What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-08-01 15:09:45 | Bloodhound réécrit l'outil open source, lance l'édition communautaire BloodHound Rewrites Open Source Tool, Launches Community Edition (lien direct) |
L'écosystème open source pour les technologies de sécurité offensive et défensive est florissante, donnant aux équipes de sécurité l'accès à un large éventail d'outils pour faire leur travail.
The open source ecosystem for offensive and defensive security technologies is flourishing, giving security teams access to a wide range of tools to do their jobs. |
Tool | ★★ | |
 |
2023-08-01 14:00:03 | Votre première ligne de défense contre les ransomwares: sase Your First Line of Defense Against Ransomware: SASE (lien direct) |
> Statista dit que 71% des entreprises mondiales ont ressenti l'impact des tendances des ransomwares.Au total, 62,9% des victimes de ransomwares ont payé la rançon.Ils utilisent une myriade de techniques et d'outils pour infiltrer les réseaux, les applications et les ordinateurs car ils jettent les bases de la demande de rançon.C'est pourquoi une solution Secure Access Service Edge (SASE) qui se concentre sur la protection de ces actifs contre les ransomwares est votre première ligne de défense contre les attaquants.Un risque accru avec des ransomwares de travail flexibles peut exploiter l'accès aux ressources des entreprises, y compris les centres de données, les IaaS et les environnements de production cloud pour se propager au sein de votre organisation, vous bloquant de Vital [& # 8230;]
>Statista says that 71% of global businesses felt the impact of ransomware trends. A total of 62.9% of the ransomware victims paid the ransom. They use myriad techniques and tools to infiltrate networks, applications and computers as they lay the groundwork for the ransom demand. This is why a Secure Access Service Edge (SASE) solution that focuses on protecting these assets against ransomware is your first line of defense against attackers. Increased Risk with Flexible Work Ransomware can exploit access to corporate resources, including data centers, IaaS, and cloud production environments to propagate within your organization, blocking you from vital […] |
Ransomware Tool Cloud | ★ | |
 |
2023-08-01 13:00:29 | Investir dans une main-d'œuvre de cybersécurité robuste Investing in a Robust Cybersecurity Workforce (lien direct) |
> Les réseaux de Palo Alto priorisent la sensibilisation à la cybersécurité et l'éducation afin que les individus de tous âges et de tous horizons aient les outils pour rester en sécurité en ligne.
>Palo Alto Networks prioritizes cybersecurity awareness and education so individuals of all ages and backgrounds have the tools to stay safe online. |
Tool | ★★ | |
 |
2023-08-01 12:00:46 | Les outils de cybercriminalité basés sur l'IA Wormgpt et Fraudgpt pourraient être la pointe de l'iceberg AI-Based Cybercrime Tools WormGPT and FraudGPT Could Be The Tip of the Iceberg (lien direct) |
> L'essor des outils de cybercriminalité alimentés par l'IA comme Wormgpt et Fraudgpt a des implications importantes pour la cybersécurité alors que l'avenir de l'IA malveillante se développe rapidement quotidiennement.Découvrez les outils, leurs fonctionnalités et leur impact potentiel sur le paysage numérique.La montée en puissance de la cybercriminalité alimentée par l'IA: Wormgpt & # 38;Fraudgpt le 13 juillet, nous avons rendu compte de l'émergence [& # 8230;]
The Post AI-basé sur l'AILes outils de cybercriminalité Wormgpt et Fraudgpt pourraient être la pointe de l'iceberg apparu pour la première fois sur slashnext .
>The rise of AI-powered cybercrime tools like WormGPT and FraudGPT has significant implications for cybersecurity as the future of malicious AI is rapidly developing daily. Learn about the tools, their features, and their potential impact on the digital landscape. The Rise of AI-Powered Cybercrime: WormGPT & FraudGPT On July 13th, we reported on the emergence […] The post AI-Based Cybercrime Tools WormGPT and FraudGPT Could Be The Tip of the Iceberg first appeared on SlashNext. |
Tool | ★★ | |
 |
2023-08-01 10:08:16 | Les cybercriminels forment des chatbots d'IA pour le phishing, des attaques de logiciels malveillants Cybercriminals train AI chatbots for phishing, malware attacks (lien direct) |
Dans le sillage de Wormgpt, un clone Chatgpt formé sur des données axées sur les logiciels malveillants, un nouvel outil de piratage génératif de l'intelligence artificielle appelée fraudegpt a émergé, et au moins un autre est en cours de développement qui serait basé sur l'expérience de Google \\ S, Bard.[...]
In the wake of WormGPT, a ChatGPT clone trained on malware-focused data, a new generative artificial intelligence hacking tool called FraudGPT has emerged, and at least another one is under development that is allegedly based on Google\'s AI experiment, Bard. [...] |
Malware Tool | ChatGPT ChatGPT | ★★★ |
 |
2023-08-01 10:00:00 | Top 15 des plates-formes de gestion de la posture de sécurité des données (DSPM) pour 2023 Top 15 Data Security Posture Management (DSPM) platforms for 2023 (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data Security Posture Management (DSPM) plays a critical role in identifying security risks, prioritizing misconfigurations, and implementing a zero-trust framework. It is an emerging technology, and there are only a few capable solutions that provide good product offerings. Check out the list of some of the best DSPM platforms that can be considered to streamline data protection, governance, and compliance efforts. Top Data Security Posture Management (DSPM) tools to watch 1. Securiti DSPM Securiti DSPM ranks at the top on Gartner’s list of DSPM platforms in this category. Gartner has given a rating of 4.7 which is the highest amongst other products. The tool is built to protect an organization’s data, especially sensitive data, everywhere. The platform covers data in numerous environments and across various formats, such as structured and unstructured data systems. Users can gain visibility of their data at rest and in motion across public, private, hybrid, and multi-cloud systems. The solution also covers SaaS environments which is a plus since traditionally, DSPM covers only public clouds. The solution leverages AI/ML-powered sensitive data insights to streamline their data governance strategy, data lineage, access policies and controls, and privacy operations, such as cross-border transfer policies. 2. Symmetry DataGuard Symmetry DataGuard comes second to Securiti in ranking and rating as well. The DSPM solution has received a 4.6 rating in the Product Capabilities and Customer Experience categories. It delivers real-time data protection. With visibility of data and advanced analytics, security teams can not only ensure data security but also availability and integrity. Users can leverage that granular information to power their IAM engines to implement effective data controls, access, and permission. Symmetry DataGuard can be an expensive and you’ll need to invest time to understand the product because of its extensive capabilities and features. 3. Sentra Sentra’s DSPM platform is built for speed and efficiency. The platform offers agentless discovery, which means that data doesn’t leave an organization’s secure environment, and hence there’s zero disruption to the productivity of teams. Another important aspect of Sentra’s DSPM solution is that it is easy to implement and scale. It further offers great integration capability and thus enables organizations to integrate with various ecosystems for discovering data. 4. Dig Security Platform Up to 77% of users would recommend Dig Security Platform, suggests Gartner. The DSPM platform has garnered a 4.2 rating on the review platform. The tool can help security and data teams to effectively identify and discover data and perform accurate categorization and classification. The data detection and response capabilities of the solution further ensure robust data protection. Teams can have a complete understanding of their data spread across physical and virtual databases and protect sensitive data from security risks, such as data exfiltration, ransomware, and shadow data. 5. Flow Security Flow Security covers a large set of environments to discover all data of an organization. For instance, the solution can scan through on-prem infrastructure, multiple cloud environments, SaaS applicatio | Tool Vulnerability Cloud | ★★ | |
|
2023-07-31 20:49:00 | Protéger la propriété intellectuelle lorsqu'elle doit être partagée Protecting Intellectual Property When It Needs to Be Shared (lien direct) |
Les entreprises doivent utiliser une variété d'outils et de stratégies, à la fois techniques et politiques, pour protéger leur IP contre les risques tiers.
Companies should use a variety of tools and strategies, both technical and policy, to protect their IP from third-party risk. |
Tool | ★★★ | |
|
2023-07-31 19:33:00 | Systèmes ICS à ponction aérienne ciblés par des logiciels malveillants sophistiqués Air-Gapped ICS Systems Targeted by Sophisticated Malware (lien direct) |
Les chercheurs ont découvert de nouveaux outils de deuxième étape de vermidage utilisés pour exfiltrer localement les données des environnements ICS à puits d'air, mettant les acteurs de la menace à un pas de la transmission des informations à un C2.
Researchers uncovered new worming second-stage tools used to locally exfiltrate data from air gapped ICS environments, putting threat actors one step away from transmission of the info to a C2. |
Malware Tool Threat Industrial | ★★ | |
 |
2023-07-31 19:22:00 | \\ 'Worm-like \\' botnet malware ciblant l'outil de stockage redis populaire \\'Worm-like\\' botnet malware targeting popular Redis storage tool (lien direct) |
Un groupe inconnu de pirates utilise une nouvelle souche de logiciels malveillants pour attaquer les déploiements de redis accessibles publics - un outil de stockage de données populaire utilisé par les grandes sociétés comme Amazon, Hulu et Tinder.Des chercheurs de CADO Security Labs ont expliqué que ce qui se démarquait le plus était le fait que le malware semble être un
An unknown group of hackers is using a novel strain of malware to attack publicly accessible deployments of Redis - a popular data storage tool used by major companies like Amazon, Hulu and Tinder. Researchers from Cado Security Labs explained that what stood out most was the fact that the malware appears to be a |
Malware Tool | ★★ | |
 |
2023-07-31 15:09:57 | Les conseillers en renseignement de Biden \\ recommandent de réformer l'accès au FBI à l'outil d'espionnage controversé Biden\\'s intelligence advisers recommend reforming FBI access to controversial spying tool (lien direct) |
Le rapport intervient alors que le Congrès se débarrasse de renouveler l'article 702 de la FISA, qui devrait expirer à la fin de l'année.
The report comes as Congress debates whether to renew Section 702 of FISA, which is set to expire at the end of the year. |
Tool | ★★ | |
 |
2023-07-31 14:08:00 | Fruity Trojan utilise des installateurs de logiciels trompeurs pour diffuser Remcos Rat Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (lien direct) |
Les acteurs de la menace créent de faux sites Web hébergeant des installateurs de logiciels trojanisés pour inciter les utilisateurs sans méfiance à télécharger un logiciel malveillant de téléchargeur appelé Fruity dans le but d'installer des outils de chevaux de Troie distants comme Remcos Rat.
"Parmi les logiciels en question figurent divers instruments pour les processeurs à réglage fin, les cartes graphiques et les bios; outils de surveillance du matériel PC; et certaines autres applications", Cybersecurity
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity |
Malware Tool Threat | ★★ | |
|
2023-07-31 10:00:00 | Ram Dump: Comprendre son & timide; & timide; RAM dump: Understanding its importance and the process (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the realm of digital forensics and incident response, the analysis of volatile memory, commonly referred to as RAM (Random Access Memory), plays a pivotal role in extracting crucial evidence and uncovering valuable information. RAM dump - the process of capturing the contents of a computer\'s memory, is a vital step in preserving volatile data for forensic examination. This article aims to shed light on the importance of RAM dump in digital investigations and provide insights into the process involved. The significance of RAM dump Volatile nature of RAM: RAM is a volatile form of memory that holds data temporarily while a computer is powered on. Once the system is shut down, the contents of RAM are lost. Therefore, capturing a RAM dump becomes essential to preserve valuable evidence that may not be available through traditional disk-based analysis. Dynamic and live information: RAM contains real-time information about running processes, active network connections, open files, encryption keys, passwords, and other critical artifacts. Analyzing the RAM dump allows forensic investigators to access this dynamic and live information, providing insights into the state of the system at the time of the incident. Uncovering hidden or encrypted data: RAM often holds data that may not be easily accessible through traditional file system analysis. It can reveal information about active malware, hidden processes, encrypted data in memory, or remnants of deleted files, offering a wealth of evidence that can be crucial to an investigation. The RAM dump process Acquiring a RAM dump: To perform a RAM dump, specialized tools or techniques are used to capture the contents of RAM. Common methods include physical access and utilizing software tools designed for memory acquisition. Physical access allows directly connecting to the computer\'s memory modules, while software tools can acquire RAM remotely or by creating a memory image from a hibernation file. Preserving data integrity: It is essential to ensure the integrity of the RAM dump during acquisition to maintain its evidentiary value. This involves utilizing write-blocking mechanisms, verifying the integrity of the acquired image, and documenting the entire process to establish a proper chain of custody. Analyzing the RAM dump: Once the RAM dump is acquired, it can be analyzed using specialized software tools designed for memory forensics. These tools enable investigators to extract information, identify running processes, recover artifacts, and search for patterns or indicators of compromise. Extracting volatile data: The RAM dump analysis involves extracting volatile data such as active network connections, running processes, loaded drivers, registry information, file handles, and other artifacts. This data can be used to reconstruct the system\'s state, identify malicious activities, or uncover hidden information. Memory carving and artifacts recovery: Memory carving techniques are employed to search for specific file types or artifacts within the RAM dump. This process involves identifying file headers or signatures and reconstructing files from the memory image. This can be particularly useful in recovering deleted or encrypted files. RAM dumps can be acquired using specialised tools like FTK Imager and Magnet Ram Capturer (both of which are available for free) or the analysis can be done using specialised tools or Open source frameworks like Volatility Framew | Tool | ★★ | |
 |
2023-07-31 04:00:00 | L'IA réduit les cycles de vie et les coûts de violation de données AI reduces data breach lifecycles and costs (lien direct) |
> Les outils de cybersécurité que vous mettez en œuvre peuvent faire une différence dans l'avenir financier de votre entreprise.Selon le coût IBM 2023 d'un rapport de violation de données, les organisations utilisant l'IA de sécurité et l'automatisation ont engagé moins de coûts de violation de données par rapport aux entreprises n'utilisant pas les outils de cybersécurité basés sur l'IA.Le rapport a révélé que plus une organisation utilise [& # 8230;]
>The cybersecurity tools you implement can make a difference in the financial future of your business. According to the 2023 IBM Cost of a Data Breach report, organizations using security AI and automation incurred fewer data breach costs compared to businesses not using AI-based cybersecurity tools. The report found that the more an organization uses […] |
Data Breach Tool | ★★ | |
|
2023-07-28 10:00:00 | Gestion des appareils mobiles: sécuriser le lieu de travail moderne Mobile Device Management: Securing the modern workplace (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. More mobile devices, more problems. The business landscape has shifted dramatically, as more endpoints connect to corporate networks from a wider variety of locations and are transmitting massive amounts of data. Economic forces and a lengthy pandemic have caused a decentralization of the workforce and increased adoption of a hybrid workplace model. Today, employees are more mobile than ever. The modern workforce and workplace have experienced a significant increase in endpoints, or devices connecting to the network, and managing these diverse endpoints across various geographic locations has grown in complexity. Here’s an analogy: imagine a bustling city, with its many roads, highways, and intersections. Each road represents a different endpoint, and the city itself symbolizes your corporate network. As the city grows and expands, more roads are built, connecting new neighborhoods and districts. Our corporate networks are like expanding cities. But along with digital transformation and a distributional shift of the workforce, the cybersecurity landscape is evolving at an equal pace. The multitude of endpoints that connect to the network is widening the attack surface that bad actors with malicious intent can exploit. From a cybersecurity perspective, more endpoints represent a significant business risk. Organizations need to understand the importance of managing and securing their endpoints and how these variables are intertwined for a complete endpoint security strategy. The evolution of Mobile Device Management Traditional Mobile Device Management has existed in some form since the early 2000s, when smartphones entered the marketplace. MDM has evolved over the last few decades, and in some way, Unified Endpoint Management (UEM) represents this modern evolution. Today, unified endpoint management has become a prominent solution for modern IT departments looking to secure their expanding attack surfaces. UEM is more than just managing endpoints. The “unified” represents one console for deploying, managing, and helping to secure corporate endpoints and applications. UEM offers provisioning, detection, deployment, troubleshooting, and updating abilities. UEM software gives IT and security departments visibility and control over their devices as well as their end-users, delivered through a centralized management console. For a more detailed discussion of mobile device security, check out this article. What is the difference between MDM and UEM? Unified Endpoint Management (UEM) and Mobile Device Management (MDM) are both solutions used to manage and secure an organization\'s devices, but their scope and capabilities differ. Mobile Device Management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees\' mobile devices deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. MDM is primarily concerned with device security, allowing organizations to enforce policies, manage device settings, monitor device status, and secure devices if lost or stolen. On the other hand, Unified Endpoint Management (UEM) is a more comprehensive solution that manages and secures not just mobile devices but all endpoints within an organization. This includes PCs, laptops, smartphones, tablets, and IoT devices. UEM solutions provide a single management console from which IT can control all these devices, | Tool Vulnerability Threat Medical | ★★★ | |
 |
2023-07-28 08:46:25 | AI dans la nature: applications malveillantes des outils d'IA traditionnels AI in the Wild: Malicious Applications of Mainstream AI Tools (lien direct) |
> 
Ce n'est pas tous des limericks drôles, des portraits bizarres et des sketchs viraux hilarants.Chatgpt, Bard, Dall-E, Craiyon, Voice.ai et un hôte entier ...
> 
It\'s not all funny limericks, bizarre portraits, and hilarious viral skits. ChatGPT, Bard, DALL-E, Craiyon, Voice.ai, and a whole host...
|
Tool | ChatGPT | ★★★ |
 |
2023-07-28 07:00:00 | SuperImage – L\'application ultime pour améliorer vos photos grâce à l\'IA (lien direct) | En tant qu’amoureux de la technologie et de la photographie, je ne pouvais pas m’empêcher de vous parler de cette nouvelle application révolutionnaire nommée SuperImage. Cette petite app pour Android et Windows 11 utilise un réseau neuronal (deep learning) pour mettre à l’échelle et améliorer la qualité de vos images … Suite | Tool | ★★★ | |
|
2023-07-28 01:00:00 | Cyclops lance à partir de furtivité avec un outil de recherche basé sur l'IA génératif Cyclops Launches From Stealth With Generative AI-Based Search Tool (lien direct) |
La plate-forme de recherche de cybersécurité contextuelle aide les équipes de sécurité à recueillir des informations sur l'environnement et la posture de sécurité de l'organisation.
The contextual cybersecurity search platform helps security teams gather information about the organization\'s environment and security posture. |
Tool | ★★ | |
|
2023-07-27 20:10:00 | Le sénateur appelle le DOJ à enquêter sur le prétendu hack chinois de Microsoft Cloud Tools Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools (lien direct) |
Un sénateur américain de premier plan a demandé au ministère de la Justice et à plusieurs autres agences d'enquêter sur un récent hack de comptes de messagerie fournis par Microsoft utilisés par les hauts responsables gouvernementaux.Dans une lettre publié jeudi et premier rapporté par le Wall Street Journal , le sénateur américain Ron Wyden (D-ou)Département de la justice, Commission fédérale du commerce et cybersécurité et
A leading U.S. senator asked the Justice Department and several other agencies to investigate a recent hack of Microsoft-provided email accounts used by top government officials. In a letter published on Thursday and first reported by the Wall Street Journal, U.S. Senator Ron Wyden (D-OR) asked the Justice Department, Federal Trade Commission and Cybersecurity and |
Hack Tool Cloud | ★★ | |
|
2023-07-27 18:42:00 | Nouvelle campagne de malvertising distribuant des outils informatiques trojanisés via les annonces de recherche Google et Bing New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads (lien direct) |
Une nouvelle campagne de malvertising a été observée en tirant parti des publicités sur Google Search et Bing pour cibler les utilisateurs à la recherche d'outils comme des outils comme AnyDesk, Cisco AnyConnect VPN et WinSCP, et les inciter à télécharger des installateurs trojanisés dans le but de briser les réseaux d'entreprise et de réaliser probablement de futurs ransomwares dans les futurs ransomwaresattaques.
Surnommé d'azote, l'activité "opportuniste" est conçue pour déployer la deuxième étape
A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks. Dubbed Nitrogen, the "opportunistic" activity is designed to deploy second-stage |
Ransomware Tool | ★★ | |
 |
2023-07-27 18:17:09 | Trouver des bogues de sécurité dans les itinéraires d'applications Web avec la détection d'itinéraire Find security bugs in web application routes with route-detect (lien direct) |
Route-Detect est un nouvel outil AppSec de ligne de commande pour trouver des bogues d'authentification et d'autorisation dans les routes d'application Web.
route-detect is a new command-line AppSec tool for finding authentication and authorization bugs in web application routes. |
Tool | ★★ | |
|
2023-07-27 16:55:00 | Les 4 clés de la création de programmes de sécurité cloud qui peuvent réellement se déplacer à gauche The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (lien direct) |
Au fur et à mesure que les applications cloud sont construites, testées et mises à jour, elles se frayent un chemin à travers une série toujours complexe de différents outils et équipes.Sur des centaines, voire des milliers de technologies qui composent la courtepointe patchwork des environnements de développement et de cloud, les processus de sécurité sont trop souvent appliqués dans les phases finales du développement logiciel.
Placer la sécurité à la toute fin du
As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development. Placing security at the very end of the |
Tool Cloud | ★★ | |
|
2023-07-27 14:00:00 | Pourquoi les cisos d'aujourd'hui doivent embrasser le changement Why Today\\'s CISOs Must Embrace Change (lien direct) |
Avec le changement plus rapidement que jamais, les outils peuvent aider à combler les lacunes des capacités, ainsi que la formation accélérée de la main-d'œuvre.
With change happening faster than ever before, tools can help bridge capability gaps, along with accelerated workforce training. |
Tool | ★★ | |
 |
2023-07-27 12:01:55 | Les hauts et les bas de 0 jours: une année en revue des 0 jours exploités dans le monde en 2022 The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 (lien direct) |
Maddie Stone, Security Researcher, Threat Analysis Group (TAG)This is Google\'s fourth annual year-in-review of 0-days exploited in-the-wild [2021, 2020, 2019] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a whole, looking for trends, gaps, lessons learned, and successes. Executive Summary41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in 2021. Although a 40% drop might seem like a clear-cut win for improving security, the reality is more complicated. Some of our key takeaways from 2022 include:N-days function like 0-days on Android due to long patching times. Across the Android ecosystem there were multiple cases where patches were not available to users for a significant time. Attackers didn\'t need 0-day exploits and instead were able to use n-days that functioned as 0-days. | Tool Vulnerability Threat Prediction Conference | ★★★ | |
|
2023-07-27 10:00:00 | Ce que vos pairs veulent savoir avant d'acheter un outil DLP What your peers want to know before buying a DLP tool (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data. Organizations, now more than ever before, rely on voluminous amounts of data to conduct business. When data leakage or a breach occurs, the organization is forced to deal with the negative consequences, such as the high cost associated with data breach fines and remediation and reputational harm to their company and brand. Data loss prevention (DLP) solutions help mitigate the risk of data loss. Losses can occur as a result of insider-related incidents (e.g., employee theft of proprietary information), or due to physical damage to computers, or as a result of human error (e.g., unintentional file deletion or sharing sensitive data in an email). In addition to the various ways an organization might experience data loss, mitigating the risk of loss requires the right people, processes, and technology. Meeting the technology requirement can be a challenge when it comes to selecting the right DLP solution. During the vendor exploration and evaluation phases, there may be questions about whether it makes sense to invest in a solution that protects the network, endpoints, or the cloud or whether it’s better to select a solution that protects the enterprise and takes into account the hybrid nature of many organizations. Data classification and labeling The decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. This blog will discuss three additional things you should consider before making such an investment. Let’s begin with the types of data an organization collects, stores, and analyzes to conduct business. To have a successful data loss prevention program, it’s important to identify all types of data (e.g., financial data, health data, or personally identifiable information) and to classify the data according to its value and the risk to the organization if it is leaked or exfiltrated. Data classification is the process of categorizing data to easily retrieve and store it for business use. It also protects it from loss and theft and enables regulatory compliance activities. Today, systems are more dispersed, and organizations have hybrid and remote workforce models, so it is critical to protect data regardless of where it resides or with whom it is shared. This kind of protection requires properly classified and labeled data. Automated data classification is foundational to preventing data loss. It is the best way for organizations to fully understand what types of data they have, as well as the characteristics of the data and what privacy and security requirements are necessary to protect the data. Properly classifying data also enables the organization to set policies for each data type. Techniques to identify sensitive data DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way the policy does not allow. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the docu | Data Breach Tool Cloud | ★★★ | |
 |
2023-07-27 02:51:26 | Tripwire Enterprise: réinventer un produit gagnant Tripwire Enterprise: Reimagining a Winning Product (lien direct) |
Combien de produits de sécurité faut-il pour surveiller une organisation?Même une petite entreprise se retrouve souvent à travailler avec plusieurs outils de surveillance pour obtenir une visibilité dans sa posture de sécurité.Cela crée plusieurs angles morts, car un analyste de sécurité doit sauter entre différents outils avec différents formats et configurations pour rechercher un incident de sécurité.L'ajout de ce problème est que les rapports de chaque outil diffère généralement, faisant de la création d'un rapport uniforme une corvée.Les intégrations et Splunk, de nombreuses organisations ont essayé de résoudre leur problème individuel en utilisant Splunk pour ...
How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security incident. Adding to this problem is that the reporting from each tool usually differs, making the creation of a uniform report a chore. Integrations and Splunk Many organizations have tried to solve their individual problem by using Splunk to... |
Tool | ★★ | |
|
2023-07-26 15:32:00 | Nouvel outil AI \\ 'fraudegpt \\' émerge, adapté à des attaques sophistiquées New AI Tool \\'FraudGPT\\' Emerges, Tailored for Sophisticated Attacks (lien direct) |
Suite aux traces de Wormpt, les acteurs de la menace font de la publicité pour un autre outil d'intelligence artificielle générative (IA) de cybercriminalité (IA) surnommé Fraudgpt sur diverses marchés Web sombres et canaux télégrammes.
"Il s'agit d'un bot IA, exclusivement ciblé à des fins offensives, telles que la fabrication de courriels de phishing de lance, la création d'outils de craquage, le cardage, etc.
Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. "This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc.," Netenrich security researcher Rakesh Krishnan |
Tool Tool Threat | ★★ | |
 |
2023-07-26 15:05:00 | Les marchés Web sombres offrent un nouvel outil Fraudegpt AI Dark Web Markets Offer New FraudGPT AI Tool (lien direct) |
L'outil peut élaborer des e-mails de phishing, créer des logiciels malveillants indétectables et identifier les sites vulnérables
The tool can craft phishing emails, create undetectable malware and identify vulnerable sites |
Malware Tool | ★ | |
|
2023-07-26 10:00:00 | Comment améliorer la sensibilisation au phishing des employés How to improve employee phishing awareness (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it? Let\'s delve deeper and unravel the potential issues and solutions. In recent years, we have seen an uptick in the delivery of malware via phishing attacks. Compounding the problem is the rising volume of email fatigue, which can lead to less vigilance and increased vulnerability. Regrettably, email protection software does not fully safeguard against phishing due to the inevitable human factor involved. Indeed, there is a reason why social engineering continues to be a preferred strategy for cybercriminals - its effectiveness is exceptional. Many organizations are already conducting training sessions and rolling out specialized programs to enhance employee awareness about phishing. These programs are not just theoretical but also offer hands-on experience, allowing employees to interact with possible threats in real-world scenarios. For this, companies often use simulated phishing attacks, which are a vital part of their awareness programs. Some businesses manage these cyber exercises internally through their information security teams, while others enlist the help of service providers. However, these training sessions and mock phishing exercises are not without their flaws. At times, technical issues can disrupt the process. In other instances, the problem lies with the employees who may exhibit apathy, failing to fully engage in the process. There are indeed numerous ways in which problems can arise during the implementation of these programs. Email messages caught by technical means of protection It is standard practice for most companies to operate various email security systems, like Secure Email Gateway, DMARC, SPF, DKIM tools, sandboxes, and various antivirus software. However, the goal of simulated phishing within security awareness training is to test people, not the effectiveness of technical protective tools. Consequently, when initiating any project, it is crucial to adjust the protection settings so your simulated phishing emails can get through. Do not forget to tweak all tools of email protection at all levels. It is important to establish appropriate rules across all areas. By tweaking the settings, I am certainly not suggesting a total shutdown of the information security system - that would be unnecessary. When sending out simulated phishing emails, it is important to create exceptions for the IP addresses and domains that these messages come from, adding them to an allowlist. After making these adjustments, conduct a test run to ensure the emails are not delayed in a sandbox, diverted to junk folders, or flagged as spam in the Inbox. For the training sessions to be effective and yield accurate statistics, there should be no issues with receiving these training emails, such as blocking, delays, or labeling them as spam. Reporting phishing Untrained employees often become victims of phishing, but those who are prepared, do more than just skip and delete suspicious messages; they report them to their company\'s | Spam Malware Tool | ★★★ | |
 |
2023-07-26 08:12:34 | Netskope présente SkopeAI (lien direct) | Netskope présente SkopeAI, une sécurité révolutionnaire basée sur l'IA pour l'avenir de la protection des données et de la défense contre les cybermenaces Surmontant la complexité et les limites des outils hérités incapables de suivre la vitesse de l'IA, SkopeAI démocratise la protection avancée des données pour chaque utilisateur - Produits | Tool | ★★ | |
|
2023-07-25 16:39:24 | \\ 'fraudegpt \\' chatbot malveillant maintenant à vendre sur Dark Web \\'FraudGPT\\' Malicious Chatbot Now for Sale on Dark Web (lien direct) |
L'offre générative basée sur l'abonnement et générateur AI se joint à une tendance croissante vers le "jailbreaking générateur d'IA" pour créer des outils de copie pour les cyberattaques.
The subscription-based, generative AI-driven offering joins a growing trend toward "generative AI jailbreaking" to create ChatGPT copycat tools for cyberattacks. |
Tool Prediction | ChatGPT ChatGPT | ★★ |
|
2023-07-25 16:20:54 | 10 outils de sécurité gratuits pour l'équipe violette pour vérifier 10 Free Purple Team Security Tools to Check Out (lien direct) |
Consultez la liste organisée des outils et plates-formes sympas pour les experts en sécurité offensive et les défenseurs qui seront publiés ou démo chez Black Hat USA 2023.
Check out the curated list of cool tools and platforms for both offensive security experts and defenders which will be released or demoed at Black Hat USA 2023. |
Tool | ★★★★ | |
 |
2023-07-25 15:15:13 | CVE-2023-37895 (lien direct) | Le problème de désérialisation de l'objet Java dans Jackrabbit WebApp / Standalone sur toutes les plates-formes permet à l'attaquant d'exécuter à distance le code via Rmiversions jusqu'à (y compris) 2.20.10 (branche stable) et 2.21.17 (branche Unstable) utilise le composant "Commons Beanutils", qui contient une classe qui peut être utilisée pour l'exécution du code à distance sur RMI.
Il est conseillé aux utilisateurs de mettre à jour immédiatement les versions 2.20.11 ou 2.21.18.Notez que les succursales stables antérieures (1.0.x .. 2.18.x) ont déjà été eold et ne reçoivent plus de mises à jour.
En général, le support RMI peut exposer les vulnérabilités par la simple présence d'une classe exploitable sur le chemin de classe.Même si Jackrabbit lui-même ne contient aucun code connu pour être exploitable, l'ajout d'autres composants à votre serveur peut exposer le même type de problème.Nous recommandons donc de désactiver complètement l'accès RMI (voir plus loin) et discuterons de la dépréciation du support RMI dans les futures versions de Jackrabbit.
Comment vérifier si la prise en charge RMI est activée, la prise en charge peut être supérieure à un port TCP spécifique à RMI et sur une liaison HTTP.Les deux sont par défaut activés dans Jackrabbit WebApp / Standalone.
Le protocole RMI natif par défaut utilise le port 1099. Pour vérifier s'il est activé, des outils comme "netstat" peuvent être utilisés pour vérifier.
RMI-Over-Http dans Jackrabbit par défaut utilise le chemin "/ rmi".Ainsi, lorsque vous exécutez autonome sur le port 8080, vérifiez si une demande de GET HTTP sur localhost: 8080 / RMI renvoie 404 (non activé) ou 200 (activé).Notez que le chemin HTTP peut être différent lorsque le WebApp est déployé dans un conteneur en contexte non racine, auquel cas le préfixe est sous le contrôle de l'utilisateur \\.
Désactiver RMIFIND web.xml (soit dans le fichier JAR / WAR, soit dans un dossier d'application Web déballé), et supprimez la déclaration et la définition de mappage pour le RemoteBindingServlet:
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp; rmi
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp; org.apache.jackrabbit.servlet.remote.remotebindingServlet
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp; rmi
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp; / rmi
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;
Trouvez le fichier bootstrap.properties (dans $ repository_home) et définissez
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;rmi.enabled = false
& Acirc; & nbsp;& Acirc; & nbsp;etsupprimer également
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;RMI.Host
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;rmi.port
& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;& Acirc; & nbsp;rmi.url-sattern
& Acirc; & nbsp; S'il n'y a pas de fichier nommé bootstrap.properties dans $ repository_home, il est situé quelque part dans le chemin de classe.Dans ce cas, placez une copie dans $ repository_home et modifiez-la comme expliqué.
& Acirc; & nbsp;
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately u |
Tool Vulnerability | ||
|
2023-07-25 14:00:25 | Comment l'IA générative affecte la sécurité mobile How Generative AI Affects Mobile Security (lien direct) |
> moi: "Pouvez-vous être utilisé à mauvais escient pour les cyberattaques?"Chat GPT: «En tant que modèle de langue AI, je n'ai pas d'agence ou d'intentions à moi.Cependant, comme toute technologie, je peux potentiellement être utilisé à mauvais escient par des personnes malveillantes.En fin de compte, la responsabilité de l'utilisation et de l'utilisation abusive potentielle des systèmes d'IA incombe aux utilisateurs.Il est important que les individus et les organisations aient été importants d'utiliser la technologie de l'IA éthiquement et de manière responsable, d'adhérer aux directives juridiques et éthiques, et de prendre des précautions pour éviter tout préjudice ou abus. »Dans cette conversation, le chatppt n'est pas faux… des outils génératifs de l'intelligence artificielle (IA) tels que le chat GPT et Google Bard [& # 8230;]
>Me: “Can you be misused for cyber-attacks?” Chat GPT: “As an AI language model, I don’t have agency or intentions of my own. However, like any technology, I can potentially be misused by individuals with malicious intent. Ultimately, the responsibility for the use and potential misuse of AI systems lies with the users. It’s important for individuals and organizations to use AI technology ethically and responsibly, adhering to legal and ethical guidelines, and taking precautions to prevent any harm or misuse.” In this conversation, ChatGPT is not wrong… Generative artificial intelligence (AI) tools such as Chat GPT and Google Bard […] |
Tool | ChatGPT ChatGPT | ★★ |
|
2023-07-25 13:00:00 | La combinaison des outils EPP et EDR peut augmenter votre sécurité de point final Combining EPP and EDR tools can boost your endpoint security (lien direct) |
> La plate-forme de protection des terminaux (EPP) et les outils de détection et de réponse (EDR) (EDR) sont deux produits de sécurité couramment utilisés pour protéger les systèmes de point de terminaison contre les menaces.L'EPP est une solution de sécurité complète qui fournit une gamme de fonctionnalités pour détecter et prévenir les menaces pour les appareils de point de terminaison.Dans le même temps, EDR est spécialement conçu pour surveiller, détecter et [& # 8230;]
>Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and […] |
Tool | ★★★ | |
|
2023-07-25 10:00:00 | Ransomware Business Model - Qu'est-ce que c'est et comment le casser? Ransomware business model-What is it and how to break it? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The threat of ransomware attacks continues to strike organizations, government institutions, individuals, and businesses across the globe. These attacks have skyrocketed in frequency and sophistication, leaving a trail of disrupted operations, financial loss, and compromised data. Statistics reveal that there will be a new ransomware attack after every two seconds by 2031 while the companies lose between $1 and $10 million because of these attacks. As the security landscape evolves, cybercriminals change their tactics and attack vectors to maximize their profit potential. Previously, ransomware attackers employed tactics like email phishing, remote desktop protocol vulnerabilities, supply chain issues, and exploit kits to breach the system and implant the ransomware payloads. But now attackers have significantly changed their business model. Organizations need to adopt a proactive stance as more ransomware gangs emerge and new tactics are introduced. They must aim to lower their attack surface and increase their ability to respond to and recover from the aftermath of a ransomware attack. How is ransomware blooming as a business model? Ransomware has emerged as a thriving business model for cybercriminals. It is a highly lucrative and sophisticated method in which the attackers encrypt the data and release it only when the ransom is paid. Data backup was one way for businesses to escape this situation, but those lacking this had no option except to pay the ransom. If organizations delay or stop paying the ransom, attackers threaten to exfiltrate or leak valuable data. This adds more pressure on organizations to pay the ransom, especially if they hold sensitive customer information and intellectual property. As a result, over half of ransomware victims agree to pay the ransom. With opportunities everywhere, ransomware attacks have evolved as the threat actors continue looking for new ways to expand their operations\' attack vectors and scope. For instance, the emergence of the Ransomware-as-a-service (RaaS) model encourages non-technical threat actors to participate in these attacks. It allows cybercriminals to rent or buy ransomware toolkits to launch successful attacks and earn a portion of the profits instead of performing the attacks themselves. Moreover, a new breed of ransomware gangs is also blooming in the ransomware business. Previously, Conti, REvil, LockBit, Black Basta, and Vice Society were among the most prolific groups that launched the attacks. But now, the Clop, Cuban, and Play ransomware groups are gaining popularity as they exploit the zero-day vulnerability and impact various organizations. Ransomware has also become a professionalized industry in which attackers demand payments in Bitcoins only. Cryptocurrency provides anonymity and a more convenient way for cybercriminals to collect ransom payments, making it more difficult for law enforcement agencies to trace the money. Though the FBI discourages ransom | Ransomware Malware Tool Vulnerability Threat Studies Medical | ★★★ | |
|
2023-07-25 07:00:00 | Gum – Un outil pour écrire des scripts en un clin d\'oeil (lien direct) | Voici un outil fantastique nommé Gum qui va vous permettre d’écrire des scripts Shell et de gérer vos dotfiles en quelques lignes de code seulement, et après l’avoir testé, je suis sûr que vous ne pourrez plus vous en passer. Voici un exemple de ce qu’il est possible de faire … Suite | Tool | ★★★ | |
|
2023-07-24 14:15:10 | CVE-2022-28865 (lien direct) | Un problème a été découvert dans Nokia Netact 22 via la section du site Web de l'outil de configuration du site.Un utilisateur malveillant peut modifier un nom de fichier d'un fichier téléchargé pour inclure le code JavaScript, qui est ensuite stocké et exécuté par le navigateur Web d'une victime.Le mécanisme le plus courant pour fournir du contenu malveillant est de l'inclure comme paramètre dans une URL qui est publié publiquement ou par e-mail directement aux victimes.Ici, le paramètre de nom de fichier / netact / sct est utilisé.
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim\'s web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. |
Tool | ||
|
2023-07-24 14:15:10 | CVE-2022-28863 (lien direct) | Un problème a été découvert dans Nokia Netact 22. Un utilisateur distant, authentifié sur le site Web, peut visiter la section des outils de configuration du site et télécharger arbitrairement les fichiers potentiellement dangereux sans restrictions via le paramètre / netact / SCT Direct en conjonction avec la valeur Operation = téléchargement.
An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. |
Tool | ||
 |
2023-07-24 11:09:07 | Google aurait déconnecté les employés d'Internet Google Reportedly Disconnecting Employees from the Internet (lien direct) |
Soi-disant Google commence un programme pilote
La société désactivera l'accès Internet sur les ordinateurs de bureau sélectionnés, à l'exception des outils Web internes et des sites Web appartenant à Google comme Google Drive et Gmail.Certains travailleurs qui ont besoin d'Internet pour faire leur travail obtiendront des exceptions, la société a déclaré dans les matériaux.
Google n'a pas confirmé cette histoire.
Plus news Articles .
Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials. Google has not confirmed this story. More news articles. |
Tool | ★★★ | |
|
2023-07-24 10:01:02 | Comment le Web sombre réagit-il à la révolution de l'IA? How is the Dark Web Reacting to the AI Revolution? (lien direct) |
Les cybercriminels utilisent et créent déjà des outils malveillants basés sur des modèles de langage d'IA open source pour le phishing et le développement de logiciels malveillants.En savoir plus sur Flare sur la façon dont les acteurs de la menace commencent à utiliser l'IA.[...]
Cybercriminals are already utilizing and creating malicious tools based on open source AI language models for phishing and malware development. Learn more from Flare about how threat actors are beginning to use AI. [...] |
Malware Tool Threat | ★★ | |
|
2023-07-22 07:00:00 | Xreveal – Cassez la sécurité de vos DVD et Blu-ray en un clin d\'œil (lien direct) | Aujourd’hui, je vous présente Xreveal, le petit génie dans la lampe qui va vous permettre de déchiffrer vos DVD et Blu-ray en arrière-plan, le tout en un rien de temps ! Mais avant de vous en dire plus, mettons les choses au clair : vous aurez besoin de clés de … Suite | Tool | ★★★ | |
|
2023-07-21 20:15:15 | CVE-2023-36339 (lien direct) | Un problème de contrôle d'accès dans webboss.io CMS v3.7.0 permet aux attaquants d'accéder à l'outil de sauvegarde du site Web via une demande de GET fabriquée.
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup Tool via a crafted GET request. |
Tool | ||
|
2023-07-20 21:26:00 | Outil de conférence Web d'OpenMeetings Apache exposé aux vulnérabilités critiques Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities (lien direct) |
Plusieurs défauts de sécurité ont été divulgués dans Apache OpenMetings, une solution de conférence Web, qui pourrait être potentiellement exploitée par des acteurs malveillants pour prendre le contrôle des comptes d'administration et exécuter du code malveillant sur des serveurs sensibles.
"Les attaquants peuvent introduire l'application dans un état inattendu, ce qui leur permet de reprendre n'importe quel compte utilisateur, y compris le compte d'administration"
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability |
Tool Vulnerability | ★★ | |
|
2023-07-20 16:03:33 | Sécurité de la chaîne d'approvisionnement pour Go, partie 3: décalage à gauche Supply chain security for Go, Part 3: Shifting left (lien direct) |
Julie Qiu, Go Security & Reliability and Jonathan Metzman, Google Open Source Security TeamPreviously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years. In this final installment, we\'ll discuss how “shift left” security can help make sure you have the security information you need, when you need it, to avoid unwelcome surprises. Shifting leftThe software development life cycle (SDLC) refers to the series of steps that a software project goes through, from planning all the way through operation. It\'s a cycle because once code has been released, the process continues and repeats through actions like coding new features, addressing bugs, and more.  Shifting left involves implementing security practices earlier in the SDLC. For example, consider scanning dependencies for known vulnerabilities; many organizations do this as part of continuous integration (CI) which ensures that code has passed security scans before it is released. However, if a vulnerability is first found during CI, significant time has already been invested building code upon an insecure dependency. Shifting left in this case mea |
Tool Vulnerability | ★★ | |
|
2023-07-20 14:00:57 | Le service CDN expose les utilisateurs à des forfaits malveillants pour les attaques de phishing invisibles aux outils de sécurité CDN Service Exposes Users to Malicious Packages for Phishing Attacks Invisible to Security Tools (lien direct) |
> le package malveillant précédemment supprimé est toujours accessible via JSDelivr et les résultats des fortes forts de l'attaque de phishing: CloudGuard Spectral a détecté un package malveillant sur NPM qui a appliqué une attaque de phishing pour gagner ses informations d'identification de l'utilisateur pour le faire, le package s'est appuyé surun fichier d'un package malveillant, déjà détecté et supprimé de NPM, qui était toujours disponible via un service CDN NPM populaire & # 8211;\\ 'jsdelivr \' Une fois détectée, nous avons alerté le NPM et JSDelivr du package malveillant et le NPM Flow malveillant et le NPM JSDelivr, court pour le gestionnaire de packages de nœuds, est un gestionnaire de packages largement utilisé pour le langage de programmation Javascript,,le [& # 8230;]
>Malicious package previously removed are still accessible through jsdelivr and results in phishing attack Highlights: CloudGuard Spectral detected a malicious package on NPM that applied a phishing attack to gain its user\'s credentials To do so, the package relied on a file from a malicious package, already detected and removed from NPM, which was still available through a popular NPM CDN service – \'jsdelivr\' Once detected, we\'ve alerted NPM and jsdelivr of the malicious package and the malicious flow NPM and jsdelivr NPM, short for Node Package Manager, is a widely used package manager for the JavaScript programming language, the […] |
Tool | ★★ | |
|
2023-07-20 14:00:00 | Choix de l'entreprise pour mesurer le risque Enterprise Choices in Measuring Risk (lien direct) |
Les organisations ont des options lorsqu'il s'agit de choisir le bon outil pour quantifier le risque
Organizations have options when it comes to choosing the right tool to quantify risk |
Tool | ★★ | |
|
2023-07-20 12:50:00 | Des pirates nord-coréens liés à une tentative d'attaque de chaîne d'approvisionnement sur les clients de JumpCloud North Korean hackers linked to attempted supply-chain attack on JumpCloud customers (lien direct) |
Les pirates nord-coréens étaient à l'origine d'une violation de l'entreprise logicielle JumpCloud qui faisait partie d'une tentative d'attaque de chaîne d'approvisionnement ciblant les sociétés de crypto-monnaie, a-t-il été rapporté jeudi.JumpCloud - qui fournit des outils de gestion de l'identité et de l'accès aux appareils d'entreprise - a annoncé plus tôt ce mois-ci qu'une «nation sophistiquée-Acteur de menace parrainé par l'État »avait réussi
North Korean hackers were behind a breach of the software business JumpCloud that formed part of an attempted supply-chain attack targeting cryptocurrency companies, it was reported on Thursday. JumpCloud - which provides identity and access management tools for enterprise devices - announced earlier this month that a “sophisticated nation-state sponsored threat actor” had managed in |
Tool Threat | APT 38 | ★★ |
 |
2023-07-20 11:35:59 | SBOM a expliqué: comment SBOMS améliore la sécurité des applications natives dans le cloud SBOM Explained: How SBOMs Improve Cloud-native Application Security (lien direct) |
Un stupéfiant 96% des organisations utilisent des bibliothèques open source, mais moins de 50% gèrent activement les vulnérabilités de sécurité au sein de ces bibliothèques.Les vulnérabilités sont les bienvenus pour violations des mauvais acteurs, et une fois qu'ils ont entré votre système, l'impact peut être colossal.Une facture de matériel logiciel (SBOM) est un outil important pour gérer la sécurité des logiciels open source.Ici, nous explorerons comment les SBOMS aident les organisations à comprendre ce qui est dans leurs applications, à garantir la conformité réglementaire et à gérer le risque global.
Où les SBOM s'inscrivent-ils dans le programme de sécurité de votre application?
Considérez un SBOM comme une loupe qui vous permet de voir de plus près ce qui se passe dans vos applications natives dans le cloud.Les SBOMS fournissent une vue détaillée des composants open source que les développeurs et les professionnels de la sécurité peuvent utiliser pour comprendre la sécurité des bibliothèques et des dépendances tierces utilisées dans une application.Avec ces informations, les équipes peuvent créer des campagnes de cyber-hygiène contre connu…
A staggering 96% of organizations utilize open-source libraries, yet fewer than 50% actively manage the security vulnerabilities within these libraries. Vulnerabilities are welcome mats for breaches from bad actors, and once they\'ve entered your system, the impact can be colossal. A software bill of materials (SBOM) is an important tool for managing the security of open-source software. Here we will explore how SBOMs help organizations understand what\'s in their applications, ensure regulatory compliance, and manage overall risk. Where Do SBOMs Fit in Your Application Security Program? Think of an SBOM as a magnifying glass that allows you to get a closer look at what goes on in your cloud-native applications. SBOMs provide a detailed view of open-source components that developers and security professionals can use to understand the security of third-party libraries and dependencies used in an application. With that information, teams can create cyber hygiene campaigns against known… |
Tool Vulnerability | ★★★ | |
 |
2023-07-20 07:41:09 | Cybersécurité : les outils open source que conseille l\'ANSSI américaine (lien direct) | La CISA, homologue américaine de l'ANSSI, propose une liste de produits et services de sécurité gratuits. Focus sur une trentaine d'outils open source qui y figurent. | Tool | ★★★ | |
|
2023-07-20 00:00:00 | Infosec ne sait pas quels outils aiment les orgs utilisent Infosec Doesn\\'t Know What AI Tools Orgs Are Using (lien direct) |
Astuce: les organisations utilisent déjà une gamme d'outils d'IA, avec Chatgpt et Jasper.ai ouvrant la voie.
Hint: Organizations are already using a range of AI tools, with ChatGPT and Jasper.ai leading the way. |
Tool | ChatGPT ChatGPT | ★★★ |
To see everything:
