What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-18 16:26:44 | Étude de Kaspersky: les appareils infectés par des logiciels malveillants de vol de données ont augmenté de 7 fois depuis 2020 Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020 (lien direct) |
Près de 10 millions de dispositifs ont été infectés par des logiciels malveillants de vol de données en 2023, les criminels volant en moyenne 50,9 informations d'identification par appareil.
Nearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device. |
Malware Studies | ★★★ | |
 |
2024-04-18 13:00:09 | 2024 Rapport de sécurité: édition de podcast 2024 Security Report: Podcast Edition (lien direct) |
> Une fois par an, Check Point publie un rapport annuel examinant les plus grands événements et tendances de la cybersécurité.Dans cet épisode, nous décomposons la dernière itération, en nous concentrant sur ses parties les plus importantes, pour vous rattraper ce que vous devez savoir en 2024.
>Once every year, Check Point releases an annual report reviewing the biggest events and trends in cybersecurity. In this episode we’ll break down the latest iteration, focusing on its most important parts, to catch you up on what you need to know most in 2024. |
Studies | ★★★★ | |
 |
2024-04-18 09:53:59 | The Windows Registry Adventure # 1: Résultats d'introduction et de recherche The Windows Registry Adventure #1: Introduction and research results (lien direct) |
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer based on the Bochs x86 emulator (one of my favorite tools for security research: see Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though I had previously fuzzed PE files in 2019, the new element of code coverage guidance allowed me to discover a completely new bug: issue #2281. For my next target, I chose the Windows registry. That\'s because arbitrary registry hives can be loaded from disk without any special privileges via the RegLoadAppKey API (since Windows Vista). The hives use a binary format and are fully parsed in the kernel, making them a noteworthy local attack surface. Furthermore, I was also somewhat familiar with basic harnessing of the registry, having fuzzed it in 2016 together with James Forshaw. Once again, the code coverage support proved useful, leading to the discovery of issue #2299. But when I started to perform a root cause analysis of the bug, I realized that: The hive binary format is not very well suited for trivial bitflipping-style fuzzing, because it is structurally simple, and random mutations are much more likely to render (parts of) the hive unusable than to trigger any interesting memory safety violations.On the other hand, the registry has many properties that make it an attractive attack | Tool Vulnerability Threat Studies | ★★★★ | |
 |
2024-04-17 18:00:31 | Réduire le désabonnement d'incitation avec une composition de modèle explosive Reducing Prompting Churn with Exploding Template Composition (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. In the nascent world of large language models (LLMs), prompt engineering has emerged as a critical discipline. However, as LLM applications expand, it is becoming a more complex challenge to manage and maintain a library of related prompts. At Proofpoint, we developed Exploding Prompts to manage the complexity through exploding template composition. We first created the prompts to generate soft labels for our data across a multitude of models and labeling concerns. But Exploding Prompts has also enabled use cases for LLMs that were previously locked away because managing the prompt lifecycle is so complex. Recently, we\'ve seen exciting progress in the field of automated prompt generation and black-box prompt optimization through DSPy. Black-box optimization requires hand-labeled data to generate prompts automatically-a luxury that\'s not always an option. You can use Exploding Prompts to generate labels for unlabeled data, as well as for any prompt-tuning application without a clear (or tractable) objective for optimization. In the future, Exploding Prompts could be used with DSPy to achieve a human-in-the-loop feedback cycle. We are also thrilled to announce that Exploding Prompts is now an open-source release. We encourage you to explore the code and consider how you might help make it even better. The challenge: managing complexity in prompt engineering Prompt engineering is not just about crafting queries that guide intelligent systems to generate the desired outputs; it\'s about doing it at scale. As developers push the boundaries of what is possible with LLMs, the need to manage a vast array of prompts efficiently becomes more pressing. Traditional methods often need manual adjustments and updates across numerous templates, which is a process that\'s both time-consuming and error-prone. To understand this problem, just consider the following scenario. You need to label a large quantity of data. You have multiple labels that can apply to each piece of data. And each label requires its own prompt template. You timebox your work and find a prompt template that achieves desirable results for your first label. Happily, most of the template is reusable. So, for the next label, you copy-paste the template and change the portion of the prompt that is specific to the label itself. You continue doing this until you figure out the section of the template that has persisted through each version of your labels can be improved. Now you now face the task of iterating through potentially dozens of templates to make a minor update to each of the files. Once you finish, your artificial intelligence (AI) provider releases a new model that outperforms your current model. But there\'s a catch. The new model requires another small update to each of your templates. To your chagrin, the task of managing the lifecycle of your templates soon takes up most of your time. The solution: exploding prompts from automated dependency graphs Prompt templating is a popular way to manage complexity. Exploding Prompts builds on prompt templating by introducing an “explode” operation. This allows a few single-purpose templates to explode into a multitude of prompts. This is accomplished by building dependency graphs automatically from the directory structure and the content of prompt template files. At its core, Exploding Prompts embodies the “write it once” philosophy. It ensures that every change made in a template correlates with a single update in one file. This enhances efficiency and consistency, as updates automatically propagate across all relevant generated prompts. This separation ensures that updates can be made with speed and efficiency so you can focus on innovation rather th | Malware Tool Threat Studies Cloud Technical | ★★★ | |
 |
2024-04-17 08:30:00 | Les menaces d'initié augmentent 14% par an en tant que piqûres de crise du coût de la vie Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites (lien direct) |
CIFAS révèle une augmentation de 14% des employés malhonnêtes, principalement motivés par la nécessité financière l'année dernière
Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year |
Studies | ★★★ | |
 |
2024-04-17 08:21:29 | Tendances mondiales de la cybersécurité au 1er trimestre 2024 : les cyberattaques en hausse de 28 % dans le monde (lien direct) | Tendances mondiales de la cybersécurité au 1er trimestre 2024 : les cyberattaques en hausse de 28 % dans le monde Une recrudescence des cyberattaques : au premier trimestre 2024, le nombre moyen de cyberattaques par entreprise a augmenté de 28 % par rapport à fin 2023, avec toutefois une hausse de 5 % au premier trimestre en glissement annuel La priorité aux attaques de l'industrie : les fabricants de matériel informatique ont vu une augmentation substantielle de 37 % des cyberattaques par rapport à l'année précédente, mais les secteurs de l'éducation/recherche, du gouvernement/militaire et de la santé restent les secteurs les plus attaqués au 1er trimestre 2024 Des variations régionales contrastées : la région de l'Afrique a enregistré une hausse notable de 20 % des cyberattaques contrairement à l'Amérique latine, qui a de son côté fait état d'une baisse de 20 % par rapport à l'année précédente Les ransomwares continuent de faire des ravages : en Europe, les attaques de ransomware ont augmenté de 64 % par rapport à l'année précédente, suivies par l'Afrique avec une hausse de 18 % même si l'Amérique du Nord reste la région la plus touchée, avec 59 % des près de 1 000 attaques de ransomware enregistrées sur des " shame sites " du ransomware - Malwares | Ransomware Studies | ★★★ | |
 |
2024-04-16 10:00:00 | Facteur humain de la cybersécurité: fusion de la technologie avec des stratégies centrées sur les personnes Cybersecurity\\'s Human Factor: Merging Tech with People-Centric Strategies (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a digital era marked by rapidly evolving threats, the complexity of cybersecurity challenges has surged, pressing organizations to evolve beyond traditional, tech-only defense strategies. As the cyber landscape grows more intricate, there\'s a pivotal shift towards embracing methods that are not just robust from a technical standpoint but are also deeply human-centric. This also means that a significant percentage of employees, driven by the high demands of operational pressures, may engage in risky cybersecurity behaviors. Such statistics illuminate the urgent need for a more nuanced approach to cybersecurity—one that not only fortifies defenses but also resonates with and supports the people behind the screens. Integrating human-centric design with continuous threat management emerges as a forward-thinking strategy, promising a balanced blend of technical excellence and user empathy to navigate the complex cybersecurity challenges of today and tomorrow. Embracing the Human Element in Cybersecurity Diving into the realm of human-centric security design and culture, it\'s clear that the future of cybersecurity isn\'t just about the latest technology—it\'s equally about the human touch. This approach puts the spotlight firmly on enhancing the employee experience, ensuring that cybersecurity measures don\'t become an unbearable burden that drives people to take shortcuts. By designing systems that people can use easily and effectively, the friction often caused by stringent security protocols can be significantly reduced. Gartner\'s insights throw a compelling light on this shift, predicting that by 2027, half of all Chief Information Security Officers (CISOs) will have formally embraced human-centric security practices. This isn\'t just a hopeful guess but a recognition of the tangible benefits these practices bring to the table—reducing operational friction and bolstering the adoption of essential controls. This strategic pivot also acknowledges a fundamental truth. When security becomes a seamless part of the workflow, its effectiveness skyrockets. It\'s a win-win, improving both the user experience and the overall security posture. CTEM: Your Cybersecurity Compass in Stormy Seas Imagine that your organization\'s cybersecurity landscape isn\'t just a static battleground. Instead, it’s more like the open sea, with waves of threats coming and going, each with the potential to breach your defenses. That\'s where Continuous Threat Exposure Management (CTEM) sails in, serving as your trusted compass, guiding you through these treacherous waters. CTEM isn\'t your average, run-of-the-mill security tactic. It\'s about being proactive, scanning the horizon with a spyglass, looking for potential vulnerabilities before they even become a blip on a hacker\'s radar. Think of it as your cybersecurity early-warning system, constantly on the lookout for trou | Vulnerability Threat Studies Prediction Medical Technical | ★★ | |
|
2024-04-12 15:44:26 | Étude Sophos: 94% des victimes de ransomwares ont leurs sauvegardes ciblées par les attaquants Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted By Attackers (lien direct) |
La recherche a révélé que les criminels peuvent exiger une rançon plus élevée lorsqu'ils compromettent les données de sauvegarde d'une organisation dans une attaque de ransomware.Découvrez les conseils d'experts en sécurité sur la façon de protéger correctement votre sauvegarde.
Research has found that criminals can demand higher ransom when they compromise an organisation\'s backup data in a ransomware attack. Discover advice from security experts on how to properly protect your backup. |
Ransomware Studies | ★★★ | |
 |
2024-04-11 13:00:00 | Les femmes font moins que des hommes dans les cyber-emplois américains - mais l'écart se rétrécit Women make less than men in US cyber jobs - but the gap is narrowing (lien direct) |
> Une étude de l'ISC2 à but non lucratif révèle que les champs de cybersécurité sont des tendances américaines des disparités de rémunération entre les hommes et les femmes.
>A study from non-profit ISC2 finds that the cybersecurity fields bucks U.S. trends of pay disparities between men and women. |
Studies | ★★★ | |
 |
2024-04-09 00:37:43 | La FCC ouvre une réglementation à la sonde de la voiture connectée FCC opens rulemaking to probe connected car stalking (lien direct) |
La Federal Communications Commission (FCC) a annoncé lundi qu'elle lançait une procédure officielle pour étudier les moyens d'empêcher les agresseurs d'utiliser des outils de connectivité automobile pour harceler les survivants de la violence domestique.L'agence a déclaré avoir publié un avis de réglementation proposée qui abritera comment s'assurer que les constructeurs automobiles et les services sans fil
The Federal Communications Commission (FCC) announced Monday that it is launching a formal proceeding to study ways to prevent abusers from using car connectivity tools to harass domestic violence survivors. The agency said it has issued a notice of proposed rulemaking which will home in on how to make sure automakers and wireless service |
Tool Studies | ★★ | |
 |
2024-04-05 13:39:39 | Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct) |
## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to **both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content**. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for **increasing software supply chain attacks and cryptocurrency heists over the past year**. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands **** *Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. * During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a | Malware Tool Vulnerability Threat Studies Industrial Prediction Technical | Guam | ★★★ |
|
2024-04-05 12:24:03 | CheckMarx One Total Economic Impact Study révèle un retour sur investissement de 177% dans moins de six mois et un gain de 7,13 millions de dollars en avantages sociaux sur trois ans Checkmarx One Total Economic Impact Study Finds Return on Investment of 177% in Fewer Than Six Months and Gain of $7.13M in Benefits Over Three Years (lien direct) |
CheckMarx Une étude sur l'impact économique total trouve un retour sur investissement de 177% dans moins de six mois et un gain de 7,13 millions de dollars en avantages sociaux sur trois ans
Une nouvelle étude indépendante d'une organisation composite mondiale de 10 milliards de dollars avec 1000 développeurs a démontré un retour sur investissement de 177%, une amélioration de 40 à 50% de la productivité des développeurs et une réduction de 35% de la probabilité d'une brèche sur trois ans
-
rapports spéciaux
Checkmarx One Total Economic Impact Study Finds Return on Investment of 177% in Fewer Than Six Months and Gain of $7.13M in Benefits Over Three Years New independent study of a global, $10 billion composite organization with 1000 developers demonstrated a 177% ROI, 40-50% improvement in developer productivity and 35% reduction in the likelihood of a breach over three years - Special Reports |
Studies | ★★ | |
 |
2024-04-04 14:00:00 | Cutting avant, partie 4: Ivanti Connect Secure VPN Post-Exploitation Mouvement latéral Études de cas Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies (lien direct) |
Written by: Matt Lin, Austin Larsen, John Wolfram, Ashley Pearson, Josh Murchie, Lukasz Lamparski, Joseph Pisano, Ryan Hall, Ron Craft, Shawn Chew, Billy Wong, Tyler McLellan
Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325. This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied. Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide |
Malware Tool Vulnerability Threat Studies Mobile Cloud | Guam | ★★★ |
|
2024-04-04 08:46:30 | Plus de la moitié des utilisateurs de smartphones britanniques sont devenus vulnérables aux cyberattaques Over Half of UK Smartphone Users Left Vulnerable to Cyber Attacks (lien direct) |
Plus de la moitié des utilisateurs de smartphones britanniques ont laissé vulnérable aux cyberattaques par bitdefende a révélé une dure réalité: plus de la moitié des utilisateurs de smartphones jouent avec leur sécurité numérique.
-
rapports spéciaux
/ /
affiche
Over Half of UK Smartphone Users Left Vulnerable to Cyber Attacks by Bitdefende has uncovered a stark reality: more than half of smartphone users are gambling with their digital safety. - Special Reports / affiche |
Studies | ★★★ | |
 |
2024-04-03 16:36:17 | Le nouveau rapport montre que les liens de phishing et les attachements malveillants sont les principaux points d'entrée des cyberattaques New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks (lien direct) |
Les nouvelles données d'attaque TTP couvrant 2023 mettent en lumière les acteurs de la menace et les actions des utilisateurs qui mettent les organisations les plus à risque.
New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. |
Threat Studies | ★★★ | |
 |
2024-04-03 15:51:00 | Le RDP a abusé de plus de 90% des cyberattaques, Sophos trouve RDP abused in over 90% of cyber attacks, Sophos finds (lien direct) |
Les nouvelles données d'attaque TTP couvrant 2023 mettent en lumière les acteurs de la menace et les actions des utilisateurs qui mettent les organisations les plus à risque.
New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. |
Studies | ★★★★ | |
|
2024-03-28 11:00:00 | La vie après la mort?Les campagnes de l'IO liées à un homme d'affaires russe notoire Prigozhin persiste après sa chute politique et sa mort Life After Death? IO Campaigns Linked to Notorious Russian Businessman Prigozhin Persist After His Political Downfall and Death (lien direct) |
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra
In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. The events triggered the meteoric political downfall of Prigozhin, raising questions about the future of his various enterprises that were only underscored when he died two months later under suspicious circumstances. Up to that point, Prigozhin and his enterprises worked to advance the Kremlin\'s interests as the manifestation of the thinnest veil of plausible deniability for state-guided actions on multiple continents. Such enterprises included the Wagner PMC; overt influence infrastructure, like his media company Patriot Group that housed his media companies, including the “RIA FAN” Federal News Agency; covert influence infrastructures; and an array of businesses aimed at generating personal wealth and the resourcing necessary to fund his various ventures. Mandiant has for years tracked and reported on covert information operations (IO) threat activity linked to Prigozhin. His involvement in IO was first widely established in the West as part of the public exposure of Russian-backed interference in the 2016 U.S. presidential election-this included activity conducted by Russia\'s Internet Research Agency (IRA), which the U.S. Government publicly named Prigozhin as its financier. Subsequently, Prigozhin was publicly connected to a web of IO activity targeting the U.S., EU, Ukraine, Russian domestic audiences, countries across Africa, and further afield. Such activity has worked not only to advance Russian interests on matters of strategic importance, but also has attempted to exploit existing divisions in societies targeting various subgroups across their population. Throughout 2023, Mandiant has observed shifts in the activity from multiple IO campaigns linked to Prigozhin, including continued indicators that components of these campaigns have remained viable since his death. This blog post examines a sample of Prigozhin-linked IO campaigns to better understand their outcomes thus far and provide an overview of what can be expected from these activity sets in the future. This is relevant not only because some of the infrastructure of these campaigns remains viable despite Prigozhin\'s undoing, but also because we advance into a year in which Ukraine continues to dominate Russia\'s strategic priorities and there are multiple global elections that Russia may seek to influence. Mandiant and Google\'s Threat Analysis Group (TAG) work together in support of our respective missions at Google. TAG has likewise been tracking coordinated influence operations linked to Prigozhin and the Internet Research Agency (IRA) for years; and in 2023, Google took over 400 enforcement actions to disrupt IO campaigns linked to the IRA, details of which are reported in the quarterly TAG Bulletin. TAG has not observed significant activity from the IRA or other Prigozhin-linked entities specifically on Google platforms since Prigozhin\'s death, |
Threat Studies Legislation Prediction | ★★★ | |
|
2024-03-27 20:00:58 | Flashpoint libère le rapport annuel de renseignement sur les menaces mondiales Flashpoint Releases Annual Global Threat Intelligence Report (lien direct) |
Flashpoint a publié son rapport de renseignement sur les menaces mondiales en 2024 qui revient à 2023 pour faire la lumière sur les cyber-menaces, les troubles géopolitiques et l'escalade des conflits physiques dans le monde pour aider les organisations à renforcer les défenses, à garantir la résilience opérationnelle et à confronter de manière proactive les menaces multifacet./ p>
-
rapports spéciaux
Flashpoint released its 2024 Global Threat Intelligence Report that looks back at 2023 to shed light on cyber threats, geopolitical turmoil, and escalating physical conflicts around the world to help organizations strengthen defenses, ensure operational resilience, and proactively confront multifaceted threats. - Special Reports |
Threat Studies | ★★★★ | |
|
2024-03-26 17:21:58 | L'IA et l'automatisation ont aidé les organisations à répondre aux incidents de sécurité jusqu'à 99% plus rapidement que l'année dernière, selon une nouvelle étude de Reliaquest AI and automation have helped organizations respond to security incidents up to 99% faster than last year, according to new study from ReliaQuest (lien direct) |
L'IA et l'automatisation ont aidé les organisations à répondre aux incidents de sécurité jusqu'à 99% plus rapidement que l'année dernière, selon une nouvelle étude de Reliaquest
Avec l'ingénierie sociale toujours la plus grande menace pour les organisations, l'IA est en train d'être exploitée des deux côtés pour augmenter la menace et la vitesse de défense;Organisations en train de tirer parti de l'IA et de l'automatisation peut répondre aux menaces dans les 7 minutes ou moins
-
rapports spéciaux
AI and automation have helped organizations respond to security incidents up to 99% faster than last year, according to new study from ReliaQuest With social engineering still the biggest threat to organizations, AI is being leveraged on both sides to increase the threat and the speed of defense; Organizations fully leveraging AI and automation can respond to threats within 7 minutes or less - Special Reports |
Threat Studies | ★★★ | |
 |
2024-03-26 15:12:18 | L'étude FDD révèle des lacunes dans le recrutement et la rétention des cyber-talents de l'armée américaine, appelle des réformes FDD study reveals gaps in US military\\'s cyber talent recruitment and retention, calls for reforms (lien direct) |
La Foundation for Defense of Democracies (FDD) a publié une étude mettant en évidence un décalage dans l'échec de l'armée américaine ...
The Foundation for Defense of Democracies (FDD) published a study highlighting a mismatch in the U.S. military\'s failure... |
Studies | ★★★ | |
 |
2024-03-22 11:01:39 | Google paie 10 millions de dollars en primes de bogue en 2023 Google Pays $10M in Bug Bounties in 2023 (lien direct) |
BleepingComputer a le Détails .Il est de 2 millions de dollars de moins qu'en 2022, mais il est encore beaucoup beaucoup.
La récompense la plus élevée pour un rapport de vulnérabilité en 2023 était de 113 337 $, tandis que le décompte total depuis le lancement du programme en 2010 a atteint 59 millions de dollars.
Pour Android, le système d'exploitation mobile le plus populaire et le plus largement utilisé, le programme a accordé plus de 3,4 millions de dollars.
Google a également augmenté le montant maximal de récompense pour les vulnérabilités critiques concernant Android à 15 000 $, ce qui a augmenté les rapports communautaires.
Au cours des conférences de sécurité comme ESCAL8 et Hardwea.io, Google a attribué 70 000 $ pour 20 découvertes critiques dans le système d'exploitation Android et Android Automotive et 116 000 $ pour 50 rapports concernant les problèmes dans Nest, Fitbit et Wearables ...
BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables... |
Vulnerability Studies Mobile | ★★★ | |
 |
2024-03-20 19:11:48 | Akamai Research trouve 29% des attaques Web API Target Akamai Research Finds 29% of Web Attacks Target APIs (lien direct) |
BleepingComputer a le Détails .Il est de 2 millions de dollars de moins qu'en 2022, mais il est encore beaucoup beaucoup.
La récompense la plus élevée pour un rapport de vulnérabilité en 2023 était de 113 337 $, tandis que le décompte total depuis le lancement du programme en 2010 a atteint 59 millions de dollars.
Pour Android, le système d'exploitation mobile le plus populaire et le plus largement utilisé, le programme a accordé plus de 3,4 millions de dollars.
Google a également augmenté le montant maximal de récompense pour les vulnérabilités critiques concernant Android à 15 000 $, ce qui a augmenté les rapports communautaires.
Au cours des conférences de sécurité comme ESCAL8 et Hardwea.io, Google a attribué 70 000 $ pour 20 découvertes critiques dans le système d'exploitation Android et Android Automotive et 116 000 $ pour 50 rapports concernant les problèmes dans Nest, Fitbit et Wearables ...
BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables... |
Studies | ★★★★ | |
|
2024-03-20 16:00:00 | L'étude découvre 27% de pic dans les ransomwares;Rendement de 8% aux demandes Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands (lien direct) |
Le dernier rapport de Thales suggère également que moins de la moitié des organisations ont un plan de réponse ransomware formel
Thales latest report also suggests less than half of organizations have a formal ransomware response plan |
Ransomware Studies | ★★ | |
|
2024-03-20 14:36:21 | Palo Alto Networks dévoile son nouveau rapport sur l\'état de la sécurité OT (lien direct) | Palo Alto Networks dévoile son nouveau rapport sur l'état de la sécurité OT Les cyberattaques ont mis hors service 1 entreprise industrielle sur 4 ! La complexité de la sécurité OT est un obstacle majeur - Investigations | Studies Industrial | ★★★★ | |
|
2024-03-20 10:26:22 | Trend Micro découvre la Terre des pirates de krahang exploitant la confiance intergouvernementale pour les attaques intergouvernementales Trend Micro uncovers Earth Krahang hackers exploiting intergovernmental trust for cross-government attacks (lien direct) |
Les micro-chercheurs de tendance ont révélé que depuis le début de 2022, ils suivent la Terre Krahang, un apt (avancé persistant ...
Trend Micro researchers disclosed that since early 2022 they have been tracking Earth Krahang, an APT (advanced persistent... |
Studies Prediction | ★★★ | |
 |
2024-03-19 13:00:00 | The Growing Risks of On-Device Fraud (lien direct) | > L'image est douloureusement claire...Les organisations ne voient pas de ralentissement de la fraude financière ciblant les appareils mobiles.MasterCard a récemment partagé que leurs données montrent une tendance de 41 milliards de dollars de perte liée à la fraude en 2022, atteignant 48 milliards de dollars d'ici 2023. JuniperResearch met le nombre à 91 milliards de dollars d'ici 2028 et [& # 8230;]
>The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting mobile devices. Mastercard recently shared that their data shows a trend of $41billion in fraud-related loss in 2022, growing to $48billion by 2023. JuniperResearch puts the number at $91billion by 2028 and […] |
Studies Mobile Prediction | ★★★★ | |
 |
2024-03-19 10:00:20 | Paysage de menace pour les systèmes d'automatisation industrielle.H2 2023 Threat landscape for industrial automation systems. H2 2023 (lien direct) |
Kaspersky ICS CERT partage les statistiques des menaces industrielles pour H2 2023: les objets malveillants le plus souvent détectés, les sources de menaces, le paysage des menaces par l'industrie et la région.
Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region. |
Threat Studies Industrial | ★★★★ | |
|
2024-03-14 16:00:00 | Le nouveau rapport suggère une augmentation des actifs SaaS, le partage des données des employés New Report Suggests Surge in SaaS Assets, Employee Data Sharing (lien direct) |
Docontrol a déclaré qu'un employé sur six aurait partagé les données de l'entreprise par e-mail personnel
DoControl said one in six employees was found to have shared company data via personal email |
Studies Cloud | ★★ | |
|
2024-03-14 14:56:45 | Rapport sur la sécurité des données de Docontrol \\'s 2024 Rapport de sécurité des données SAAS a trouvé que les entreprises créent 286k de nouveaux actifs SaaS chaque semaine et 1 des 6 employés partagés des données avec des e-mails personnels DoControl\\'s 2024 State of SaaS Data Security Report Found Companies Create 286K New SaaS Assets Weekly, and 1 out of 6 Employees Shared Company Data With Personal Email (lien direct) |
Rapport sur la sécurité des données de State of SaaS de Docontrol \\ a trouvé que les entreprises ont trouvé 286k de nouveaux actifs SaaS chaque semaine et 1 des 6 employés partagés les données de l'entreprise avec des e-mails personnels.
L'augmentation de l'exposition des actifs SaaS augmente considérablement le risque de violations potentielles
-
revues de produits
DoControl\'s 2024 State of SaaS Data Security Report Found Companies Create 286K New SaaS Assets Weekly, and 1 out of 6 Employees Shared Company Data With Personal Email. Increased exposure of SaaS assets greatly heightens risk for potential breaches - Product Reviews |
Studies Cloud | ★★★★ | |
|
2024-03-14 11:30:00 | Google a payé 10 millions de dollars en primes de bogues aux chercheurs en sécurité en 2023 Google Paid $10m in Bug Bounties to Security Researchers in 2023 (lien direct) |
Google a révélé qu'il avait payé 10 millions de dollars en paiements de primes de bogue à plus de 600 chercheurs en 2023, avec le paiement unique le plus élevé et Pound; 113 337
Google revealed it paid $10m in bug bounty payments to more than 600 researchers in 2023, with the highest single payment being £113,337 |
Studies | ★★★ | |
|
2024-03-13 14:01:00 | Les attaques de compte nuage ont augmenté de 16 fois en 2023 Cloud Account Attacks Surged 16-Fold in 2023 (lien direct) |
Red Canary a déclaré que les détections de compromis sur les comptes de nuages ont augmenté de 16 fois en 2023, devenant la quatrième technique la plus répandue utilisée par les acteurs de la menace
Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors |
Threat Studies Cloud | ★★★★ | |
 |
2024-03-13 13:36:33 | La boîte à outils du Cigref pour anticiper les cyberattaques (lien direct) | Le Cigref consacre un rapport à l'anticipation des cyberattaques. Il l'émaille de retex... et mentionne un certain nombre de fournisseurs. | Tool Studies | ★★★ | |
|
2024-03-13 13:10:05 | Le nouveau rapport Mimecast trouve les cybercriminels capitalise sur les entreprises \\ 'le plus grand défaut: risque humain New Mimecast report finds cybercriminals capitalise on businesses\\' biggest flaw: Human risk (lien direct) |
Le nouveau rapport Mimecast trouve les cybercriminels capitalise sur les entreprises \\ 'le plus grand défaut: risque humain
Le rapport de recherche annuel explore l'état de la sécurité des e-mails et de la collaboration, constatant que 74% de toutes les cyber violations sont causées par des facteurs humains
-
rapports spéciaux
New Mimecast report finds cybercriminals capitalise on businesses\' biggest flaw: Human risk Annual research report explores the State of Email and Collaboration Security, finding that 74% of all cyber breaches are caused by human factors - Special Reports |
Studies | ★★★★ | |
|
2024-03-13 08:30:49 | 2024 Rapport de menace Sophos: Cybercrime on Main Street Détails Cyberstériques Face aux PME 2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs (lien direct) |
2024 Sophos Menace Rapport: Cybercrime on Main Street Détails Cyberstériques auxquels sont confrontés les PME
Les données et les logiciels malveillants du vol sont les deux principales menaces contre les PME en 2023, représentant près de 50% de tous les logiciels malveillants ont détecté le ciblage de ce segment de marché
Ransomware toujours la plus grande menace pour les PME;Compromis par courrier électronique d'entreprise en augmentation, ainsi que des tactiques d'ingénierie sociale plus sophistiquées
-
rapports spéciaux
2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs Data and Credential Theft Malware are Top Two Threats Against SMBs in 2023, Accounting for Nearly 50% of All Malware Sophos Detected Targeting this Market Segment Ransomware Still the Biggest Threat to SMBs; Business Email Compromise on the Rise, Along with More Sophisticated Social Engineering Tactics - Special Reports |
Malware Threat Studies | ★★★★ | |
|
2024-03-13 08:00:40 | L'état de Stalkerware en 2023 & # 8211; 2024 The State of Stalkerware in 2023–2024 (lien direct) |
Dans ce rapport, Kaspersky partage des statistiques sur les détections de stalkerware, ainsi que des informations sur l'impact du harcèlement numérique en 2023 et le début de 2024, et des conseils pour les personnes touchées.
In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected. |
Studies | ★★★★ | |
|
2024-03-12 17:45:00 | L'étude révèle les meilleures vulnérabilités dans les applications Web d'entreprise Study Reveals Top Vulnerabilities in Corporate Web Applications (lien direct) |
Kaspersky a déclaré que les faiblesses du contrôle d'accès et les échecs de la protection des données représentaient 70% de tous les défauts
Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws |
Vulnerability Studies | ★★ | |
|
2024-03-12 17:00:00 | L'intelligence américaine prédit les cyber-menaces à venir pour 2024 US Intelligence Predicts Upcoming Cyber Threats for 2024 (lien direct) |
Le Bureau du directeur du renseignement national (ODNI) a dévoilé une version non classifiée de son évaluation annuelle des menaces de la communauté du renseignement américain
The Office of the Director of National Intelligence (ODNI) has unveiled an unclassified version of its Annual Threat Assessment of the US Intelligence Community |
Threat Studies | ★★★★ | |
 |
2024-03-12 16:55:14 | 5 défis uniques pour l'IA en cybersécurité 5 Unique Challenges for AI in Cybersecurity (lien direct) |
> Il y a des défis pour l'IA en cybersécurité dans des environnements réels avec une haute précision, nécessitant une spécialisation dans le domaine d'étude spécifique.
>There are challenges for AI in cybersecurity in real-world environments with high precision, requiring specialization in the specific field of study. |
Studies | ★★ | |
 |
2024-03-12 15:13:49 | Tendances des campagnes de phishing : les pirates aiment le mardi ! (lien direct) | Dans le paysage évolutif de la cybersécurité, des chercheurs ont miss en évidence des tendances dans le comportement des cybercriminels, en particulier en ce qui concerne les campagnes de phishing par courrier électronique. | Studies | ★★★★ | |
 |
2024-03-12 12:47:00 | L'équipe de réponse à l'attaque de CISA \\ en sous-effectif: GAO CISA\\'s OT Attack Response Team Understaffed: GAO (lien direct) |
L'étude GAO constate que la CISA n'a pas suffisamment de personnel pour répondre à des attaques d'OT importantes à plusieurs endroits en même temps.
GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. |
Studies Industrial | ★★★ | |
|
2024-03-12 12:20:00 | Les trois quarts des victimes de cyber-incidents sont des petites entreprises Three-Quarters of Cyber Incident Victims Are Small Businesses (lien direct) |
Les trois quarts des cyber-incidents que Sophos a répondu aux petites entreprises impliqués en 2023, l'objectif principal des attaquants étant le vol de données
Three-quarters of cyber-incidents Sophos responded to involved small businesses in 2023, with attackers\' main goal being data theft |
Studies | ★★★ | |
 |
2024-03-12 12:00:00 | Google a payé 10 millions de dollars en récompenses de primes de bogue l'année dernière Google paid $10 million in bug bounty rewards last year (lien direct) |
Google a attribué 10 millions de dollars à 632 chercheurs de 68 pays en 2023 pour avoir trouvé et signalé de manière responsable des défauts de sécurité dans les produits et services de la société.[...]
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company\'s products and services. [...] |
Studies | ★★ | |
|
2024-03-12 07:03:40 | Si vous utilisez l'archivage de Veritas, quelle est votre prochaine étape? If You\\'re Using Veritas Archiving, What\\'s Your Next Step? (lien direct) |
By now, much of the industry has seen the big news about Cohesity acquiring the enterprise data protection business of Veritas Technologies. The transaction will see the company\'s NetBackup technology-software, appliances and cloud (Alta Data Protection)-integrated into the Cohesity ecosystem. But what about other Veritas products? As stated in the Cohesity and Veritas press releases, the “remaining assets of Veritas\' businesses will form a separate company, \'DataCo.\' \'DataCo\' will comprise Veritas\' InfoScale, Data Compliance, and Backup Exec businesses.” Data Compliance includes Veritas Enterprise Vault (EV), which might raise concerns for EV customers. As a new, standalone entity, \'DataCo\' has no innovation track record. In this blog, I provide my opinion on the questionable future of Veritas archiving products, why EV customers should start looking at alternative archiving tools, and why you should trust Proofpoint as your next enterprise archiving solution. EV architecture isn\'t future-proof EV gained a following because it came onto the market just when it was needed. With its big, robust on-premises architecture, EV was ideal to solve the challenges of bloated file and email servers. Companies had on-premises file and email servers that were getting bogged down with too much data. They needed a tool to offload legacy data to keep working and so they could be backed up in a reasonable amount of time. However, with key applications having moved to the cloud over the last decade-plus, storage optimization is no longer a primary use case for archiving customers. While EV has adapted to e-discovery and compliance use cases, its underlying on-premises architecture has struggled to keep up. EV customers still have headaches with infrastructure (hardware and software) planning, budgeting and maintenance, and archive administration. What\'s more, upgrades often require assistance from professional services and support costs are rising. And the list goes on. Today, most cloud-native archives remove virtually all of these headaches. And just like you moved on from DVDs and Blu-ray discs to streaming video, it\'s time to migrate from legacy on-premises archiving architectures, like EV, to cloud-native solutions. Future investments are uncertain When you look back over EV\'s last 5-6 years, you might question what significant innovations Veritas has delivered for EV. Yes, Veritas finally released supervision in the cloud. But that was a direct response to the EOL of AdvisorMail for EV.cloud many years ago. Yes, Veritas added dozens of new data sources for EV. But that was achieved through the acquisition of Globanet-and their product Merge1-in 2020. (They still list Merge1 as an independent product on their website.) Yes, they highlight how EV can store to “Azure, AWS, Google Cloud Storage, and other public cloud repositories” via storage tiering. But that just means that EV extends the physical storage layer of a legacy on-prem archiving architecture to the cloud-it doesn\'t mean it runs a cloud-native archiving solution. Yes, Veritas has cloud-based Alta Archiving. But that\'s just a rebranding and repackaging of EV.cloud, which they retired more than two years ago. Plus, Alta Archiving and Enterprise Vault are separate products. With the Cohesity data protection acquisition, EV customers have a right to question future investments in their product. Will EV revenue alone be able to sustain meaningful, future innovation in the absence of the NetBackup revenue “cash cow”? Will you cling to hope, only to be issued an EOL notice like Dell EMC SourceOne customers? Now is the time to migrate from EV to a modern cloud-native archiving solution. How Proofpoint can help Here\'s why you should trust Proofpoint for your enterprise archiving. Commitment to product innovation and support Year after year, Proofpoint continues to invest a double-digit percentage of revenue into all of our businesses, including Proofpoint Int | Tool Studies Cloud Technical | ★★ | |
|
2024-03-11 17:24:16 | ODNI publie une nouvelle stratégie de renseignement open source avec des détails limités ODNI releases new open-source intelligence strategy with limited details (lien direct) |
Avec la croissance croissante de l'intelligence disponible exclusivement à partir d'informations publiquement ou dans le commerce, les agences de renseignement ont été confrontées à la manière de mieux comprendre la collecte et le traitement des données.Dans un nouvelle stratégie publié vendredi par le bureau du directeur national (ODNI) et la CIA, les agences, les agencesdit le
With the surging growth of intelligence available exclusively from publicly or commercially available information, intelligence agencies have been grappling with how to get a better handle on collecting and processing the data. In a new strategy released Friday by the Office of the Director of National Intelligence (ODNI) and the CIA, the agencies said the |
Studies | ★★★★ | |
|
2024-03-11 14:07:15 | Open Trusted Cloud : que retenir du 1er Baromètre des éditeurs de logiciels européens d\'OVHcloud (lien direct) | Menée par OpinionWay pour OVHcloud en collaboration avec Silicon, la première édition du baromètre Open Trusted Cloud des éditeurs de logiciels (ISV) a recueilli les retours de 167 éditeurs en Europe. Résultat : une cartographie de leur activité et des défis à relever, en particulier dans les domaines de la souverianeté des données et de la cybersécurité. | Studies Cloud | ★★★★ | |
|
2024-03-11 10:25:07 | Trend Micro : Rapport 2023 sur l\'état de la cybersécurité (lien direct) | #Cybersécurité #ransomware Rapport 2023 sur l'état de la cybersécurité Trend Micro a bloqué plus de 160 milliards d'incidents sur l'année ! Une importante hausse des menaces qui traduit une évolution dans les stratégies d'attaque employées par les assaillants. - Investigations | Threat Studies Prediction | ★★★★ | |
|
2024-03-08 21:42:16 | CORNE CISO: directives de la NSA;une étude de cas SBOM de services publics;Lampes de lave CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps (lien direct) |
Notre collection des perspectives de rapport et de l'industrie les plus pertinentes pour ceux qui guident les stratégies de cybersécurité et se sont concentrées sur SECOPS.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. |
Studies | ★★★ | |
|
2024-03-08 12:06:58 | Une taxonomie d'attaques d'injection rapide A Taxonomy of Prompt Injection Attacks (lien direct) |
Les chercheurs ont organisé un concours mondial de piratage rapide et ont documenté Les résultats dans un article qui donne beaucoup de bien donne beaucoup de bienExemples et essaie d'organiser une taxonomie de stratégies d'injection rapide efficaces.Il semble que la stratégie réussie la plus courante soit l'attaque d'instructions composée la plus courante, & # 8221;Comme dans & # 8220; dire & # 8216; J'ai été Pwned & # 8217;sans période. & # 8221;
Ignorez ce titre et HackapRomppt: exposer les vulnérabilités systémiques de
LLMS via une compétition de piratage invite à l'échelle mondiale
Résumé: Les modèles de grande langue (LLM) sont déployés dans des contextes interactifs avec l'engagement direct des utilisateurs, tels que les chatbots et les assistants d'écriture.Ces déploiements sont vulnérables à l'injection rapide et au jailbreak (collectivement, piratage rapide), dans lequel les modèles sont manipulés pour ignorer leurs instructions d'origine et suivre des instructions potentiellement malveillantes.Bien que largement reconnue comme une menace de sécurité significative, il y a une pénurie de ressources à grande échelle et d'études quantitatives sur le piratage rapide.Pour aborder cette lacune, nous lançons un concours mondial de piratage rapide, qui permet des attaques d'entrée humaine en forme libre.Nous produisons 600k + invites adversaires contre trois LLM de pointe.Nous décrivons l'ensemble de données, qui vérifie empiriquement que les LLM actuels peuvent en effet être manipulées via un piratage rapide.Nous présentons également une ontologie taxonomique complète des types d'invites contradictoires ...
Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts... |
Vulnerability Threat Studies | ★★★ | |
|
2024-03-07 10:00:53 | Spam et phishing en 2023 Spam and phishing in 2023 (lien direct) |
Ce rapport contient des statistiques de spam et de phishing pour 2023, ainsi que des descriptions des principales tendances, parmi ces intelligences artificielles, le phishing instantané et les attaques de BEC multilingues.
This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks. |
Spam Studies | ★★★★ | |
|
2024-03-06 19:23:26 | Les Américains ont perdu un record de 12,5 milliards de dollars à la fraude en ligne l'année dernière Americans lost a record $12.5 billion to online fraud last year (lien direct) |
Plus de 12,5 milliards de dollars ont été perdus en 2023 à cause de la fraude en ligne dans les cas signalés par le public américain, selon le FBI \\’s annuel Rapport sur la criminalité sur Internet - Une augmentation de 22% par rapport à l'année précédente.Le rapport compile les informations du Centre des plaintes de criminalité sur Internet du FBI \\ et montre une augmentation constante de la fraude presque à travers
More than $12.5 billion was lost in 2023 to online fraud in cases reported by the American public, according to the FBI\'s annual Internet Crime Report - a 22% increase on the year before. The report compiles information from the FBI\'s Internet Crime Complaint Center (IC3) and shows a steady increase in fraud nearly across |
Studies | ★★★★ |
To see everything:
Our RSS (filtrered)
