Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-03 19:21:04 |
Polish Politician\'s Phone Patrolled by Pegasus (lien direct) |
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-03 18:00:00 |
3 Ways Security Teams Can Use IP Data Context (lien direct) |
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-03 17:17:00 |
Chick-fil-A Customers Have a Bone to Pick After Account Takeovers (lien direct) |
A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-03 15:00:00 |
It\'s Time to Assess the Potential Dangers of an Increasingly Connected World (lien direct) |
With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack. |
Cloud
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-03 02:44:00 |
IBM Contributes Supply Chain Security Tools to OWASP (lien direct) |
License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 23:26:00 |
Axis Security Acquisition Strengthens Aruba\'s SASE Solutions With Integrated Cloud Security and SD-WAN (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 23:06:00 |
CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds (lien direct) |
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. |
Tool
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 22:06:00 |
Biden\'s Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security (lien direct) |
The new White House plan outlines proposed minimum security requirements in critical infrastructure - and for shifting liability for software products to vendors. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 22:00:00 |
BlackLotus Bookit Found Targeting Windows 11 (lien direct) |
Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 18:24:00 |
What GoDaddy\'s Years-Long Breach Means for Millions of Clients (lien direct) |
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. |
Threat
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 18:00:25 |
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (lien direct) |
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 18:00:00 |
Everybody Wants Least Privilege, So Why Isn\'t Anyone Achieving It? (lien direct) |
Overcoming the obstacles of this security principle can mitigate the damages of an attack. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 17:00:00 |
New Report: Inside the High Risk of Third-Party SaaS Apps (lien direct) |
A new report from Adaptive Shield looks at the how volume of applications being connected to the SaaS stack and the risk they represent to company data. |
Cloud
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 16:16:00 |
Booking.com\'s OAuth Implementation Allows Full Account Takeover (lien direct) |
Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 16:10:59 |
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (lien direct) |
It's 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-02 15:00:00 |
On Shaky Ground: Why Dependencies Will Be Your Downfall (lien direct) |
There's never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 23:50:00 |
Ermetic Adds Kubernetes Security to CNAPP (lien direct) |
The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters. |
|
Uber
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 22:58:00 |
Octillo Launches Women\'s Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education (lien direct) |
Pas de details / No more details |
|
|
★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 22:50:00 |
(Déjà vu) DoControl\'s 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets (lien direct) |
Volume of SaaS assets and events magnifies risks associated with manual management and remediation. |
Threat
Cloud
|
|
★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 22:40:00 |
Visibility Is as Vital as Zero Trust for Low-Code/No-Code Security (lien direct) |
By authenticating and authorizing every application, and by maintaining data lineage for auditing, enterprises can reduce the chances of data exfiltration. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 22:40:00 |
Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR (lien direct) |
New eXtended Detection and Response Solution is 450X more efficient than typical SOCs at converting telemetry and logs into actionable alerts. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 22:30:00 |
Fastly Launches Managed Security Service to Protect Enterprises From Rising Web Application Attacks (lien direct) |
Pas de details / No more details |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 22:25:00 |
Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services (lien direct) |
The cyberattackers might have potentially accessed customer information, the service provider warns. |
Ransomware
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 20:40:00 |
Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development (lien direct) |
Updated OffSec™ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 19:34:00 |
Linux Support Expands Cyber Spy Group\'s Arsenal (lien direct) |
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems. |
Malware
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 18:33:26 |
What Happened in That Cyberattack? With Some Cloud Services, You May Never Know (lien direct) |
More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics. |
Cloud
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 18:00:00 |
The Importance of Recession-Proofing Security Operations (lien direct) |
Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 15:30:00 |
CISA: ZK Java Framework RCE Flaw Under Active Exploit (lien direct) |
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 15:00:00 |
Without FIDO2, MFA Falls Short (lien direct) |
The open authentication standard addresses existing multifactor authentication security vulnerabilities. |
General Information
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 14:59:02 |
Cyberattackers Double Down on Bypassing MFA (lien direct) |
As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 01:21:00 |
CISOs Share Their 3 Top Challenges for Cybersecurity Management (lien direct) |
The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-03-01 00:45:00 |
Google Adds Client-Side Encryption to Gmail, Calendar (lien direct) |
The data protection capability is now available across multiple Workspace applications: Gmail, Calendar, Drive, Docs, Slides, Sheets, and Meet. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 23:09:00 |
(Déjà vu) Hoxhunt Launches Human Risk Management Platform (lien direct) |
Platform uniquely designed to facilitate automated compliance, security behavior change. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 23:02:00 |
Two of The Worst Healthcare Data Breaches in US History Happened Last Year (lien direct) |
Pas de details / No more details |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 22:32:00 |
LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation (lien direct) |
The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. |
Cloud
|
LastPass
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 22:04:00 |
Exfiltrator-22: The Newest Post-Exploitation Toolkit Nipping at Cobalt Strike\'s Heels (lien direct) |
The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 21:20:00 |
US Marshals Ransomware Hit Is \'Major\' Incident (lien direct) |
Unknown attackers made off with a raft of PII, the Justice Department says - but witnesses in the protection program are still safe. |
Ransomware
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 18:55:00 |
WannaCry Hero & Kronos Malware Author Named Cybrary Fellow (lien direct) |
Marcus Hutchins, who set up a "kill switch" that stopped WannaCry's spread, later pled guilty to creating the infamous Kronos banking malware. |
Malware
|
Wannacry
Wannacry
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 17:43:44 |
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist (lien direct) |
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. |
Cloud
|
Uber
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 16:10:00 |
China\'s BlackFly Targets Materials Sector in \'Relentless\' Quest for IP (lien direct) |
Separate attacks on two subsidiaries of an Asian conglomerate reflect a surge of cyber-espionage activity in the region in the last 12 months. |
|
APT 41
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-28 15:00:00 |
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (lien direct) |
The war on critical infrastructure demands a better security strategy. |
Ransomware
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 22:55:00 |
Active Digital Identity Apps to Surpass 4.1B by 2027 (lien direct) |
Pas de details / No more details |
|
|
★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 22:40:00 |
Attackers Were on Network for 2 Years, News Corp Says (lien direct) |
The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 22:00:00 |
Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform (lien direct) |
Cloud security vendor Wiz has raised $900 million since its founding in 2020. |
Cloud
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 20:58:00 |
Vouched Raises $6.3M to Expand AI Identity Verification Offering to Telemedicine and Healthcare (lien direct) |
Vouched now covers more than 85% of the global population, as demand accelerates for its platform to securely automate KYC and KYP compliance to better serve patients and drive revenue. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 19:30:00 |
How to Reduce Code Risk Using Pipelineless Security (lien direct) |
The exposure and exploitation of hardcoded secrets continues to drive software supply chain attacks. One solution: zero new hardcoded secrets. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 19:25:00 |
All CVEs Are Not Created Equal (lien direct) |
Vulnerabilities impact each industry differently, so each sector needs to think about its defenses and vulnerability management differently. |
Vulnerability
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 19:02:00 |
Palo Alto Announces Zero-Trust Security Solution for OT (lien direct) |
New Zero Trust OT Security solution secures critical infrastructure without additional sensors. |
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 18:30:46 |
Mobile Banking Trojans Surge, Doubling in Volume (lien direct) |
Mobile malware developers were busy bees in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before. |
Malware
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2023-02-27 17:55:00 |
ThreatHunter.ai Launches "More Eyes" Program to Help Large Organizations Mitigate Cyber Threats (lien direct) |
Pas de details / No more details |
|
|
★★★
|