Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 15:47:13 |
OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022 (lien direct) |
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers. |
Malware
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 15:23:42 |
Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference (lien direct) |
. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 14:46:53 |
Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape (lien direct) |
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities. |
Malware
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 14:00:00 |
Zero Trust & XDR: The New Architecture of Defense (lien direct) |
Zero trust and XDR are complementary and both are necessary in today's modern IT environment. In this article, we discuss the intersection of zero trust and XDR. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 14:00:00 |
Compliance Certifications: Worth the Effort? (lien direct) |
Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 13:06:40 |
Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round (lien direct) |
First-of-its-kind solution discovers and protects both data at rest and in motion. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 13:00:00 |
Dark Reading News Desk: Live at Black Hat USA 2022 (lien direct) |
LIVE: Dark Reading News Desk at Black Hat USA 2022 |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-10 12:56:16 |
Looking Back at 25 Years of Black Hat (lien direct) |
The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 20:52:54 |
Software Development Pipelines Offer Cybercriminals \'Free-Range\' Access to Cloud, On-Prem (lien direct) |
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 20:25:07 |
Microsoft Patches Zero-Day Actively Exploited in the Wild (lien direct) |
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 20:23:25 |
Halo Security Emerges From Stealth With Full Attack Surface Management Platform (lien direct) |
The latest startup to enter the attack surface management space also has a free scanning service to audit the contents of any website. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 17:16:19 |
Cybrary Unveils Next-Generation Interactive, Hands-On Training Experience to Upskill Cybersecurity Professionals (lien direct) |
New SOC Analyst Assessment delivers threat-informed training in a live lab environment to help cybersecurity professionals defend their organizations against the latest adversarial tactics and techniques. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 17:12:16 |
Researchers Debut Fresh RCE Vector for Common Google API Tool (lien direct) |
The finding exposes the danger of older, unpatched bugs, which plague at least 4.5 million devices. |
Tool
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 17:04:18 |
Abusing Kerberos for Local Privilege Escalation (lien direct) |
Upcoming Black Hat USA presentation will examine the implications of Kerberos weaknesses for security on the local machine. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 17:00:00 |
Domino\'s Takes a Methodical Approach to IoT (lien direct) |
The success of Domino's Flex IoT project can be attributed in large part to the security best practices it followed. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 16:43:50 |
Russia-Ukraine Conflict Holds Cyberwar Lessons (lien direct) |
Initial attacks used damaging wiper malware and targeted infrastructure, but the most enduring impacts will likely be from disinformation, researchers say. At Black Hat USA, SentinelOne's Juan Andres Guerrero-Saade and Tom Hegel will discuss. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 16:22:48 |
US Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits Study (lien direct) |
Study offers a cyber "state of the industry" analysis from a hacker's perspective to help companies anticipate attacks. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 16:12:19 |
Netscout Arbor Insight Leverages Patented ASI Technology to Enhance Security and Operational Awareness for Network Operators of Any Scale (lien direct) |
Extends all aspects of the Arbor Sightline solution with unique, real-time multidimensional DDoS and traffic analytics capabilities. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 15:26:02 |
Lacework Updates Threat Detection To Uncover More Malicious Activity and Speed Investigation at Scale (lien direct) |
New time series model and enhanced alerting experience make it easy for organizations to address more threats in the cloud while enabling faster investigations. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 14:50:12 |
Don\'t Take the Cyber Safety Review Board\'s Log4j Report at Face Value (lien direct) |
Given the lack of reporting requirements, the findings are more like assumptions. Here's what organizations can do to minimize exposure. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-09 14:00:00 |
Human Threat Hunters Are Essential to Thwarting Zero-Day Attacks (lien direct) |
Machine-learning algorithms alone may miss signs of a successful attack on your organization. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-08 19:00:00 |
10 Malicious Code Packages Slither into PyPI Registry (lien direct) |
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks. |
Malware
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-08 15:28:59 |
Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War (lien direct) |
A rising tide of threats - from API exploits to deepfakes to extortionary ransomware attacks - is threatening to overwhelm IT security teams. |
Ransomware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-08 14:27:43 |
HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments (lien direct) |
HYAS Confront provides total visibility into your production environment, giving you insight into potential issues like cyber threats before they become problems. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-08 14:20:00 |
We Have the Tech to Scale Up Open Source Vulnerability Fixes - Now It\'s Time to Leverage It (lien direct) |
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-08 14:07:37 |
What Adjustable Dumbbells Can Teach Us About Risk Management (lien direct) |
A new workout leads to five smart lessons about the importance of converging security and fraud into a unified risk function. |
Guideline
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-08 14:00:00 |
Pipeline Operators Are Headed in the Right Direction, With or Without TSA\'s Updated Security Directives (lien direct) |
A worsening threat landscape, increased digitization, and the long-term positive effects of modern security strategies are pushing critical infrastructure operators to do better. |
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-05 18:25:25 |
What Worries Security Teams About the Cloud? (lien direct) |
What issues are cybersecurity professionals concerned about in 2022? You tell us! |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-05 17:12:31 |
Genesis IAB Market Brings Polish to the Dark Web (lien direct) |
As the market for initial access brokers matures, services like Genesis - which offers elite access to compromised systems and slick, professional services - are raising the bar in the underground economy. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-05 16:38:36 |
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem (lien direct) |
For the right price, threat actors can get just about anything they want to launch a ransomware attack - even without technical skills or any previous experience. |
Ransomware
Threat
|
|
★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-05 16:25:40 |
Stolen Data Gives Attackers Advantage Against Text-Based 2FA (lien direct) |
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place. |
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-05 16:20:31 |
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers (lien direct) |
Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access. |
Malware
|
|
★★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-05 14:00:00 |
How to Resolve Permission Issues in CI/CD Pipelines (lien direct) |
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines. |
|
|
★★★
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 21:43:41 |
Cyberattackers Increasingly Target Cloud IAM as a Weak Link (lien direct) |
At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 21:03:16 |
Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST (lien direct) |
A month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 20:36:33 |
Time to Patch VMware Products Against a Critical New Vulnerability (lien direct) |
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines. |
Vulnerability
Threat
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 18:35:41 |
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover (lien direct) |
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users. |
Vulnerability
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 18:05:45 |
How Email Security Is Evolving (lien direct) |
Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 15:16:48 |
Massive China-Linked Disinformation Campaign Taps PR Firm for Help (lien direct) |
A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 14:50:20 |
Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible (lien direct) |
Users can identify risks across five domains, work on multiple projects, and take advantage of exclusive community benefits. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 14:00:00 |
The Myth of Protection Online - and What Comes Next (lien direct) |
It's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 13:26:14 |
Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale (lien direct) |
Agentless approach meets the attacker earlier to protect financial services and other large enterprises from an underserved attack vector. |
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 13:21:07 |
35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort? (lien direct) |
In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-04 13:17:19 |
Ping Identity to Go Private After $2.8B Acquisition (lien direct) |
The identity-services company is being acquired by Thoma Bravo software investment for cash, before being delisted. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-03 23:50:36 |
New Startup Footprint Tackles Identity Verification (lien direct) |
Early-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-03 21:25:43 |
How IT Teams Can Use \'Harm Reduction\' for Better Cybersecurity Outcomes (lien direct) |
Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept - from phishing to shadow IT. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-03 20:23:45 |
Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks (lien direct) |
SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-03 19:57:48 |
School Kid Uploads Ransomware Scripts to PyPI Repository as \'Fun\' Project (lien direct) |
The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times. |
Ransomware
Malware
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-03 17:42:11 |
Cyberattackers Drain Nearly $6M From Solana Crypto Wallets (lien direct) |
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets. |
|
|
|
![DarkReading.webp](./Ressources/img/DarkReading.webp) |
2022-08-03 17:00:00 |
Zero-Day Defense: Tips for Defusing the Threat (lien direct) |
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust. |
Threat
|
|
|