Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-07-12 18:28:21 |
Don\'t Have a COW: Containers on Windows and Other Container-Escape Research (lien direct) |
Several pieces of Black Hat USA research will explore container design weaknesses and escalation of privilege attacks that can lead to container escapes. |
Guideline
|
|
|
|
2022-07-12 17:27:47 |
One-Third of Users Without Security Awareness Training Click on Phishing URLs (lien direct) |
New data from security training provider shows half of untrained users in consulting, energy, and healthcare industries fall for phishing attacks. |
|
|
|
|
2022-07-12 17:00:00 |
5 Traits That Differentiate CISOs From CIROs (lien direct) |
Chief information risk officers must have a keen understanding of - and interaction with - the business. |
|
|
|
|
2022-07-12 14:21:35 |
Deloitte Launches Zero Trust Access, a New Managed Security Service (lien direct) |
. |
|
Deloitte
|
|
|
2022-07-12 14:00:00 |
How Confidential Computing Locks Down Data, Regardless of Its State (lien direct) |
Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments. |
|
|
|
|
2022-07-12 13:07:56 |
Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack (lien direct) |
If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training. |
|
|
|
|
2022-07-12 12:00:00 |
Ransomware Scourge Drives Price Hikes in Cyber Insurance (lien direct) |
Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments. |
|
|
|
|
2022-07-11 23:47:34 |
Paladin Cloud Launches New Cloud Security and Governance Platform (lien direct) |
The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure. |
|
|
|
|
2022-07-11 22:18:59 |
Fake Google Software Updates Spread New Ransomware (lien direct) |
"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say. |
Ransomware
|
|
|
|
2022-07-11 21:38:10 |
\'Luna Moth\' Group Ransoms Data Without the Ransomware (lien direct) |
Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private. |
Ransomware
Tool
|
|
|
|
2022-07-11 17:37:27 |
Online Payment Fraud Expected to Cost $343B Over Next 5 Years (lien direct) |
Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say. |
|
|
|
|
2022-07-11 16:02:36 |
Omdia: Sustainability Ranks Top on Data Center Operators\' Agendas Despite Cost and Reliability Barriers (lien direct) |
. |
|
|
|
|
2022-07-11 14:01:00 |
Proposed SEC Rules Require More Transparency About Cyber-Risk (lien direct) |
The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach. |
|
|
|
|
2022-07-11 14:00:00 |
Building Guardrails for Autonomic Security (lien direct) |
AI's potential for automating security has promise, but there are miles to go in establishing decision-making boundaries. |
|
|
|
|
2022-07-11 14:00:00 |
Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better (lien direct) |
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative. |
|
|
|
|
2022-07-11 13:10:56 |
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials (lien direct) |
Scams pressure victims to "resolve an issue that could impact their status, business." |
|
|
|
|
2022-07-08 19:36:57 |
Microsoft Reverses Course on Blocking Office Macros by Default (lien direct) |
Security experts criticize company for reversing course on a decision it made just this February to block macros in files downloaded from the Internet. |
|
|
|
|
2022-07-08 18:12:16 |
DoJ Charges CEO for Dealing $1B in Fake Cisco Gear (lien direct) |
Fraudster allegedly passed off refurbished, modified Cisco equipment as new to hospitals, schools, and even the military. |
|
|
|
|
2022-07-08 16:02:36 |
SOAR Market Worth $2.3 Billion by 2027, According to Exclusive Report by MarketsandMarkets (lien direct) |
. |
|
|
|
|
2022-07-08 15:44:24 |
Welcome-Back-to-the-Future Shock (lien direct) |
This year's RSA Conference saw a strange mix of selling the future and the past - for good reason. |
|
|
|
|
2022-07-08 15:34:54 |
Swimlane Secures $70M Growth Round to Fuel Global Expansion of Next Generation Low-Code Security Automation Platform (lien direct) |
. |
|
|
|
|
2022-07-08 15:13:34 |
Worldwide Enterprise Endpoint Security Industry to 2027: Focus on Antivirus, Firewall, Endpoint Device Control, and Anti-Spyware/Anti-Malware (lien direct) |
. |
|
|
|
|
2022-07-08 14:41:22 |
Coalition Closes $250 Million in Series F Funding, Valuing the Cyber Insurance Provider at $5 Billion (lien direct) |
Funding from Allianz X, Valor Equity Partners, Kinetic Partners, and existing investors will accelerate Coalition's vision to provide security for all. |
|
|
|
|
2022-07-08 14:00:00 |
Zero Trust Bolsters Our National Defense Against Rising Cyber Threats (lien direct) |
The Colonial Pipeline and JBS attacks, among others, showed us our national resilience is only as strong as public-private sector collaboration. |
Threat
|
|
|
|
2022-07-08 13:45:00 |
In Switch, Trickbot Group Now Attacking Ukrainian Targets (lien direct) |
Latest campaigns are a break from its usual financially motivated attacks and appear aligned with Russian interests, security researchers say. |
|
|
|
|
2022-07-08 13:19:12 |
What Do All of Those Cloud Cybersecurity Acronyms Mean? (lien direct) |
Acronyms serve as a gatekeeper - if you don't sling the lingo, you don't belong. So here's a quick guide to the letter salad of cloud cybersecurity. |
|
|
|
|
2022-07-08 13:10:06 |
ICYMI: Critical Cisco RCE Bug, Microsoft Breaks Down Hive, SHI Cyberattack (lien direct) |
Dark Reading's digest of the other don't-miss stories of the week, including a new ransomware targeting QNAP gear, and a destructive attack against the College of the Desert that lingers on. |
Ransomware
|
|
|
|
2022-07-07 21:33:55 |
Cyber Skills Center Launches in Tulsa to Develop Diverse, Local Tech Talent Pipeline (lien direct) |
New program offers free tech skills training and paid apprenticeships to make education and career pathways more accessible. |
|
|
|
|
2022-07-07 21:33:41 |
Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival \'Brute Ratel\' Pen Test Tool (lien direct) |
The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries. |
Tool
|
|
|
|
2022-07-07 18:51:19 |
Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materials Standards (lien direct) |
. |
|
|
|
|
2022-07-07 17:53:02 |
China\'s Tonto Team APT Ramps Up Spy Operations Against Russia (lien direct) |
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies. |
|
|
|
|
2022-07-07 14:37:35 |
Buggy \'Log in With Google\' API Implementation Opens Crypto Wallets to Account Takeover (lien direct) |
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control - and millions of dollars - from personal and business accounts. |
|
|
|
|
2022-07-07 14:04:26 |
Empower Your Security Operations Team to Combat Emerging Threats (lien direct) |
When examining the modern threat landscape, empowering your security operations and overcoming the limitations inherent with other malware prevention solutions is imperative. |
Malware
Threat
|
|
|
|
2022-07-07 14:00:00 |
Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out (lien direct) |
It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems. |
|
|
|
|
2022-07-07 13:00:00 |
Inside NIST\'s 4 Crypto Algorithms for a Post-Quantum World (lien direct) |
With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world. |
|
|
|
|
2022-07-06 22:49:56 |
Prevention Takes Priority Over Response (lien direct) |
Cybersecurity teams continue to emphasize intrusion prevention over incident response, despite US government action. |
|
|
|
|
2022-07-06 21:08:09 |
North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs (lien direct) |
US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware. |
Ransomware
|
|
|
|
2022-07-06 19:56:27 |
Apple Debuts Spyware Protection for State-Sponsored Cyberattacks (lien direct) |
Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks. |
|
|
|
|
2022-07-06 17:57:54 |
I Built a Cheap \'Warshipping\' Device in Just Three Hours - And So Can You (lien direct) |
Here's how I did it and how you can protect your company against such physical/digital hybrid attacks. |
|
|
|
|
2022-07-06 17:57:00 |
Marriott Data Breach Exposes PII, Credit Cards (lien direct) |
The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport. |
Data Breach
|
|
|
|
2022-07-06 17:00:00 |
How to Keep EVs From Taking Down the Electrical Grid (lien direct) |
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance. |
|
|
|
|
2022-07-06 16:02:45 |
Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: \'Lives at Stake\' (lien direct) |
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide. |
|
|
|
|
2022-07-06 15:23:04 |
Identity Access Management Is Set for Exploding Growth, Big Changes - Report (lien direct) |
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working. |
|
|
|
|
2022-07-06 14:00:00 |
The Cyber-Asset Management Playbook for Supply Chain Modernization (lien direct) |
Organizations must balance the risk and reward of new cyber-asset management technologies. |
|
|
|
|
2022-07-06 13:15:48 |
Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business? (lien direct) |
Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it. |
|
|
|
|
2022-07-05 23:56:37 |
(Déjà vu) NIST Picks Four Quantum-Resistant Cryptographic Algorithms (lien direct) |
The US Department of Commerce's National Institute of Standards and Technology (NIST) announced the first group of encryption tools that will become part of its post-quantum cryptographic standard. |
Tool
|
|
|
|
2022-07-05 21:29:56 |
HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain (lien direct) |
Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe. |
|
|
|
|
2022-07-05 20:40:36 |
Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data (lien direct) |
A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report. |
|
|
|
|
2022-07-05 17:00:00 |
Why Browser Vulnerabilities Are a Serious Threat - and How to Minimize Your Risk (lien direct) |
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines. |
Threat
|
|
|
|
2022-07-05 16:35:04 |
Google Chrome WebRTC Zero-Day Faces Active Exploitation (lien direct) |
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more. |
|
|
|