What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-12-29 08:35:15 | Pointpoint de preuve nommé fournisseur représentatif en 2023 Gartner & Reg;Guide du marché pour la gouvernance des communications numériques Proofpoint Named as a Representative Vendor in 2023 Gartner® Market Guide for Digital Communications Governance (lien direct) |
It has been more than a year since Gartner retired its Magic Quadrant for Enterprise Information Archiving, which it had published for many years. When it first happened, many of us from the compliance, e-discovery and archiving world wondered what research would come next. Now the wait is over. On November 13, 2023, Gartner unveiled its new Market Guide for Digital Communications Governance (DCG). And it named Proofpoint as a Representative DCG solution Vendor. Gartner says, “Gartner retired the Magic Quadrant for Enterprise Information Archiving in 2022. This DCG research recognizes the rise in communication tool complexity and demand from clients to seek guidance on the selection of vendors and solutions that specialize in communications governance.” The Gartner Market Guide presents a “definition, rationale and dynamics” for the DCG market and a list of Representative Vendors. It is now up to clients to download the Market Guide so that they can learn more about digital communications governance. And they can refer to Gartner recommendations as they look into DCG solutions that will work best for their business. In this blog post, I go over some of initial coverage of DCG by Gartner. I also provide insights into some of the key points that are made in the new report. Assessing a strategic planning assumption Gartner specifies two strategic planning assumptions in the Market Guide. Here is a look at the first one: “By 2027, 40% of enterprise customers will proactively assess workstream collaboration and meeting solution content for corporate policy and general business insights, up from less than 5% in 2023.” We believe this seems reasonable at face value if you apply it to businesses that operate in regulated industries like financial services. But I question its validity if the intent is to expand it to all verticals. Customers that use a DCG solution as a way to improve their litigation readiness will likely find the deployment of a supervision/surveillance solution for “corporate policy and general business insights” to be a “nice to have,” not a “must have.” I suspect that, in general, these customers will agree to the value in principle. But they will struggle to gain executive sponsors and budget in the absence of: Regulatory mandates that compel relevant action, like the Financial Industry Regulatory Authority (FINRA) or the U.S. Securities and Exchange Commission (SEC) for financial services Widely accepted performance statistics, such as archive search performance or archive system availability It will be interesting to revisit this assumption in 2027. At that point, we\'ll see how much progress has been made on the regulatory and statistics fronts-and the percentage of enterprise customers. Compliance risk versus security risk In the Market Direction section of the report, under “Compliance risk versus security,” Gartner states, “Most frequently used for adherence to compliance use cases, solutions are expanding to broader uses in security risk.” No vendor will do integrations simply because they are cool ideas. They need compelling use cases and business cases. However, with Proofpoint you have a single vendor that offers leading technology for both digital communications governance and security. To learn more about these platforms, check out Proofpoint Aegis threat protection and the Proofpoint Sigma information protection. For more than 15 years, we have provided innovative solutions to address compliance use cases as well as security use cases. Most of the customers we work with who use Proofpoint Intelligent Compliance offerings are Proofpoint security customers, as well. The use of machine learning to improve supervision and surveillance Gartner addresses the use of these technologies in the Market Analysis section of the Market Guide, under “Supervision and surveillance capabilities.” It says, “The results can be used for improved automated monitoring/tagging, and accuracy and efficiency outcomes | Tool Threat Commercial | ★★ | |
 |
2023-12-28 12:43:18 | Les pirates militaires russes ciblent l'Ukraine avec de nouveaux logiciels malveillants Masepie Russian military hackers target Ukraine with new MASEPIE malware (lien direct) |
L'équipe d'intervention d'urgence informatique de l'Ukraine (CERT) prévient une nouvelle campagne de phishing qui a permis aux pirates de russe à déployer des logiciels malveillants invisibles auparavant sur un réseau en moins d'une heure.[...]
Ukraine\'s Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. [...] |
Malware Tool Threat | ★★★ | |
 |
2023-12-28 11:00:00 | Sauvegarde de votre expérience en ligne: un guide pour bloquer les publicités non sollicitées avec Adblockers Safeguarding your online experience: A guide to blocking unsolicited ads with adblockers (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The internet is a vast realm of information and entertainment. However, it\'s also riddled with a persistent nuisance: unsolicited ads. These intrusive advertisements not only disrupt your online experience but also pose significant security risks. In this comprehensive guide, we\'ll explore the intricate world of adblockers and their pivotal role in enhancing your cybersecurity by effectively blocking unsolicited ads. Understanding the ad landscape Before we delve into the realm of adblockers, it\'s essential to comprehend the complex ecosystem of online advertisements: Display ads: These are the most common ads you encounter on websites. They can be static images, animated banners, or even video ads. Pop-up ads: Pop-up ads appear in separate windows or tabs, often triggered when you visit a specific page or perform an action on a website. Video ads: These ads play within videos or before you can access certain content. They vary from short pre-roll ads to longer mid-roll ads. Social media ads: Popular social platforms often serve ads in your feed or as sponsored posts. Native ads: These advertisements seamlessly blend with the content around them, making them appear less intrusive. The intrusive nature of unsolicited ads Unsolicited ads, commonly referred to as "adware," are notorious for their disruptive and intrusive characteristics. They can: Slow down your web browsing experience by consuming bandwidth. Track your online behavior and collect personal information. Expose you to potentially malicious content and scams. Affect website aesthetics and distract from the content you want to view. The role of adblockers Adblockers are the digital shields that protect your online experience by eliminating or minimizing the impact of unsolicited ads. Let\'s explore three popular adblockers and their features: Adblock Plus (ABP): Adblock Plus is a widely used and highly customizable adblocker. It allows you to create your filters and tailor your ad-blocking preferences. uBlock Origin: uBlock Origin is a lightweight yet potent adblocker. It\'s known for its efficiency in blocking ads and its minimal impact on system resources. AdNauseam: AdNauseam is an intriguing adblocker that takes a unique approach. It not only blocks ads but also clicks on them, making it harder for advertisers to track your online behavior. Blocking unsolicited ads with Adblock Plus Adblock Plus is a robust and versatile adblocker that offers comprehensive ad-blocking capabilities. Here\'s how you can use it to block unsolicited ads: Install Adblock Plus: Visit the Adblock Plus website and download the extension for your preferred browser. It\'s available for Chrome, Firefox, Edge, and more. Install the Adblock Plus filter: Adblock Plus employs filters to block ads. Upon installation, it provides a default filter list to get you started. However, you can enhance your ad-blocking by adding additional filters, such as EasyList, which covers a wide range of ads. Customize your filters: Adblock Plus offers user-friendly settings for customizing your ad-blocking preferences. You can allow or block specific ads on individual websites, granting you fine control. Blocking unsolicited ads with uBlock Origin uBlock Origin is renowned for its efficiency and resource-friendliness. Here\'s how you can use it to block unsolicited ads: Install uBlock Origin: Visit the uBlock Origin website and download the extension for your browser. It\'s available for various browsers, including Chrome, Fir | Malware Tool | ★★ | |
 |
2023-12-27 19:51:34 | Pourquoi les portails du conseil virtuel sont la clé d'une meilleure collaboration et prise de décision Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making (lien direct) |
> Par owais sultan
Les réunions sans papier sont devenues une réalité grâce aux technologies avancées.Les outils numériques aident les entreprises à être plus efficaces & # 8230;
Ceci est un article de HackRead.com Lire le post original: Pourquoi les portails de conseils virtuels sont la clé d'une meilleure collaboration et prise de décision
>By Owais Sultan Meetings without paper have become a reality thanks to advanced technologies. Digital tools help companies be more efficient… This is a post from HackRead.com Read the original post: Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making |
Tool | ★★ | |
 |
2023-12-27 10:59:00 | AVERTISSEMENT: serveurs Linux SSH mal sécurisés sous attaque pour l'exploitation de la crypto-monnaie Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (lien direct) |
Les serveurs Linux SSH mal sécurisés sont ciblés par de mauvais acteurs pour installer des scanners de port et des outils d'attaque du dictionnaire dans le but de cibler d'autres serveurs vulnérables et de les coopter dans un réseau pour effectuer l'extraction de crypto-monnaie et le déni distribué (DDOS)attaques.
"Les acteurs de la menace peuvent également choisir d'installer uniquement des scanners et de vendre la propriété intellectuelle violée et les informations d'identification du compte sur
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on |
Tool | ★★★ | |
|
2023-12-27 09:19:46 | 3 incontournables des performances de recherche d'archives: une comparaison de logiciels d'archives de messagerie 3 Must-Haves of Archive Search Performance: An Email Archive Software Comparison (lien direct) |
Yes, it\'s true that customers who use legacy on-premises archives or even modern cloud solutions say “fast search performance” is a primary reason to migrate to Proofpoint Archive. Our customers often highlight “fast search performance” as a key email archiving solution element. For reference, look no further than Gartner Peer Insights, where “search/index” is ranked the highest out of product feature areas evaluated by our customers. However, you don\'t buy a Tesla Model X just for its top speed. You don\'t purchase a Rolex just to tell time. And you don\'t subscribe to or license an archive just for its search performance. Of course, not having adequate search performance can spell dire consequences when you need to address e-discovery requests. Think of having to settle a lawsuit early because you can\'t get search results in time to determine whether it makes better sense to litigate. But there\'s more to email archive search performance than just speed. In this blog, we\'ll explore three factors that drive positive outcomes for our customers. Speed is one, and the other two are scalability and ease of use. 1: Speed When you run a search for specific information in your email archive, how long does it take to retrieve that information? Hours? Days? Longer? Search speed dictates how fast you receive results from a search. While some vendor email archiving tools are incredibly slow, Proofpoint Archive has a financially backed search service-level agreement (SLA) that obligates us to return search results in seconds, on average, for our customers. To give you with some context, here\'s what we found when we compared the email archive search speeds of Microsoft Purview eDiscovery and Proofpoint Archive-specifically when searching 100 mailboxes and 50,000 mailboxes. For this example, a total of 200 searches were run, based on an average of 10 cases managed per month with each case requiring 20 searches to be performed. Microsoft doesn\'t have search performance SLAs. But they provide “guidelines for average search time” based on the number of mailboxes searched. (See the table below.) Guidelines for average search times for Microsoft Purview eDiscovery solutions. Based on internal, anonymous archive usage reports, as of August 2023 the average search time for Proofpoint Archive was 3.28 seconds. Also, it\'s estimated that Microsoft will take about 1.67 hours to return results when searching 100 mailboxes. Proofpoint Archive returned results in about 0.18 hours, as shown below. A comparison of search speed between Microsoft and Proofpoint. At this level of searching, the search speed difference may not seem significant. However, if you factor in rerunning searches due to new data or a system failure (like index corruption) with Microsoft, the numbers can grow rapidly. The search speed expectation with Proofpoint remains consistent, given our average search performance, particularly when you run consecutive searches. The search speed difference becomes more noteworthy when you consider highly litigious organizations that need to run hundreds or thousands of searches across hundreds or thousands of mailboxes. In the second scenario, when searching 50,000 mailboxes, it\'s estimated that Microsoft will take about 66.67 hours to return search results. That\'s like having your team “babysit” Microsoft e-discovery searches for more than a week and a half every month! Separately, Proofpoint Archive is expected to remain the same at 0.18 hours. With Proofpoint, you get search results from the archive when you need them, helping to improve your ability to respond to e-discovery requests and internal investigations in a timely fashion. 2: Scalability When you address an e-discovery request, do you run only one search? Probably not. The factor of search scalability defines your ability to achieve your expected search speed performance time and time again, regardless of whether you\'re searching 100 mailboxes or 50,000 mailboxes-and regardless of | Tool Cloud | ★★★ | |
 |
2023-12-25 11:15:35 | 2 Secrets moins connus des outils de ligne de commande de commande Windows Command… 2 less known secrets of Windows command command-driven line tools… (lien direct) |
De nombreuses commandes de prise en charge des outils Windows F.Ex.: Nous sommes très habitués à leurs invocations dans une forme de commande d'outils, mais il existe un autre moyen de les invoquer en utilisant des citations autour de ces commandes f.ex.: Cela rompt de nombreuses détections codées durs.& # 8230; Continuer la lecture & # 8594;
Many Windows tools support commands f.ex.: We are very used to their invocations in a form of tool command but there is an alternative way to invoke them by using quotes around these commands f.ex.: This breaks many hard-coded detections. … Continue reading → |
Tool Technical | ★★★★ | |
 |
2023-12-22 23:30:00 | Genai Tools imprègnera tous les domaines de l'entreprise GenAI Tools Will Permeate All Areas of the Enterprise (lien direct) |
De nombreux départements et groupes voient les avantages de l'utilisation d'outils d'IA génératifs, ce qui compliquera les équipes de sécurité \\ 'de protéger l'entreprise des fuites de données et des violations de conformité et de confidentialité.
Many departments and groups see the benefits of using generative AI tools, which will complicate the security teams\' job of protecting the enterprise from data leaks and compliance and privacy violations. |
Tool | ★★★ | |
 |
2023-12-22 14:20:26 | Mises à jour CISA: Guide Microsoft 365, outil Scubagear, Mozilla Alert, QNAP & FXC Vulnérabilités Entrez Kev CISA Updates: Microsoft 365 Guidance, SCuBAGear Tool, Mozilla Alert, QNAP & FXC Vulnerabilities Enter KEV (lien direct) |
CISA a officiellement publié les bases de base de configuration sécurisée Microsoft 365, visant à aider les organisations à ...
CISA has officially released the Microsoft 365 Secure Configuration Baselines, aiming to assist organizations in... |
Tool Vulnerability | ★★ | |
|
2023-12-22 13:10:25 | Ubisoft dit que cela enquête sur les rapports d'une nouvelle violation de sécurité Ubisoft says it\\'s investigating reports of a new security breach (lien direct) |
Ubisoft examine si elle a subi une violation après que des images de logiciels internes et de développeurs internes de la société ont été divulguées en ligne.[...]
Ubisoft is investigating whether it suffered a breach after images of the company\'s internal software and developer tools were leaked online. [...] |
Data Breach Tool | ★★★ | |
 |
2023-12-22 10:50:20 | Résultats clés du rapport de la menace ESET H2 2023 & # 8211;Semaine en sécurité avec Tony Anscombe Key findings from ESET Threat Report H2 2023 – Week in security with Tony Anscombe (lien direct) |
Comment les cybercriminels profitent de la popularité de Chatgpt et d'autres outils de ses semblables pour diriger les gens vers des sites sommaires, ainsi que d'autres résultats intéressants du dernier rapport de menace d'Eset \\
How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET\'s latest Threat Report |
Tool Threat Studies | ChatGPT | ★★★★ |
|
2023-12-22 08:30:15 | Faux extensions de chrome VPN Fake VPN Chrome extensions force-installed 1.5 million times (lien direct) |
Trois extensions de chrome malveillant présentant un VPN (réseaux privés virtuels) infectés ont été téléchargés 1,5 million de fois, agissant comme des pirateurs de navigateur, des outils de piratage de cashback et des voleurs de données.[...]
Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. [...] |
Hack Tool | ★★ | |
 |
2023-12-22 08:09:56 | Ukraine, les partenaires internationaux lancent l'outil de mécanisme Tallinn pour la cyber-coopération Ukraine, international partners launch Tallinn Mechanism tool for cyber cooperation (lien direct) |
> Une coalition de ministères des affaires étrangères, dont l'Ukraine, le Canada, le Danemark, l'Estonie, la France, l'Allemagne, les Pays-Bas, la Pologne, la Suède, ...
>A coalition of ministries of foreign affairs, including Ukraine, Canada, Denmark, Estonia, France, Germany, the Netherlands, Poland, Sweden,... |
Tool | ★★ | |
 |
2023-12-21 21:09:57 | Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks (lien direct) | #### Description
AHNLAB Security Emergency Response Center (ASEC) a signalé que la vulnérabilité d'Apache ActiveMQ (CVE-2023-46604) est exploitée par divers acteurs de menace.La vulnérabilité est une vulnérabilité d'exécution de code distant dans le serveur de modèle de messagerie et d'intégration open source apache activemq.
L'attaque de vulnérabilité consiste à manipuler un type de classe sérialisé dans le protocole OpenWire pour instancier la classe dans le chemin de classe.Lorsque l'acteur de menace transmet un paquet manipulé, le serveur vulnérable fait référence au chemin (URL) contenu dans le paquet pour charger le fichier de configuration XML pour la classe.Les logiciels malveillants utilisés dans les attaques comprennent Ladon, Netcat, AnyDesk et Z0min.Ladon est l'un des outils principalement utilisés par les acteurs de la menace chinoise.NetCAT est un utilitaire pour transmettre des données à et depuis certaines cibles dans un réseau connecté par le protocole TCP / UDP.AnyDesk, Netsupport et Chrome Remote Desktop ont récemment été utilisés pour contourner les produits de sécurité.Z0miner a été signalé pour la première fois en 2020 par l'équipe de sécurité de Tencent et a été distribué via des attaques exploitant les vulnérabilités d'exécution du code distant Oracle Weblogic (CVE-2020-14882 / CVE-2020-14883).
#### URL de référence (s)
1. https://asec.ahnlab.com/en/59904/
#### Date de publication
18 décembre 2023
#### Auteurs)
Sanseo
#### Description AhnLab Security Emergency Response Center (ASEC) has reported that the Apache ActiveMQ vulnerability (CVE-2023-46604) is being exploited by various threat actors. The vulnerability is a remote code execution vulnerability in the open-source messaging and integration pattern server Apache ActiveMQ. The vulnerability attack involves manipulating a serialized class type in the OpenWire protocol to instantiate the class in classpath. When the threat actor transmits a manipulated packet, the vulnerable server references the path (URL) contained in the packet to load the XML configuration file for the class. The malware used in the attacks includes Ladon, NetCat, AnyDesk, and z0Miner. Ladon is one of the tools that are mainly used by Chinese-speaking threat actors. Netcat is a utility for transmitting data to and from certain targets in a network connected by TCP/UDP protocol. AnyDesk, NetSupport, and Chrome Remote Desktop have recently been used for bypassing security products. z0Miner was first reported in 2020 by the Tencent Security Team and was distributed via attacks exploiting the Oracle Weblogic remote code execution vulnerabilities (CVE-2020-14882/CVE-2020-14883). #### Reference URL(s) 1. https://asec.ahnlab.com/en/59904/ #### Publication Date December 18, 2023 #### Author(s) Sanseo |
Malware Tool Vulnerability Threat | ★★★ | |
 |
2023-12-21 19:52:09 | Le meilleur de RED Canary \\ est le meilleur de 2023 Red Canary\\'s best of 2023 (lien direct) |
Regardez en arrière sur la recherche, les outils, les vidéos et autres ressources éducatives dont nous sommes les plus fiers de cette année.
Take a look back at the research, tools, videos, and other educational resources we\'re most proud of this year. |
Tool | ★★★ | |
|
2023-12-21 15:00:00 | Comment l'IA façonne l'avenir de la cybercriminalité How AI Is Shaping the Future of Cybercrime (lien direct) |
Les cybercriminels utilisent de plus en plus des outils d'IA pour lancer des attaques réussies, mais les défenseurs se battent.
Cybercriminals are increasingly using AI tools to launch successful attacks, but defenders are battling back. |
Tool | ★★ | |
|
2023-12-21 05:00:25 | Battleroyal, le cluster Darkgate se propage par e-mail et les fausses mises à jour du navigateur BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (lien direct) |
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates. Proofpoint researchers are tracking a particularly interesting operator of the DarkGate malware. At the time of publication, researchers are not attributing this cluster of activity to a known threat actor and are temporarily calling it BattleRoyal. Between September and November 2023, at least 20 email campaigns used DarkGate malware with GroupIDs “PLEX”, “ADS5”, “user_871236672” and “usr_871663321”. The GroupID is a configuration setting that is also referred to as username, botnet, campaign, or flag 23. The campaigns are notable for: Delivery: via email and RogueRaticate fake browser updates Volumes and geography: email campaigns include tens of thousands of emails targeting dozens of industries primarily in USA and Canada Attack chain: includes a variety of notable tools such as 404 TDS, Keitaro TDS, and .URL files exploiting CVE-2023-36025 Volume of DarkGate campaigns based on four GroupIDs discussed in this report. TDS all the things! (an email campaign example) On October 2, 2023, Proofpoint identified one of the first campaigns in this cluster. It was notable due to the use of more than one traffic delivery system (TDS), specifically 404 TDS and Keitaro TDS. Additionally, the .URL files involved exploited CVE-2023-36025, a vulnerability in Windows SmartScreen. While other parts of the attack chain from this actor changed or varied, .URL files were involved in every campaign. The emails in this campaign contained: 404 TDS URLs that, if clicked by the user, redirected to Keitaro TDS Keitaro TDS was observed serving an internet shortcut (.URL) file The internet shortcut, if double clicked, downloaded a zipped VBS script The VBS in turn downloaded and executed several shell commands (cmd.exe) The shell commands (a) created a directory on C: drive, (b) copied curl.exe from system folder to this new directory, (c) used the curl to download Autoit3.exe, (d) used curl to download and save an AutoIT script, and (e) ran the downloaded AutoIT script with the downloaded AutoIT interpreter The AutoIT script ran an embedded DarkGate Attack chain summary that follows the flow of: Email > 404 TDS > Keitaro TDS > .URL > .VBS > Shell commands > AutoIT / AutoIT script > DarkGate. Screenshot of an example email from October 2 campaign. Screenshot of the .URL file involved in the October 2 campaign. Proofpoint has identified multiple cybercriminal campaigns exploiting CVE-2023-36025; however, the BattleRoyal cluster exploited this vulnerability more than any other actor observed in Proofpoint threat data. Notably, this activity cluster exploited CVE-2023-36025 before it was published by Microsoft. SmartScreen is a security feature that is designed to prevent people from visiting malicious websites. The vulnerability could allow an actor to bypass the SmartScreen defenses if a user clicked on a specially crafted .URL file or a hyperlink pointing to a .URL file. More specifically, a SmartScreen alert would not be triggered when a .URL points to a SMB or WebDav share as file:// and the malicious payload is inside a ZIP file which is specified in the URL target. RogueRaticate (fake browser update campaign example) On October 19, 2023, an external researcher identified and publicly shared details of the RogueRaticate fake update activity cluster using an interesting obfuscation technique first identified in 2020. Proofpoint subsequently identified the activity in Proofpoint data. This campaign delivered fake browser update requests to end users on their web browsers that dropped a DarkGate payload with the “ADS5” GroupID. The threat actor injected a request to a domain they controlled that used .css steganography to conceal the malicious c | Malware Tool Vulnerability Threat Prediction | ★★ | |
 |
2023-12-20 20:01:01 | Tendances de la cybersécurité à surveiller en Australie en 2024 Cyber Security Trends to Watch in Australia in 2024 (lien direct) |
Les attaques de ransomwares contre les infrastructures et les entreprises du marché intermédiaire sont inférieures à augmenter, tandis que l'utilisation de cyber-outils d'IA se développera à mesure que les clients de l'informatique recherchent plus de signal et moins de bruit des vendeurs.
Ransomware attacks on infrastructure and mid-market businesses are tipped to rise, while the use of AI cyber tools will grow as IT customers seek more signal and less noise from vendors. |
Ransomware Tool | ★★ | |
 |
2023-12-20 18:12:00 | La police allemande démarre le Kingdom Market, un Emporium DarkNet de produits illicites German police take down Kingdom Market, a darknet emporium of illicit goods (lien direct) |
Les forces de l'ordre allemandes ont saisi les serveurs du marché du royaume du marché Darknet, un bazar pour la drogue, les logiciels malveillants, les faux documents et d'autres outils pour les cybercriminels.Dans un Relexe de presse Mercredi, la police a déclaré un avis de tubas sur le pointle site Web et analysent désormais l'infrastructure du serveur de Kingdom Market \\ pour identifier les personnes derrière
German law enforcement has seized the servers of the darknet marketplace Kingdom Market, a bazaar for drugs, malware, fake documents and other tools for cybercriminals. In a press release on Wednesday, the police said they posted a takedown notice on the website and are now analyzing Kingdom Market\'s server infrastructure to identify the people behind |
Malware Tool Legislation | ★★★ | |
|
2023-12-20 15:00:00 | 3 façons d'utiliser des renseignements en temps réel pour vaincre les robots 3 Ways to Use Real-Time Intelligence to Defeat Bots (lien direct) |
Les boucles de rétroaction des renseignements sur les menaces sont un outil de plus en plus vital dans l'escalade de la bataille contre les bots.
Threat intelligence feedback loops are an increasingly vital tool in the escalating battle against bots. |
Tool Threat | ★★★ | |
 |
2023-12-20 14:21:01 | 4 façons dont le correctif Veracode change la donne pour DevSecops 4 Ways Veracode Fix Is a Game Changer for DevSecOps (lien direct) |
Dans le monde en évolution rapide du développement de logiciels, trop souvent la sécurité prend le siège arrière pour respecter des délais stricts et fournir de nouvelles fonctionnalités.La découverte du logiciel a accumulé une dette de sécurité substantielle qui prendra des mois à réparer peut arnaquer les horaires des meilleures équipes de développement.
Un outil propulsé par l'IA qui aide les développeurs à résoudre les défauts devient un atout inestimable dans ce contexte.Dans Veracode Fix, nous avons exploité les capacités de l'IA générative pour construire un outil spécialisé qui permet aux développeurs de remédier aux défauts en quelques minutes sans écrire manuellement une seule ligne de code.
Regardez cette démo de 3 minutes de la façon dont vous pouvez facilement prendre du code défectueux et utiliser la correction de Veracode pour générer des suggestions de correction facilement implémentées.
4 avantages majeurs de la correction du Veracode dans DevSecops
Voici quatre façons dont Veracode corrige les suraliments de DevseCops et votre SDLC avec l'assainissement rapide des défauts de sécurité.
1. Abattre la dette de sécurité avec une réparation rapide des défauts
L'un des plus importants…
In the fast-paced world of software development, too often security takes a backseat to meeting strict deadlines and delivering new features. Discovering software has accrued substantial security debt that will take months to fix can rip up the schedules of even the best development teams. An AI-powered tool that assists developers in remediating flaws becomes an invaluable asset in this context. In Veracode Fix, we\'ve harnessed the capabilities of generative AI to build a specialized tool that allows developers to remediate flaws within minutes without manually writing a single line of code. Watch this 3-minute demo of how you can easily take flawed code and use Veracode Fix to generate easily-implemented remediation suggestions. 4 Major Benefits of Veracode Fix in DevSecOps Here are four ways that Veracode Fix supercharges DevSecOps and your SDLC with the swift remediation of security flaws. 1. Tackle Security Debt with Rapid Flaw Remediation One of the most significant… |
Tool | ★★★ | |
|
2023-12-20 11:00:00 | Des mesures peuvent-elles arrêter la montée des escroqueries technologiques? Can any measures stop the rise of tech scams? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Tech scams are continuing to grow in scale and damage. According to CBS News, Americans have reported over $2.7 billion in losses to tech scams from social media alone. Further losses are being accrued through other sources, too, of course; but with that figure coming from one source, alone, the scale of the problem is laid out quite clearly. As more of the nation moves to a digital-first footing, these attacks are only likely to increase in volume, and scale, too. There is a strong argument that concerted and decisive action is needed, today, to halt their rise and make the internet safer for all. One way to make persuasive action is, potentially, through an assessment of the costs. Making a compelling case The government and internet service providers are, of course, keen to stop tech scams. It improves the reputation of businesses; and gives the government a better record when it comes to providing for the country. The role of government is in pushing regulation that can be enforced, monitored, and proper compliance put into place; and more needs to be done. Of course, governance speaks in money, and understanding the full cost of tech scams requires an assessment of the wider economic impact - not just from direct losses to consumers, but the knock on impact on businesses and regulators. After all, there is a significant risk of reputational damage; and the wider cost of tech fraud is estimated to be approaching $343 billion globally. There has been a focus from enforcement on stopping the tide; indeed, in July the FTC announced a huge push to bring greater enforcement of the regulations, resulting in up to $2 billion in fines. However, in the face of such a huge industry, there’s an argument that more needs to be done - starting with businesses. Applying business techniques A good way to protect consumers, from the business perspective, is to look at the advice and techniques. The US Chamber of Commerce has sought to do this through a series of advisories. A large focus has been placed on how cybercriminals use social engineering tactics to scam businesses; undermining the sense of trust and compassion that many rely on to take advantage. For businesses, the crucial factor is in keeping close control over your affairs in terms of that trust. Your livery and branding should be consistent and hard to replicate. On the phone, email, and in other communications, your business should have a method that makes it absolutely clear that your business, and only it, is communicating. Tech tools can help here, too, such as the use of personal information and the all-crucial two factor authentication. Essentially, you should make it as difficult as possible for any actor apart from the customer themselves to access their data - and stay on top of new developments. Human intelligence More often than not, however, the key to preventing tech scams is in the human resources you have at your disposal. As the Vermont Small Business Development Center notes, a lot of effective scam protection comes from the good senses of individuals. Employees who learn of | Tool Legislation | ★★ | |
 |
2023-12-19 22:49:43 | Le ransomware BlackCat augmente les ante après la perturbation du FBI BlackCat Ransomware Raises Ante After FBI Disruption (lien direct) |
Le Federal Bureau of Investigation (FBI) des États-Unis a révélé aujourd'hui qu'il infiltrait le deuxième gang de ransomware le plus prolifique du monde, un groupe criminel basé en Russie connu sous le nom d'ALPHV et BlackCat.Le FBI a déclaré avoir saisi le site Web de Darknet de Gang \\ et publié un outil de décryptage que des centaines de sociétés de victimes peuvent utiliser pour récupérer des systèmes.Pendant ce temps, Blackcat a répondu en "déclenchant" son site Darknet avec un message promettant des commissions de 90% pour les affiliés qui continuent de travailler avec le groupe de crimes et de la saison ouverte sur tout, des hôpitaux aux centrales nucléaires.
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world\'s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang\'s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly "unseizing" its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants. |
Ransomware Tool | ★★ | |
|
2023-12-19 21:22:00 | Le FBI élimine les ransomwares BlackCat, publie un outil de décryptage gratuit FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool (lien direct) |
Le ministère américain de la Justice (DOJ) a officiellement & NBSP; annoncé & NBSP; la perturbation de l'opération de ransomware BlackCat et a publié un outil de décryptage que les victimes peuvent utiliser pour regagner l'accès aux fichiers verrouillés par le malware.
Des documents judiciaires montrent que le Federal Bureau of Investigation (FBI) des États-Unis a fait appel à une source humaine confidentielle (CHS) pour agir en tant qu'affilié pour le BlackCat et Gain
The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat and gain |
Ransomware Malware Tool | ★★★ | |
|
2023-12-19 19:00:00 | Les pirates abusant de Github pour échapper à la détection et au contrôle des hôtes compromis Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts (lien direct) |
Les acteurs de la menace utilisent de plus en plus Github à des fins malveillantes grâce à de nouvelles méthodes, notamment abuser des GIST secrètes et émettre des commandes malveillantes via des messages Git Commit.
"Les auteurs de logiciels malveillants placent occasionnellement leurs échantillons dans des services tels que Dropbox, Google Drive, OneDrive et Discord pour accueillir des logiciels malveillants de deuxième étape et des outils de détection de touche", inverse le chercheur Karlo Zanki & NBSP
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware and sidestep detection tools," ReversingLabs researcher Karlo Zanki |
Malware Tool Threat | ★★★ | |
|
2023-12-18 11:00:00 | Dévoiler le Web Dark: un guide professionnel de l'exploration éthique Unveiling the dark web: A professional\\'s guide to ethical exploration (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The dark web, often shrouded in mystery and intrigue, is a realm of the internet that exists beyond the reach of traditional search engines. While the Dark Web does harbor a certain notoriety for hosting illegal activities, it also contains valuable information and resources that can be beneficial for professionals involved in cybersecurity, threat intelligence, and investigations. This article will provide a comprehensive guide on how to search the dark web for information gathering in a professional and ethical manner. Understanding the dark web Before delving into the intricacies of searching on the dark web, it\'s crucial to comprehend its structure. The internet comprises three layers: the surface web, the deep web, and the dark web. Surface web: This is the portion of the internet indexed by search engines like Google and accessible to the general public. Deep web: The Deep Web includes websites and databases not indexed by search engines. These are often password-protected or behind paywalls, such as online banking or email accounts. Dark web: The dark web is a hidden network of websites that can only be accessed using specialized software, such as Tor. It\'s intentionally designed to conceal the identity of users and hosts. While it has a reputation for illegal markets, it also includes legitimate websites and forums. Ethical considerations Searching the dark web requires a strong commitment to ethical conduct. It\'s essential to respect both legal and moral boundaries. Here are some critical ethical considerations: Legal compliance: Ensure that your activities are within the bounds of the law. Engaging in any illegal activities, such as purchasing illicit goods, is strictly prohibited. Use encryption: When accessing the dark web, always use encryption tools like the Tor browser to protect your identity and maintain anonymity. Verification: Verify the legitimacy of the information you find. Misinformation and scams are prevalent on the dark web. Searching the Dark Web Get the right tools: Start by downloading the Tor browser, a free and open-source software that allows you to access the dark web while concealing your IP address. Consider using a virtual private network (VPN) in combination with the Tor browser for an additional layer of security. Deep web vs. dark web: Distinguish between the deep web and the dark web. Remember that the deep web consists of web pages not indexed by search engines but is not inherently hidden. The dark web, on the other hand, is intentionally concealed. Search engines: Dark web search engines like DuckDuckGo, Torch and notEvil can be used to find specific websites and content. These search engines access .onion domains, which are unique to the dark web. Directories: Dark web directories are like Yellow Pages for hidden services. They list websites and their categories, making it easier to find what you\'re looking for. Notable directories include The Hidden Wiki and TorLinks. Forums and communities: The dark web hosts numerous forums, discussion boards, and communities that cover a wide range of topics. Some of these can be valuable sources of information. However, exercise caution as many forums are associated with illegal activities. File sharing: File-sharing services on the dark web may contain a wealth of data, including documents, reports, and archives. Some of these files may be of intere | Tool Vulnerability Threat | ★★ | |
|
2023-12-18 06:00:21 | Une approche de risque intégrée pour briser la chaîne d'attaque juridique et de conformité: les informations de Proofpoint Protect 2023 An Integrated Risk Approach to Breaking the Legal and Compliance Attack Chain: Insights from Proofpoint Protect 2023 (lien direct) |
Last September, Proofpoint held our first in-person event since the pandemic in New York City, Protect 2023. In this blog post, our Chief Compliance Officer in Residence John Pepe shares some key insights from the leaders who participated in the Compliance Leader\'s Roundtable at that conference. A big part of that discussion was exploring how combining data points from multiple tools can help stop known risk patterns before problems escalate. “Break the Attack Chain” is a Proofpoint initiative that outlines our approach to prevent and disrupt cyberattacks that target people and their data. The attack chain can basically be broken down into eight steps and three main stages: Initial compromise Privilege escalation Data exfiltration Steps in the attack chain. We believe that breaking the attack chain is so important that we made it the theme of Protect 2023. When you break the attack chain, you reduce the risks and the impact of cyberattacks. And you avoid a lot of the financial, reputational and operational damage. Proofpoint argues that this starts by taking a people-centric approach to security that focuses on the human factors that enable and motivate attackers. But this theme isn\'t just relevant to cybersecurity. It\'s also an important concept that\'s relevant to compliance professionals and their current challenges. Recently at the Protect 2023 conference, we explored how the industry is using this idea to rethink the ways it approaches and mitigates risk. What\'s top of mind for compliance professionals right now? Part of my job at Proofpoint is to provide our customers-some of whom are highly regulated-with executive briefings on compliance and regulatory best practices. I also have a lot of critical discussions with the legal and regulatory communities. So I understand why the concept of breaking the attack chain transcends cybersecurity and really resonates with these groups. That\'s why I chose to explore it at Protect 2023 at the Compliance Leader\'s Roundtable. This panel was comprised of a chief compliance officer from a leading financial services provider, the head of surveillance for an asset manager, and a chief information security officer. And our topic was “What\'s Top of Mind for Compliance Professionals Post COVID-19." The discussion was informal and focused on work-from-home (WFH) initiatives during and after the pandemic. Two interconnected areas were of particular interest: Risks and programs related to WFH, with a special focus on collaboration platforms How behavioral indicators may help to predict potential legal or compliance issues When talking about insider risks and threats, the panelists explored: Best practices for controlling messaging apps and mitigating risks in mobile texts and chat How behavioral modeling and analytics can be used to enhance risk monitoring for user conduct How combining multiple compliance approaches can help form a holistic risk management program, which can mean integrating: Threat detection People analytics Conduct compliance applications As part of the conversation, I brought up the topic of employee behaviors and patterns that can lead to legal or compliance issues. The example scenario I offered was of a disgruntled employee who had received an underwhelming bonus or was passed up for a promotion. To get back at the company, this person stole sensitive company data and intellectual property (IP) before they left their job. The panel discussed behaviors or telemetry that might be present in such a scenario. And they talked about whether any data about user conduct might help detect and prevent potential losses. An integrated approach to breaking the attack chain What follows are some of the ways that our panelists use tools to mitigate risks. And how Proofpoint can help. Combining internal and external data One of the most crucial aspects of a surveillance analyst\'s job, especially in financial services, is monitoring employee risk. The roundtable emp | Tool Threat Mobile Prediction Conference | ★★★ | |
|
2023-12-15 21:35:08 | Ace dans le trou: exposer Gambleforce Ace in the Hole: Exposing GambleForce (lien direct) |
#### Description
Septembre 2023, la société de cybersécurité Group-IB a découvert Gambleforce, un acteur de menace inconnu spécialisé dans les attaques d'injection SQL dans la région Asie-Pacifique.Gambleforce a ciblé plus de 20 sites Web (gouvernement, jeu, vente au détail et voyages) en Australie, en Chine, en Indonésie, aux Philippines, en Inde, en Corée du Sud, en Thaïlande et au Brésil.
Le groupe a utilisé un ensemble d'outils avec des méthodes d'attaque de base mais efficaces, conduisant à des préoccupations d'une activité supplémentaire même après que le groupe-IB a enlevé son serveur de commande et de contrôle.L'ensemble du jeu d'outils était basé sur des instruments open source accessibles au public utilisés à des fins de pentisting.Après avoir examiné le jeu d'outils plus en détail, il est devenu clair que les outils étaient très probablement associés à un acteur de menace exécutant l'une des plus anciennes méthodes d'attaque: les injections de SQL.Les attaquants ont obtenu un accès initial à l'aide de SQLMAP, puis ont procédé à la téléchargement de la grève de Cobalt sur des serveurs compromis.Notamment, la version de Cobalt Strike a découvert sur le serveur du gang \\ a utilisé des commandes en chinois, mais ce fait seul n'est pas suffisant pour attribuer l'origine du groupe.
#### URL de référence (s)
1. https://www.group-ib.com/blog/gambleforce-gang/
#### Date de publication
15 décembre 2023
#### Auteurs)
Nikita Rostovcev
#### Description September 2023, cybersecurity firm Group-IB uncovered GambleForce, a previously unknown threat actor specializing in SQL injection attacks across the Asia-Pacific region. GambleForce has targeted more than 20 websites (government, gambling, retail, and travel) in Australia, China, Indonesia, the Philippines, India, South Korea, Thailand, and Brazil. The group employed a toolset with basic but effective attack methods, leading to concerns of further activity even after Group-IB took down their command and control server. The entire toolset was based on publicly available open-source instruments used for pentesting purposes. After examining the toolset in more detail, it became clear that the tools were most likely associated with a threat actor executing one of the oldest attack methods: SQL injections. The attackers gained initial access using SQLmap, then proceeded to upload Cobalt Strike on compromised servers. Notably, the version of Cobalt Strike discovered on the gang\'s server used commands in Chinese, but this fact alone is not enough to attribute the group\'s origin. #### Reference URL(s) 1. https://www.group-ib.com/blog/gambleforce-gang/ #### Publication Date December 15, 2023 #### Author(s) Nikita Rostovcev |
Tool Threat | ★★★ | |
|
2023-12-15 18:51:00 | Les cyberattaques pro-hamas ont objectif \\ 'PEROGI \\' malware à plusieurs cibles du Moyen-Orient Pro-Hamas Cyberattackers Aim \\'Pierogi\\' Malware at Multiple Mideast Targets (lien direct) |
Gaza Cybergang a créé une nouvelle version de porte dérobée remplie d'outils pour espionner et attaquer des cibles.
Gaza Cybergang has created a new backdoor version stuffed with tools to spy on and attack targets. |
Malware Tool | ★★★ | |
|
2023-12-15 06:00:41 | Comment empêcher les attaques basées sur l'identité avec ITDR How to Prevent Identity-Based Attacks with ITDR (lien direct) |
Identity-based attacks are on the rise. Research from the Identity Defined Security Alliance found that 84% of businesses experienced an identity-related breach in the past year. While that\'s a huge percentage, it\'s not all that surprising. Just consider how focused attackers have been in recent years on gaining access to your user\'s identities. In the latest Verizon 2023 Data Breach Investigations Report, Verizon found that 40% of all data breaches in 2022 involved the theft of credentials which is up from 31% in 2021. With access to just one privileged account an attacker can move around undetected on a company\'s network and cause havoc. When they look like the right employee, they have the freedom to do almost anything, from stealing sensitive data to launching ransomware attacks. What\'s worse, attackers usually have tools that make it fast and easy to exploit stolen credentials, escalate privilege and move laterally. That makes this type of attack all the more appealing. There are a bevy of cybersecurity tools that are supposed to protect companies from these attacks. So why do they fall short? The simple answer is that it\'s not their job-at least not completely. Take tools used for identity access management (IAM) as an example. Their role is to administer identities and manage their access to applications and resources. They don\'t detect malicious activity after a “legitimate” user has been authenticated and authorized. And tools for anomaly detection, like security information and event management (SIEM) systems, alert on abnormal or malicious user activity. But they are even less capable of flagging attempts at lateral movement and privilege escalation. As a result, these tools tend to generate high levels of false positives, which overwhelm security teams. However, there is a way to address the security gaps these solutions aren\'t well equipped to cover. It\'s called identity threat detection and response, or ITDR for short. What is ITDR? ITDR is an umbrella term coined by Gartner to describe a new category of security tools and best practices that companies can use to detect and respond more effectively to identity-based attacks. ITDR protects the middle of the attack chain-the point where enterprise defenses are usually the weakest. ITDR tools offer robust analytics, integrations and visibility that can help you to: Detect, investigate and respond to active threats Stop privilege escalations Identify and halt lateral movement by attackers Reduce the identity-centric attack surface before the threat actor even arrives When you use ITDR, you\'re not replacing existing tools or systems for IAM and threat detection and response like privileged access management (PAM) or endpoint detection and response (EDR). Instead, you\'re complementing them. Those tools can continue to do what they do best while ITDR addresses the identity security gaps they\'re not designed to cover. How ITDR solutions work-and help to prevent identity-based attacks ITDR tools are designed to continuously monitor user behavior patterns across systems. They scan every endpoint-clients and servers, PAM systems and identity repositories-to look for unmanaged, misconfigured and exposed identities. With a holistic view of identity risks, your security team can remove key attack pathways through Active Directory (AD) that threat actors use to install ransomware and steal data. ITDR tools can help defenders stop identity attacks and proactively get rid of risks. They allow defenders to see exactly how attackers can access and use identities to compromise the business. Essentially, ITDR provides answers to these three critical questions: Whose identity provides an attack path? What is the identity threat blast radius, and the impact to my business? Are there any identity-based attacks in progress? Leading ITDR tools can help you catch adversaries in the act by planting deceptive content, or trip wires, throughout your environment that only attackers would in | Ransomware Data Breach Tool Vulnerability Threat | ★★ | |
|
2023-12-15 01:31:05 | Systèmes infectés contrôlés par des outils d'administration à distance (détectés par EDR) Infected Systems Controlled Through Remote Administration Tools (Detected by EDR) (lien direct) |
Les outils d'administration à distance sont des logiciels pour gérer et contrôler les terminaux dans des endroits distants.Les outils peuvent être utilisés comme solutions de travail à domicile dans des circonstances telles que la pandémie Covid-19 et dans le but de contrôler, de gérer et de réparer les appareils sans pilote à distance.Ces outils de télécommande utilisés à des fins légitimes sont appelés rat, ce qui signifie & # 8220; outils d'administration à distance. & # 8221;De plus, les types de logiciels malveillants de porte dérobée tels que Remcos Rat, NJRAT, Quasar Rat et Avemaria sont appelés chevaux de Troie à distance (rat) parce que ceux-ci le rendent également ...
Remote administration tools are software for managing and controlling terminals at remote locations. The tools can be used as work-at-home solutions in circumstances such as the COVID-19 pandemic and for the purpose of controlling, managing, and repairing unmanned devices remotely. Such remote control tools used for legitimate purposes are called RAT, meaning “Remote Administration Tools.” Additionally, backdoor malware types such as Remcos RAT, njRAT, Quasar RAT, and AveMaria are called Remote Access Trojans (RAT) because these also make it possible... |
Malware Tool | ★★ | |
|
2023-12-14 22:00:00 | Nouveau acteur de menace \\ 'gambleforce \\' derrière des attaques d'injection SQL New \\'GambleForce\\' Threat Actor Behind String of SQL Injection Attacks (lien direct) |
Le groupe de cybercriminalité au visage frais n'a utilisé que des outils de test de pénétration accessibles au public jusqu'à présent dans sa campagne.
The fresh-faced cybercrime group has been using nothing but publicly available penetration testing tools in its campaign so far. |
Tool Threat | ★★ | |
|
2023-12-14 21:45:56 | Nouveau groupe de pirate Gambleforce Hacks Targets avec des outils open source New Hacker Group GambleForce Hacks Targets with Open Source Tools (lien direct) |
> Par waqas
Encore un autre jour, un autre acteur de menace posant un danger pour la cybersécurité des entreprises du monde entier.
Ceci est un article de HackRead.com Lire le post original: Nouveau groupe de pirate Gambleforce Hacks Targets avec des outils open source
>By Waqas Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. This is a post from HackRead.com Read the original post: New Hacker Group GambleForce Hacks Targets with Open Source Tools |
Tool Threat | ★★ | |
 |
2023-12-14 18:55:10 | Microsoft élimine des domaines vendant de faux comptes Outlook Microsoft Takes Down Domains Selling Fake Outlook Accounts (lien direct) |
Microsoft a annoncé mercredi qu'il avait saisi des sites Web illicites et des pages de médias sociaux appartenant au groupe de cybercriminaux basé au Vietnam Storm-1152 a créé environ 750 millions de comptes d'Outlook frauduleux et a gagné des millions de dollars de revenus illégaux. Le géant de Redmond appelle Storm-1152, un écosystème de cybercriminalité en tant que service (CAAS), «le vendeur et créateur numéro un de comptes Microsoft frauduleux» qui les a bien vendues en ligne à d'autres cybercriminels pour contourner les logiciels de vérification d'identité à travers bien à travers- Plateformes technologiques connues. Ces comptes ont été utilisés pour plusieurs activités malveillantes, notamment le phishing de masse, le vol d'identité et la fraude, et les attaques de déni de service (DDOS) distribuées. «Storm-1152 gère des sites Web illicites et des pages de médias sociaux, vendant des comptes et des outils frauduleux Microsoft pour contourner les logiciels de vérification d'identité sur des plateformes technologiques bien connues.Ces services réduisent le temps et les efforts nécessaires pour que les criminels mettent en ligne une multitude de comportements criminels et abusifs », Amy Hogan-Burney, directrice générale de l'unité des crimes numériques de Microsoft \\ (DCU), a écrit dans un article de blog. Selon Microsoft, Octo Tempest, également connu sous le nom de Spanded Spider, est l'un des clients de Storm-1152 \\ qui ont obtenu des comptes de Microsoft frauduleux pour mener des attaques d'ingénierie sociale visant à l'extorsion financière.Outre Octo Tempest, des acteurs de menace tels que Storm-0252, Storm-0455 et d'autres groupes de ransomware ou d'extorsion ont également acheté des comptes frauduleux de Storm-1152. Le 7 décembre 2023, le géant de Redmond a obtenu une ordonnance du tribunal du district sud de New York pour saisir l'infrastructure basée aux États-Unis de la cybercriminalité construite sur l'intelligence recueillie sur les CAA et ses activités et infrastructures par Microsoftet la société de sécurité et de sécurité des bots Arkose Labs. «Depuis au moins 2021, les défendeurs se sont engagés dans un plan pour obtenir des millions de comptes de messagerie Microsoft Outlook au nom des utilisateurs fictifs en fonction d'une série de fausses représentations, puis vendent ces comptes frauduleux à des acteurs malveillants pour une utilisationdans divers types de cybercriminalité », selon le plainte . Sur la base de la commande, Microsoft a repris des domaines tels que Hotmailbox [.] Moi, 1stcaptcha, anycaptcha et non ecaptcha, ainsi que des comptes de médias sociaux qui ont été utilisés par Storm-1152 pour nuire aux clients de la société etcauser des dommages-intérêts d'une valeur de centaines de milLions de dollars. La société a également poursuivi trois individus & # 8211;Duong Dinh Tu, Linh Van Nguyen (A / K / A Nguyen Van Linh) et Tai Van Nguyen & # 8211;tous basés à VIEtnam et censé être opérant Storm-1152. "Nos résultats montrent que ces personnes ont exploité et rédigé le code pour les sites Web illicites, publié des instructions détaillées étape par étape sur la façon d'utiliser leurs produits via des didacticiels vidéo et ont fourni des services de chat pour aider ceux qui utilisent leurs services frauduleux", a ajoutéAmy Hogan-Burney. & # 8220; Aujourd'hui, l'action est une continuation de la stratégie de Microsoft pour viser l'écosystème cybercriminal plus large et cibler les outils que les cybercriminaux utilisent pour lancer leurs attaques.Il s'appuie sur notre exp | Ransomware Malware Tool Threat | ★★★ | |
|
2023-12-14 15:46:49 | Dragos révèle l'attaque électrique de l'électrum contre l'entité électrique ukrainienne à l'aide d'outils personnalisés, un malware de caddywiper Dragos reveals Electrum October attack on Ukrainian electric entity using custom tools, CaddyWiper malware (lien direct) |
> La société de cybersécurité industrielle Dragos a lié la divulgation récente de Mandiant d'un incident cyber-physique à l'acteur de menace lié à la Russie ...
>Industrial cybersecurity company Dragos has linked Mandiant’s recent disclosure of a cyber-physical incident to the Russia-linked threat actor... |
Malware Tool Threat | ★★★ | |
|
2023-12-14 12:07:06 | Ce que nos experts en sécurité ont discuté chez AWS RE: Invent 2023 What Our Security Experts Discussed at AWS re:Invent 2023 (lien direct) |
Le paysage du codage change alors que les développeurs adoptent l'IA, l'automatisation, les microservices et les bibliothèques tierces pour stimuler la productivité.Bien que chaque nouvelle approche améliore l'efficacité, comme une épée à double tranchant, les défauts et les vulnérabilités sont également introduits plus rapidement que les équipes ne peuvent les réparer.Découvrez l'une des dernières innovations qui résolvent cela dans un récapitulatif de ce que nos experts en sécurité ont discuté chez AWS RE: Invent 2023.
Veracode Fix: un changeur de jeu en régime pour les développeurs pour les développeurs
Au cours de leur segment AWS on Air, nos experts, vice-président de la gestion stratégique des produits, Tim Jarrett, et l'architecte des solutions seniors, Eric Kim, ont partagé comment Veracode Fix est un nouvel outil de changement de jeu qui aide les développeurs à réduire le processus de rétablissement des défauts depuis des moisà quelques minutes.
Tirant la puissance de l'IA, l'outil permet aux développeurs de réduire facilement les problèmes de sécurité en générant des correctifs suggérés pour le code existant qui est défectueux et vulnérable.
Alors que de nombreux outils de codage alimentés par l'IA sont conçus pour aider à écrire…
The landscape of coding is changing as developers embrace AI, automation, microservices, and third-party libraries to boost productivity. While each new approach enhances efficiency, like a double-edged sword, flaws and vulnerabilities are also introduced faster than teams can fix them. Learn about one of the latest innovations solving this in a recap of what our security experts discussed at AWS re:Invent 2023. Veracode Fix: A Game Changer in Flaw Remediation for Developers During their AWS on Air segment, our experts, Vice President of Strategic Product Management, Tim Jarrett, and Senior Solutions Architect, Eric Kim, shared how Veracode Fix is a new game-changing tool that helps developers cut down the flaw remediation process from months to minutes. Leveraging the power of AI, the tool allows developers to easily reduce security issues by generating suggested fixes for existing code that is flawed and vulnerable. While many AI-powered coding tools are designed to help write… |
Tool Vulnerability | ★★★ | |
|
2023-12-14 11:16:00 | Microsoft prend des mesures judiciaires pour réprimer le réseau de cybercriminalité Storm-1152 \\ Microsoft Takes Legal Action to Crack Down on Storm-1152\\'s Cybercrime Network (lien direct) |
Microsoft a déclaré mercredi avoir obtenu une ordonnance du tribunal pour saisir les infrastructures mises en place par un groupe appelé Storm-1152 qui a colporté environ 750 millions de comptes et d'outils frauduleux de Microsoft via un réseau de sites Web de faux et de pages de médias sociaux à d'autres acteurs criminels, en les fixant des millions de millions de millions de millions de sites Web et de pages de médias sociaux à d'autres acteurs criminels, ce qui en fait des millions de millions de millions de sites de fauxdollars de revenus illicites.
«Les comptes en ligne frauduleux agissent comme la passerelle vers une multitude de cybercriminaux,
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting them millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of cybercrime, |
Tool Legislation | ★★★ | |
|
2023-12-14 11:00:00 | Protéger l'entreprise des fuites de mot de passe Web sombres Protecting the enterprise from dark web password leaks (lien direct) |
Referenced in popular films and television programs, “The Dark Web” has achieved what many cyber security concerns fail to do in that it has entered the public consciousness. It is generally understood that the dark web is a collection of on-line sites and marketplaces, notorious for facilitating illegal activities and harboring stolen information. The details of how this underground economy function, the various levels of sophistication of its participants, and how information ends up in these forums is less broadly understood. The trade in compromised passwords in dark web markets is particularly damaging. Cybercriminals often exploit password leaks to access sensitive data, commit fraud or launch further attacks. Let’s explore the various ways passwords are leaked to the dark web and discuss strategies for using dark web data to protect your organization. Data breaches One of the most common ways passwords are leaked to the dark web is through data breaches. Cybercriminals target organizations and gain unauthorized access to their systems and databases. Once inside, they can steal large volumes of user data, including passwords, which are then sold or traded on the dark web. A “first party” data breach is when that breach occurs in a network you are responsible for (i.e. your company). This is typically a top-of-mind concern for security and IT professionals. However, breaches of third parties that hold information about your users can be equally damaging. Because users often reuse passwords across multiple services, or use slight variations or formulaic passwords, these disclosures are critical. They result in threat actors gaining access to your network or SaaS services by simply logging or through brute forcing a greatly reduced key space which may go unnoticed. Phishing attacks Phishing attacks are another prevalent method used by cybercriminals to obtain passwords. These attacks involve sending deceptive emails, text messages, or social media messages that trick users into revealing their login credentials. Once the attacker has the victim\'s password, they can easily access their accounts or sell the information on the dark web. Keyloggers and malware Keyloggers and malware are stealthy tools used by cybercriminals to record a user\'s keystrokes, including passwords. These can be installed on a victim\'s device through malicious emails, downloads, or infected websites. This is particularly concerning in cases where the endpoints in question are not fully managed by the company. Contractors, network devices provided by service providers, users with BYOD equipment or other semi-public or public devices users might access a cloud service from are all examples of devices which can result in loss of credentials because of malware infection - regardless of the endpoint security measures taken on company owned devices. What is particularly insidious about these infections is that, unless addressed, they continue to report current credentials up to the command-and-control services across password changes and platforms. Insider threats Sometimes, passwords are leaked to the dark web through insider threats. Disgruntled employees, contractors, or other individuals with access to sensitive information may intentionally leak passwords as an act of revenge or for financial gain. Protecting Your Passwords: Best Practices While the risks associated with password leaks on the dark web are real, there are steps you can take to protect your organization from being impacted by these disclosures: Educate users: By now it is difficult to find an organization that doesn’t have a policy and technical controls to enforce the use of strong passwords in their environment. Building on that to train users when it is acceptable to use a company provide email address for service | Data Breach Malware Tool Threat Cloud Technical | ★★ | |
|
2023-12-14 09:44:32 | Atténuation des menaces d'initié: 5 meilleures pratiques pour réduire le risque Insider Threat Mitigation: 5 Best Practices to Reduce Risk (lien direct) |
(This is an updated version of a blog that was originally published on 1/28/21.) Most security teams focus on detecting and preventing external threats. But not all threats come from the outside. The shift to hybrid work, accelerated cloud adoption and high rates of employee turnover have created a perfect storm for data loss and insider threats over the past several years. Today, insider threats rank amongst the top concerns for security leaders-30% of chief information security officers report that insider threats are their biggest cybersecurity threat over the next 12 months. It\'s easy to understand why. Insider threats have increased 44% since 2020 due to current market dynamics-and security teams are struggling to keep pace. According to the Verizon 2023 Data Breach Investigations Report, 74% of all breaches involve the human element. In short, data doesn\'t lose itself. People lose it. When the cybersecurity risk to your company\'s vital systems and data comes from the inside, finding ways to mitigate it can be daunting. Unlike with tools that combat external threats, security controls for data loss and insider threats can impact users\' daily jobs. However, with the right approach and insider threat management tools, that doesn\'t have to be the case. In this blog post, we\'ll share best practices for insider threat mitigation to help your business reduce risk and overcome common challenges you might face along the way. What is an insider threat? But first, let\'s define what we mean by an insider threat. In the cybersecurity world, the term “insider” describes anyone with authorized access to a company\'s network, systems or data. In other words, it is someone in a position of trust. Current employees, business partners and third-party contractors can all be defined as insiders. As part of their day-to-day jobs, insiders have access to valuable data and systems like: Computers and networks Intellectual property (IP) Personal data Company strategy Financial information Customer and partner lists All insiders pose a risk given their position of trust-but not all insiders are threats. An insider threat occurs when someone with authorized access to critical data or systems misuses that access-either on purpose or by making a mistake. The fallout from an insider threat can be dire for a business, including IP loss, legal liability, financial consequences and reputational damage. The challenge for security firms is to determine which insiders are threats, and what type of threats they are, so they know how to respond. There are three insider threat types: Careless. This type of risky insider is best described as a user with good intentions who makes bad decisions that can lead to data loss. The 2022 Cost of Insider Threats Global Report from Ponemon Institute notes that careless users account for more than half (56%) of all insider-led incidents. Malicious. Some employees-or third parties, like contractors or business partners-are motivated by personal gain. Or they might be intent on harming the business. In either case, these risky users might want to exfiltrate trade secrets or take IP when they leave the company. Industrial espionage and sabotage are examples of malicious insider activity. Ponemon research shows malicious insiders account for 26% of insiders. Compromised. Sometimes, external threat actors steal user login information or other credentials. They then use those credentials to access applications and systems. Ponemon reports that compromised users account for 18% of insiders. Insider threat mitigation best practices Companies can minimize brand and financial damage by detecting and stopping insider threats. How each security team approaches insider threats will vary depending on the industry, maturity and business culture. However, every organization can use the five best practices we\'ve outlined below to improve their insider threat prevention. 1. Identify your risky users Most insiders fall into the “care | Data Breach Tool Threat Industrial Cloud Technical | ★★ | |
|
2023-12-14 09:00:56 | La détection de code QR malveillant fait un bond en avant géant Malicious QR Code Detection Takes a Giant Leap Forward (lien direct) |
Proofpoint introduces inline, pre-delivery QR code detection engine to help protect against imaged-based QR code phishing attacks QR code phishing, also known as quishing, is the latest attack hitting inboxes. This emerging threat is able to get around traditional email defenses and is forging a new way to deliver email attacks directly to users. Along with email phishing, executive impersonation, spear phishing and business email compromise (BEC), this threat has become one of the top concerns for security and IT teams. In response, Proofpoint has launched new inline sandboxing capabilities to detect and stop suspicious QR code threats. Not only do we support behavioral and sandbox detection engines, but we also provide pre- and post-scanning for risky QR codes. When combined, these capabilities more accurately detect and better protect against this new threat vector. Most API-based email security tools rely on behavioral signals, which means they can only detect a suspicious QR code email after it has been delivered to the user\'s inbox. In contrast, Proofpoint stops attacks pre-delivery, so threats can never make it to users\' inboxes. In this blog post, we\'ll cover what you should know about QR code phishing and detection-and how Proofpoint can help. Why QR codes? When Microsoft disabled macros to prevent threat actors from exploiting them to deliver malware, threat actors started to test various new attack delivery techniques, such as QR codes. Used by marketers as a quick and easy way to connect with consumers and drive engagement, QR codes have become a part of our daily lives and are now used in retail stores, airline tickets, contactless menus and scan-to-pay, among many others. While it\'s common knowledge that standard QR codes can be used in malicious ways, a recent Scantrust QR code survey found that “over 80% of US-based QR code users said that they think QR codes are safe.” It\'s this inherent trust of QR codes that threat actors depend on. That and the fact that QR codes do not expose malicious URLs make them very hard detect with traditional email security tools. What is QR code phishing? A QR code scam is when a bad actor creates a QR code phishing campaign to trick a user into navigating to a malicious URL. This leads them to a malicious website that then harvests their credentials or downloads malware onto their device. These campaigns include payment scams, package scams, email scams and even donation scams during the holiday season. Because all QR codes look similar, users are easily fooled. Figure 1: How a QR scam typically works. Why are QR codes getting through? Legacy email security providers and most API-based email security tools have a very difficult time detecting these attacks. That\'s because these tools scan email messages for known malicious links-they don\'t scan images for links that are hidden inside QR code images. This attack method also creates a new security blind spot. QR codes are scanned by a separate device, like a smartphone, from where the email is delivered. And smartphones are less likely to have robust security protection, which is needed to detect and prevent these attacks. For this reason, it\'s essential that an email security tool detects and blocks QR code phishing emails before they reach users\' inboxes. When messages are scanned post-delivery, like with API-based tools, there\'s a chance that users will get to them first-before they\'re clawed back. Post-delivery-only detection risks Post-delivery-only email security tools claim to “detect and block” QR code phishing emails, but they simply cannot. While they may “detect” a suspicious QR code email, it\'s only after the threat has been delivered to the user\'s inbox. Moreover, these tools do not sandbox suspicious QR codes. This means they have a high miss rate-which creates more risk for your company. Besides creating more risk, they also create more work for your teams. By relying solely on behavioral anomalies, these tools | Malware Tool Threat Mobile Cloud | ★★★ | |
 |
2023-12-13 23:13:19 | (Déjà vu) Silent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar (lien direct) | Pandora HVNC est un cheval de Troie (rat) à l'accès à distance qui est annoncé sur les forums de cybercriminalité depuis 2021. Étonnamment, il a reçu peu d'attention de la communauté de la cybersécurité.Malgré cela, il reste un outil largement utilisé et est favorisé par de nombreux acteurs de menace.Pandora HVNC permet aux attaquants de prendre un contrôle secrète sur l'ordinateur d'une victime.Cet article analysera les caractéristiques de Pandora Hvnc.
-
mise à jour malveillant
Pandora hVNC is a remote access trojan (RAT) that has been advertised on cybercrime forums since 2021. Surprisingly, it has received little attention from the cybersecurity community. Despite this, it remains a widely used tool and is favoured by many threat actors. Pandora hVNC enables attackers to gain covert control over a victim\'s computer. This article will analyse the features of Pandora hVNC. - Malware Update |
Tool Threat | ★ | |
 |
2023-12-13 19:14:05 | Pandora Hvnc silencieuse, mais puissante, l'outil de cybercriminalité populaire qui vole sous le radar Silent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar (lien direct) |
> Pandora HVNC est un cheval de Troie (rat) d'accès à distance qui est annoncé sur les forums de cybercriminalité depuis 2021. Étonnamment, il a reçu peu d'attention de la communauté de la cybersécurité.Malgré cela, il reste un outil largement utilisé et est favorisé par de nombreux acteurs de menace.Pandora HVNC permet aux attaquants d'obtenir un contrôle secrète sur un ordinateur victime.Ce [& # 8230;]
Le post Silencieux, mais mais encorePuissant Pandora Hvnc, le populaire outil de cybercriminalité qui vole sous le radar est apparu pour la première fois sur slashnext .
>Pandora hVNC is a remote access trojan (RAT) that has been advertised on cybercrime forums since 2021. Surprisingly, it has received little attention from the cybersecurity community. Despite this, it remains a widely used tool and is favoured by many threat actors. Pandora hVNC enables attackers to gain covert control over a victim’s computer. This […] The post Silent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar first appeared on SlashNext. |
Tool Threat Technical | ★★★★ | |
|
2023-12-13 18:45:00 | Google en utilisant les désinfeursurs de Clang pour protéger Android contre les vulnérabilités de bande de base cellulaire Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities (lien direct) |
Google met en évidence le rôle joué par & nbsp; Clang Sanitizers & NBSP; en durcissant la sécurité de la bande de base cellulaire dans le & nbsp; Android Operating System & NBSP; et empêchant des types de vulnérabilités spécifiques.
Cela comprend un désinfectant de débordement entier (INTSAN) et BoundsSanitizer (Boundsan), qui font tous deux partie de UndefinedBehaviorsanitizer (UBSAN), un outil conçu pour attraper divers types de
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of |
Tool Vulnerability Mobile | ★★ | |
|
2023-12-13 17:32:00 | Comment analyser le trafic réseau de malware \\ dans un bac à sable How to Analyze Malware\\'s Network Traffic in A Sandbox (lien direct) |
L'analyse des logiciels malveillants englobe un large éventail d'activités, notamment en examinant le trafic réseau des logiciels malveillants.Pour y être efficace, il est crucial de comprendre les défis communs et comment les surmonter.Voici trois problèmes courants que vous pouvez rencontrer et les outils dont vous aurez besoin pour les résoudre.
Décrit le trafic HTTPS
Protocole de transfert hypertexte Secure (HTTPS), le protocole pour sécuriser
Malware analysis encompasses a broad range of activities, including examining the malware\'s network traffic. To be effective at it, it\'s crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you\'ll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure |
Malware Tool | ★★★ | |
 |
2023-12-13 17:00:00 | Floss pour gophers et crabes: extraire les chaînes de go et les exécutables de rouille FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables (lien direct) |
 Le paysage évolutif du développement de logiciels a introduit de nouveaux langages de programmation comme Go et Rust.Les binaires compilés à partir de ces langues fonctionnent différemment aux programmes classiques (C / C ++) et remettent en question de nombreux outils d'analyse conventionnels.Pour soutenir l'analyse statique des exécutables GO et Rust, la soie dentaire extrait désormais les chaînes de programme à l'aide d'algorithmes améliorés.Où les algorithmes d'extraction traditionnels fournissent un composé et une sortie de chaîne déroutante récupèrent les chaînes individuelles de go et de rouille telles qu'elles sont utilisées dans un programme. Pour commencer à utiliser le fil de fil Téléchargez l'un des binaires autonomesDe notre releas
 The evolving landscape of software development has introduced new programming languages like Go and Rust. Binaries compiled from these languages work differently to classic (C/C++) programs and challenge many conventional analysis tools. To support the static analysis of Go and Rust executables, FLOSS now extracts program strings using enhanced algorithms. Where traditional extraction algorithms provide compound and confusing string output FLOSS recovers the individual Go and Rust strings as they are used in a program.To start using FLOSS download one of the standalone binaries from our releas |
Tool Technical | ★★★★ | |
|
2023-12-13 16:25:00 | Microsoft met en garde contre les pirates exploitant Oauth pour l'extraction et le phishing des crypto-monnaies Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing (lien direct) |
Microsoft a averti que les adversaires utilisent des applications OAuth comme outil d'automatisation pour déployer des machines virtuelles (VM) pour l'exploitation de crypto-monnaie et le lancement d'attaques de phishing.
"Les acteurs de la menace compromettent les comptes d'utilisateurs pour créer, modifier et accorder des privilèges élevés aux applications OAuth qu'ils peuvent abuser pour cacher l'activité malveillante", l'équipe Microsoft Threat Intelligence & nbsp; a dit & nbsp; dans un
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an |
Tool Threat | ★★ | |
 |
2023-12-13 13:40:53 | Vers une utilisation généralisée de l\'IA, de la consolidation des outils et de l\'OpenTelemetry dans le secteur de l\'observabilité d\'ici 2024 (lien direct) | Les budgets resteront toujours un point d'attention pour les DSI et CTO mais l'observabilité continuera à générer des résultats significatifs avec des analyses qui continueront d'être précieuses. Zoom sur les pratiques en matière d'observabilité qui vont s'accélérer en 2024. | Tool | ★★ | |
|
2023-12-13 11:00:00 | Qu'est-ce que la sécurité centrée sur les données? What is data-centric security? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data is the lifeblood of organizations. It drives decision-making, fosters innovation, and underpins business operations. However, this wealth of data is scattered across multiple cloud platforms, making it an attractive target for cybercriminals, and rendering traditional approaches to data protection obsolete. This is where data-centric security comes into play. This article will explore the concept of data-centric security, why businesses need it, and the benefits it offers. Understanding data-centric security Data-centric security is a comprehensive approach to safeguarding sensitive data by focusing on the data itself rather than the network or perimeter. It revolves around protecting data throughout its lifecycle, ensuring that even if security perimeters are breached, the data remains secure. Data-centric security comprises several key components and principles, including: Data discovery and classification: Identifying and categorizing data based on its sensitivity is the first step in protecting it. By knowing what data is most critical, you can allocate resources and protection measures accordingly. Access controls and permissions: Fine-grained access controls and role-based permissions are essential to restrict data access to authorized users and roles, reducing the risk of data exposure. Encryption: Encrypting data at rest and in transit adds an extra layer of protection, making data inaccessible to unauthorized individuals. Activity monitoring: Real-time activity monitoring and auditing capabilities help detect unusual data access or transfer patterns, allowing for immediate response to potential security incidents. Incident response and mitigation: Effective incident response is crucial in case of a breach or unauthorized access, enabling quick identification of the issue and mitigating any damage. Why businesses need data-centric security The amount of data being used by organizations for day-to-day operations is increasing rapidly. The importance of adopting a data-centric approach to data protection can be summarized into three main reasons: 1. Traditional security is insufficient. Businesses leverage multiple cloud environments, and sensitive data, such as personal information or intellectual property, are migrated and sprawled across these platforms, expanding the attack surface. Data vulnerabilities become increasingly common when network perimeters are hard to define in a hybrid work environment. Applying safeguards directly to data is needed to create more barriers that repel unauthorized data distribution. Data-centric security protects data from all kinds of threats, such as external attackers or negligent employees. 2. Apply granular access controls. Data-centric security is a vital approach to protect your data dynamically. It enables you to have more flexibility in managing your systems and networks by providing fine-grained access controls, which are more effective than traditional access controls. This framework is particularly critical in scenarios where not every user should have access to the entire data within their department. 3. Integrate with existing tech stack. Data-centric security is an effective way to protect a company\'s data from cyber threats. It can be added to existing infrastructure without disrupting normal operations or requiring drastic changes. This allows companies to gradually improve their security measures while freeing up resources for other purposes. Benefits of data-centric security As data becomes increasingly valuable as a competitive advantage, organizations have | Data Breach Tool Vulnerability Cloud | ★★ | |
|
2023-12-13 10:34:46 | DOE lance des outils Cyote pour une cybersécurité OT améliorée, prend en charge la prise de décision de cybersécurité axée sur le risque DOE launches CyOTE tools for enhanced OT cybersecurity, supports risk-informed cybersecurity decision-making (lien direct) |
Le bureau américain de l'énergie de l'Énergie de la cybersécurité, de la sécurité énergétique et des interventions d'urgence (CESER) a introduit un ensemble ...
The U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has introduced a set... |
Tool Industrial | ★★ | |
 |
2023-12-13 06:39:57 | La guerre ouverte à l\'encontre des VPN (lien direct) | Disparition de plus de 20 outils anti-censure sur GitHub : la main du gouvernement chinois ?... | Tool | ★★★ |
To see everything:
Our RSS (filtrered)
