What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-03 19:21:04 | Polish Politician\'s Phone Patrolled by Pegasus (lien direct) | A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware. | ★★★ | ||
|
2023-03-03 18:00:00 | 3 Ways Security Teams Can Use IP Data Context (lien direct) | Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it. | ★★★ | ||
|
2023-03-03 17:17:00 | Chick-fil-A Customers Have a Bone to Pick After Account Takeovers (lien direct) | A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details. | ★★ | ||
|
2023-03-03 15:00:00 | It\'s Time to Assess the Potential Dangers of an Increasingly Connected World (lien direct) | With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack. | Cloud | ★★★ | |
|
2023-03-03 02:44:00 | IBM Contributes Supply Chain Security Tools to OWASP (lien direct) | License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard. | ★★★ | ||
|
2023-03-02 23:26:00 | Axis Security Acquisition Strengthens Aruba\'s SASE Solutions With Integrated Cloud Security and SD-WAN (lien direct) | Pas de details / No more details | Cloud | ★★★ | |
|
2023-03-02 23:06:00 | CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds (lien direct) | The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. | Tool | ★★★ | |
|
2023-03-02 22:06:00 | Biden\'s Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security (lien direct) | The new White House plan outlines proposed minimum security requirements in critical infrastructure - and for shifting liability for software products to vendors. | ★★★ | ||
|
2023-03-02 22:00:00 | BlackLotus Bookit Found Targeting Windows 11 (lien direct) | Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find. | ★★★ | ||
|
2023-03-02 18:24:00 | What GoDaddy\'s Years-Long Breach Means for Millions of Clients (lien direct) | The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. | Threat | ★★★ | |
|
2023-03-02 18:00:25 | Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (lien direct) | Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service. | ★★★★ | ||
|
2023-03-02 18:00:00 | Everybody Wants Least Privilege, So Why Isn\'t Anyone Achieving It? (lien direct) | Overcoming the obstacles of this security principle can mitigate the damages of an attack. | ★★★★ | ||
|
2023-03-02 17:00:00 | New Report: Inside the High Risk of Third-Party SaaS Apps (lien direct) | A new report from Adaptive Shield looks at the how volume of applications being connected to the SaaS stack and the risk they represent to company data. | Cloud | ★★★ | |
|
2023-03-02 16:16:00 | Booking.com\'s OAuth Implementation Allows Full Account Takeover (lien direct) | Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts. | ★★★ | ||
|
2023-03-02 16:10:59 | Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (lien direct) | It's 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises. | ★★★ | ||
|
2023-03-02 15:00:00 | On Shaky Ground: Why Dependencies Will Be Your Downfall (lien direct) | There's never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies. | ★★★ | ||
|
2023-03-01 23:50:00 | Ermetic Adds Kubernetes Security to CNAPP (lien direct) | The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters. | Uber | ★★★ | |
|
2023-03-01 22:58:00 | Octillo Launches Women\'s Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education (lien direct) | Pas de details / No more details | ★ | ||
|
2023-03-01 22:50:00 | (Déjà vu) DoControl\'s 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets (lien direct) | Volume of SaaS assets and events magnifies risks associated with manual management and remediation. | Threat Cloud | ★ | |
|
2023-03-01 22:40:00 | Visibility Is as Vital as Zero Trust for Low-Code/No-Code Security (lien direct) | By authenticating and authorizing every application, and by maintaining data lineage for auditing, enterprises can reduce the chances of data exfiltration. | ★★ | ||
|
2023-03-01 22:40:00 | Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR (lien direct) | New eXtended Detection and Response Solution is 450X more efficient than typical SOCs at converting telemetry and logs into actionable alerts. | ★★ | ||
|
2023-03-01 22:30:00 | Fastly Launches Managed Security Service to Protect Enterprises From Rising Web Application Attacks (lien direct) | Pas de details / No more details | ★★ | ||
|
2023-03-01 22:25:00 | Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services (lien direct) | The cyberattackers might have potentially accessed customer information, the service provider warns. | Ransomware | ★★ | |
|
2023-03-01 20:40:00 | Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development (lien direct) | Updated OffSec™ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future. | ★★ | ||
|
2023-03-01 19:34:00 | Linux Support Expands Cyber Spy Group\'s Arsenal (lien direct) | An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems. | Malware | ★★★ | |
|
2023-03-01 18:33:26 | What Happened in That Cyberattack? With Some Cloud Services, You May Never Know (lien direct) | More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics. | Cloud | ★★★ | |
|
2023-03-01 18:00:00 | The Importance of Recession-Proofing Security Operations (lien direct) | Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone. | ★★ | ||
|
2023-03-01 15:30:00 | CISA: ZK Java Framework RCE Flaw Under Active Exploit (lien direct) | The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately. | ★★ | ||
|
2023-03-01 15:00:00 | Without FIDO2, MFA Falls Short (lien direct) | The open authentication standard addresses existing multifactor authentication security vulnerabilities. | General Information | ★★ | |
|
2023-03-01 14:59:02 | Cyberattackers Double Down on Bypassing MFA (lien direct) | As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway. | ★★ | ||
|
2023-03-01 01:21:00 | CISOs Share Their 3 Top Challenges for Cybersecurity Management (lien direct) | The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio. | ★★★ | ||
|
2023-03-01 00:45:00 | Google Adds Client-Side Encryption to Gmail, Calendar (lien direct) | The data protection capability is now available across multiple Workspace applications: Gmail, Calendar, Drive, Docs, Slides, Sheets, and Meet. | ★★ | ||
|
2023-02-28 23:09:00 | (Déjà vu) Hoxhunt Launches Human Risk Management Platform (lien direct) | Platform uniquely designed to facilitate automated compliance, security behavior change. | ★★★ | ||
|
2023-02-28 23:02:00 | Two of The Worst Healthcare Data Breaches in US History Happened Last Year (lien direct) | Pas de details / No more details | ★★ | ||
|
2023-02-28 22:32:00 | LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation (lien direct) | The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. | Cloud | LastPass | ★★ |
|
2023-02-28 22:04:00 | Exfiltrator-22: The Newest Post-Exploitation Toolkit Nipping at Cobalt Strike\'s Heels (lien direct) | The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed. | ★★★ | ||
|
2023-02-28 21:20:00 | US Marshals Ransomware Hit Is \'Major\' Incident (lien direct) | Unknown attackers made off with a raft of PII, the Justice Department says - but witnesses in the protection program are still safe. | Ransomware | ★★ | |
|
2023-02-28 18:55:00 | WannaCry Hero & Kronos Malware Author Named Cybrary Fellow (lien direct) | Marcus Hutchins, who set up a "kill switch" that stopped WannaCry's spread, later pled guilty to creating the infamous Kronos banking malware. | Malware | Wannacry Wannacry | ★★★ |
|
2023-02-28 17:43:44 | Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist (lien direct) | The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. | Cloud | Uber | ★★ |
|
2023-02-28 16:10:00 | China\'s BlackFly Targets Materials Sector in \'Relentless\' Quest for IP (lien direct) | Separate attacks on two subsidiaries of an Asian conglomerate reflect a surge of cyber-espionage activity in the region in the last 12 months. | APT 41 | ★★★ | |
|
2023-02-28 15:00:00 | The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (lien direct) | The war on critical infrastructure demands a better security strategy. | Ransomware | ★★★ | |
|
2023-02-27 22:55:00 | Active Digital Identity Apps to Surpass 4.1B by 2027 (lien direct) | Pas de details / No more details | ★ | ||
|
2023-02-27 22:40:00 | Attackers Were on Network for 2 Years, News Corp Says (lien direct) | The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China. | ★★★★ | ||
|
2023-02-27 22:00:00 | Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform (lien direct) | Cloud security vendor Wiz has raised $900 million since its founding in 2020. | Cloud | ★★★ | |
|
2023-02-27 20:58:00 | Vouched Raises $6.3M to Expand AI Identity Verification Offering to Telemedicine and Healthcare (lien direct) | Vouched now covers more than 85% of the global population, as demand accelerates for its platform to securely automate KYC and KYP compliance to better serve patients and drive revenue. | ★★ | ||
|
2023-02-27 19:30:00 | How to Reduce Code Risk Using Pipelineless Security (lien direct) | The exposure and exploitation of hardcoded secrets continues to drive software supply chain attacks. One solution: zero new hardcoded secrets. | ★★★ | ||
|
2023-02-27 19:25:00 | All CVEs Are Not Created Equal (lien direct) | Vulnerabilities impact each industry differently, so each sector needs to think about its defenses and vulnerability management differently. | Vulnerability | ★★★ | |
|
2023-02-27 19:02:00 | Palo Alto Announces Zero-Trust Security Solution for OT (lien direct) | New Zero Trust OT Security solution secures critical infrastructure without additional sensors. | ★★ | ||
|
2023-02-27 18:30:46 | Mobile Banking Trojans Surge, Doubling in Volume (lien direct) | Mobile malware developers were busy bees in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before. | Malware | ★★★ | |
|
2023-02-27 17:55:00 | ThreatHunter.ai Launches "More Eyes" Program to Help Large Organizations Mitigate Cyber Threats (lien direct) | Pas de details / No more details | ★★★ |
To see everything:
