécurité au secteur fédéral nécessite une profonde appréciation du fait que vous protégez non seulement les employés et les données du gouvernement, mais aussi les combattants sur le champ de bataille.C'est le type de travail qui remplit [& # 8230;]
>Throughout my career, I\'ve come to know both the federal government space and the world of cloud security well. Selling security to the federal sector requires a deep appreciation of the fact that you’re not only protecting government employees and data, but also the warfighters on the battlefield. It\'s the kind of work that fills […] |
Cloud | ★ | |
|
2024-02-16 06:00:45 | Les tenants et aboutissants de la confidentialité des données, partie 1: la complexité importante et croissante d'assurer la confidentialité des données The Ins and Outs of Data Privacy, Part 1: The Importance-and Growing Complexity-of Ensuring Data Privacy (lien direct) |
This blog is the first in a series where we explore data privacy. In these two blogs, we\'ll cover why data privacy is increasingly important as well as some tips for keeping data safe. We\'ll also discuss how data loss protection (DLP) and insider threat management tools (ITM) are critical to ensuring data privacy. Data Privacy Week in January 2024 highlighted the increasing importance and challenges of data privacy. Trends like digital transformation, remote work and the proliferation of cloud applications have made the task of protecting sensitive data harder than ever. As the volume and perceived value of data grows, so does the risk of data loss and theft, including by insiders. Despite these challenges, businesses can\'t afford missteps when it comes to keeping sensitive data safe. Companies everywhere are under pressure to meet strict data privacy laws that promote data security and data privacy. Noncompliance can be costly. Hefty fines and market loss are common. Research from our 2023 Voice of the CISO report underscores the risk. One-third of the CISOs who told us that their company suffered a material loss of sensitive data within the past 12 months also reported their business was hit with regulatory sanctions as a result. In this blog post, we take a closer look at data privacy and how it relates to data security. We also discuss how laws around data privacy are evolving. And we cover how data loss prevention (DLP) and insider threat management (ITM) tools can help you stay on top of your data compliance challenges. What is data privacy? Data privacy is about protecting sensitive data that belongs to individuals or entities. This includes personally identifiable information (PII), which can be used to identify an individual or a corporate customer. Examples of PII include names, addresses, Social Security or tax ID numbers, credit card data and dates of birth. A business that stores or manages this type of information must follow data privacy laws. These laws ensure that data is kept confidential and secure and that it is only used for authorized purposes. They are intended to help a business: Protect personal information Safeguard critical business data Preserve users\' autonomy Maintain trust with customers and employees Data privacy is also about trust. The misuse or theft of sensitive data can lead to email fraud, insurance fraud, identity theft and more. So, customers need to trust that the companies they share their private data with will guard it carefully. An evolving regulatory landscape Data privacy laws are designed to compel businesses to keep sensitive data safe. Data compliance mandates often require businesses to tell users exactly how their data is used and collected. They may also require companies to notify users when a data breach happens. As noted earlier, not following these laws can result in stiff penalties. Multiple data privacy laws around the globe govern regulations based on their type, the user\'s location and other criteria. Some examples include the: GDPR in the European Union CCPA in the U.S. HIPAA in the U.S. LGPD in Brazil Several state governments in the United States are stepping up efforts to enact data privacy laws. California, Colorado, Connecticut, Utah and Virginia enacted comprehensive consumer privacy laws before 2023. Those laws became enforceable last year. In 2023, these states enacted privacy laws: Delaware Florida Indiana Iowa Montana Oregon Tennessee Texas As data privacy laws emerge or evolve, the definition of sensitive data may change. For example, GDPR expanded the definition of PII to include data elements like email and IP addresses. That is why it is so important for companies to stay attuned to this ever-changing landscape. The rise of generative AI sites has also sparked new concerns about data privacy. New laws are likely to be developed soon. The Biden Administration\'s new executive order will also have an impact on data use in the year ahead. Why | Data Breach Malware Tool Threat Cloud | ★★ | |
|
2024-02-15 22:44:36 | LightEdge libère la suite de nouvelle génération de Cloud Security & amp;Services gérés LightEdge Releases Next-Gen Suite of Cloud Security & Managed Services (lien direct) |
This blog is the first in a series where we explore data privacy. In these two blogs, we\'ll cover why data privacy is increasingly important as well as some tips for keeping data safe. We\'ll also discuss how data loss protection (DLP) and insider threat management tools (ITM) are critical to ensuring data privacy. Data Privacy Week in January 2024 highlighted the increasing importance and challenges of data privacy. Trends like digital transformation, remote work and the proliferation of cloud applications have made the task of protecting sensitive data harder than ever. As the volume and perceived value of data grows, so does the risk of data loss and theft, including by insiders. Despite these challenges, businesses can\'t afford missteps when it comes to keeping sensitive data safe. Companies everywhere are under pressure to meet strict data privacy laws that promote data security and data privacy. Noncompliance can be costly. Hefty fines and market loss are common. Research from our 2023 Voice of the CISO report underscores the risk. One-third of the CISOs who told us that their company suffered a material loss of sensitive data within the past 12 months also reported their business was hit with regulatory sanctions as a result. In this blog post, we take a closer look at data privacy and how it relates to data security. We also discuss how laws around data privacy are evolving. And we cover how data loss prevention (DLP) and insider threat management (ITM) tools can help you stay on top of your data compliance challenges. What is data privacy? Data privacy is about protecting sensitive data that belongs to individuals or entities. This includes personally identifiable information (PII), which can be used to identify an individual or a corporate customer. Examples of PII include names, addresses, Social Security or tax ID numbers, credit card data and dates of birth. A business that stores or manages this type of information must follow data privacy laws. These laws ensure that data is kept confidential and secure and that it is only used for authorized purposes. They are intended to help a business: Protect personal information Safeguard critical business data Preserve users\' autonomy Maintain trust with customers and employees Data privacy is also about trust. The misuse or theft of sensitive data can lead to email fraud, insurance fraud, identity theft and more. So, customers need to trust that the companies they share their private data with will guard it carefully. An evolving regulatory landscape Data privacy laws are designed to compel businesses to keep sensitive data safe. Data compliance mandates often require businesses to tell users exactly how their data is used and collected. They may also require companies to notify users when a data breach happens. As noted earlier, not following these laws can result in stiff penalties. Multiple data privacy laws around the globe govern regulations based on their type, the user\'s location and other criteria. Some examples include the: GDPR in the European Union CCPA in the U.S. HIPAA in the U.S. LGPD in Brazil Several state governments in the United States are stepping up efforts to enact data privacy laws. California, Colorado, Connecticut, Utah and Virginia enacted comprehensive consumer privacy laws before 2023. Those laws became enforceable last year. In 2023, these states enacted privacy laws: Delaware Florida Indiana Iowa Montana Oregon Tennessee Texas As data privacy laws emerge or evolve, the definition of sensitive data may change. For example, GDPR expanded the definition of PII to include data elements like email and IP addresses. That is why it is so important for companies to stay attuned to this ever-changing landscape. The rise of generative AI sites has also sparked new concerns about data privacy. New laws are likely to be developed soon. The Biden Administration\'s new executive order will also have an impact on data use in the year ahead. Why | Cloud | ★★ | |
 |
2024-02-15 20:13:38 | Plus de la moitié des téléchargements de logiciels malveillants proviennent d'applications SaaS Over Half of Malware Downloads Originate from SaaS Apps (lien direct) |
|
Malware Cloud | ★★★ | |
|
2024-02-15 19:44:52 | Campagne malveillante en cours impactant les environnements cloud Azure Ongoing Malicious Campaign Impacting Azure Cloud Environments (lien direct) |
#### Description
Les chercheurs de ProofPoint ont suivi une campagne de rachat de comptes de cloud en cours impactant des dizaines d'environnements Microsoft Azure et compromettant des centaines de comptes d'utilisateurs, y compris les cadres supérieurs.
L'attaque intègre les techniques de prise de contrôle des références et de comptes cloud (ATO).Les acteurs de la menace ciblent les utilisateurs avec des leurres de phishing individualisés dans des documents partagés.La sélection variée de rôles ciblés indique une stratégie pratique des acteurs de la menace, visant à compromettre les comptes avec différents niveaux d'accès à des ressources et des responsabilités précieuses entre les fonctions organisationnelles.Un accès initial réussi conduit souvent à une séquence d'activités post-compromises non autorisées, notamment la manipulation du MFA, l'exfiltration de données, le phishing interne et externe, la fraude financière et les règles de boîte aux lettres.L'utilisation d'un agent utilisateur Linux spécifique utilisé par les attaquants pendant la phase d'accès de la chaîne d'attaque est l'un des IOC.Les attaquants utilisent principalement cet agent utilisateur pour accéder à l'application de connexion \\ 'OfficeHome \' ainsi qu'un accès non autorisé à des applications Microsoft365 natives supplémentaires.
#### URL de référence (s)
1. https://www.poolinpoint.com/us/blog/cloud-security/community-lert-ongoing-malicious-campaign-impacting-azure-cloud-environments
#### Date de publication
7 février 2024
#### Auteurs)
Équipe de réponse à la sécurité du cloud ProofPoint
#### Description Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. The attack integrates credential phishing and cloud account takeover (ATO) techniques. Threat actors target users with individualized phishing lures within shared documents. The varied selection of targeted roles indicates a practical strategy by threat actors, aiming to compromise accounts with various levels of access to valuable resources and responsibilities across organizational functions. Successful initial access often leads to a sequence of unauthorized post-compromise activities, including MFA manipulation, data exfiltration, internal and external phishing, financial fraud, and mailbox rules. The use of a specific Linux user-agent utilized by attackers during the access phase of the attack chain is one of the IOCs. Attackers predominantly utilize this user-agent to access the \'OfficeHome\' sign-in application along with unauthorized access to additional native Microsoft365 apps. #### Reference URL(s) 1. https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments #### Publication Date February 7, 2024 #### Author(s) Proofpoint Cloud Security Response Team |
Threat Cloud | ★★ | |
|
2024-02-15 17:00:00 | Comment les acteurs de l'État-nation ciblent votre entreprise: de nouvelles recherches expose les vulnérabilités SaaS majeures How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (lien direct) |
Avec bon nombre des cyberattaques très médiatisées en 2023 tournant autour d'une ou plusieurs applications SaaS, le SaaS est devenu une cause de véritable préoccupation dans de nombreuses discussions de chambre.Plus que jamais, étant donné que les applications Genai sont, en fait, des applications SaaS.
Wing Security (Wing), une société de sécurité SaaS, a effectué une analyse de 493 sociétés using saas au quatrième trimestre de 2023. & nbsp; leur étude
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study |
Vulnerability Studies Cloud | ★★★★ | |
|
2024-02-15 14:46:58 | Algosec réalise l'état de surperformateur dans le rapport radar de sécurité du réseau cloud de Gigaom \\ AlgoSec Achieves Outperformer Status in GigaOm\\'s Cloud Network Security Radar Report (lien direct) |
Algosec réalise le statut de sur-performateur dans le rapport radar de sécurité du réseau cloud de Gigaom
ALGOSEC PRODUITS DANS L'AUTOMATION DE LA CONNECTIVITÉ D'APPLICATION ET DE LA POLITIQUE DE SÉCURITÉ, essentiel pour les réseaux hybrides et multicaloud complexes
-
nouvelles commerciales
AlgoSec Achieves Outperformer Status in GigaOm\'s Cloud Network Security Radar Report AlgoSec leads in automating application connectivity and security policy management, essential for complex hybrid and multicloud networks - Business News |
Cloud | ★ | |
|
2024-02-15 14:00:00 | AWS SNS détournement AWS SNS Hijackings Fuel Cloud Smishing Campaign (lien direct) |
En utilisant un script Python personnalisé pour envoyer des messages de phishing en vrac avec un leurre USPS, les cyberattaques présentent un risque pour les organisations orientées consommateurs déplacant les charges de travail vers le cloud.
Using a custom Python script to send bulk phishing messages with a USPS lure, the cyberattackers are posing a risk to consumer-facing organizations moving workloads to the cloud. |
Cloud | ★★ | |
 |
2024-02-15 13:55:32 | Expéditeur SNS |Les campagnes actives déchaînent le spam de messagerie à travers le cloud SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud (lien direct) |
Les acteurs de la menace tirent parti des services cloud pour mener une campagne de smishing massive via un service de notification simple AWS.
Threat actors leverage cloud services to conduct massive smishing campaign through AWS Simple Notification Service. |
Spam Threat Cloud | ★★★ | |
|
2024-02-15 11:00:00 | 2024: Plan de cyber-action pratique - survivre et prospérer 2024: Practical cyber action plan- Survive and thrive (lien direct) |
\'Cyber insecurity\' is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today\'s rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers\' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation. What is top of mind for the CISO in 2024? How do we build a cyber security ecosystem that can manage the threats and opportunities of the future? How do we ensure future technologies are secure by design, not as an afterthought? How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop? Must haves for CISOs in 2024 Protecting privacy Protecting critical assets Mitigating risk Minimizing disruption Maintaining compliance Establishing and maintaining "CRUST" (credibility and trust) Ensuring secure productivity & efficiency At the top of the list of issues driving cybersecurity concerns include: Growing number of hackers/cybercriminals. Evolving threats & advanced skillset of criminals. Privacy concerns handling other\'s data. Generative AI Practical action plan: Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following: 1) Prevents breaches & minimizes the impact of a potential breach Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year. 2) Reduces cybersecurity risks Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allo | Vulnerability Threat Cloud Technical | ★★ | |
|
2024-02-14 16:38:59 | La fuite massive de la base de données de cloud expose 380 enregistrements Massive Cloud Database Leak Exposes 380 Records (lien direct) |
> Par waqas
Un autre jour, une autre base de données cloud fuit dans la nature!
Ceci est un article de HackRead.com Lire la publication originale: La fuite massive de la base de données de cloud expose 380 enregistrements
>By Waqas Another day, another Cloud database leak in the wild! This is a post from HackRead.com Read the original post: Massive Cloud Database Leak Exposes 380 Records |
Cloud | ★★ | |
|
2024-02-14 10:39:01 | F5 améliore F5 Distributed Cloud Services (lien direct) | Les nouvelles fonctionnalités de sécurité API et IA de bout en bout permettent aux clients de mieux protéger leurs applications alimentées par l'IA - Produits | Cloud | ★★ | |
|
2024-02-14 01:00:00 | Comment la vulnérabilité peut faire de vous une victime le jour de la Saint-Valentin How Vulnerability Can Make You a Victim on Valentine\\'s Day (lien direct) |
> Selon le récent rapport sur le cloud et la menace de NetSkope \\, le rapport sur le cloud et la menace, la manière la plus courante dont les cyberattaquants ont eu accès aux organisations en 2023 était par le biais de l'ingénierie sociale.Alors qu'une tactique préférée des cybercriminels, en son cœur, l'ingénierie sociale n'est pas à propos de quelqu'un qui brisait le code tout en se couchant sur un clavier éclatant.Il repose sur des humains individuels [& # 8230;]
>According to Netskope\'s recent “Year in Review” Cloud and Threat Report, the most common way cyber attackers gained access to organisations in 2023 was through social engineering. While a favourite tactic of cyber criminals, at its heart, social engineering isn\'t about someone breaking code while hunched over a glowing keyboard. It relies on individual human […] |
Vulnerability Threat Cloud | ★★★ | |
 |
2024-02-13 17:28:33 | GCP-2024-009 (lien direct) | Publié: 2024-02-13 Description Description Gravité notes Le 13 février 2024, AMD a révélé deux vulnérabilités affectant SEV-SNP sur les processeurs EPYC sur la base des noyaux zen de la troisième génération "Milan" et de la quatrième génération "GenoA".Les vulnérabilités permettent aux attaquants privilégiés d'accéder aux données périmées des invités ou de provoquer une perte d'intégrité des clients. Google a appliqué des correctifs aux actifs affectés, y compris Google Cloud, pour s'assurer que les clients sont protégés.À l'heure actuelle, aucune preuve d'exploitation n'a été trouvée ou signalée à Google. Que dois-je faire? Aucune action client n'est requise.Les correctifs ont déjà été appliqués à la flotte Google Server pour Google Cloud, y compris le moteur de calcul. Pour plus d'informations, voir AMD Security Advisory AMD-SN-3007 . modéré CVE-2023-31346 CVE-2023-31347 Published: 2024-02-13Description Description Severity Notes On February 13, 2024, AMD disclosed two vulnerabilities affecting SEV-SNP on EPYC CPUs based on third generation "Milan" and fourth generation "Genoa" Zen cores. The vulnerabilities allow privileged attackers to access stale data from guests or cause a loss of guest integrity. Google has applied fixes to affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google. What should I do? No customer action is required. Fixes have already been applied to the Google server fleet for Google Cloud, including Compute Engine. For more information, see AMD security advisory AMD-SN-3007. Moderate CVE-2023-31346 CVE-2023-31347 | Vulnerability Cloud | ||
|
2024-02-13 16:40:00 | Blizzard de minuit et Cloudflare-Atlassian Cybersecurity Incidents: Que savoir Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know (lien direct) |
Les incidents de cybersécurité à minuit et Cloudflare-atlassian ont fait des alarmes sur les vulnérabilités inhérentes aux principales plates-formes SaaS.Ces incidents illustrent les enjeux impliqués dans les violations SaaS - sauvegarder l'intégrité des applications SaaS et leurs données sensibles sont essentielles mais n'est pas facile.Des vecteurs de menace communs tels que le phisseur de lance sophistiqué, les erreurs de configuration et
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches - safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and |
Vulnerability Threat Cloud | ★★★ | |
|
2024-02-13 15:41:51 | Défendre contre les attaques basées sur les applications OAuth contre les SaaS Enterprise Defending Against OAuth App-Based Attacks on Enterprise SaaS (lien direct) |
> La croissance phénoménale de l'adoption de logiciels en tant que service (SaaS) a incité les entreprises de toutes tailles à déplacer leurs données critiques vers des applications basées sur le SaaS.Et comme les attaquants ont tendance à suivre les données pour induire une violation, leur nouveau domaine d'intérêt est le SaaS de l'entreprise.La récente attaque de blizzard de minuit par des acteurs de l'État-nation renforce clairement [& # 8230;]
>The phenomenal growth in the adoption of software as a service (SaaS) has prompted enterprises of all sizes to move their critical data to SaaS-based applications. And as attackers tend to follow data to induce a breach, their new area of focus is enterprise SaaS. The recent Midnight Blizzard attack by nation-state actors clearly reinforces […] |
Cloud | ★★ | |
 |
2024-02-13 13:49:34 | Résultats clés de CrowdStrike \\'s 2024 Rapport de sécurité des applications Key Findings from CrowdStrike\\'s 2024 State of Application Security Report (lien direct) |
Au fur et à mesure que les organisations déplacent leurs applications et leurs opérations vers le cloud et stimulent de plus en plus les revenus via des logiciels, des applications natives dans le cloud et des API ont émergé parmi les plus grands domaines du risque de sécurité moderne.Selon les données accessibles au public, huit des 10 meilleures violations de données de 2023 étaient liées aux surfaces d'attaque d'application.1 Ces huit violations ont été exposées à elles seules [& # 8230;]
As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. According to publicly available data, eight of the top 10 data breaches of 2023 were related to application attack surfaces.1 These eight breaches alone exposed […] |
Studies Cloud | ★★★★ | |
|
2024-02-13 13:00:21 | Apprenez à connaître le point de chèque Harmony Sase Get to Know Check Point Harmony SASE (lien direct) |
> La nouvelle offre de la nouvelle offre Secure Access Service Edge (SASE) est désormais appelée harmonie.Le monde a changé au cours des dernières années, et l'ancienne façon d'obtenir un réseau standard sur site, avec ses notions à l'intérieur et à l'extérieur du périmètre, ne suffit plus.Il existe de nombreuses raisons pour ce changement, notamment la montée en puissance des réseaux de cloud public pour l'hébergement d'applications et de données, et l'agilité améliorée du flux de travail à partir de logiciels en tant que plateformes de service comme Salesforce et Office 365.Connexions haute performance, et il est clair [& # 8230;]
>Check Point\'s new Secure Access Service Edge (SASE) offering is now called Harmony SASE. The world has changed in the last few years, and the old way of securing a standard on-premises network, with its notions of inside and outside the perimeter, is no longer enough. There are many reasons for this change including the rise of public cloud networks for hosting applications and data, and the enhanced workflow agility from software as a service platforms like Salesforce and Office 365. Add to that the increasing trend of remote work and the need for high performance connections, and it\'s clear […] |
Prediction Cloud | ★★ | |
|
2024-02-12 22:37:28 | GCP-2024-008 (lien direct) | Publié: 2024-02-12 Description Description Gravité notes CVE-2023-5528 Permet à un attaquant de créer des pods et des volumes persistants sur les nœuds Windows d'une manière qui permet l'escalade du privilège d'administration sur ces nœuds. pour les instructions et plus de détails, voir leBulletins suivant: GKE Sécurité Bulletin Bulletin Bulletin Bulletin Bulletin Bulletin Bulletin de sécurité GKE GKE GKE gke sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur GKE sur le bulletin de sécurité en métal nu High CVE-2023-5528 Published: 2024-02-12Description Description Severity Notes CVE-2023-5528 allows an attacker to create pods and persistent volumes on Windows nodes in a way that enables admin privilege escalation on those nodes. For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-5528 | Cloud |
To see everything:
Our RSS (filtrered)
