What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-02-07 05:00:33 | Protéger vos chemins, partie 2: Comprendre votre rayon de souffle d'identité Protecting Your Paths, Part 2: Understanding Your Identity Blast Radius (lien direct) |
Welcome to the second part of our blog series on using attack path management (APM) to secure your network. In our first post, we examined the importance of using APM to identify and remediate identity-centric attack paths before attackers exploit them. We also emphasized that the compromise of tier-zero assets -aka the “IT crown jewels”-is a top objective for attackers. Attack path management (APM) is a process by which you discover all the existing paths that an attacker can exploit to reach tier-zero assets within your environment. APM plays a pivotal role in helping security teams pinpoint vulnerable identities. It provides a holistic view of the available attack paths that an attacker could use to move laterally in the quest to reach your IT crown jewels. In this blog, we introduce a crucial APM concept known as the identity blast radius. We explore the use cases for this view. And we highlight how it is similar but distinct from the attack path view. What you can learn from identity blast radius analysis An identity blast radius represents the potential impact of an attacker who is moving laterally using a compromised identity. It presents how the compromise of one particular identity can help an attacker reach other identities or assets in the network. Discovering the identity blast radius before attackers do is essential to prevent a minor compromise from turning into a major security incident. To see how this works, it\'s helpful to visualize it. Below is an illustration of the vulnerabilities related to a user named Brian Rivera. It\'s just one example of how attackers can abuse Active Directory ACLs. Example view of an identity blast radius. In the blast radius view above the subject identity for Brian Riviera serves as the “tree root” of the view. Branching off the tree root are all the assets and privileges that that specific user can invoke. These include: Stored credentials. If an attacker compromises hosts where Brian\'s Remote Desktop Protocol (RDP) credentials are stored, they can use those credentials to move laterally to the indicated hosts. Active Directory ACL assignments. An attacker that compromises Brian\'s identity can use his GenericWrite permission in Active Directory to: Gain code execution with elevated privileges on a remote computer Delete files and data Introduce malicious files or code on the flagged targets Identity blast radius use cases The identity blast radius view supports powerful use cases that support attack path analysis, including: Post-compromise analysis. After an attacker gets control of an identity, the blast radius view can help you identify other identities and assets that are vulnerable to lateral movement or other malicious actions. What-if analysis. Your security teams can use the identity blast radius view to assess the potential impact of an attack on high-value targets like your chief financial officer or a senior IT administrator. With that insight, they can apply other compensating controls. Changes in access privileges. It can also help you identify the potential impact of changes in access privileges. These often occur when employees move between roles. You can use this insight to ensure that an employee\'s access is properly managed. This can prevent an excessive accumulation of privileges. Assets vs. identities: Differences between tier-zero asset views and identity blast radius views The figure below shows how the tier-zero asset view illustrates paths that ascend from different entities to the tier-zero asset root. In contrast, the identity blast radius view positions the subject identity as the tree root. Paths extend downward to various entities that are reachable through diverse relations like Active Directory ACL assignments or stored credentials. Comparison of the tier-zero assets view versus the identity blast radius view. These two views offer different perspectives. But both are powerful tools to help you visualize identity-related vulnerabilities. These i | Tool Vulnerability Threat | ★★★ | |
 |
2024-02-06 20:08:17 | Les gouvernements du monde, les géants de la technologie signent la responsabilité des logiciels espions World Govs, Tech Giants Sign Spyware Responsibility Pledge (lien direct) |
La France, le Royaume-Uni, les États-Unis et d'autres travailleront sur un cadre pour l'utilisation responsable d'outils tels que Pegasus de NSO Group \\ et les gains de la Fondation ShadowServer & Pound; 1 million d'investissements.
France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group\'s Pegasus, and Shadowserver Foundation gains £1 million investment. |
Tool | ★★★ | |
 |
2024-02-06 19:39:29 | AnyDesk dit que le logiciel \\ 'sûr à utiliser \\' après cyberattaque AnyDesk says software \\'safe to use\\' after cyberattack (lien direct) |
La société de logiciels de surveillance et de gestion à distance populaire, AnyDesk, a déclaré que toutes les versions de son outil obtenues à partir de «sources officielles» sont sûres à utiliser à la suite d'une cyberattaque qui a provoqué des jours de pannes et de préoccupations parmi les utilisateurs.La cyberattaque a affecté les serveurs en Espagne et au Portugal, mais nulle part ailleurs, a déclaré Anydesk.L'entreprise a confirmé vendredi dernier qu'un quatre jours
Popular remote monitoring and management software company AnyDesk said all versions of its tool obtained from “official sources” are safe to use following a cyberattack that caused days of outages and concern among users. The cyberattack affected servers in Spain and Portugal but nowhere else, AnyDesk said. The company confirmed last Friday that a four-day |
Tool | ★★★ | |
 |
2024-02-06 17:51:33 | Top 7 des outils de chasse au cybermenace pour 2024 Top 7 Cyber Threat Hunting Tools for 2024 (lien direct) |
Voici les principaux outils de chasse à la cyber-menace qui peuvent améliorer les défenses de cybersécurité de votre organisation.Apprenez comment leurs fonctionnalités se comparent.
Here are the top cyber threat hunting tools that can enhance your organization\'s cybersecurity defenses. Learn how their features compare. |
Tool Threat | ★★★ | |
 |
2024-02-06 15:42:30 | LockSelf dévoile un nouveau Dashboard dédié aux RSSI ! (lien direct) | >Déployé de manière progressive et présenté au FIC en avril dernier, le Dashboard LockSelf fait désormais partie intégrante des outils de pilotage cyber des organisations utilisatrices de la suite LockSelf. Retour sur ses spécificités et ses fonctionnalités clés ! The post LockSelf dévoile un nouveau Dashboard dédié aux RSSI ! first appeared on UnderNews. | Tool | ★★ | |
|
2024-02-06 14:30:47 | Google: la moitié de tous les jours zéro utilisés contre nos produits sont développés par des fournisseurs de logiciels espions Google: Half of all zero-days used against our products are developed by spyware vendors (lien direct) |
Google a déclaré mardi qu'il suivait au moins 40 entreprises impliquées dans la création de logiciels espions et d'autres outils de piratage qui sont vendus aux gouvernements et déployés contre les utilisateurs «à haut risque», y compris les journalistes, les défenseurs des droits de l'homme et les dissidents.Les vendeurs - qui ont développé des dizaines d'outils et d'astuces pour pénétrer dans les téléphones, les ordinateurs portables,
Google said Tuesday that it is tracking at least 40 companies involved in the creation of spyware and other hacking tools that are sold to governments and deployed against “high risk” users, including journalists, human rights defenders and dissidents. The vendors - which have developed dozens of tools and tricks to break into phones, laptops, |
Tool | ★★★★ | |
|
2024-02-06 14:00:00 | Les bogues Microsoft Azure Hdinsight exposent les mégadonnées aux violations Microsoft Azure HDInsight Bugs Expose Big Data to Breaches (lien direct) |
Les trous de sécurité dans un outil Big Data pourraient entraîner un compromis Big Data.
Security holes in a big data tool could lead to big data compromise. |
Tool | ★★★ | |
 |
2024-02-06 11:00:33 | 70% des organisations ne sont pas préparées et comment les technologies avancées peuvent aider 70% of Organizations Feel Unprepared and How Advanced Technologies Can Help (lien direct) |
Plus de 70% des répondants d'organisations estiment qu'ils n'ont pas les bons outils pour protéger leurs informations et systèmes sensibles contre les menaces d'initiés.Ces statistiques ne sont tout simplement pas alarmantes;C'est un appel à une compréhension plus profonde et à une réponse stratégique à un aspect souvent négligé de la cybersécurité.
Over 70% of respondents of organizations feel that they lack the right tools to protect their sensitive information and systems from insider threats. These statistics are just not alarming; it\'s a call for a deeper understanding and strategic response to an often overlooked aspect of cybersecurity. |
Tool | ★★ | |
 |
2024-02-06 11:00:00 | AI en cybersécurité: 8 cas d'utilisation que vous devez connaître AI in Cybersecurity: 8 use cases that you need to know (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercriminals live on the cutting edge of technology, and nothing fits the label more than artificial intelligence. It helps them design sophisticated, evolving malware, pose as higher-ups, and even successfully imitate biometrics like one’s voice. The use of AI in cyber security has developed as a natural response to these new and unpredictable challenges. How are cyber security experts using artificial intelligence to thwart the bad guys? The following eight use cases will tell you all you need to know. 1. Threat prevention and preemption It\'s not uncommon for businesses and organizations to be under persistent attack. Cyber threats can burrow deep into their networks and spread chaos for months before detection. Since AI models have large datasets of past behaviors to draw on, they can spot anomalous behavior far more quickly. Preventing attacks before deployment is among cyber security’s most desirable goals. If you have the right information, it can become a reality. For example, a cybersecurity team can use a proxy network to regularly scrape the contents of forums and other sites dedicated to hacking. They may then act on the gathered info and meet future attacks head-on. 2. Timely incident response Not even an AI-enhanced cybersecurity framework can stop all incoming attacks. Someone might connect an unsanctioned device, or an update might contain malicious code. Either way, a robust cyber security AI can respond to such incidents promptly, blocking or deleting the offending actors. 3. Data protection Data is the basis on which modern economies operate. Whether you obtain it through web scraping API, surveys, as part of your day-to-day operations, etc., the data you collect needs powerful safeguards. AI can help by classifying and automatically encrypting it. Access control is another process you can automate, as is compliance with data protection laws like the GDPR. | Spam Malware Tool Threat | ★★ | |
|
2024-02-06 05:00:20 | Comment les cybercriminels augmentent-ils le privilège et se déplacent-ils latéralement? How Do Cybercriminals Escalate Privilege and Move Laterally? (lien direct) |
If you want to understand how cybercriminals cause business-impacting security breaches, the attack chain is a great place to start. The eight steps of this chain generalize how a breach progresses from start to finish. The most impactful breaches typically follow this pattern: Steps in the attack chain. In this blog post, we will simplify the eight steps of an attack into three stages-the beginning, middle and end. Our focus here will primarily be on the middle stage-info gathering, privilege escalation and lateral movement, which is often the most challenging part of the attack chain to see and understand. The middle steps are often unfamiliar territory, except for the most highly specialized security practitioners. This lack of familiarity has contributed to significant underinvestment in security controls required to address attacks at this stage. But before we delve into our discussion of the middle, let\'s address the easiest stages to understand-the beginning and the end. The beginning of the attack chain A cyberattack has to start somewhere. At this stage, a cybercriminal gains an initial foothold into a target\'s IT environment. How do they do this? Mainly through phishing. A variety of tactics are used here including: Stealing a valid user\'s login credentials Luring a user into installing malicious software, such as Remote Access Trojans (RATs) Calling the company\'s help desk to socially engineer the help desk into granting the attacker control over a user\'s account Much ink has been spilled about these initial compromise techniques. This is why, in part, the level of awareness and understanding by security and non-security people of this first stage is so high. It is fair to say that most people-IT, security and everyday users-have personally experienced attempts at initial compromise. Who hasn\'t received a phishing email? A great deal of investment goes into security tools and user training to stop the initial compromise. Think of all the security technologies that exist for that purpose. The list is very long. The end of the attack chain Similarly, the level of awareness and understanding is also very high around what happens at the end of the attack chain. As a result, many security controls and best practices have also been focused here. Everyone-IT, security and even everyday users-understands the negative impacts of data exfiltration or business systems getting encrypted by ransomware attackers. Stories of stolen data and ransomed systems are in the news almost daily. Now, what about the middle? The middle is where an attacker attempts to move from the initially compromised account(s) or system(s) to more critical business systems where the data that\'s worth exfiltrating or ransoming is stored. To most people, other than red teamers, pen testers and cybercriminals, the middle of the attack chain is abstract and unfamiliar. After all, regular users don\'t attempt to escalate their privileges and move laterally on their enterprise network! These three stages make up the middle of the attack chain: Information gathering. This includes network scanning and enumeration. Privilege escalation. During this step, attackers go after identities that have successively higher IT system privileges. Or they escalate the privilege of the account that they currently control. Lateral movement. Here, they hop from one host to another on the way to the “crown jewel” IT systems. Steps in the middle of the attack chain. Relatively few IT or security folks have experience with or a deep understanding of the middle of the attack chain. There are several good reasons for this: Most security professionals are neither red teamers, pen testers, nor cybercriminals. The middle stages are “quiet,” unlike initial compromise-focused phishing attacks or successful ransomware attacks, which are very “loud” by comparison. Unlike the front and back end of the attack chain, there has been little coverage about how these steps | Ransomware Malware Tool Vulnerability Threat | ★★★ | |
 |
2024-02-06 01:52:22 | Risques de sécurité des graphiques de barre de Kubernetes et que faire à leur sujet Security Risks of Kubernetes Helm Charts and What to do About Them (lien direct) |
Kubernetes est devenue la plate-forme principale pour orchestrer les applications conteneurisées.Cependant, les développeurs et les administrateurs comptent sur un écosystème d'outils et de plateformes qui ont émergé autour de Kubernetes.L'un de ces outils est Helm, un gestionnaire de packages qui simplifie les déploiements de Kubernetes.Cependant, avec la confusion et l'efficacité des offres, il présente également des risques de sécurité importants.Cet article explore les risques associés aux graphiques de barre de Kubernetes et fournit des stratégies exploitables pour atténuer les vulnérabilités potentielles.Comprendre et traiter ces sécurité ...
Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security risks. This article explores the risks associated with Kubernetes Helm charts and provides actionable strategies to mitigate potential vulnerabilities. Understanding and addressing these security... |
Tool Vulnerability | ★★ | |
|
2024-02-05 23:00:35 | La Grande-Bretagne et la France rassemblent des diplomates pour un accord international sur les logiciels espions Britain and France assemble diplomats for international agreement on spyware (lien direct) |
Le Royaume-Uni et la France organisent conjointement une conférence diplomatique à Lancaster House à Londres cette semaine pour lancer un nouvel accord international concernant «la prolifération des outils commerciaux de cyber-intrusion».Selon le ministère des Affaires étrangères, 35 nations seront représentées lors de la conférence, aux côtés de «Big Tech Leaders, d'experts juridiques et de droits de l'homme
The United Kingdom and France are to jointly host a diplomatic conference at Lancaster House in London this week to launch a new international agreement addressing “the proliferation of commercial cyber intrusion tools.” According to the Foreign Office, 35 nations will be represented at the conference, alongside “big tech leaders, legal experts, and human rights |
Tool Conference Commercial | ★★ | |
 |
2024-02-05 21:31:30 | Vajraspy: un patchwork d'applications d'espionnage VajraSpy: A Patchwork of Espionage Apps (lien direct) |
#### Description
Les chercheurs de l'ESET ont découvert une nouvelle campagne de cyber-espionnage qui utilise douze applications Android transportant Vajraspy, un cheval de Troie (rat) d'accès à distance utilisé par le groupe Patchwork Apt.
Six des applications étaient disponibles sur Google Play, et six ont été trouvés sur Virustotal.Les applications ont été annoncées comme des outils de messagerie, et on se faisait passer pour une application d'actualités.Vajraspy possède une gamme de fonctionnalités d'espionnage qui peuvent être élargies en fonction des autorisations accordées à l'application regroupée avec son code.Il vole les contacts, les fichiers, les journaux d'appels et les messages SMS, mais certaines de ses implémentations peuvent même extraire les messages WhatsApp et Signal, enregistrer des appels téléphoniques et prendre des photos avec l'appareil photo.La campagne a ciblé les utilisateurs principalement au Pakistan, et les acteurs de la menace ont probablement utilisé des escroqueries de romantisme ciblées pour attirer leurs victimes dans l'installation du malware.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
#### Date de publication
1er février 2024
#### Auteurs)
Lukas Stefanko
#### Description ESET researchers have discovered a new cyber espionage campaign that uses twelve Android apps carrying VajraSpy, a remote access trojan (RAT) used by the Patchwork APT group. Six of the apps were available on Google Play, and six were found on VirusTotal. The apps were advertised as messaging tools, and one posed as a news app. VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code. It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera. The campaign targeted users mostly in Pakistan, and the threat actors likely used targeted honey-trap romance scams to lure their victims into installing the malware. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/ #### Publication Date February 1, 2024 #### Author(s) Lukas Stefanko |
Malware Tool Threat Mobile | ★★★ | |
 |
2024-02-05 16:42:00 | Revue pratique: XDR basé sur Sase de Cato Networks Hands-On Review: SASE-based XDR from Cato Networks (lien direct) |
Les entreprises sont engagées dans un jeu de chat et de souris apparemment sans fin en ce qui concerne la cybersécurité et les cyber-menaces.Alors que les organisations mettaient en place un bloc défensif après l'autre, les acteurs malveillants lancent leur jeu pour contourner ces blocs.Une partie du défi consiste à coordonner les capacités défensives des outils de sécurité disparates, même si les organisations ont des ressources limitées et une pénurie de
Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive abilities of disparate security tools, even as organizations have limited resources and a dearth of |
Tool | ★★★ | |
 |
2024-02-05 15:08:59 | Metomic lance l'intégration de Chatgpt Metomic Launches ChatGPT Integration (lien direct) |
Metomic lance l'intégration de Chatgpt pour aider les entreprises à profiter pleinement de l'outil d'IA génératif sans mettre des données sensibles à risque
Metomic pour Chatgpt permet aux leaders de la sécurité de stimuler la productivité tout en surveillant les données en cours de téléchargement sur la plate-forme Chatgpt d'Openai \\ en temps réel
-
revues de produits
Metomic Launches ChatGPT Integration To Help Businesses Take Full Advantage Of The Generative AI Tool Without Putting Sensitive Data At Risk Metomic for ChatGPT enables security leaders to boost productivity while monitoring data being uploaded to OpenAI\'s ChatGPT platform in real-time - Product Reviews |
Tool | ChatGPT | ★★ |
 |
2024-02-05 12:15:00 | AnyDesk frappé par la cyberattaque et la violation des données des clients AnyDesk Hit by Cyber-Attack and Customer Data Breach (lien direct) |
La cyberattaque qui a frappé le fournisseur d'outils distant pourrait avoir un impact plus significatif que prévu initialement
The cyber-attack that hit the remote tool provider could have a more significant impact than initially expected |
Data Breach Hack Tool | ★★ | |
 |
2024-02-05 11:59:31 | Amélioration de l'interopérabilité entre la rouille et le C ++ Improving Interoperability Between Rust and C++ (lien direct) |
Publié par Lars Bergstrom & # 8211;Directeur, Android Platform Tools & amp;Bibliothèques et présidente du Rust Foundation Board En 2021, nous annoncé que Google rejoignait la Fondation Rust.À l'époque, Rust était déjà largement utilisée sur Android et d'autres produits Google.Notre annonce a souligné notre engagement à améliorer les examens de sécurité du code de la rouille et son interopérabilité avec le code C ++.La rouille est l'un des outils les plus forts que nous avons pour résoudre les problèmes de sécurité de la sécurité mémoire.Depuis cette annonce, les leaders de l'industrie et agences gouvernementales sentiment. Nous sommes ravis d'annoncer que Google a fourni une subvention de 1 million de dollars à la Rust Foundation pour soutenir les efforts qui amélioreront la capacité de Rust Code à interopérer avec les bases de code C ++ héritées existantes.Nous réapparaisons également notre engagement existant envers la communauté de la rouille open source en agrégant et en publiant Audits pour les caisses de rouille que nous utilisons dans les projets Google open-source.Ces contributions, ainsi que notre contributions précédentes à l'interopérabilité , ont-ellesenthousiasmé par l'avenir de la rouille. "Sur la base des statistiques historiques de la densité de la densité de vulnérabilité, Rust a empêché de manière proactive des centaines de vulnérabilités d'avoir un impact sur l'écosystème Android.Cet investissement vise à étendre l'adoption de la rouille sur divers composants de la plate-forme. » & # 8211;Dave Kleidermacher, vice-président de l'ingénierie, Android Security & AMP;Confidentialité Bien que Google ait connu la croissance la plus importante de l'utilisation de la rouille dans Android, nous continuons à augmenter son utilisation sur plus d'applications, y compris les clients et le matériel de serveur. «Bien que la rouille ne soit pas adaptée à toutes les applications de produits, la priorisation de l'interopérabilité transparente avec C ++ accélérera l'adoption de la communauté plus large, s'alignant ainsi sur les objectifs de l'industrie d'améliorer la sécurité mémoire.» & # 8211;Royal Hansen, vice-président de Google de la sécurité et de l'AMP;Sécurité L'outillage de rouille et l'écosystème prennent déjà en charge interopérabilité avec Android et avec un investissement continuDans des outils comme cxx , autocxx , bindgen , cbindgen , diplomate , et crubit, nous constatons des améliorations régulières de l'état d'interopérabilité de la rouille avec C ++.Au fur et à mesure que ces améliorations se sont poursuivies, nous avons constaté une réduction des obstacles à l'adoption et à l'adoption accélérée de la rouille.Bien que ces progrès à travers les nombreux outils se poursuivent, il ne se fait souvent que développer progressivement pour répondre aux besoins particuliers d'un projet ou d'une entreprise donnée. Afin d'accélérer à la fois l'adoption de la rouill | Tool Vulnerability Mobile | ★★★ | |
|
2024-02-05 11:41:18 | 7 conseils pour développer une approche proactive pour éviter le vol de données 7 Tips to Develop a Proactive Approach to Prevent Data Theft (lien direct) |
Data is one of the most valuable assets for a modern enterprise. So, of course, it is a target for theft. Data theft is the unauthorized acquisition, copying or exfiltration of sensitive information that is typically stored in a digital format. To get it, bad actors either abuse privileges they already have or use various other means to gain access to computer systems, networks or digital storage devices. The data can range from user credentials to personal financial records and intellectual property. Companies of all sizes are targets of data theft. In September 2023, the personal data of 2,214 employees of the multinational confectionary firm The Hershey Company was stolen after a phishing attack. And in January 2024, the accounting firm of Framework Computer fell victim to an attack. A threat actor posed as the Framework\'s CEO and convinced the target to share a spreadsheet with the company\'s customer data. Data thieves aim to profit financially, disrupt business activities or do both by stealing high-value information. The fallout from a data breach can be very costly for a business-and the cost is going up. IBM reports that the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years. Other data suggests that the average cost of a breach is more than double for U.S. businesses-nearly $9.5 million. Not all data breaches involve data theft, but stealing data is a top aim for many attackers. Even ransomware gangs have been shifting away from data encryption in their attacks, opting instead to steal massive amounts of data and use its value as a means to compel businesses to pay ransom. So, what can businesses do to prevent data theft? Taking a proactive approach toward stopping someone from stealing your data is a must. This blog post can help jump-start your thinking about how to improve data security. We explore how data theft happens and describe some common threats that lead to it. We also outline seven strategies that can help reduce your company\'s risk of exposure to data theft and highlight how Proofpoint can bolster your defenses. Understanding data theft-and who commits it Data theft is a serious security and privacy breach. Data thieves typically aim to steal information like: Personally identifiable information (PII) Financial records Intellectual property (IP) Trade secrets Login credentials Once they have it, bad actors can use stolen data for fraudulent activities or, in the case of credential theft, to gain unlawful access to accounts or systems. They can also sell high-value data on the dark web. The consequences of data theft for businesses can be significant, if not devastating. They include hefty compliance penalties, reputational damage, and financial and operational losses. Take the manufacturing industry as an example. According to one source, a staggering 478 companies in this industry have experienced a ransomware attack in the past five years. The costs in associated downtime are approximately $46.2 billion. To prevent data theft, it\'s important to recognize that bad actors from the outside aren\'t the only threat. Insiders, like malicious employees, contractors and vendors, can also steal data from secured file servers, database servers, cloud applications and other sources. And if they have the right privileges, stealing that data can be a breeze. An insider\'s goals for data theft may include fraud, the disclosure of trade secrets to a competitor for financial gain, or even corporate sabotage. As for how they can exfiltrate data, insiders can use various means, from removable media to personal email to physical printouts. How does data theft happen? Now, let\'s look at some common methods that attackers working from the outside might employ to breach a company\'s defenses and steal data. Phishing. Cybercriminals use phishing to target users through email, text messages, phone calls and other forms of communication. The core objective of this approach is to trick users into doing what | Ransomware Data Breach Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2024-02-05 10:23:40 | Mimecast annonce des améliorations aux protections de code QR Mimecast Announces Enhancements to QR Code Protections (lien direct) |
mimecast annonce des améliorations aux protections de code QR
La sécurité des e-mails mimecast innove pour garder \\ 'qui quasi \' Attaques dans les boîtes de réception
-
revues de produits
Mimecast Announces Enhancements to QR Code Protections Mimecast email security innovates to keep \'quishing\' attacks out of inboxes - Product Reviews |
Tool | ★★ | |
 |
2024-02-02 15:00:00 | Alerte de campagne: l'ombre d'un an d'Asyncrat dans l'infrastructure américaine Campaign Alert: The Year-Long Shadow of AsyncRAT in U.S. Infrastructure (lien direct) |
> The Rise of Asyncrat: A Persistrent Cyberon Menage Asyncrat, un outil d'accès à distance open source publié ...
>The Rise of AsyncRAT: A Persistent Cyber Threat AsyncRAT, an open-source remote access tool released... |
Tool Threat | ★★★ | |
|
2024-02-02 05:00:36 | Développement d'une nouvelle norme Internet: le cadre de la politique relationnelle du domaine Developing a New Internet Standard: the Domain Relationship Policy Framework (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. In this blog post, we discuss the Domain Relationship Policy Framework (DRPF)-an effort that has been years in the making at Proofpoint. The DRPF is a simple method that is used to identify verifiably authorized relationships between arbitrary domains. We create a flexible way to publish policies. These policies can also describe complex domain relationships. The details for this new model require in-depth community discussions. These conversations will help us collectively steer the DRPF toward becoming a fully interoperable standard. We are now in the early proposal stage for the DRPF, and we are starting to engage more with the broader community. This post provides a glimpse down the road leading to standardization for the DRPF. Why Proofpoint developed DRPF To shine a light on why Proofpoint was inspired to develop the DRPF in the first place, let\'s consider the thinking of the initial designers of the Domain Name System (DNS). They assumed that subdomains would inherit the administrative control of their parent domains. And by extension, this should apply to all subsequent subdomains down the line. At the time, this was reasonable to assume. Most early domains and their subdomains operated in much the same way. For example, “university.edu” directly operated and controlled the administrative policies for subdomains such as “lab.university.edu” which flowed down to “project.lab.university.edu.” Since the mid-1980s, when DNS was widely deployed, there has been a growing trend of delegating subdomains to third parties. This reflects a breakdown of the hierarchical model of cascading policies. To see how this works, imagine that a business uses “company.com” as a domain. That business might delegate “marketing.company.com” to a third-party marketing agency. The subdomain must inherit some policies, while the subdomain administrator may apply other policies that don\'t apply to the parent domain. Notably, there is no mechanism yet for a domain to declare a relationship with another seemingly independent domain. Consider a parent company that operates multiple distinct brands. The company with a single set of policies may want them applied not only to “company.com” (and all of its subdomains). It may also want them applied to its brand domains “brand.com” and “anotherbrand.com.” It gets even more complex when any of the brand domains delegate various subdomains to other third parties. So, say some of them are delegated to marketing or API support. Each will potentially be governed by a mix of administrative policies. In this context, “policies” refers to published guidance that is used when these subdomains interact with the domain. Policies might be for information only. Or they might provide details that are required to use services that the domain operates. Most policies will be static (or appear so to the retrieving parties). But it is possible to imagine that they could contain directives akin to smart contracts in distributed ledgers. 3 Design characteristics that define DRPF The goal of the DRPF is to make deployment and adoption easier while making it flexible for future use cases. In many prior proposals, complex requirements bogged down efforts to get rid of administrative boundaries between and across disparate domains. Our work should be immediately useful with minimal effort and be able to support a wide array of ever-expanding use cases. In its simplest form, three design characteristics define the DRPF: A domain administrator publishes a policy assertion record for the domain so that a relying party can discover and retrieve it. The discovered policy assertion directs the relying party to where they can find | Tool Prediction Cloud Technical | ★★★ | |
 |
2024-02-01 16:59:36 | Comment la médecine légale a révélé l'exploitation d'Ivanti Connect Secure VPN Vulnérabilités de jour zéro How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities (lien direct) |
> Dans une récente série d'articles de blog liés à deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN, les détails partagés par volexité de l'exploitation active dans la sauvage;a fourni une mise à jour sur la façon dont l'exploitation était devenue dans le monde;et des observations rapportées sur la façon dont les logiciels malveillants et les modifications de l'outil de vérificateur d'intégrité intégré ont été utilisés pour échapper à la détection.Une étude initiale critique de Volexity \\ a consisté à collecter et à analyser un échantillon de mémoire.Comme indiqué dans le premier article de blog de la série en trois parties (je souligne): «… Volexité a analysé l'un des échantillons de mémoire collectés et a découvert la chaîne d'exploitation utilisée par l'attaquant.La volexité a découvert deux exploits différents-jour qui étaient enchaînés pour réaliser l'exécution de code distant non authentifié (RCE).Grâce à l'analyse médico-légale de l'échantillon de mémoire, la volexité a pu recréer deux exploits de preuve de concept qui ont permis une exécution complète de commande non authentifiée sur l'appliance ICS VPN. »Collect & # 38;Analyser la mémoire ASAP Le volexité priorise régulièrement la criminalistique de la mémoire [& # 8230;]
>In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of how malware and modifications to the built-in Integrity Checker Tool were used to evade detection. A critical piece of Volexity\'s initial investigation involved collecting and analyzing a memory sample. As noted in the first blog post of the three-part series (emphasis added): “…Volexity analyzed one of the collected memory samples and uncovered the exploit chain used by the attacker. Volexity discovered two different zero-day exploits which were being chained together to achieve unauthenticated remote code execution (RCE). Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.” Collect & Analyze Memory ASAP Volexity regularly prioritizes memory forensics […] |
Malware Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-02-01 15:55:03 | Toutes les agences civiles fédérales condamnées à déconnecter les produits Ivanti à risque d'ici vendredi All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday (lien direct) |
Vendredi, toutes les agences civiles fédérales des États-Unis ont été condamnées à déconnecter les produits Secure et Policy Secure et Policy Secure après que d'autres vulnérabilités aient été trouvées dans les outils cette semaine.Dans un Directive mise à jour publiée mercredi, l'agence de sécurité de cybersécurité et d'infrastructure (CISA) a donné aux agences jusqu'à vendredi à minuit pour supprimer les outils
All federal civilian agencies in the U.S. have been ordered to disconnect Ivanti Connect Secure and Policy Secure products by Friday after more vulnerabilities were found in the tools this week. In an updated directive published on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) gave agencies until Friday at midnight to remove the tools |
Tool Vulnerability | ★★★ | |
 |
2024-02-01 14:00:51 | L'IA générative est la fierté des services de cybercriminalité Generative AI is the Pride of Cybercrime Services (lien direct) |
> Les cybercriminels utilisent officiellement l'IA génératrice pour les campagnes de spam, les services d'identité et les services de vérification des médias sociaux: & # 8211;L'IA générative en tant qu'outil de cybercriminalité: les cybercriminels utilisent de plus en plus l'IA génératrice pour les cybercrimes sophistiqués, notamment une usurpation d'identité des médias sociaux, des campagnes de spam et des services de vérification KYC.& # 8211;Plateformes de chamage noir alimenté par AI: la montée des plateformes axées sur l'IA pour créer et gérer de faux comptes de médias sociaux, offrant des services pour automatiser la génération de contenu et l'activité des comptes à des fins illicites.& # 8211;Évolution des fraudes du spam et de KYC: l'intégration de l'IA dans les services de spam pour contourner les contrôles de sécurité et dans les services de vérification KYC pour créer de faux documents d'identification, ce qui signifie un nouveau niveau de [& # 8230;]
>Cybercriminals Officially Utilize Generative AI for Spam Campaigns, Social Media Impersonation and Verification Services Highlights: – Generative AI as a Cybercrime Tool: Cybercriminals are increasingly using generative AI for sophisticated cybercrimes, including social media impersonation, spam campaigns, and KYC verification services. – AI-Powered Black-Hat Platforms: The rise of AI-driven platforms for creating and managing fake social media accounts, offering services to automate content generation and account activity for illicit purposes. – Evolution of Spam and KYC Frauds: The integration of AI in spam services to bypass security controls and in KYC verification services for creating fake identification documents, signifying a new level of […] |
Spam Tool | ★★★ | |
|
2024-02-01 06:00:12 | Le pare-feu humain: Pourquoi la formation de sensibilisation à la sécurité est une couche de défense efficace The Human Firewall: Why Security Awareness Training Is an Effective Layer of Defense (lien direct) |
Do security awareness programs lead to a quantifiable reduction in risk? Do they directly impact a company\'s security culture? In short, are these programs effective? The answer to these questions is a resounding yes! With 74% of all data breaches involving the human element, the importance of educating people to help prevent a breach cannot be understated. However, for training to be effective, it needs to be frequent, ongoing and provided to everyone. Users should learn about: How to identify and protect themselves from evolving cyberthreats What best practices they can use to keep data safe Why following security policies is important In this blog post, we discuss the various ways that security awareness training can have a positive impact on your company. We also discuss how to make your program better and how to measure your success. Security awareness training effectiveness Let\'s look at three ways that security awareness training can help you boost your defenses. 1. Mitigate your risks By teaching your team how to spot and handle threats, you can cut down on data breaches and security incidents. Our study on the effects of using Proofpoint Security Awareness showed that many companies saw up to a 40% decrease in the number of harmful links clicked by users. Think about this: every click on a malicious link could lead to credential theft, a ransomware infection, or the exploitation of a zero-day vulnerability. So, an effective security awareness program essentially reduces security incidents by a similar amount. Want more evidence about how important it is? Just check out this study that shows security risks can be reduced by as much as 80%. Here is more food for thought. If a malicious link does not directly result in a breach, it must still be investigated. The average time to identify a breach is 204 days. So, if you can reduce the number of incidents you need to investigate, you can see real savings in time and resources. 2. Comply with regulations Security awareness education helps your company comply with data regulations, which are always changing. This can help you avoid hefty fines and damage to your reputation. In many cases, having a security awareness program can keep you compliant with several regulations. This includes U.S. state privacy laws, the European Union\'s GDPR and other industry regulations. 3. Cultivate a strong security culture An effective security awareness program doesn\'t have to be all doom and gloom. Done right, it can help you foster a positive security culture. More than half of users (56%) believe that being recognized or rewarded would make their company\'s security awareness efforts more effective. But only 8% of users say that their company provides them with incentives to practice “good” cybersecurity behavior. When you make security fun through games, contests, and reward and recognition programs, you can keep your employees engaged. You can also motivate them to feel personally responsible for security. That, in turn, can inspire them to be proactive about keeping your critical assets safe. Finally, be sure to incorporate security principles into your company\'s core values. For example, your business leaders should regularly discuss the importance of security. That will help users to understand that everyone plays a vital role in keeping the business safe. How to make your security awareness program effective The verdict is clear. Security awareness programs can tangibly reduce organizational risks. When asked about the connection between their security awareness efforts and their company\'s cybersecurity resilience, a resounding 96% of security professionals say that there is more than just a strong link. They say that it\'s either a direct result of security training or that training is a strong contributor. Let\'s discuss how you can make your program more effective. Assess your security posture The first step toward effectiveness is to assess your company\'s security posture | Ransomware Tool Vulnerability Threat Studies | ★★★ | |
|
2024-02-01 01:30:00 | RunC Flaws Enable Container Escapes, Granting Attackers Host Access (lien direct) | Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container |
Tool Vulnerability Threat | ★★ | |
 |
2024-02-01 00:00:20 | Citibank a poursuivi pour ne pas protéger les clients contre les hacks Citibank Sued For Failing To Protect Customers Against Hacks (lien direct) |
Citibank, l'une des plus grandes banques des États-Unis, a été poursuivie mardi par le procureur général de New York Letitia James pour avoir prétendument échoué à protéger ses clients et refuser de rembourser les victimes de fraude électronique. Le procès, déposé auprès du tribunal de district américain du district sud de New York, affirme que Citibank ne met pas en œuvre de solides protections en ligne pour empêcher les prises de contrôle des comptes non autorisés, induire les clients en erreur au sujet de leurs droits après que leurs comptes soient piratés et que l'argent volé, etrefuse illégalement de rembourser les victimes de fraude, déclare un communiqué de presse. Le bureau du procureur général (OAG) affirme en outre que les protocoles et procédures de sécurité laxiste de Citibank \\ et les systèmes de surveillance inefficaces ont coûté des millions de dollars à New York Citibank - dans certains cas, leurs économies de vie aux escrocs et aux escrocs et aux escrocpirates.Il a également constaté que la banque n'avait pas répondu & # 8220; de manière appropriée et rapidement », ce qui a fait perdre des millions. aux clients. "Les banques sont censées être l'endroit le plus sûr pour garder de l'argent, mais la négligence de Citibank \\ a permis aux escrocs de voler des millions de dollars aux gens travailleurs", a déclaré Général James dans un communiqué de presse. «De nombreux New-Yorkais comptent sur les services bancaires en ligne pour payer les factures ou pour économiser pour de grandes jalons, et si une banque ne peut pas sécuriser ses comptes de clients, ils échouent dans leur devoir le plus élémentaire.Il n'y a aucune excuse pour l'échec de Citi \\ à protéger et à empêcher des millions de dollars d'être volés des comptes des clients et mon bureau ne radrera pas le comportement illégal de grandes banques. » Le procureur général a également donné des exemples de victimes de New York perdant des dizaines de milliers de dollars en raison d'une fraude.Dans un exemple, une victime a cliqué sur un lien malveillant dans le message reçu qui semblait provenir de Citi, qui lui a demandé de se connecter à un site Web ou d'appeler sa branche locale.Lorsque le client a appelé sa succursale locale pour signaler l'activité suspecte, il aurait dit à la victime de ne pas s'en soucier. Trois jours plus tard, le client a découvert qu'un escroc a changé son mot de passe bancaire, inscrit à des virements métalliques en ligne, transféré 70 000 $ de ses économies à son compte courant, puis exécuté électroniquement un transfert métallique de 40 000 $.Le client a continué à contacter la banque pendant des semaines et a également soumis des affidavits, mais finalement, on lui a dit que sa demande de fraude avait été refusée. Dans un communiqué, Citibank a déclaré que la société "travaillait extrêmement dur" pour prévenir les menaces pour ses clients et les aide à récupérer les pertes lorsque cela est possible. «Les banques ne sont pas tenues de rendre les clients entiers lorsque ces clients suivent les instructions des criminels et les banques ne peuvent voir aucune indication que les clients sont trompés.Cependant, compte tenu de la poussée à l'échelle de l'industrie de la fraude par fil au cours des dernières années, nous avons pris des mesures proactives pour protéger nos clients avec des comptes de sécurité, des outils de prévention de la fraude intuitifs, des idées claires sur les dernières escroqueries,et stimuler la sensibilisation et l'éducation des clients », a ajouté l'entreprise. «Nos actions ont considérablement réduit les pertes de fraude par fil du client, et nous restons déterminés à investir dans des mesures de | Tool Mobile | ★★★ | |
|
2024-01-31 19:25:01 | Les États-Unis confirment le retrait du botnet géré par la Chine ciblant les routeurs à domicile et au bureau US confirms takedown of China-run botnet targeting home and office routers (lien direct) |
Le ministère américain de la Justice a confirmé mercredi qu'il avait perturbé un botnet géré par une opération de piratage du gouvernement chinois prolifique connu sous le nom de Volt Typhoon.Les nouvelles du démontage du botnet ont émergé mardi pour la première fois, lorsque Reuters a rapporté que le ministère de la Justice et le FBI ont obtenu l'autorisation légale d'un tribunal américain pour désactiver à distance les outils implantés
The U.S. Justice Department confirmed on Wednesday that it disrupted a botnet run by a prolific Chinese government hacking operation known as Volt Typhoon. News of the botnet takedown first emerged on Tuesday, when Reuters reported that the Justice Department and FBI got legal authorization from a U.S. court to remotely disable the tools implanted |
Tool | Guam | ★★★ |
|
2024-01-31 17:51:00 | Les marchés de télégramme sont des attaques de phishing à carburant avec des kits et des logiciels malveillants faciles à utiliser Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware (lien direct) |
Les chercheurs en cybersécurité attirent l'attention sur la «démocratisation» de l'écosystème de phishing en raison de l'émergence du télégramme en tant qu'épicentre pour la cybercriminalité, permettant aux acteurs de la menace de monter une attaque de masse pour aussi peu que 230 $.
"Cette application de messagerie s'est transformée en un centre animé où les cybercriminels chevronnés et les nouveaux arrivants échangent des outils et des idées illicites créant un sombre et
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and |
Malware Tool Threat | ★★★ | |
|
2024-01-31 17:28:00 | Comment utiliser le guide de Keepass étape par étape How to Use KeePass Step-by-Step Guide (lien direct) |
Keepass est un outil de gestion de mot de passe populaire et gratuit.Découvrez les avantages et les techniques pour en tirer le meilleur parti.
KeePass is a popular and free password management tool. Learn about the benefits and techniques to get the most of out of it. |
Tool | ★★ | |
 |
2024-01-31 15:25:05 | Le Trésor américain impose des sanctions aux prétendus experts en cybersécurité de l'Etat islamique U.S. Treasury Imposes Sanctions on Alleged ISIS Cybersecurity Experts (lien direct) |
> Par waqas
Le Département du Trésor américain a annoncé des sanctions contre deux égyptiennesNationals, Mu \\ 'Min al-Mawji Mahmud Salim et Sarah Jamal Muhammad al-Sayyid, pour diriger la Fondation électronique Horizons (EHF), une plate-formeoffrant prétendument des cyber-outils et une formation aux partisans de l'Etat islamique.
Ceci est un article de HackRead.com Lire le post original: NOUS.Le Trésor impose des sanctions aux prétendus experts en cybersécurité de l'Etat islamique
>By Waqas The US Treasury Department announced sanctions against two Egyptian nationals, Mu\'min Al-Mawji Mahmud Salim and Sarah Jamal Muhammad Al-Sayyid, for running the Electronic Horizons Foundation (EHF), a platform allegedly providing cyber tools and training to ISIS supporters. This is a post from HackRead.com Read the original post: U.S. Treasury Imposes Sanctions on Alleged ISIS Cybersecurity Experts |
Tool | ★★★ | |
 |
2024-01-31 14:18:53 | Intégration Sentinélone et Sekoia.io SentinelOne and Sekoia.io Integration (lien direct) |
> L'élargissement de la pile technologique et l'augmentation du nombre d'outils exhortent les équipes d'opérations de sécurité à rechercher une solution à guichet unique pour centraliser les événements et les alertes.Dans ces conditions de risques croissants, la plate-forme SoC Sekoia devient une solution à la boulle argentée pour sauvegarder les équipes SOC.Il sert de tour de contrôle pour la cybersécurité et recueille facilement, corréle et analyse [& # 8230;]
la publication Suivante Sentinelone et Sekoia.io intégration est un article de blog Sekoia.io .
>Expanding tech stack and increasing number of tools urge security operations teams to seek a one-stop solution for centralizing events and alerts. Under these conditions of growing risks, the Sekoia SOC platform becomes a silver-bullet solution for backing up SOC teams. It serves as a control tower for cybersecurity and easily collects, correlates, and analyzes […] La publication suivante SentinelOne and Sekoia.io Integration est un article de Sekoia.io Blog. |
Tool | ★★ | |
|
2024-01-31 12:53:00 | Hackers chinois exploitant des défauts VPN pour déployer des logiciels malveillants Krustyloader Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware (lien direct) |
Une paire de défauts zéro-jours récemment divulgués dans les appareils de réseau privé virtuel (VPN) Ivanti Connect Secure (ICS) a été exploité pour livrer une charge utile basée sur la rouille appelée & nbsp; krustyloader & nbsp; que \\ est utilisée pour supprimer le Sliver open-sourceoutil de simulation adversaire.
La & nbsp; les vulnérabilités de sécurité, suivies sous le nom de CVE-2023-46805 (score CVSS: 8,2) et CVE-2024-21887 (score CVSS: 9.1), pourrait être abusé
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that\'s used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused |
Malware Tool Vulnerability Threat | ★★★ | |
|
2024-01-31 11:00:00 | Bulletproofing the Retail Cloud avec la sécurité de l'API Bulletproofing the retail cloud with API security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability. Evolving cyber threats necessitate a dynamic approach to API security, making it a moving target that requires continuous attention and adaptation. Understanding the retail cloud environment API is a set of protocols and tools that allows different software applications to communicate with each other. In cloud environments, it facilitates the interaction between cloud services and applications, enabling features — like data synchronization, payment processing and inventory management — to work seamlessly together. It is also pivotal in the retail sector by connecting various services and applications to deliver a smooth shopping experience. If organizations neglect API security, cybercriminals can exploit APIs to access confidential information, leading to a loss of customer trust, which is critical in the highly competitive retail market. Regular API audits and assessments These audits help identify vulnerabilities before attackers can exploit them, ensuring organizations can promptly address security gaps. Regular assessments are also proactive measures to fix current issues and anticipate future threats. They enable IT teams to verify that security measures are current with the latest protection standards and to confirm APIs comply with internal policies and external regulations. By routinely evaluating API security, retailers can detect anomalies, manage access controls effectively and guarantee they consistently apply encryption standards. Robust authentication and authorization They verify the identity of users and systems, ensuring only legitimate parties can access sensitive retail data. Utilizing multi-factor authentication, which requires more than one verification method, significantly enhances security by adding layers that an unauthorized user must penetrate. With authorization, it’s crucial to implement protocols that dictate what authenticated users can do. Effective approval guarantees users have access only to the data and actions necessary for their role. For instance, role-based access control can help manage user permissions with greater granularity. Retailers can assign roles and permissions based on job functions, enabling tight control over who is authorized to view or alter data within the API ecosystem. Encryption and data protection Encryption is an essential barrier, obscuring data to make it indecipherable to unauthorized users who might intercept it during transmission or gain access to storage systems. It’s also critical for retailers to manage encryption keys with strict policies, ensuring only authorized personnel can decrypt the data. Beyond protection, comprehensive data encryption allows retailers, especially in the apparel industry, to collect and analyze extensive customer data safely. This data is invaluable for forecasting trends, customer pre | Tool Vulnerability Threat Cloud | ★★★ | |
 |
2024-01-30 20:30:00 | Évolution de UNC4990: Découvrir les profondeurs cachées de USB MALWARE \\ Evolution of UNC4990: Uncovering USB Malware\\'s Hidden Depths (lien direct) |
Défense gérée mandiante Suivi unc4990 , un acteur qui utilise fortement les périphériques USB pour l'infection initiale.UNC4990 cible principalement les utilisateurs basés en Italie et est probablement motivé par un gain financier.Nos recherches montrent que cette campagne est en cours depuis au moins 2020. malgré son apparition sur la tactique séculaire de l'armement USBDrives, UNC4990 continue d'évoluer leurs outils, tactiques et procédures (TTPS).L'acteur est passé de l'utilisation de fichiers texte codés apparemment bénins à l'hébergement de charges utiles sur des sites Web populaires tels que Ars Technica, Github, Gitlab et Vimeo. Les services légitimes abusés par
Mandiant Managed Defense has been tracking UNC4990, an actor who heavily uses USB devices for initial infection. UNC4990 primarily targets users based in Italy and is likely motivated by financial gain. Our research shows this campaign has been ongoing since at least 2020.Despite relying on the age-old tactic of weaponizing USB drives, UNC4990 continues to evolve their tools, tactics and procedures (TTPs). The actor has moved from using seemingly benign encoded text files to hosting payloads on popular websites such as Ars Technica, GitHub, GitLab, and Vimeo.The legitimate services abused by |
Malware Tool Cloud | ★★★★ | |
|
2024-01-30 19:59:14 | Gitgot: Github exploité par les cybercriminels pour stocker des données volées GitGot: GitHub Leveraged by Cybercriminals to Store Stolen Data (lien direct) |
#### Description
Les chercheurs de réversion desBabs ont découvert deux packages malveillants sur le gestionnaire de packages Open Source NPM qui exploite Github pour stocker des clés SSH cryptées Base64 volées retirées des systèmes de développeurs qui ont installé les packages NPM malveillants.
Les forfaits, Warbeast2000 et Kodiak2K, ont été identifiés en janvier et ont depuis été retirés du NPM.Le package Warbeast2000 a été téléchargé un peu moins de 400 fois, tandis que le Kodiak2k a été téléchargé environ 950 fois.Les acteurs malveillants derrière les packages ont utilisé Github pour stocker les informations volées.
Le package Warbeast2000 ne contenait que quelques composants et était toujours en cours de développement lors de sa détection.Le package lancerait un script PostInstall qui a récupéré et exécuté un fichier JavaScript.Ce script malveillant en deuxième étape a lu la clé SSH privée stockée dans le fichier id_rsa situé dans le répertoire /.ssh.Il a ensuite téléchargé la clé codée Base64 à un référentiel GitHub contrôlé par l'attaquant.Le package Kodiak2K avait plus de 30 versions différentes et, à part les premiers, tous étaient malveillants.Le package a également exécuté un script trouvé dans un projet GitHub archivé contenant le cadre Empire Post-Exploitation.Le script invoque également l'outil de piratage Mimikatz, qui est couramment utilisé pour vider les informations d'identification à partir de la mémoire du processus.
#### URL de référence (s)
1. https://www.reversingLabs.com/blog/gitgot-cybercriminals-using-github-t-store-stolen-data
#### Date de publication
23 janvier 2024
#### Auteurs)
Lucija Valentić
#### Description ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base64-encrypted SSH keys lifted from developer systems that installed the malicious npm packages. The packages, warbeast2000 and kodiak2k, were identified in January and have since been removed from npm. The warbeast2000 package was downloaded a little less than 400 times, whereas the kodiak2k was downloaded around 950 times. The malicious actors behind the packages used GitHub to store the stolen information. The warbeast2000 package contained just a few components and was still under development when it was detected. The package would launch a postinstall script that fetched and executed a javascript file. This second stage malicious script read the private ssh key stored in the id_rsa file located in the /.ssh directory. It then uploaded the Base64 encoded key to an attacker-controlled GitHub repository. The kodiak2k package had more than 30 different versions and, apart from the first few, all of them were malicious. The package also executed a script found in an archived GitHub project containing the Empire post-exploitation framework. The script also invokes the Mimikatz hacking tool, which is commonly used to dump credentials from process memory. #### Reference URL(s) 1. https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data #### Publication Date January 23, 2024 #### Author(s) Lucija Valentić |
Tool Threat | ★★★★ | |
|
2024-01-30 17:39:33 | Schneider Electric confirme l'attaque des ransomwares contre la division de la durabilité Schneider Electric confirms ransomware attack on sustainability division (lien direct) |
La multinationale française Schneider Electric a déclaré que sa division commerciale de durabilité avait souffert d'une attaque de ransomware au début du mois.La société a confirmé l'incident dans un communiqué cette semaine que l'attaque a affecté son produit de conseil en ressources - un outil de visualisation des données pour les informations sur la durabilité - ainsi que d'autres «systèmes spécifiques à la division».Schneider Electric a dit qu'ils
French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month. The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product - a data visualization tool for sustainability information - as well as other “division specific systems.” Schneider Electric said they |
Ransomware Tool | ★★ | |
|
2024-01-30 13:07:46 | Surveillance Web sombre: un outil vital pour les MSSP Dark Web Monitoring: A Vital Tool for MSSPs (lien direct) |
> Dans l'âge numérique, les violations de données, les cyber-menaces et la sécurité de l'information sont à l'avant-garde ...
>In today’s digital age, data breaches, cyber threats, and information security are at the forefront... |
Tool | ★★★ | |
|
2024-01-29 14:42:02 | Informations exploitables: protégez vos identités vulnérables Actionable Insights: Protect Your Vulnerable Identities (lien direct) |
In this blog series, we cover how to improve your company\'s security posture with actionable insights. Actionable insights are a critical tool to help you improve your security posture and stop initial compromise in the attack chain. You can use them to identify and respond to potential risks, enhance your incident response capabilities and make more informed security decisions. Figure 1. Steps in the cyberattack chain. In previous actionable insights blog posts, we covered these topics: People risk Origin risk Business email compromise (BEC) risk Ensuring proper risk context Risk efficacy Telephone-oriented attack delivery (TOAD) risk Threat intelligence Executive Summary Condemnation Summary In this post, we show you the value of integrating data from Proofpoint Identity Threat Defense into the Proofpoint Targeted Attack Protection (TAP) Dashboard. You can now use this data about your identity risks to stop initial compromise and prevent the lateral movement of threats in your environment. Get insights about your vulnerable identities IT and security professionals are always looking for ways to stay ahead of evolving threats and protect their organizations. The TAP Dashboard from Proofpoint has long been a valuable tool in this fight. It provides crucial visibility into email threats and user activity. Now that the TAP Dashboard uses data from Proofpoint Identity Threat Defense, it has become even more powerful. Rich data about identity risks can help you see the impact of a potential compromise without having to leave the TAP Dashboard. Let\'s explore what this looks like in the dashboard-and how you can use this identity data to strengthen your security posture. Insights for supercharged visibility One new addition to the People page in the TAP Dashboard is the Identity Threat Attack Paths column. It reveals the currently available attack paths for each user, which are based on their identified vulnerabilities. No more digging through separate tools. You can now have a clear picture within the TAP Dashboard of how a threat actor could use each identity to escalate privilege and move laterally. Figure 2. Identity Threat Attack Paths column in the TAP Dashboard. You can also view identity risk factors for each user. This allows you to gain a deeper understanding of the potential impact of compromise for each user. The metrics you can view include: Overall risk exposure Number of potential attack paths associated with the user Key identity vulnerabilities associated with the user Figure 3. Identity risk factors for individual users. This data can help you to prioritize your response efforts. You can use it to better focus on securing the identities that might be used to cause the most harm to your business. Example use case Take this example of a hypothetical user named Dona Hosby, a 47-year-old finance director. She has access to client accounts and sensitive financial data. Despite her crucial role in the business, Hosby tends to be less cautious about clicking on suspicious email links and attachments. From the TAP Dashboard, Hosby is identified as a Very Attacked Person™ (VAP) with a high attack index. However, this risk level is not unique to her; others in the company share similar risk levels. With data enrichment from Proofpoint Identity Threat Defense, the TAP Dashboard shows that Hosby is also a shadow admin, which exposes her to critical risks. A shadow admin is an individual or account that has elevated privileges or access rights that are not in compliance with the company\'s security policies. We can also see the number of lateral attack paths (41) an attacker could take from Hosby\'s identity. This information can help the security team to pinpoint which VAPs in the organization pose a higher post-compromise risk. Figures 4 and 5 show what these insights look like in the TAP Dashboard. Figure 4: Example identity risk metrics in the TAP Dashboard for Dona Hosby. Fi | Tool Vulnerability Threat | ★★★ | |
|
2024-01-29 11:00:00 | Étude de cas: USM de Vertek \\ partout où MDR aide plus grand concessionnaire automobile dans le nord-est à améliorer leur posture de cybersécurité Case study: Vertek\\'s USM Anywhere MDR helps larger auto dealership in the northeast improve their Cybersecurity posture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Challenges A larger auto dealership in the northeast faced a number of cybersecurity challenges, including: Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC). The lack of trained security experts resulted in slower responses times to security incidents. Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data. Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks. Solution The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek\'s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console. The service easily integrates with the existing security stack and is implemented without interruption to existing operations. Benefits Since implementing Vertek\'s USM Anywhere MDR service the dealership has experienced a number of benefits, including: Improved security posture: Vertek\'s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights. Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence. Reduced workload and more effective allocation of resources: Vertek\'s MDR service has reduced the workload on the dealership\'s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency. Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership. Improved peace of mind: Vertek\'s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats. Specific example Vertek was actively monitoring a customer\'s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer\'s Active Directory server. Vertek\'s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users. Vertek\'s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network. Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs. Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek\'s security team quickly took steps to mitiga | Ransomware Malware Tool Vulnerability Threat Studies | ★★★ | |
 |
2024-01-29 10:30:00 | Cyber: le couteau de l'armée suisse de Tradecraft Cyber: The Swiss army knife of tradecraft (lien direct) |
Dans le monde interconnecté numérique d'aujourd'hui, les cyber-capacités avancées sont devenues un outil exceptionnellement puissant et polyvalent de la métier pour les États-nations et les criminels
In today\'s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike |
Tool | ★★ | |
|
2024-01-29 10:02:08 | Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (lien direct) | L'éducation à la cybersécurité de l'enfance est un outil vital: 72% des enfants du monde entier ont connu au moins un type de cyber-menace
Par Check Point Team
-
revues de produits
Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat By Check Point Team - Product Reviews |
Tool Threat | ★★★ | |
|
2024-01-29 01:51:11 | Pourquoi le Top 10 de la sécurité de l'API OWASP est essentiel pour chaque entreprise Why the OWASP API Security Top 10 is Essential for Every Business (lien direct) |
À une époque où la transformation numérique dicte le rythme de la croissance des entreprises, les API sont devenues la pierre angulaire de l'architecture d'entreprise moderne.Les API ne sont pas seulement des outils techniques;Ce sont des actifs vitaux qui stimulent les processus métier, améliorent les expériences des clients et ouvrent de nouvelles voies pour l'innovation.Cependant, avec une grande puissance s'accompagne d'une grande responsabilité, en particulier en termes de sécurité.OWASP API Security Top 10 offre une feuille de route pour protéger ces outils essentiels contre l'évolution des cyber-menaces.Pour les dirigeants d'entreprise et les professionnels de la sécurité, la compréhension et la mise en œuvre des principes ...
In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open new avenues for innovation. However, with great power comes great responsibility, especially in terms of security. OWASP API Security Top 10 offers a roadmap to safeguard these essential tools against evolving cyber threats. For business executives and security professionals alike, understanding and implementing the principles... |
Tool Technical | ★★ | |
|
2024-01-27 01:06:04 | Construire votre boîte à outils de défense: outils et tactiques pour lutter contre les cyber-menaces Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats (lien direct) |
> Par uzair amir
Bien que les cybercriminels créent leur boîte à outils, en tant qu'utilisateur, vous devez également vous tenir prêt pour des cyberattaques sans méfiance et garder une boîte à outils de sécurité pour votre défense.
Ceci est un article de HackRead.com Lire la publication originale: Construire votre boîte à outils de défense: outils et tactiques pour lutter contre les cyber-menaces
>By Uzair Amir While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence. This is a post from HackRead.com Read the original post: Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats |
Tool | ★★★ | |
|
2024-01-26 17:26:19 | Des milliers de messages Web sombres exposent des plans d'abus de chatpt Thousands of Dark Web Posts Expose ChatGPT Abuse Plans (lien direct) |
> Par deeba ahmed
Les cybercriminels font activement la promotion de l'abus de chatppt et de chatbots similaires, offrant une gamme d'outils malveillants, des logiciels malveillants aux kits de phishing.
Ceci est un article de HackRead.com Lire la publication originale: Des milliers de messages Web sombres exposent des plans d'abus de chatppt
>By Deeba Ahmed Cybercriminals are actively promoting the abuse of ChatGPT and similar chatbots, offering a range of malicious tools from malware to phishing kits. This is a post from HackRead.com Read the original post: Thousands of Dark Web Posts Expose ChatGPT Abuse Plans |
Malware Tool | ChatGPT | ★★★ |
|
2024-01-26 17:02:23 | Microsoft dit que les pirates russes ont utilisé une tactique précédemment identifiée pour infraction Microsoft says Russian hackers used previously-identified tactic to breach senior exec emails (lien direct) |
Les pirates russes ont abusé d'un outil d'authentification populaire pour accéder aux comptes de messagerie des cadres supérieurs de Microsoft, selon une nouvelle déclaration du géant de la technologie.Microsoft a été serré à propos d'un incident - annoncé vendredi après-midi La semaine dernière - la semaine dernière - la semaine dernière -Le fait qu'ils aient dit impliquant le compromis de plusieurs mois des comptes de messagerie d'entreprise.
Russian hackers abused a popular authentication tool to gain access to the email accounts of senior executives at Microsoft, according to a new statement from the tech giant. Microsoft has been tightlipped about an incident - announced late on Friday afternoon last week - that they said involved the months-long compromise of corporate email accounts. |
Tool | ★★ | |
|
2024-01-25 20:18:28 | Kasseika Ransomware déploie BYOVD ATTAQUES ABUS Psexec et exploite le pilote Martini Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver (lien direct) |
#### Description
L'opération de ransomware nommée \\ 'Kasseika \' a adopté Bring vos propres tactiques de pilote vulnérable (BYOVD) pour désactiver le logiciel antivirus avant de crypter des fichiers.
Kasseika exploite le pilote Martini, qui fait partie du système d'agent Virtt Soft \\ de TG Soft, pour désactiver les produits antivirus protégeant le système ciblé.Trend Micro a découvert Kasseika en décembre 2023, notant ses similitudes avec Blackmatter, suggérant qu'il pourrait avoir été construit par d'anciens membres ou acteurs qui ont acheté le code de Blackmatter \\.L'attaque commence par un e-mail de phishing, volant des informations d'identification pour l'accès initial, suivie de l'outil d'abus de Psexec Windows pour le mouvement latéral.Kasseika utilise des attaques BYOVD pour gagner des privilèges, résilier les processus antivirus et exécuter son ransomware binaire, exigeant une rançon de Bitcoin et offrant aux victimes une option de décryptage dans les 120 heures.
#### URL de référence (s)
1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attades-abuses-psexec-and-expl.html
#### Date de publication
25 janvier 2024
#### Auteurs)
Chercheurs Trendmicro
#### Description The ransomware operation named \'Kasseika\' has adopted Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. Kasseika exploits the Martini driver, part of TG Soft\'s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro discovered Kasseika in December 2023, noting its similarities with BlackMatter, suggesting it may have been built by former members or actors who purchased BlackMatter\'s code. The attack begins with a phishing email, stealing credentials for initial access, followed by the abuse of Windows PsExec tool for lateral movement. Kasseika utilizes BYOVD attacks to gain privileges, terminate antivirus processes, and execute its ransomware binary, demanding a Bitcoin ransom and providing victims with a decryption option within 120 hours. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html #### Publication Date January 25, 2024 #### Author(s) TrendMicro Researchers |
Ransomware Tool Prediction | ★★★ | |
|
2024-01-25 19:48:09 | Parrot TDS: une campagne de logiciels malveillants persistants et évolutives Parrot TDS: A Persistent and Evolving Malware Campaign (lien direct) |
#### Description
Le Parrot TDS (Traffic Redirect System) a augmenté sa campagne depuis octobre 2021, utilisant des techniques sophistiquées pour éviter la détection et potentiellement impactant des millions de personnes par le biais de scripts malveillants sur des sites Web compromis.
Identifiée par les chercheurs de l'unité 42, Parrot TDS injecte des scripts malveillants dans le code JavaScript existant sur les serveurs, le profilage stratégique des victimes avant de fournir des charges utiles qui redirigent les navigateurs vers un contenu malveillant.Notamment, la campagne TDS présente une large portée, ciblant les victimes à l'échelle mondiale sans limites basées sur la nationalité ou l'industrie.Pour renforcer les tactiques d'évasion, les attaquants utilisent plusieurs lignes de code JavaScript injecté, ce qui rend plus difficile pour les chercheurs en sécurité de détecter.Les attaquants, utilisant probablement des outils automatisés, exploitent les vulnérabilités connues, en mettant l'accent sur les serveurs compromis à l'aide de WordPress, Joomla ou d'autres systèmes de gestion de contenu.
#### URL de référence (s)
1. https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_jt3yi5rhpmao
#### Date de publication
19 janvier 2024
#### Auteurs)
Zhanglin he
Ben Zhang
Billy Melicher
Qi Deng
Boqu
Brad Duncan
#### Description The Parrot TDS (Traffic Redirect System) has escalated its campaign since October 2021, employing sophisticated techniques to avoid detection and potentially impacting millions through malicious scripts on compromised websites. Identified by Unit 42 researchers, Parrot TDS injects malicious scripts into existing JavaScript code on servers, strategically profiling victims before delivering payloads that redirect browsers to malicious content. Notably, the TDS campaign exhibits a broad scope, targeting victims globally without limitations based on nationality or industry. To bolster evasion tactics, attackers utilize multiple lines of injected JavaScript code, making it harder for security researchers to detect. The attackers, likely employing automated tools, exploit known vulnerabilities, with a focus on compromising servers using WordPress, Joomla, or other content management systems. #### Reference URL(s) 1. https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_jt3yi5rhpmao #### Publication Date January 19, 2024 #### Author(s) Zhanglin He Ben Zhang Billy Melicher Qi Deng Bo Qu Brad Duncan |
Malware Tool Vulnerability Threat | ★★★ | |
|
2024-01-25 17:40:00 | \\ 'Cherryloader \\' Les logiciels malveillants permettent une exécution sérieuse de privilèges \\'CherryLoader\\' Malware Allows Serious Privilege Execution (lien direct) |
Un téléchargeur sportif et modulaire permet aux pirates de choisir leurs exploits - dans ce cas, deux outils puissants pour obtenir un accès administrateur dans un système Windows.
A sporty, modular downloader allows hackers to cherry-pick their exploits - in this case, two powerful tools for gaining admin access in a Windows system. |
Malware Tool | ★★★ | |
|
2024-01-25 16:32:42 | Outil Amazon à Sunset qui permettait aux forces de la loi d'obtenir des images à partir de sonnettes d'anneau Amazon to sunset tool that let law enforcement obtain footage from Ring doorbells (lien direct) |
Amazon a annoncé mercredi qu'ils rendront plus difficile pour les services de police de demander des images générées par des sonnettes vidéo et des caméras de surveillance des clients.La pratique était depuis longtemps sous le feu des groupes de libertés civiles et Certains politiciens .Eric Kuhn, qui dirige la plate-forme de voisins de la société, a déclaré la fonction de «demande d'assistance» controversée de Ring \\
Amazon announced Wednesday that they will make it harder for police departments to ask for footage generated from customers\' Ring video doorbells and surveillance cameras. The practice had long been under fire from civil liberties groups and some politicians. Eric Kuhn, who helms the company\'s Neighbors Platform, said Ring\'s controversial “Request for Assistance” (RFA) function |
Tool | ★★★ |
To see everything:
Our RSS (filtrered)
