Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-03-07 14:40:00 |
Cyber Security Works to Rebrand As Securin Inc. (lien direct) |
Securin Inc. will provide tech-enabled security solutions, vulnerability
intelligence and deep domain expertise. |
General Information
|
|
★★★
|
|
2023-03-07 00:46:00 |
Machine Learning Improves Prediction of Exploited Vulnerabilities (lien direct) |
The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching. |
Tool
|
|
★★★★
|
|
2023-03-06 21:30:00 |
Shein Shopping App Glitch Copies Android Clipboard Contents (lien direct) |
The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data. |
|
|
★
|
|
2023-03-06 19:25:00 |
Police Raid Rounds Up Core Members of DoppelPaymer Ransomware Gang (lien direct) |
This is the latest in a line of law-enforcement actions busting up the ransomware scene. |
Ransomware
|
|
★
|
|
2023-03-06 18:40:00 |
NIST\'s Quantum-Proof Algorithm Has a Bug, Analysts Say (lien direct) |
A team has found that the Crystals-Kyber encryption algorithm is open to side-channel attacks, under certain implementations. |
|
|
★★
|
|
2023-03-06 18:10:00 |
SANS Institute Partners With Google to Launch Cloud Diversity Academy (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★★
|
|
2023-03-06 15:00:00 |
Name That Edge Toon: Domino Effect (lien direct) |
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. |
|
|
★★
|
|
2023-03-06 15:00:00 |
The Role of Verifiable Credentials In Preventing Account Compromise (lien direct) |
As digital identity verification challenges grow, organizations need to adopt a more advanced and forward-focused approach to preventing hacks. |
|
|
★★★
|
|
2023-03-04 00:20:00 |
Rapid7 Brings Threat Intel Data to USF Cybersecurity Lab (lien direct) |
The Rapid7 Cyber Threat Intelligence Laboratory at the University of South Florida will provide data on real-world threats for faculty and students to use in their research. |
Threat
|
|
★★★
|
|
2023-03-03 21:02:03 |
EV Charging Infrastructure Offers an Electric Cyberattack Opportunity (lien direct) |
Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future. |
|
|
★★★
|
|
2023-03-03 20:30:46 |
Indigo Books Refuses LockBit Ransomware Demand (lien direct) |
Canada's largest bookseller rejected the pressure of the ransomware gang's countdown timer, despite data threats. |
Ransomware
|
|
★★
|
|
2023-03-03 19:21:04 |
Polish Politician\'s Phone Patrolled by Pegasus (lien direct) |
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware. |
|
|
★★★
|
|
2023-03-03 18:00:00 |
3 Ways Security Teams Can Use IP Data Context (lien direct) |
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it. |
|
|
★★★
|
|
2023-03-03 17:17:00 |
Chick-fil-A Customers Have a Bone to Pick After Account Takeovers (lien direct) |
A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details. |
|
|
★★
|
|
2023-03-03 15:00:00 |
It\'s Time to Assess the Potential Dangers of an Increasingly Connected World (lien direct) |
With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack. |
Cloud
|
|
★★★
|
|
2023-03-03 02:44:00 |
IBM Contributes Supply Chain Security Tools to OWASP (lien direct) |
License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard. |
|
|
★★★
|
|
2023-03-02 23:26:00 |
Axis Security Acquisition Strengthens Aruba\'s SASE Solutions With Integrated Cloud Security and SD-WAN (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★★
|
|
2023-03-02 23:06:00 |
CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds (lien direct) |
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. |
Tool
|
|
★★★
|
|
2023-03-02 22:06:00 |
Biden\'s Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security (lien direct) |
The new White House plan outlines proposed minimum security requirements in critical infrastructure - and for shifting liability for software products to vendors. |
|
|
★★★
|
|
2023-03-02 22:00:00 |
BlackLotus Bookit Found Targeting Windows 11 (lien direct) |
Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find. |
|
|
★★★
|
|
2023-03-02 18:24:00 |
What GoDaddy\'s Years-Long Breach Means for Millions of Clients (lien direct) |
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. |
Threat
|
|
★★★
|
|
2023-03-02 18:00:25 |
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (lien direct) |
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service. |
|
|
★★★★
|
|
2023-03-02 18:00:00 |
Everybody Wants Least Privilege, So Why Isn\'t Anyone Achieving It? (lien direct) |
Overcoming the obstacles of this security principle can mitigate the damages of an attack. |
|
|
★★★★
|
|
2023-03-02 17:00:00 |
New Report: Inside the High Risk of Third-Party SaaS Apps (lien direct) |
A new report from Adaptive Shield looks at the how volume of applications being connected to the SaaS stack and the risk they represent to company data. |
Cloud
|
|
★★★
|
|
2023-03-02 16:16:00 |
Booking.com\'s OAuth Implementation Allows Full Account Takeover (lien direct) |
Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts. |
|
|
★★★
|
|
2023-03-02 16:10:59 |
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (lien direct) |
It's 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises. |
|
|
★★★
|
|
2023-03-02 15:00:00 |
On Shaky Ground: Why Dependencies Will Be Your Downfall (lien direct) |
There's never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies. |
|
|
★★★
|
|
2023-03-01 23:50:00 |
Ermetic Adds Kubernetes Security to CNAPP (lien direct) |
The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters. |
|
Uber
|
★★★
|
|
2023-03-01 22:58:00 |
Octillo Launches Women\'s Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education (lien direct) |
Pas de details / No more details |
|
|
★
|
|
2023-03-01 22:50:00 |
(Déjà vu) DoControl\'s 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets (lien direct) |
Volume of SaaS assets and events magnifies risks associated with manual management and remediation. |
Threat
Cloud
|
|
★
|
|
2023-03-01 22:40:00 |
Visibility Is as Vital as Zero Trust for Low-Code/No-Code Security (lien direct) |
By authenticating and authorizing every application, and by maintaining data lineage for auditing, enterprises can reduce the chances of data exfiltration. |
|
|
★★
|
|
2023-03-01 22:40:00 |
Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR (lien direct) |
New eXtended Detection and Response Solution is 450X more efficient than typical SOCs at converting telemetry and logs into actionable alerts. |
|
|
★★
|
|
2023-03-01 22:30:00 |
Fastly Launches Managed Security Service to Protect Enterprises From Rising Web Application Attacks (lien direct) |
Pas de details / No more details |
|
|
★★
|
|
2023-03-01 22:25:00 |
Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services (lien direct) |
The cyberattackers might have potentially accessed customer information, the service provider warns. |
Ransomware
|
|
★★
|
|
2023-03-01 20:40:00 |
Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development (lien direct) |
Updated OffSec™ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future. |
|
|
★★
|
|
2023-03-01 19:34:00 |
Linux Support Expands Cyber Spy Group\'s Arsenal (lien direct) |
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems. |
Malware
|
|
★★★
|
|
2023-03-01 18:33:26 |
What Happened in That Cyberattack? With Some Cloud Services, You May Never Know (lien direct) |
More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics. |
Cloud
|
|
★★★
|
|
2023-03-01 18:00:00 |
The Importance of Recession-Proofing Security Operations (lien direct) |
Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone. |
|
|
★★
|
|
2023-03-01 15:30:00 |
CISA: ZK Java Framework RCE Flaw Under Active Exploit (lien direct) |
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately. |
|
|
★★
|
|
2023-03-01 15:00:00 |
Without FIDO2, MFA Falls Short (lien direct) |
The open authentication standard addresses existing multifactor authentication security vulnerabilities. |
General Information
|
|
★★
|
|
2023-03-01 14:59:02 |
Cyberattackers Double Down on Bypassing MFA (lien direct) |
As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway. |
|
|
★★
|
|
2023-03-01 01:21:00 |
CISOs Share Their 3 Top Challenges for Cybersecurity Management (lien direct) |
The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio. |
|
|
★★★
|
|
2023-03-01 00:45:00 |
Google Adds Client-Side Encryption to Gmail, Calendar (lien direct) |
The data protection capability is now available across multiple Workspace applications: Gmail, Calendar, Drive, Docs, Slides, Sheets, and Meet. |
|
|
★★
|
|
2023-02-28 23:09:00 |
(Déjà vu) Hoxhunt Launches Human Risk Management Platform (lien direct) |
Platform uniquely designed to facilitate automated compliance, security behavior change. |
|
|
★★★
|
|
2023-02-28 23:02:00 |
Two of The Worst Healthcare Data Breaches in US History Happened Last Year (lien direct) |
Pas de details / No more details |
|
|
★★
|
|
2023-02-28 22:32:00 |
LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation (lien direct) |
The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. |
Cloud
|
LastPass
|
★★
|
|
2023-02-28 22:04:00 |
Exfiltrator-22: The Newest Post-Exploitation Toolkit Nipping at Cobalt Strike\'s Heels (lien direct) |
The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed. |
|
|
★★★
|
|
2023-02-28 21:20:00 |
US Marshals Ransomware Hit Is \'Major\' Incident (lien direct) |
Unknown attackers made off with a raft of PII, the Justice Department says - but witnesses in the protection program are still safe. |
Ransomware
|
|
★★
|
|
2023-02-28 18:55:00 |
WannaCry Hero & Kronos Malware Author Named Cybrary Fellow (lien direct) |
Marcus Hutchins, who set up a "kill switch" that stopped WannaCry's spread, later pled guilty to creating the infamous Kronos banking malware. |
Malware
|
Wannacry
Wannacry
|
★★★
|
|
2023-02-28 17:43:44 |
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist (lien direct) |
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. |
Cloud
|
Uber
|
★★
|