What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-02-22 14:20:48 | La sécurisation de l\'infrastructure cloud exige un nouvel état d\'esprit (lien direct) | Compte tenu du rôle majeur que joue le cloud de nos jours dans la transformation des organisations, sa sécurité représente une préoccupation cruciale. Pour anticiper et/ou combler les failles de sécurité, les différents acteurs qui sont partie prenante doivent adopter ensemble, et sans tarder, un nouvel état d'esprit. | Cloud | ★★ | |
 |
2024-02-22 14:06:16 | Dans quelle mesure la gestion des identités dans le cloud étend-elle la surface d\'attaque ? (lien direct) | Le recours à un fournisseur d'identité (IdP) cloud étend notre surface d'attaque. Néanmoins une question se pose : dans quelle mesure cette approche étend-elle votre surface d'attaque ?... | Cloud | ★★ | |
 |
2024-02-22 10:39:09 | Genetec Inc. annonce Security Center SaaS (lien direct) | Genetec introduit une solution SaaS unifiée à l'échelle des entreprises. Security Center SaaS redéfinit les possibilités pour la sécurité physique basée sur le cloud. - Produits | Cloud | ★★ | |
 |
2024-02-22 08:30:00 | Les entreprises augmentent la cybersécurité à mesure que les budgets augmentent en 2024 Businesses Increase Cybersecurity as Budgets Surge in 2024 (lien direct) |
Plus des deux tiers des décideurs informatiques augmentent les budgets de la cybersécurité en 2024, la priorisation de la sécurité du cloud et de la réponse aux incidents à mesure que les cyber-menaces augmentent
Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate |
Cloud | ★★ | |
 |
2024-02-21 20:25:27 | Types d'applications SaaS: catégories et exemples Types of SaaS Applications: Categories and Examples (lien direct) |
> Par uzair amir
Découvrez différents types de solutions SaaS et les catégories SaaS les plus utilisées pour créer votre propre & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Types d'applications SaaS: catégories et exemples
>By Uzair Amir Learn about different types of SaaS solutions and the most widely used SaaS categories to create your own… This is a post from HackRead.com Read the original post: Types of SaaS Applications: Categories and Examples |
Cloud | ★★ | |
 |
2024-02-21 17:00:00 | 6 façons de simplifier la gouvernance de l'identité SaaS 6 Ways to Simplify SaaS Identity Governance (lien direct) |
Les applications SaaS constituant désormais la grande majorité des technologies utilisées par les employés de la plupart des organisations, les tâches liées à la gouvernance de l'identité doivent se produire dans une myriade d'applications SaaS individuelles.Cela présente un énorme défi pour les équipes informatiques centralisées qui sont finalement tenues responsables de la gestion et de la sécurisation de l'accès aux applications, mais ne peuvent pas devenir des experts dans les nuances des natifs
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can\'t possibly become experts in the nuances of the native |
Cloud | ★★ | |
|
2024-02-21 13:17:39 | Baromètre CESIN : comment évolue la perception de la menace sur le cloud ? (lien direct) | Quelle vision les RSSI ont-ils de la menace cyber liée au cloud ? Des tendaces se dégagent de l'analyse des résultats du baromètre CESIN sur la période 2017-2024. | Cloud | ★★ | |
 |
2024-02-21 11:00:00 | Le SoC moderne de Next Gen propulsé par l'IA The modern next gen SOC powered by AI (lien direct) |
AI is among the most disruptive technologies of our time. While AI/ML has been around for decades, it has become a hot topic with continued innovations in generative AI (GenAI) from start-up OpenAI to tech giants like Microsoft, Google, and Meta. When large language models (LLMs) combined with big data and behavior analytics, AI/ML can supercharge productivity and scale operations across every sector from healthcare to manufacturing, transportation, retail, finance, government & defense, telecommunications, media, entertainment, and more. Within the cybersecurity industry, SentinelOne, Palo Alto Networks, Cisco, Fortinet and others are pioneering AI in Cybersecurity. In a research report of the global markets by Allied Market Research, AI in Cybersecurity is estimated to surge to $154.8 billion in 2032 from $19.2 billion in 2022, rising at a CAGR of 23.6%. Challenges of the traditional SOC SIEM One of the challenges with the traditional Security Operations Center (SOC) is SOC analysts are overwhelmed by the sheer number of alerts that come from Security Information Event Management (SIEM). Security teams are bombarded with low fidelity alerts and spend considerable time separating them from high fidelity alerts. The alerts come from almost any sources across the enterprise and is further compounded with too many point solutions and with multi-vendor environment. The numerous tools and lack of integration across multiple vendor product solutions often require a great deal of manual investigation and analysis. The pressure that comes with having to keep up with vendor training and correlate data and logs into meaningful insights becomes burdensome. While multi-vendor, multi-source, and multi-layered security solutions provides a lot of data, without ML and security analytics, it also creates a lot of noise and a disparate view of the threat landscape with insufficient context. SOAR Traditional Security Orchestration and Automation Response (SOAR) platforms used by mature security operations teams to develop run playbooks that automate action responses from a library of APIs for an ecosystem of security solution is complex and expensive to implement, manage, and maintain. Often SOCs are playing catch up on coding and funding development cost for run playbooks making it challenging to maintain and scale the operations to respond to new attacks quickly and efficiently. XDR Extended Detection and Response (XDR) solves a lot of these challenges with siloed security solutions by providing a unified view with more visibility and better context from a single holistic data lake across the entire ecosystem. XDR provides prevention as well as detection and response with integration and automation capabilities across endpoint, cloud, and network. Its automation capabilities can incorporate basic common SOAR like functions to API connected security tools. It collects enriched data from multiple sources and applies big data and ML based analysis to enable response of policy enforcement using security controls throughout the infrastructure. AI in the modern next gen SOC The use of AI and ML are increasingly essential to cyber operations to proactively identify anomalies and defend against cyber threats in a hyperconnected digital world. Canalys research estimates suggest that more than 7 | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★ | |
|
2024-02-21 10:09:28 | CrowdStrike Global Threat Report 2024 : de l\'intrusion à la brèche en moins de trois minutes, l\'infrastructure cloud attaquée (lien direct) | CrowdStrike Global Threat Report 2024 : de l'intrusion à la brèche en moins de trois minutes, l'infrastructure cloud attaquée Le rapport 2024 indique que les cyberadversaires cherchent à perturber les élections et à exploiter la technologie de l'IA générative - Investigations | Threat Studies Cloud | ★★★★ | |
|
2024-02-21 09:59:09 | Série de passerelles quantum Force Point dévoile Check Point Unveils Quantum Force Gateway Series (lien direct) |
Vérifier le point dévoile Quantum Force Gateway Series - le cloud ultime alimenté par AI - Solution de sécurité livrée
Quantum Force établit de nouvelles normes avec une prévention des menaces inégalée, une efficacité supérieure et une gestion transparente pour l'ère numérique, l'autonomisation des entreprises de toutes tailles avec une technologie de pare-feu de nouvelle génération
-
revues de produits
Check Point Unveils Quantum Force Gateway Series - The Ultimate AI-Powered Cloud - Delivered Security Solution Quantum Force sets new standards with unmatched Threat Prevention, superior efficiency, and seamless management for the digital age, empowering businesses of all sizes with Next-Generation Firewall technology - Product Reviews |
Threat Cloud | ★★ | |
 |
2024-02-21 07:00:42 | Mesh hybride et la plate-forme de point de contrôle de Point Infinity Hybrid Mesh and the Check Point Infinity Platform (lien direct) |
> Gartner a récemment reconnu le point de contrôle en tant que fournisseur représentatif pour les plates-formes de pare-feu hybrides («maillage hybride»).Ce blog explore ce qu'est le maillage hybride et comment la plate-forme de contrôle de Point Infinity tient la promesse d'une stratégie de cybersécurité qui vous permet de répondre aux besoins de demain.L'hybride est la nouvelle norme.Et votre sécurité?Les effectifs hybrides, les nuages et les réseaux sont là pour rester, car près d'un tiers des employés à temps plein travaillent dans un modèle hybride tandis que près de la moitié des charges de travail résident dans le cloud.Chacun de ces environnements nécessite son propre type de pare-feu: les pare-feu virtuels sécurissent [& # 8230;]
>Gartner has recently recognized Check Point as a Representative Vendor for Hybrid Mesh Firewall Platforms (“Hybrid Mesh”). This blog explores what hybrid mesh is and how the Check Point Infinity Platform delivers on the promise of a cyber security strategy that lets you meet tomorrow\'s needs with confidence. Hybrid is the New Norm. How About Your Security? Hybrid workforces, clouds and networks are here to stay, as almost a third of full-time employees work in a hybrid model while nearly half of workloads reside in the cloud. Each of these environments requires its own type of firewall: Virtual firewalls secure […] |
Cloud | ★ | |
 |
2024-02-21 00:00:00 | Dévoiler l'évaluation de l'échéance du programme d'intelligence de cyber-menace de Maniant Unveiling Mandiant\\'s Cyber Threat Intelligence Program Maturity Assessment (lien direct) |
Dans le cadre de l'engagement continu de Google Cloud \\ à améliorer l'état global de cybersécurité pour la société, Mandiant publie aujourd'hui publiquement un Discovery des capacités d'intelligence basées sur les web (ICD) pour aider les organisations commerciales et gouvernementales à évaluerLa maturité de leur programme d'intelligence cyber-menace (CTI).La CIM est conçue pour fournir aux praticiens de la cybersécurité et aux dirigeants du renseignement des menaces une estimation de la façon dont le programme CTI \\ de l'organisation crée un impact organisationnel positif et réduit le risque pour l'entreprise.La CIM joue un critique
As part of Google Cloud\'s continuing commitment to improving the overall state of cybersecurity for society, today Mandiant is publicly releasing a web-based Intelligence Capability Discovery (ICD) to help commercial and governmental organizations evaluate the maturity of their cyber threat intelligence (CTI) program. The ICD is designed to provide cyber security practitioners and threat intelligence leaders with an estimate of how effectively and efficiently the organization\'s CTI program is creating a positive organizational impact and reducing risk for the business. The ICD plays a critical |
Threat Cloud Commercial | ★★★ | |
 |
2024-02-20 20:41:11 | Le service Cloud Run de Google \\ répartit plusieurs chevaux de Troie bancaires Google\\'s Cloud Run Service Spreads Several Bank Trojans (lien direct) |
Une campagne de logiciels malveillants en plein essor abuse de Google Cloud Run et cible l'Amérique latine, avec des indications qu'elle se propage à d'autres régions, préviennent les chercheurs.
A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it\'s spreading to other regions, researchers warn. |
Malware Cloud | ★★ | |
|
2024-02-20 16:23:00 | Compliance SaaS dans le cadre de la cybersécurité du NIST SaaS Compliance through the NIST Cybersecurity Framework (lien direct) |
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world\'s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.
One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world\'s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS. One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a |
Cloud | ★★ | |
|
2024-02-20 11:00:00 | Un guide fondamental pour la sécurité des points finaux A fundamental guide to endpoint security (lien direct) |
Anyone that utilizes technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so it is necessary that the methods of detecting and preventing these threats do so at an even more rapid pace.
However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. The way in which we work has changed not just in where but also in how. Today employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations including on these devices, within corporate data centers, and in the cloud. This means that organizations likely need more than one technology to defend their endpoints against security breach or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine which are ideal for your particular environment. This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences, and explain how they can complement each other. This is not intended to be an exhaustive list and it should be noted that there are some technologies that may fall into more than one category, for example, endpoint and cloud security.
Four key endpoint security technologies
To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers. Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment. But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds.
Although this may seem trivial, it is important to note because they all represent entry points into the network that can be exploited and opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter:
Unified endpoint management (UEM) or mobile device management (MDM): There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once the devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located.
A key feature of both UEM and MDM is that they allow an organization to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest O |
Ransomware Malware Tool Vulnerability Threat Mobile Medical Cloud | ★★ | |
 |
2024-02-19 16:00:00 | Statistiques de laboratoire de menace de netskope pour janvier 2024 Netskope Threat Labs Stats for January 2024 (lien direct) |
> Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Cet article vise à fournir une intelligence stratégique et exploitable sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Résumé OneDrive et SharePoint étaient à nouveau en haut de la liste des principales applications cloud utilisées pour les téléchargements de logiciels malveillants, [& # 8230;]
>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary OneDrive and SharePoint were again in the top of the list of top cloud apps used for malware downloads, […] |
Malware Threat Cloud | ★★ | |
|
2024-02-19 11:04:12 | (In)sécurité du cloud : les 5 tendances à surveiller en 2024 (lien direct) | Les grandes tendances de 2024 s'articulent autour de l'exploitation de la puissance de l'IA générative ainsi qu'une adoption accrue de la souveraineté du cloud et de l'architecture maillée de cybersécurité interopérable entre le cloud, l'IT/OT et le edge. | Industrial Cloud | ★★ | |
|
2024-02-19 08:22:06 | Faites confiance à un copilote d'IA pour éviter les turbulences d'attaque des ransomwares Trust an AI co-pilot to help avoid ransomware attack turbulence (lien direct) |
Mark Appleton, directeur de la clientèle chez Cloud UK aussi: Faites confiance à un copilote d'IA pour éviter les ransomwares d'attaque de turbulence
-
opinion
Mark Appleton, Chief Customer Officer at ALSO Cloud UK: Trust an AI co-pilot to help avoid ransomware attack turbulence - Opinion |
Ransomware Cloud | ★★ | |
 |
2024-02-16 20:41:12 | SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud (lien direct) | #### Description
Les chercheurs de Sentinelone ont découvert un nouveau script Python appelé SNS Sender qui utilise AWS Simple Notification Service (SNS) pour envoyer des messages SMS en vrac dans le but de spammer des liens de phishing, également connus sous le nom de swishing.
Il s'agit du premier script observé à l'aide d'AWS SNS, et on pense que l'acteur derrière cet outil utilise des services cloud pour envoyer des messages de phishing SMS en vrac.L'auteur du script est connu par l'alias Arduino_Das et est prolifique dans la scène du kit Phish.
Le script nécessite une liste de liens de phishing nommés links.txt dans son répertoire de travail.SNS Sender prend également plusieurs arguments entrés en entrée: un fichier texte contenant une liste de clés d'accès AWS, de secrets et de région délimitées par un côlon;un fichier texte contenant une liste de numéros de téléphone à cibler;un ID de l'expéditeur, similaire à un nom d'affichage pour un message;et le contenu du message.Le script remplace toutes les occurrences de la chaîne dans la variable de contenu du message par une URL du fichier links.txt, qui arme le message en tant que SMS de phishing.L'acteur derrière cet outil a été lié à de nombreux kits de phishing utilisés pour cibler les victimes \\ 'Informations personnellement identifiables (PII) et les détails de la carte de paiement sous le couvert d'un message de laUnited States Postal Service (USPS) concernant une livraison de colis manquée.
#### URL de référence (s)
1. https://www.sentinelone.com/labs/sns-sender-active-campaignes-se détendre
#### Date de publication
15 février 2024
#### Auteurs)
Alex Delamotte
#### Description SentinelOne researchers have discovered a new Python script called SNS Sender that uses AWS Simple Notification Service (SNS) to send bulk SMS messages for the purpose of spamming phishing links, also known as Smishing. This is the first script observed using AWS SNS, and it is believed that the actor behind this tool is using cloud services to send bulk SMS phishing messages. The script author is known by the alias ARDUINO_DAS and is prolific in the phish kit scene. The script requires a list of phishing links named links.txt in its working directory. SNS Sender also takes several arguments that are entered as input: a text file containing a list of AWS access keys, secrets, and region delimited by a colon; a text file containing a list of phone numbers to target; a sender ID, similar to a display name for a message; and the message content. The script replaces any occurrences of the string in the message content variable with a URL from the links.txt file, which weaponizes the message as a phishing SMS. The actor behind this tool has been linked to many phishing kits used to target victims\' personally identifiable information (PII) and payment card details under the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery. #### Reference URL(s) 1. https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ #### Publication Date February 15, 2024 #### Author(s) Alex Delamotte |
Spam Tool Cloud | ★★★ | |
|
2024-02-16 15:05:43 | J'ai passé plus d'une décennie dans les ventes fédérales pour la sécurité.Voici pourquoi j'ai rejoint NetSkope. I\\'ve Spent More Than a Decade in Federal Sales for Security. Here\\'s Why I Joined Netskope. (lien direct) |
> Tout au long de ma carrière, j'ai bien connu à la fois l'espace du gouvernement fédéral et le monde de la sécurité du cloud.La vente de sécurité au secteur fédéral nécessite une profonde appréciation du fait que vous protégez non seulement les employés et les données du gouvernement, mais aussi les combattants sur le champ de bataille.C'est le type de travail qui remplit [& # 8230;]
>Throughout my career, I\'ve come to know both the federal government space and the world of cloud security well. Selling security to the federal sector requires a deep appreciation of the fact that you’re not only protecting government employees and data, but also the warfighters on the battlefield. It\'s the kind of work that fills […] |
Cloud | ★ | |
 |
2024-02-16 06:00:45 | Les tenants et aboutissants de la confidentialité des données, partie 1: la complexité importante et croissante d'assurer la confidentialité des données The Ins and Outs of Data Privacy, Part 1: The Importance-and Growing Complexity-of Ensuring Data Privacy (lien direct) |
This blog is the first in a series where we explore data privacy. In these two blogs, we\'ll cover why data privacy is increasingly important as well as some tips for keeping data safe. We\'ll also discuss how data loss protection (DLP) and insider threat management tools (ITM) are critical to ensuring data privacy. Data Privacy Week in January 2024 highlighted the increasing importance and challenges of data privacy. Trends like digital transformation, remote work and the proliferation of cloud applications have made the task of protecting sensitive data harder than ever. As the volume and perceived value of data grows, so does the risk of data loss and theft, including by insiders. Despite these challenges, businesses can\'t afford missteps when it comes to keeping sensitive data safe. Companies everywhere are under pressure to meet strict data privacy laws that promote data security and data privacy. Noncompliance can be costly. Hefty fines and market loss are common. Research from our 2023 Voice of the CISO report underscores the risk. One-third of the CISOs who told us that their company suffered a material loss of sensitive data within the past 12 months also reported their business was hit with regulatory sanctions as a result. In this blog post, we take a closer look at data privacy and how it relates to data security. We also discuss how laws around data privacy are evolving. And we cover how data loss prevention (DLP) and insider threat management (ITM) tools can help you stay on top of your data compliance challenges. What is data privacy? Data privacy is about protecting sensitive data that belongs to individuals or entities. This includes personally identifiable information (PII), which can be used to identify an individual or a corporate customer. Examples of PII include names, addresses, Social Security or tax ID numbers, credit card data and dates of birth. A business that stores or manages this type of information must follow data privacy laws. These laws ensure that data is kept confidential and secure and that it is only used for authorized purposes. They are intended to help a business: Protect personal information Safeguard critical business data Preserve users\' autonomy Maintain trust with customers and employees Data privacy is also about trust. The misuse or theft of sensitive data can lead to email fraud, insurance fraud, identity theft and more. So, customers need to trust that the companies they share their private data with will guard it carefully. An evolving regulatory landscape Data privacy laws are designed to compel businesses to keep sensitive data safe. Data compliance mandates often require businesses to tell users exactly how their data is used and collected. They may also require companies to notify users when a data breach happens. As noted earlier, not following these laws can result in stiff penalties. Multiple data privacy laws around the globe govern regulations based on their type, the user\'s location and other criteria. Some examples include the: GDPR in the European Union CCPA in the U.S. HIPAA in the U.S. LGPD in Brazil Several state governments in the United States are stepping up efforts to enact data privacy laws. California, Colorado, Connecticut, Utah and Virginia enacted comprehensive consumer privacy laws before 2023. Those laws became enforceable last year. In 2023, these states enacted privacy laws: Delaware Florida Indiana Iowa Montana Oregon Tennessee Texas As data privacy laws emerge or evolve, the definition of sensitive data may change. For example, GDPR expanded the definition of PII to include data elements like email and IP addresses. That is why it is so important for companies to stay attuned to this ever-changing landscape. The rise of generative AI sites has also sparked new concerns about data privacy. New laws are likely to be developed soon. The Biden Administration\'s new executive order will also have an impact on data use in the year ahead. Why | Data Breach Malware Tool Threat Cloud | ★★ | |
|
2024-02-15 22:44:36 | LightEdge libère la suite de nouvelle génération de Cloud Security & amp;Services gérés LightEdge Releases Next-Gen Suite of Cloud Security & Managed Services (lien direct) |
Pas de details / No more details | Cloud | ★★ | |
 |
2024-02-15 20:13:38 | Plus de la moitié des téléchargements de logiciels malveillants proviennent d'applications SaaS Over Half of Malware Downloads Originate from SaaS Apps (lien direct) |
|
Malware Cloud | ★★★ | |
|
2024-02-15 19:44:52 | Campagne malveillante en cours impactant les environnements cloud Azure Ongoing Malicious Campaign Impacting Azure Cloud Environments (lien direct) |
#### Description
Les chercheurs de ProofPoint ont suivi une campagne de rachat de comptes de cloud en cours impactant des dizaines d'environnements Microsoft Azure et compromettant des centaines de comptes d'utilisateurs, y compris les cadres supérieurs.
L'attaque intègre les techniques de prise de contrôle des références et de comptes cloud (ATO).Les acteurs de la menace ciblent les utilisateurs avec des leurres de phishing individualisés dans des documents partagés.La sélection variée de rôles ciblés indique une stratégie pratique des acteurs de la menace, visant à compromettre les comptes avec différents niveaux d'accès à des ressources et des responsabilités précieuses entre les fonctions organisationnelles.Un accès initial réussi conduit souvent à une séquence d'activités post-compromises non autorisées, notamment la manipulation du MFA, l'exfiltration de données, le phishing interne et externe, la fraude financière et les règles de boîte aux lettres.L'utilisation d'un agent utilisateur Linux spécifique utilisé par les attaquants pendant la phase d'accès de la chaîne d'attaque est l'un des IOC.Les attaquants utilisent principalement cet agent utilisateur pour accéder à l'application de connexion \\ 'OfficeHome \' ainsi qu'un accès non autorisé à des applications Microsoft365 natives supplémentaires.
#### URL de référence (s)
1. https://www.poolinpoint.com/us/blog/cloud-security/community-lert-ongoing-malicious-campaign-impacting-azure-cloud-environments
#### Date de publication
7 février 2024
#### Auteurs)
Équipe de réponse à la sécurité du cloud ProofPoint
#### Description Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. The attack integrates credential phishing and cloud account takeover (ATO) techniques. Threat actors target users with individualized phishing lures within shared documents. The varied selection of targeted roles indicates a practical strategy by threat actors, aiming to compromise accounts with various levels of access to valuable resources and responsibilities across organizational functions. Successful initial access often leads to a sequence of unauthorized post-compromise activities, including MFA manipulation, data exfiltration, internal and external phishing, financial fraud, and mailbox rules. The use of a specific Linux user-agent utilized by attackers during the access phase of the attack chain is one of the IOCs. Attackers predominantly utilize this user-agent to access the \'OfficeHome\' sign-in application along with unauthorized access to additional native Microsoft365 apps. #### Reference URL(s) 1. https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments #### Publication Date February 7, 2024 #### Author(s) Proofpoint Cloud Security Response Team |
Threat Cloud | ★★ | |
|
2024-02-15 17:00:00 | Comment les acteurs de l'État-nation ciblent votre entreprise: de nouvelles recherches expose les vulnérabilités SaaS majeures How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (lien direct) |
Avec bon nombre des cyberattaques très médiatisées en 2023 tournant autour d'une ou plusieurs applications SaaS, le SaaS est devenu une cause de véritable préoccupation dans de nombreuses discussions de chambre.Plus que jamais, étant donné que les applications Genai sont, en fait, des applications SaaS.
Wing Security (Wing), une société de sécurité SaaS, a effectué une analyse de 493 sociétés using saas au quatrième trimestre de 2023. & nbsp; leur étude
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study |
Vulnerability Studies Cloud | ★★★★ | |
|
2024-02-15 14:46:58 | Algosec réalise l'état de surperformateur dans le rapport radar de sécurité du réseau cloud de Gigaom \\ AlgoSec Achieves Outperformer Status in GigaOm\\'s Cloud Network Security Radar Report (lien direct) |
Algosec réalise le statut de sur-performateur dans le rapport radar de sécurité du réseau cloud de Gigaom
ALGOSEC PRODUITS DANS L'AUTOMATION DE LA CONNECTIVITÉ D'APPLICATION ET DE LA POLITIQUE DE SÉCURITÉ, essentiel pour les réseaux hybrides et multicaloud complexes
-
nouvelles commerciales
AlgoSec Achieves Outperformer Status in GigaOm\'s Cloud Network Security Radar Report AlgoSec leads in automating application connectivity and security policy management, essential for complex hybrid and multicloud networks - Business News |
Cloud | ★ | |
|
2024-02-15 14:00:00 | AWS SNS détournement AWS SNS Hijackings Fuel Cloud Smishing Campaign (lien direct) |
En utilisant un script Python personnalisé pour envoyer des messages de phishing en vrac avec un leurre USPS, les cyberattaques présentent un risque pour les organisations orientées consommateurs déplacant les charges de travail vers le cloud.
Using a custom Python script to send bulk phishing messages with a USPS lure, the cyberattackers are posing a risk to consumer-facing organizations moving workloads to the cloud. |
Cloud | ★★ | |
 |
2024-02-15 13:55:32 | Expéditeur SNS |Les campagnes actives déchaînent le spam de messagerie à travers le cloud SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud (lien direct) |
Les acteurs de la menace tirent parti des services cloud pour mener une campagne de smishing massive via un service de notification simple AWS.
Threat actors leverage cloud services to conduct massive smishing campaign through AWS Simple Notification Service. |
Spam Threat Cloud | ★★★ | |
|
2024-02-15 11:00:00 | 2024: Plan de cyber-action pratique - survivre et prospérer 2024: Practical cyber action plan- Survive and thrive (lien direct) |
\'Cyber insecurity\' is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today\'s rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers\' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation. What is top of mind for the CISO in 2024? How do we build a cyber security ecosystem that can manage the threats and opportunities of the future? How do we ensure future technologies are secure by design, not as an afterthought? How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop? Must haves for CISOs in 2024 Protecting privacy Protecting critical assets Mitigating risk Minimizing disruption Maintaining compliance Establishing and maintaining "CRUST" (credibility and trust) Ensuring secure productivity & efficiency At the top of the list of issues driving cybersecurity concerns include: Growing number of hackers/cybercriminals. Evolving threats & advanced skillset of criminals. Privacy concerns handling other\'s data. Generative AI Practical action plan: Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following: 1) Prevents breaches & minimizes the impact of a potential breach Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year. 2) Reduces cybersecurity risks Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allo | Vulnerability Threat Cloud Technical | ★★ | |
|
2024-02-14 16:38:59 | La fuite massive de la base de données de cloud expose 380 enregistrements Massive Cloud Database Leak Exposes 380 Records (lien direct) |
> Par waqas
Un autre jour, une autre base de données cloud fuit dans la nature!
Ceci est un article de HackRead.com Lire la publication originale: La fuite massive de la base de données de cloud expose 380 enregistrements
>By Waqas Another day, another Cloud database leak in the wild! This is a post from HackRead.com Read the original post: Massive Cloud Database Leak Exposes 380 Records |
Cloud | ★★ | |
|
2024-02-14 10:39:01 | F5 améliore F5 Distributed Cloud Services (lien direct) | Les nouvelles fonctionnalités de sécurité API et IA de bout en bout permettent aux clients de mieux protéger leurs applications alimentées par l'IA - Produits | Cloud | ★★ | |
|
2024-02-14 01:00:00 | Comment la vulnérabilité peut faire de vous une victime le jour de la Saint-Valentin How Vulnerability Can Make You a Victim on Valentine\\'s Day (lien direct) |
> Selon le récent rapport sur le cloud et la menace de NetSkope \\, le rapport sur le cloud et la menace, la manière la plus courante dont les cyberattaquants ont eu accès aux organisations en 2023 était par le biais de l'ingénierie sociale.Alors qu'une tactique préférée des cybercriminels, en son cœur, l'ingénierie sociale n'est pas à propos de quelqu'un qui brisait le code tout en se couchant sur un clavier éclatant.Il repose sur des humains individuels [& # 8230;]
>According to Netskope\'s recent “Year in Review” Cloud and Threat Report, the most common way cyber attackers gained access to organisations in 2023 was through social engineering. While a favourite tactic of cyber criminals, at its heart, social engineering isn\'t about someone breaking code while hunched over a glowing keyboard. It relies on individual human […] |
Vulnerability Threat Cloud | ★★★ | |
 |
2024-02-13 17:28:33 | GCP-2024-009 (lien direct) | Publié: 2024-02-13 Description Description Gravité notes Le 13 février 2024, AMD a révélé deux vulnérabilités affectant SEV-SNP sur les processeurs EPYC sur la base des noyaux zen de la troisième génération "Milan" et de la quatrième génération "GenoA".Les vulnérabilités permettent aux attaquants privilégiés d'accéder aux données périmées des invités ou de provoquer une perte d'intégrité des clients. Google a appliqué des correctifs aux actifs affectés, y compris Google Cloud, pour s'assurer que les clients sont protégés.À l'heure actuelle, aucune preuve d'exploitation n'a été trouvée ou signalée à Google. Que dois-je faire? Aucune action client n'est requise.Les correctifs ont déjà été appliqués à la flotte Google Server pour Google Cloud, y compris le moteur de calcul. Pour plus d'informations, voir AMD Security Advisory AMD-SN-3007 . modéré CVE-2023-31346 CVE-2023-31347 Published: 2024-02-13Description Description Severity Notes On February 13, 2024, AMD disclosed two vulnerabilities affecting SEV-SNP on EPYC CPUs based on third generation "Milan" and fourth generation "Genoa" Zen cores. The vulnerabilities allow privileged attackers to access stale data from guests or cause a loss of guest integrity. Google has applied fixes to affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google. What should I do? No customer action is required. Fixes have already been applied to the Google server fleet for Google Cloud, including Compute Engine. For more information, see AMD security advisory AMD-SN-3007. Moderate CVE-2023-31346 CVE-2023-31347 | Vulnerability Cloud | ||
|
2024-02-13 16:40:00 | Blizzard de minuit et Cloudflare-Atlassian Cybersecurity Incidents: Que savoir Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know (lien direct) |
Les incidents de cybersécurité à minuit et Cloudflare-atlassian ont fait des alarmes sur les vulnérabilités inhérentes aux principales plates-formes SaaS.Ces incidents illustrent les enjeux impliqués dans les violations SaaS - sauvegarder l'intégrité des applications SaaS et leurs données sensibles sont essentielles mais n'est pas facile.Des vecteurs de menace communs tels que le phisseur de lance sophistiqué, les erreurs de configuration et
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches - safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and |
Vulnerability Threat Cloud | ★★★ | |
|
2024-02-13 15:41:51 | Défendre contre les attaques basées sur les applications OAuth contre les SaaS Enterprise Defending Against OAuth App-Based Attacks on Enterprise SaaS (lien direct) |
> La croissance phénoménale de l'adoption de logiciels en tant que service (SaaS) a incité les entreprises de toutes tailles à déplacer leurs données critiques vers des applications basées sur le SaaS.Et comme les attaquants ont tendance à suivre les données pour induire une violation, leur nouveau domaine d'intérêt est le SaaS de l'entreprise.La récente attaque de blizzard de minuit par des acteurs de l'État-nation renforce clairement [& # 8230;]
>The phenomenal growth in the adoption of software as a service (SaaS) has prompted enterprises of all sizes to move their critical data to SaaS-based applications. And as attackers tend to follow data to induce a breach, their new area of focus is enterprise SaaS. The recent Midnight Blizzard attack by nation-state actors clearly reinforces […] |
Cloud | ★★ | |
 |
2024-02-13 13:49:34 | Résultats clés de CrowdStrike \\'s 2024 Rapport de sécurité des applications Key Findings from CrowdStrike\\'s 2024 State of Application Security Report (lien direct) |
Au fur et à mesure que les organisations déplacent leurs applications et leurs opérations vers le cloud et stimulent de plus en plus les revenus via des logiciels, des applications natives dans le cloud et des API ont émergé parmi les plus grands domaines du risque de sécurité moderne.Selon les données accessibles au public, huit des 10 meilleures violations de données de 2023 étaient liées aux surfaces d'attaque d'application.1 Ces huit violations ont été exposées à elles seules [& # 8230;]
As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. According to publicly available data, eight of the top 10 data breaches of 2023 were related to application attack surfaces.1 These eight breaches alone exposed […] |
Studies Cloud | ★★★★ | |
|
2024-02-13 13:00:21 | Apprenez à connaître le point de chèque Harmony Sase Get to Know Check Point Harmony SASE (lien direct) |
> La nouvelle offre de la nouvelle offre Secure Access Service Edge (SASE) est désormais appelée harmonie.Le monde a changé au cours des dernières années, et l'ancienne façon d'obtenir un réseau standard sur site, avec ses notions à l'intérieur et à l'extérieur du périmètre, ne suffit plus.Il existe de nombreuses raisons pour ce changement, notamment la montée en puissance des réseaux de cloud public pour l'hébergement d'applications et de données, et l'agilité améliorée du flux de travail à partir de logiciels en tant que plateformes de service comme Salesforce et Office 365.Connexions haute performance, et il est clair [& # 8230;]
>Check Point\'s new Secure Access Service Edge (SASE) offering is now called Harmony SASE. The world has changed in the last few years, and the old way of securing a standard on-premises network, with its notions of inside and outside the perimeter, is no longer enough. There are many reasons for this change including the rise of public cloud networks for hosting applications and data, and the enhanced workflow agility from software as a service platforms like Salesforce and Office 365. Add to that the increasing trend of remote work and the need for high performance connections, and it\'s clear […] |
Prediction Cloud | ★★ | |
|
2024-02-12 22:37:28 | GCP-2024-008 (lien direct) | Publié: 2024-02-12 Description Description Gravité notes CVE-2023-5528 Permet à un attaquant de créer des pods et des volumes persistants sur les nœuds Windows d'une manière qui permet l'escalade du privilège d'administration sur ces nœuds. pour les instructions et plus de détails, voir leBulletins suivant: GKE Sécurité Bulletin Bulletin Bulletin Bulletin Bulletin Bulletin Bulletin de sécurité GKE GKE GKE gke sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur GKE sur le bulletin de sécurité en métal nu High CVE-2023-5528 Published: 2024-02-12Description Description Severity Notes CVE-2023-5528 allows an attacker to create pods and persistent volumes on Windows nodes in a way that enables admin privilege escalation on those nodes. For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-5528 | Cloud | ||
|
2024-02-12 20:14:28 | Pourquoi les relations de regard sont essentielles pour fournir une expérience utilisateur phénoménale Why Peering Relationships are Key to Providing a Phenomenal User Experience (lien direct) |
> L'un des nombreux avantages de l'exécution de votre propre infrastructure de cloud privé est l'amélioration des performances lorsque vous contrôlez votre propre connectivité, raccourcissant le chemin et réduisant la latence pour les deux utilisateurs se connectant à votre cloud privé et à votre connectivité au premier mile aux applicationsEt services.L'alternative, et une utilisée par celles utilisant le public [& # 8230;]
>One of the many benefits of running your own private cloud infrastructure are the performance improvements when you\'re in control of your own connectivity, shortening the path and reducing latency for both users connecting to your private cloud and first mile connectivity to applications and services. The alternative, and one used by those utilizing public […] |
Cloud Commercial | ★★ | |
 |
2024-02-12 15:06:28 | Campagne de rachat de compte Cloud Azure en cours ciblant le personnel senior Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel (lien direct) |
> Une campagne de rachat actif du cloud a eu un impact sur des dizaines d'environnements Azure et compromis des centaines de comptes d'utilisateurs
>An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts. |
Cloud | ★★★ | |
|
2024-02-12 13:00:14 | Les problèmes de personnes bloquent-ils votre migration de cloud sécurisée? Are People Problems Blocking Your Secure Cloud Migration? (lien direct) |
> Jonathan Maresky, Cloud Security Product Marketing Manager Qu'est-ce qui obtient des migrations cloud réussies et sécurisées?Demandez à la plupart des DSI, des architectes de cloud ou des ingénieurs informatiques qui questionnent, et leur esprit ira probablement d'abord aux obstacles technologiques & # 8211;Comme la complexité du déplacement des applications héritées dans le cloud, ou le défi de mettre à jour les politiques de sécurité pour répondre aux menaces du cloud.Ou, ils pourraient mentionner la difficulté du processus de migration du cloud lui-même.Ces défis font partie des raisons pour lesquelles la migration du cloud sécurisée peut être difficile pour de nombreuses organisations.Mais voici un autre problème qui a tendance à recevoir moins de discussions: les gens haies, par [& # 8230;]
>Jonathan Maresky, Cloud Security Product Marketing Manager What gets in the way of successful and secure cloud migrations? Ask most CIOs, cloud architects or IT engineers that question, and their minds will probably first go to technological hurdles – like the complexity of moving legacy apps into the cloud, or the challenge of updating security policies to address cloud threats. Or, they might mention the difficulty of the cloud migration process itself. Those challenges are part of why secure cloud migration can be hard for many organizations. But here’s another issue that tends to receive less discussion: People hurdles, by […] |
Cloud | ★★★ | |
|
2024-02-12 11:00:00 | Le réseau sécurisé commence (et se termine) au point final Secure networking starts (and ends) at the endpoint (lien direct) |
One step behind
The last decade has been challenging for the cyber industry. Attackers always seem to have the upper hand while defenders play catch up. It’s common to point to the ever-accelerating frequency and sophistication of attacks, siloed security that creates gaps, and a shortage of skilled cyber professionals as rationale for this lagging position. All are true but none represent the core reason for our current situation.
The reason we are where we are is because of cloud computing. Don’t get me wrong, cloud computing has been and continues to be profoundly beneficial. It enabled digital transformation that reshaped how we do business. But it is also a huge disruptor that turned traditional, centralized computing and data networking models on their head, forcing carriers and network suppliers alike to innovate and adapt or risk obsolescence. And as networking models shifted, from centralized to distributed, so too did security, but always at a lagging pace.
With cloud computing, distributed networking, and cloud-based security becoming standard, organizations must reassess their cybersecurity approach. It is imperative that they adopt comprehensive end-to-end solutions that align with the evolving landscape of cloud computing and connectivity to address their cyber challenges.
Cloud computing’s cascading effect
It’s always been about data – where data lives and how it is accessed by users. Shifts in data residency and access have triggered a series of events, beginning with:
Our introduction to the cloud
Server virtualization and cloud compute infrastructure, frequently referred to as infrastructure as a service (IaaS), ushered in low cost, flexible, and resource efficient computing via virtual machines (VMs)
Growth in cloud computing shifted focus to new ways that enabled users, whether in offices (sites) or at home (remote users), to access the data required to perform their job duties
Cloud adoption led to new networking models
Networks were re-architected to align with shifting data residency, from centralized data centers to distributed cloud infrastructure
This transition included moving from MPLS/datacenter designs to SD-WAN with Internet breakouts and hybrid or multi-cloud solutions
Network security transformation lagged
As data networking models evolved so too did network security, but at a lagging pace
Over time, the expansion of cloud-delivered security solutions helped organizations to align and optimize network security within this new cloud and networking environment
But this new data and networking paradigm requires consideration beyond network security
Endpoint security has become more critical to consider in this new age of cloud computing and network connectivity where the focus is now squarely on enabling users on laptops, desktops, and mobile devices (endpoints) to access data on cloud servers and VMs (also endpoints)
Endpoints bookend this continuum of users accessing data on cloud workloads, and as an essential part of the communications flow, they must be considered when designing an end-to-end security solution
Doubling down on the cloud
We have come a long way from the initial cloud use case of test/dev. We’ve since moved to running production-grade applications in the cloud and are now entering the next phase of cloud application development – microservices and containerization. As the cloud becomes increasingly foundational to your organization, it is crucial to prioritize robust security for all cloud workloads. This includes ensuring top-performing endpoint security not only for VMs but a |
Mobile Cloud | ★★ | |
|
2024-02-12 10:00:00 | Les compromis Azure en cours Target Target Senior Execs, Microsoft 365 Apps Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps (lien direct) |
Les attaquants franchissent des environnements cloud et jouent à des jeux avec les applications Microsoft 365 d'entreprise, et d'autres victimes sont susceptibles de venir.
Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come. |
Cloud | ★★ | |
|
2024-02-12 09:21:01 | Infodis fait l\'acquisition de Prolival (lien direct) | Infodis achève sa stratégie de transformation vers les services d'Infogérance, Cloud et Cybersécurité avec l'acquisition de la société Prolival et de son Cloud souverain Horizon. - Business | Cloud | ★★ | |
|
2024-02-12 08:21:20 | Logrhythm élargit le partenariat avec la finance électronique LogRhythm Expands Partnership with e-finance (lien direct) |
Logrhythm élargit le partenariat avec la finance électronique pour accélérer l'innovation de cybersécurité en Égypte
La finance électronique ajoute un logythme à sa plate-forme de cloud computing intégrée pour une croissance numérique sûre et sécurisée qui s'aligne sur l'Égypte Vision 2030
-
nouvelles commerciales
LogRhythm Expands Partnership with e-finance to Accelerate Cybersecurity Innovation in Egypt e-finance adds LogRhythm to its integrated cloud computing platform for safe and secure digital growth that aligns with Egypt Vision 2030 - Business News |
Cloud | ★★ | |
|
2024-02-12 08:02:39 | 4 étapes pour empêcher le compromis des e-mails des fournisseurs dans votre chaîne d'approvisionnement 4 Steps to Prevent Vendor Email Compromise in Your Supply Chain (lien direct) |
Supply chains have become a focal point for cyberattacks in a world where business ecosystems are increasingly connected. Email threats are a significant risk factor, as threat actors are keen to use compromised email accounts to their advantage. Every month, a staggering 80% of Proofpoint customers face attacks that originate from compromised vendor, third-party or supplier email accounts. Known as supplier account compromise, or vendor email compromise, these attacks involve threat actors infiltrating business communications between trusted partners so that they can launch internal and external attacks. Their ultimate goal might be to steal money, steal data, distribute malware or simply cause havoc. In this blog post, we\'ll explain how vendor emails are compromised and how you can stop these attacks. Finally, we\'ll tell you how Proofpoint can help. What\'s at stake Supply chain compromise attacks can be costly for businesses. IBM, in its latest Cost of a Data Breach Report, says that the average total cost of a cyberattack that involves supply chain compromise is $4.76 million. That is almost 12% higher than the cost of an incident that doesn\'t involve the supply chain. In addition to the financial implications, compromised accounts can lead to: Phishing scams that result in even more compromised accounts Reputational and brand damage Complex legal liabilities between business partners How does vendor email compromise occur? Supply chain compromise attacks are highly targeted. They can stretch out over several months. And typically, they are structured as a multistep process. The bad actor initiates the assault by gaining access to the email account of a vendor or supplier through various means. Phishing attacks are one example. Once the attacker gains access, they will lay low for an extended period to observe the vendor\'s email communications. During this time, the adversary will study the language and context of messages so that they can blend in well and avoid detection. Attackers might also use this observation period to establish persistence. They will create mail rules and infrastructure so that they can continue to receive and send messages even after the vendor has regained control of the account. Once they establish access and persistence, the attackers will begin to insert themselves into conversations within the supplier\'s company as well as with external partners and customers. By posing as the sender, the attacker takes advantage of established trust between parties to increase their chances of success. Overview of a vendor email compromise attack. Proofpoint has observed a growing trend of attackers targeting accounts within smaller businesses and using them to gain entry into larger companies. Threat actors often assume that small businesses have less protection than large companies. They see them as targets that can help them achieve a bigger payday. How to stop vendor email compromise If you want to defend against these attacks, it\'s critical to understand the methods behind them. Such a formidable problem requires a strategic and multilayered solution. The four broad steps below can help. Step 1: Know your suppliers Your first line of defense against these email attacks sounds simple, but it\'s challenging. It is the ability to intimately “know your supplier” and understand their security strategy. This requires more than a one-time vendor assessment. Your security teams will need to prioritize continuous monitoring of your company\'s business partnerships. On top of that knowledge, you need a thorough understanding of the access and privileges that your business grants to each vendor. Compromised accounts that have uncontrolled access may be able to exfiltrate sensitive data or upload malware like ransomware. So, when you know what your suppliers can (and can\'t) access, you can identify a data breach faster. Other steps, like requiring multifactor authentication (MFA) for vendor accounts, can | Ransomware Data Breach Malware Tool Threat Studies Prediction Cloud | ★★★ | |
|
2024-02-12 07:37:05 | Alerte communautaire: campagne malveillante en cours impactant les environnements cloud Azure Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments (lien direct) |
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the attack and offers suggestions that affected organizations can implement to protect themselves from it. What are we seeing? In late November 2023, Proofpoint researchers detected a new malicious campaign, integrating credential phishing and cloud account takeover (ATO) techniques. As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents. For example, some weaponized documents include embedded links to “View document” which, in turn, redirect users to a malicious phishing webpage upon clicking the URL. Threat actors seemingly direct their focus toward a wide range of individuals holding diverse titles across different organizations, impacting hundreds of users globally. The affected user base encompasses a wide spectrum of positions, with frequent targets including Sales Directors, Account Managers, and Finance Managers. Individuals holding executive positions such as “Vice President, Operations”, "Chief Financial Officer & Treasurer" and "President & CEO" were also among those targeted. The varied selection of targeted roles indicates a practical strategy by threat actors, aiming to compromise accounts with various levels of access to valuable resources and responsibilities across organizational functions. Following the attack\'s behavioral patterns and techniques, our threat analysts identified specific indicators of compromise (IOCs) associated with this campaign. Namely, the use of a specific Linux user-agent utilized by attackers during the access phase of the attack chain: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Attackers predominantly utilize this user-agent to access the \'OfficeHome\' sign-in application along with unauthorized access to additional native Microsoft365 apps, such as: \'Office365 Shell WCSS-Client\' (indicative of browser access to Office365 applications) \'Office 365 Exchange Online\' (indicative of post-compromise mailbox abuse, data exfiltration and email threats proliferation) \'My Signins\' (used by attackers for MFA manipulation; for more info about this technique, see our recent Cybersecurity Stop of the Month blog) \'My Apps\' \'My Profile\' Post compromise risks Successful initial access often leads to a sequence of unauthorized post-compromise activities, including: MFA manipulation. Attackers register their own MFA methods to maintain persistent access. We have observed attackers choosing different authentication methods, including the registration of alternative phone numbers for authentication via SMS or phone call. However, in most MFA manipulation instances, attackers preferred to add an authenticator app with notification and code. Examples of MFA manipulation events, executed by attackers in a compromised cloud tenant. Data exfiltration. Attackers access and download sensitive files, including financial assets, internal security protocols, and user credentials. Internal and external phishing. Mailbox access is leveraged to conduct lateral movement within impacted organizations and to target specific user accounts with personalized phishing threats. Financial fraud. In an effort to perpetrate financial fraud, internal email messages are dispatched to target Human Resources and Financial departments within affected organizations. Mailbox rules. Attackers create dedicated obfuscation rules, intended to cover their tracks and erase all evidence of malicious activity from victims\' mailboxes. Examples of obfuscation mailbox rules created by attackers following successful account takeover. Operational infrastructure Our forensic analysis of the attack has surfaced several proxies, | Malware Tool Threat Cloud | ★★★ | |
|
2024-02-09 21:23:05 | Comment sécuriser les applications critiques d'entreprise How to Secure Business-Critical Applications (lien direct) |
Alors que les organisations déplacent davantage de leurs applications critiques au cloud, les adversaires déplacent leurs tactiques en conséquence.Et dans le cloud, il est clair que les cybercriminels se tournent sur les applications logicielles: en fait, les données de l'industrie montrent que 8 des 10 meilleures violations en 2023 étaient liées aux applications.Les plus précieux d'entre eux, [& # 8230;]
As organizations move more of their business-critical applications to the cloud, adversaries are shifting their tactics accordingly. And within the cloud, it\'s clear that cybercriminals are setting their sights on software applications: In fact, industry data shows 8 out of the top 10 breaches in 2023 were related to applications. The most valuable of these, […] |
Cloud | ★★★ | |
|
2024-02-09 16:12:53 | Mémo sur les menaces cloud: Retour aux bases: New Darkgate Campaign Exploite Microsoft Teams Cloud Threats Memo: Back to the Basics: New DarkGate Campaign Exploiting Microsoft Teams (lien direct) |
> Darkgate est un logiciel malveillant de marchandise avec plusieurs fonctionnalités, notamment la possibilité de télécharger et d'exécuter des fichiers en mémoire, un module de calcul réseau virtuel caché (HVNC), de keylogging, de capacités de vol d'information et d'escalade de privilège.Ce malware a été livré dans plusieurs campagnes au cours des derniers mois depuis au moins septembre 2023, et l'une des caractéristiques communes [& # 8230;]
>DarkGate is a commodity malware with multiple features including the ability to download and execute files to memory, a hidden virtual network computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. This malware has been delivered in multiple campaigns over the past few months since at least September 2023, and one of the common characteristics […] |
Malware Cloud | ★★★ | |
|
2024-02-09 13:10:00 | Wazuh à l'ère du cloud: naviguer dans les défis de la cybersécurité Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity (lien direct) |
Le cloud computing a innové comment les organisations opérent et gèrent les opérations informatiques, telles que le stockage de données, le déploiement des applications, la mise en réseau et la gestion globale des ressources.Le cloud offre l'évolutivité, l'adaptabilité et l'accessibilité, permettant aux entreprises d'atteindre une croissance durable.Cependant, l'adoption des technologies cloud dans votre infrastructure présente divers risques de cybersécurité et
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and |
Cloud | ★★ |
To see everything:
Our RSS (filtrered)
