What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-23 12:43:53 | Le rapport M-Trends de Mandiant révèle de nouvelles informations issues des enquêtes de première ligne sur la cybercriminalité (lien direct) | La durée médiane d'exposition dans le monde tombe à son niveau le plus bas depuis plus de dix ans ; Les services financiers sont le secteur le plus ciblé par les attaquants Mandiant , filiale de Google Cloud, publie les conclusions de son rapport M-Trends 2024. Ce rapport annuel, désormais dans sa 15e année, fournit une analyse experte des tendances basée sur les enquêtes et remédiations de Mandiant sur les cyberattaques de première ligne menées en 2023. Le rapport 2024 montre que les entreprises (...) - Investigations | Cloud | ★★★ | |
|
2024-04-23 12:12:05 | Avec la nouvelle version de sa solution d\'audit SaaS 1Secure, Netwrix accélère la détection des cybermenaces et protège les données sur site et dans le cloud (lien direct) | La solution Netwrix 1Secure permet aux clients de minimiser les risques de sécurité avant qu'ils ne provoquent des dommages grâce à une évaluation continue de la posture de sécurité. La détection rapide des cyberattaques accélère la capacité de réaction en empêchant les cybermenaces d'échapper au radar. La nouvelle version de Netwrix 1Secure s'enrichit des fonctionnalités suivantes : Amélioration de l'identification et de l'élimination des lacunes de sécurité grâce au module Risk Assessment 2.0. Cela (...) - Produits | Cloud | ★★ | |
 |
2024-04-23 12:00:00 | M-Trends 2024: Notre vue depuis les fronts M-Trends 2024: Our View from the Frontlines (lien direct) |
Attackers are taking greater strides to evade detection. This is one of the running themes in our latest release: M-Trends 2024. This edition of our annual report continues our tradition of providing relevant attacker and defender metrics, and insights into the latest attacker tactics, techniques and procedures, along with guidance and best practices on how organizations and defenders should be responding to threats.
This year\'s M-Trends report covers Mandiant Consulting investigations of targeted attack activity conducted between January 1, 2023 and December 31, 2023. During that time, many of our observations demonstrate a more concerted effort by attackers to evade detection, and remain undetected on systems for longer periods of time:
Increased targeting of edge devices, and platforms that traditionally lack endpoint detection and response solutions.
A more than 50% growth in zero-day usage over the same reporting period in 2022, both by espionage groups as well as financially-motivated attackers.
More “living off the land,” or use of legitimate, pre-installed tools and software within an environment.
Despite the increased focus on evasion by attackers, we are pleased to report that defenders are generally continuing to improve at detecting threats. Dwell time represents the period an attacker is on a system from compromise to detection, and in 2023 the global median dwell time is now 10 days, down from 16 days in 2022. While various factors (such as ransomware) help drive down dwell time, it\'s still a big win for defenders. We can\'t let up, however. Mandiant red teams need only five to seven days on average to achieve their objectives, so organizations must remain vigilant. Other M-Trends 2024 metrics include:
54% of organizations first learned of a compromise from an external source (down from 63% in 2022), while 46% first identified evidence of a compromise internally.
Our engagements most frequently occurred at financial services organizations (17.3%), business and professional services (13.3%), high tech (12.4%), retail and hospitality (8.6%), healthcare (8.1%), and government (8.1%).
The most common initial infection vectors were exploits (38%), phishing (17%), prior compromise (15%), and stolen credentials (10%).
Additional topics covered in detail in M-Trends 2024 include Chinese espionage operations targeting the visibility gap, the evolution of phishing amid shifting security controls, the use of adversary-in-the-middle to overcome multi-factor authentication, cloud intrusion trends, an |
Tool Vulnerability Threat Medical Cloud | ★★★★ | |
 |
2024-04-22 17:03:13 | 5 meilleures pratiques pour sécuriser les ressources AWS 5 Best Practices to Secure AWS Resources (lien direct) |
Les organisations se tournent de plus en plus vers le cloud computing pour l'agilité, la résilience et l'évolutivité.Amazon Web Services (AWS) est à l'avant-garde de cette transformation numérique, offrant une plate-forme robuste, flexible et rentable qui aide les entreprises à stimuler la croissance et l'innovation.Cependant, à mesure que les organisations migrent vers le nuage, elles sont confrontées à un paysage de menaces complexe et croissant de [& # 8230;]
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. However, as organizations migrate to the cloud, they face a complex and growing threat landscape of […] |
Threat Cloud | ★★★ | |
|
2024-04-22 14:00:00 | Niveaux FAKENET-NG: Présentation de la sortie interactive basée sur HTML FakeNet-NG Levels Up: Introducing Interactive HTML-Based Output (lien direct) |
Written by: Beleswar Prasad Padhi, Tina Johnson, Michael Bailey, Elliot Chernofsky, Blas Kojusner
FakeNet-NG is a dynamic network analysis tool that captures network requests and simulates network services to aid in malware research. The FLARE team is committed to maintaining and updating the tool to improve its capabilities and usability. FakeNet is compatible across platforms and extensively customizable; however, we recognized a need to present captured network data in a more intuitive and user-friendly way to help you quickly identify relevant Network-Based Indicators (NBIs). To address this challenge and further enhance the usability, we extended FakeNet-NG to generate HTML-based output that enables you to view, explore, and share captured network data. This feature was implemented by Beleswar Prasad Padhi as part of a Google Summer of Code (GSoC) project that the Mandiant FLARE team mentored in 2023. To learn more about the program and our open-source contributors, check out the introductory post. Interactive HTML-Based Output FakeNet-NG\'s new interactive output is backed by an HTML page coupled with inline CSS and Javascript. Figure 1 shows the new HTML-based output and Figure 2 shows FakeNet-NG\'s existing text-based output. 
Figure 1: FakeNet-NG\'s new HTML-based output
Figure 2: FakeNet-NG\'s text-based output
FakeNet-NG generates each report using a |
Malware Tool Cloud | ★★ | |
 |
2024-04-22 13:00:37 | Apprendre à connaître Netzer Shohet Getting to Know Netzer Shohet (lien direct) |
> Netzer Shohet est un chef de produit basé à Givatayim, en Israël.Il a rejoint Check Point en tant que développeur dans l'équipe d'infrastructure IPS en 2005 et travaille actuellement sur le développement du cloud pour notre plate-forme qui a permis le lancement de CloudGuard WAF, Quantum SD-WAN et Quantum IoT Protect, entre autres.Netzer est titulaire d'un diplôme de maîtrise en philosophie et d'un baccalauréat en informatique et biologie de l'Université de Tel Aviv et a rédigé son livre le plus vendu, «The Cyber-Safe Child», pour aider les parents à enseigner à leurs enfantssur la cyber-sécurité.Quel est votre rôle à Check Point, en particulier au sein de l'équipe de produit?Je travaille comme [& # 8230;]
>Netzer Shohet is a Product Manager based in Givatayim, Israel. He joined Check Point as a developer on the IPS infrastructure team in 2005 and currently works on cloud development for our platform that enabled the launch of CloudGuard WAF, Quantum SD-WAN, and Quantum IoT Protect, among others. Netzer holds a Master\'s degree in Philosophy and a Bachelor\'s degree in Computer Science and Biology from Tel Aviv University and authored his best-selling book, “The Cyber-Safe Child,” to help parents teach their children about cyber safety. What is your role at Check Point, specifically within the product team? I work as […] |
Cloud | ★★ | |
 |
2024-04-22 07:18:51 | Sécuriser les périmètres de nuages Securing cloud perimeters (lien direct) |
> Le changement global vers le cloud computing est indéniable.Selon Statista, le marché mondial de l'informatique du cloud public continue de croître et devrait atteindre environ 679 milliards de dollars américains en 2024. AWS, Azure et Google Cloud Services dominent le marché et offrent l'évolutivité et la rentabilité des entreprises.Néanmoins, tout devient plus compliqué lorsqu'il [& # 8230;]
la publication Suivante sécuriser les périmètres de cloud est un article de Blog Sekoia.io .
>The global shift towards cloud computing is undeniable. According to Statista, the worldwide public cloud computing market continues to grow and is expected to reach an estimated 679 billion U.S. dollars in 2024. AWS, Azure and Google Cloud services dominate the market and offer businesses scalability and cost-effectiveness. Nevertheless, everything becomes more complicated when it […] La publication suivante Securing cloud perimeters est un article de Sekoia.io Blog. |
Cloud | ★★ | |
 |
2024-04-22 02:35:32 | La NSA lance les 10 meilleurs stratégies d'atténuation de la sécurité du cloud NSA Debuts Top 10 Cloud Security Mitigation Strategies (lien direct) |
Alors que les entreprises passent aux configurations hybrides et multi-clouds, les vulnérabilités résultant de erreurs de configuration et de lacunes de sécurité augmentent, attirant l'attention des mauvais acteurs.En réponse, l'Agence américaine de sécurité nationale (NSA) a publié un ensemble de dix stratégies d'atténuation recommandées, publiées plus tôt cette année (avec le soutien de l'Agence américaine de sécurité de la cybersécurité et des infrastructures sur six des stratégies).Les recommandations couvrent la sécurité du cloud, la gestion de l'identité, la protection des données et la segmentation du réseau.Laissez \\ examiner de plus près: 1. Conservez le modèle de responsabilité partagée dans le cloud ...
As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let \' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model... |
Vulnerability Cloud | ★★★ | |
 |
2024-04-19 16:38:00 | Comment les attaquants peuvent posséder une entreprise sans toucher le point final How Attackers Can Own a Business Without Touching the Endpoint (lien direct) |
Les attaquants sont de plus en plus & nbsp; usage de & nbsp; «Networkless» & nbsp; Techniques d'attaque Tibting & NBSP; applications et identités cloud.Voici comment les attaquants peuvent (et sont) & nbsp; compromider les organisations & # 8211; & nbsp; sans jamais avoir besoin de toucher le point final ou les systèmes et services en réseau conventionnels. & Nbsp;
Avant d'entrer dans les détails des techniques d'attaque & nbsp; être & nbsp; utilisée, que ce soit pour discuter de pourquoi
Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here\'s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting into the details of the attack techniques being used, let\'s discuss why |
Cloud | ★★★ | |
 |
2024-04-19 15:59:33 | Réponse AWS au rapport de mars 2024 CSRB AWS Response to March 2024 CSRB report (lien direct) |
Date de publication: & nbsp; 2024/04/19 09:00 AM PDT
AWS est au courant d'un récent rapport du comité d'examen de la cybersécurité (CSRB) concernant une question d'échange en ligne Microsoft 2023.Nous ne sommes pas affectés par les problèmes décrits dans ce rapport et aucune action client n'est requise.
À AWS, la sécurité est notre priorité absolue.Chaque client AWS profite du fait que nous avons l'expérience la plus opérationnelle de tout fournisseur de cloud.Nous avons conçu AWS de sa fondation même pour être le moyen le plus sûr pour nos clients de gérer leurs charges de travail et construit notre culture interne autour de la sécurité en tant qu'impérative commerciale.La sécurité du nuage AWS est unique et différenciée par notre technologie, notre culture et nos pratiques.
Pour en savoir plus, veuillez consulter notre " Comment la culture unique de la sécurité à AWS fait une différence " Article de blog.
& nbsp;
Publication Date: 2024/04/19 09:00 AM PDT AWS is aware of a recent Cyber Safety Review Board (CSRB) report regarding a 2023 Microsoft Online Exchange issue. We are not affected by the issues described in this report and no customer action is required. At AWS, security is our top priority. Every AWS customer benefits from the fact that we have the most operational experience of any cloud provider. We designed AWS from its very foundation to be the most secure way for our customers to run their workloads, and built our internal culture around security as a business imperative. The security of the AWS cloud is unique and differentiated by our technology, culture, and practices. To learn more, please refer to our "How the unique culture of security at AWS makes a difference" blog post. |
Cloud | ||
|
2024-04-18 19:56:43 | Porter Airlines consolide ses nuages, son identité et sa sécurité de point final avec CrowdStrike Porter Airlines Consolidates Its Cloud, Identity and Endpoint Security with CrowdStrike (lien direct) |
Alors que Porter Airlines a mis à l'échelle ses activités, il avait besoin d'une plate-forme de cybersécurité unifiée pour éliminer les défis de la jonglerie de plusieurs produits de sécurité cloud, identité et de point de vue.Porter a consolidé sa stratégie de cybersécurité avec l'architecture à un seul agent de console de la CrowdStrike Falcon & Reg;Plateforme XDR.Avec la plate-forme Falcon, la compagnie aérienne a réduit le coût et la complexité en conduisant [& # 8230;]
As Porter Airlines scaled its business, it needed a unified cybersecurity platform to eliminate the challenges of juggling multiple cloud, identity and endpoint security products. Porter consolidated its cybersecurity strategy with the single-agent, single-console architecture of the AI-native CrowdStrike Falcon® XDR platform. With the Falcon platform, the airline has reduced cost and complexity while driving […] |
Cloud | ★★★ | |
|
2024-04-18 13:00:58 | Miercom NGFW Security Benchmark 2024: Pourquoi il est important pour la sécurité du réseau cloud Miercom NGFW Security Benchmark 2024: Why It Matters for Cloud Network Security (lien direct) |
> Alors que les entreprises passent de plus en plus vers le cloud, la sécurité du cloud est une priorité absolue.Les clients nous disent que plus leur confiance dans leur sécurité dans leur cloud est grande, plus ils migreront rapidement et plus ils se déplaceront vers le cloud.Une importance particulière est particulièrement importante, une couche fondamentale de défense avec une atténuation des risques les plus larges et un ratio de coûts / avantages les plus larges.Selon les cyberratings, «les pare-feu de réseau cloud sont considérés comme la première ligne de défense lorsqu'ils sont déployés dans des fournisseurs de cloud publics tels que les services Web d'Amazon, Google Cloud Platform et Microsoft Azure».Dans cet article, nous résumons une partie de la [& # 8230;] [& # 8230;]
>As businesses increasingly transition to the cloud, cloud security is a top priority. Customers tell us that the greater their confidence in their cloud security, the faster they will migrate, and the more workloads they will move to the cloud. Of particular importance is cloud network security, a foundational layer of defense with broadest risk mitigation and best cost/benefit ratio. According to CyberRatings, “Cloud network firewalls are considered to be the first line of defense when deployed in public cloud providers such as Amazon Web Services, Google Cloud Platform and Microsoft Azure.” In this article, we’ll summarize some of the […] |
Cloud | ★★ | |
|
2024-04-18 12:30:46 | Cohesity annonce sa collaboration avec Intel (lien direct) | Cohesity intègre les capacités d'informatique confidentielle d'Intel au sein de Cohesity Data Cloud Cette collaboration renforce la sécurisation du stockage des données dans le cloud, et réduit les risques que les cybercriminels font peser sur les données des entreprises. - Business | Cloud | ★★ | |
|
2024-04-18 08:35:54 | Cisco dévoile Hypershield (lien direct) | Avec Hypershield, Cisco réinvente la sécurité des data centers et du cloud à l'ère de l'IA Cisco Hypershield offre les capacités de sécurité et de connectivité hyperscale pour les entreprises Résumé de l'annonce : Cisco soutient et sécurise la révolution de l'IA dans les centres de données et dans les services clouds, afin de sécuriser toutes les applications et tous les terminaux, quelle que soit la manière dont ils sont distribués ou connectés. Dans un environnement toujours plus interconnecté, le délai entre la détection d'une vulnérabilité et son exploitation est de plus en plus court. Ainsi, la défense contre le paysage de menaces de plus en plus sophistiqué et complexe dans les centres de données dépasse l'échelle humaine. Cisco Hypershield permet aux clients de mettre en place la sécurité où ils en ont besoin – au niveau du réseau, dans leurs centres de données, dans leurs instances dans le cloud et dans les environnements industriels. Grâce à la sécurité alimentée par l'IA, les clients peuvent segmenter leurs réseaux de manière autonome, et bénéficient également d'une protection quasi en temps-réel contre les exploits évitant des patchs correctifs, et aussi de mises à jour logicielles autonomes, ne nécessitant aucune interruption de services. - Produits | Threat Cloud | ★★★ | |
 |
2024-04-18 02:00:00 | L'outil open source recherche des signaux dans les journaux cloud Noisy AWS Open Source Tool Looks for Signals in Noisy AWS Cloud Logs (lien direct) |
Permiso Security a annoncé le cartographe de console Cloud pendant Black Hat Asia pour aider les défenseurs à regarder à l'intérieur des journaux des événements de services Web Amazon pour les signes de cyberattaques.
Permiso Security announced Cloud Console Cartographer during Black Hat Asia to help defenders look inside Amazon Web Services events logs for signs of cyberattacks. |
Tool Cloud | ★★ | |
 |
2024-04-17 20:31:47 | Débout APT44: Russie \\ est le cyber-sabotage de la Russie Unearthing APT44: Russia\\'s Notorious Cyber Sabotage Unit Sandworm (lien direct) |
#### Géolocations ciblées
- Ukraine
## Instantané
Parrainé par le renseignement militaire russe, l'APT44 est un acteur de menace dynamique et mature opérationnel qui est activement engagé dans le spectre complet des opérations d'espionnage, d'attaque et d'influence.
** Microsoft suit cet apt en tant que blizzard de coquille.[En savoir plus à leur sujet ici.] (Https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb) **
## Description
APT44 est un acteur de menace dynamique et mature opérationnel qui est activement engagé dans le spectre complet des opérations d'espionnage, d'attaque et d'influence.Le groupe a perfectionné chacune de ces capacités et a cherché à les intégrer dans un livre de jeu unifié au fil du temps.APT44 a poursuivi de manière agressive un effort à plusieurs volets pour aider les militaires russes à obtenir un avantage en temps de guerre et est responsable de presque toutes les opérations perturbatrices et destructrices contre l'Ukraine au cours de la dernière décennie.Le groupe présente une menace persistante et de forte gravité pour les gouvernements et les opérateurs d'infrastructures critiques dans le monde entier où les intérêts nationaux russes se croisent.L'APT44 est considéré par le Kremlin comme un instrument flexible de pouvoir capable de desservir les intérêts et les ambitions nationaux de la Russie, y compris les efforts visant à saper les processus démocratiques à l'échelle mondiale.Le soutien du groupe des objectifs politiques du Kremlin a abouti à certaines des cyberattaques les plus importantes et les plus consécutives de l'histoire.En raison de son histoire de l'utilisation agressive des capacités d'attaque du réseau dans des contextes politiques et militaires, l'APT44 présente un risque de prolifération significatif de nouveaux concepts et méthodes de cyberattaques.L'APT44 continuera certainement à présenter l'une des cyber-menaces de gravité la plus large et la plus élevée dans le monde.
## Recommandations
[Pour plus de CIO, visitez leur collection Virustotal ici.] (Https://www.virustotal.com/gui/collection/0bd93a520cae1fd917441e6e54ff263c88069ac5a7f8b9e55ef99cd961b6a1c7/iocs)
## Les références
https://cloud.google.com/blog/topics/thereat-intelligence/apt44-unearthing-sandworm
https://services.google.com/fh/files/misc/apt44-unithing-sandworm.pdf
https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb
#### Targeted Geolocations - Ukraine ## Snapshot Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. **Microsoft tracks this APT as Seashell Blizzard. [Read more about them here.](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb)** ## Description APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. The group has honed each of these capabilities and sought to integrate them into a unified playbook over time. APT44 has aggressively pursued a multi-pronged effort to help the Russian military gain a wartime advantage and is responsible for nearly all of the disruptive and destructive operations against Ukraine over the past decade. The group presents a persistent, high severity threat to governments and critical infrastructure operators globally where Russian national interests intersect. APT44 is seen by the Kremlin as a flexible instrument of power capable of servicing Russia\'s wide-ranging national interests and ambitions, including efforts to undermine democratic processes globally. The group\'s support of the Kremlin\'s political objectives has resulted in some of the largest and mo |
Threat Cloud | ★★ | |
 |
2024-04-17 18:00:31 | Réduire le désabonnement d'incitation avec une composition de modèle explosive Reducing Prompting Churn with Exploding Template Composition (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. In the nascent world of large language models (LLMs), prompt engineering has emerged as a critical discipline. However, as LLM applications expand, it is becoming a more complex challenge to manage and maintain a library of related prompts. At Proofpoint, we developed Exploding Prompts to manage the complexity through exploding template composition. We first created the prompts to generate soft labels for our data across a multitude of models and labeling concerns. But Exploding Prompts has also enabled use cases for LLMs that were previously locked away because managing the prompt lifecycle is so complex. Recently, we\'ve seen exciting progress in the field of automated prompt generation and black-box prompt optimization through DSPy. Black-box optimization requires hand-labeled data to generate prompts automatically-a luxury that\'s not always an option. You can use Exploding Prompts to generate labels for unlabeled data, as well as for any prompt-tuning application without a clear (or tractable) objective for optimization. In the future, Exploding Prompts could be used with DSPy to achieve a human-in-the-loop feedback cycle. We are also thrilled to announce that Exploding Prompts is now an open-source release. We encourage you to explore the code and consider how you might help make it even better. The challenge: managing complexity in prompt engineering Prompt engineering is not just about crafting queries that guide intelligent systems to generate the desired outputs; it\'s about doing it at scale. As developers push the boundaries of what is possible with LLMs, the need to manage a vast array of prompts efficiently becomes more pressing. Traditional methods often need manual adjustments and updates across numerous templates, which is a process that\'s both time-consuming and error-prone. To understand this problem, just consider the following scenario. You need to label a large quantity of data. You have multiple labels that can apply to each piece of data. And each label requires its own prompt template. You timebox your work and find a prompt template that achieves desirable results for your first label. Happily, most of the template is reusable. So, for the next label, you copy-paste the template and change the portion of the prompt that is specific to the label itself. You continue doing this until you figure out the section of the template that has persisted through each version of your labels can be improved. Now you now face the task of iterating through potentially dozens of templates to make a minor update to each of the files. Once you finish, your artificial intelligence (AI) provider releases a new model that outperforms your current model. But there\'s a catch. The new model requires another small update to each of your templates. To your chagrin, the task of managing the lifecycle of your templates soon takes up most of your time. The solution: exploding prompts from automated dependency graphs Prompt templating is a popular way to manage complexity. Exploding Prompts builds on prompt templating by introducing an “explode” operation. This allows a few single-purpose templates to explode into a multitude of prompts. This is accomplished by building dependency graphs automatically from the directory structure and the content of prompt template files. At its core, Exploding Prompts embodies the “write it once” philosophy. It ensures that every change made in a template correlates with a single update in one file. This enhances efficiency and consistency, as updates automatically propagate across all relevant generated prompts. This separation ensures that updates can be made with speed and efficiency so you can focus on innovation rather th | Malware Tool Threat Studies Cloud Technical | ★★★ | |
|
2024-04-17 16:37:00 | Genai: un nouveau mal de tête pour les équipes de sécurité SaaS GenAI: A New Headache for SaaS Security Teams (lien direct) |
L'introduction du Chatgpt d'Open Ai \\ a été un moment déterminant pour l'industrie du logiciel, touchant une course Genai avec sa version de novembre 2022.Les fournisseurs SaaS se précipitent désormais pour mettre à niveau les outils avec des capacités de productivité améliorées qui sont motivées par une IA générative.
Parmi une large gamme d'utilisations, les outils Genai permettent aux développeurs de créer plus facilement des logiciels, d'aider les équipes de vente dans la rédaction de courrier électronique banal,
The introduction of Open AI\'s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, |
Tool Cloud | ChatGPT | ★★ |
|
2024-04-17 13:15:17 | Pourquoi une approche native-première est la clé de la sécurité du cloud Why a Native-First Approach Is Key to Cloud Security (lien direct) |
Une approche native axée sur les natifs offre de meilleures protections et une utilisation plus efficace des ressources que les solutions les meilleures, bénéficiant aux fournisseurs de services cloud et aux clients des utilisateurs finaux.
A native-first approach delivers better protections and a more efficient use of resources than best-of-breed solutions, benefiting cloud service providers and end-user customers alike. |
Cloud | ★★★ | |
 |
2024-04-17 10:38:56 | Sauvegarde et restauration : Commvault muscle son offre cloud avec Appranix (lien direct) | Commvault s'offre Appranix, éditeur d'une plateforme cloud de protection et de restauration des applications. | Cloud | ★★ | |
|
2024-04-17 10:00:00 | Unearthing APT44: Russia\'s Notorious Cyber Sabotage Unit Sandworm (lien direct) | Written by: Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom
With Russia\'s full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group\'s operations in support of Moscow\'s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia\'s conventional forces than in any other previous phase of the conflict. To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia\'s military campaign. Yet the threat posed by Sandworm is far from limited to Ukraine. Mandiant continues to see operations from the group that are global in scope in key political, military, and economic hotspots for Russia. Additionally, with a record number of people participating in national elections in 2024, Sandworm\'s history of attempting to interfere in democratic processes further elevates the severity of the threat the group may pose in the near-term. Given the active and diffuse nature of the threat posed by Sandworm globally, Mandiant has decided to graduate the group into a named Advanced Persistent Threat: APT44. As part of this process, we are releasing a report, “APT44: Unearthing Sandworm”, that provides additional insights into the group\'s new operations, retrospective insights, and context on how the group is adjusting to support Moscow\'s war aims. Key Findings Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. While most state-backed threat groups tend to specialize in a specific mission such as collecting intelligence, sabotaging networks, or conducting information operations, APT44 stands apart in how it has honed each of these capabilities and sought to integrate them into a unified playbook over time. Each of these respective components, and APT44\'s efforts to blend them for combined effect, are foundational to Russia\'s guiding “information confrontation” concept for cyber warfare. 
Figure 1: APT44\'s spectrum of operations
APT44 has aggressively pursued a multi- |
Malware Tool Threat Mobile Cloud | NotPetya | ★★ |
 |
2024-04-17 10:00:00 | Introduction à l'analyse de la composition logicielle et comment sélectionner un outil SCA Introduction to Software Composition Analysis and How to Select an SCA Tool (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Software code is constantly growing and becoming more complex, and there is a worrying trend: an increasing number of open-source components are vulnerable to attacks. A notable instance was the Apache Log4j library vulnerability, which posed serious security risks. And this is not an isolated incident. Using open-source software necessitates thorough Software Composition Analysis (SCA) to identify these security threats. Organizations must integrate SCA tools into their development workflows while also being mindful of their limitations. Why SCA Is Important Open-source components have become crucial to software development across various industries. They are fundamental to the construction of modern applications, with estimates suggesting that up to 96% of the total code bases contain open-source elements. Assembling applications from diverse open-source blocks presents a challenge, necessitating robust protection strategies to manage and mitigate risks effectively. Software Composition Analysis is the process of identifying and verifying the security of components within software, especially open-source ones. It enables development teams to efficiently track, analyze, and manage any open-source element integrated into their projects. SCA tools identify all related components, including libraries and their direct and indirect dependencies. They also detect software licenses, outdated dependencies, vulnerabilities, and potential exploits. Through scanning, SCA creates a comprehensive inventory of a project\'s software assets, offering a full view of the software composition for better security and compliance management. Although SCA tools have been available for quite some time, the recent open-source usage surge has cemented their importance in application security. Modern software development methodologies, such as DevSecOps, emphasize the need for SCA solutions for developers. The role of security officers is to guide and assist developers in maintaining security across the Software Development Life Cycle (SDLC), ensuring that SCA becomes an integral part of creating secure software. Objectives and Tasks of SCA Tools Software Composition Analysis broadly refers to security methodologies and tools designed to scan applications, typically during development, to identify vulnerabilities and software license issues. For effective management of open-source components and associated risks, SCA solutions help navigate several tasks: 1) Increasing Transparency A developer might incorporate various open-source packages into their code, which in turn may depend on additional open-source packages unknown to the developer. These indirect dependencies can extend several levels deep, complicating the understanding of exactly which open-source code the application uses. Reports indicate that 86% of vulnerabilities in node.js projects stem from transitive (indirect) dependencies, w | Tool Vulnerability Threat Patching Prediction Cloud Commercial | ★★ | |
|
2024-04-17 09:25:39 | Prodware signe un partenariat avec le groupe inherent (lien direct) | Prodware, filiale du groupe Phast, leader de l'accompagnement en transformation digitale, signe un partenariat stratégique avec le groupe inherent, 1er opérateur alternatif cloud, connectivité et cybersécurité B2B en France - Business | Cloud | ★★ | |
|
2024-04-16 20:23:58 | Kim Larsen Nouveau responsable de la sécurité de l'information chez le vendeur de protection des données SaaS Keepit Kim Larsen New Chief Information Security Officer at SaaS Data Protection Vendor Keepit (lien direct) |
Pas de details / No more details | Cloud | ★★ | |
|
2024-04-16 18:56:00 | Les outils AWS, Google et Azure CLI pourraient fuir les informations d'identification dans les journaux de construction AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs (lien direct) |
La nouvelle recherche sur la cybersécurité a révélé que les outils d'interface de ligne de commande (CLI) d'Amazon Web Services (AWS) et de Google Cloud peuvent exposer des informations d'identification sensibles dans les journaux de construction, posant des risques importants aux organisations.
La vulnérabilité a été nommée Coded & nbsp; Leakycli & nbsp; par la société de sécurité cloud Orca.
"Certaines commandes sur Azure CLI, AWS CLI et Google Cloud CLI peuvent exposer des informations sensibles
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in |
Tool Vulnerability Cloud | ★★★★ | |
 |
2024-04-16 18:42:47 | La nouvelle vulnérabilité «Leakycli» fuit AWS et Google Cloud Indementiels New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials (lien direct) |
par waqas Une vulnérabilité critique nommée Leakycli expose les informations d'identification de cloud sensibles à partir d'outils populaires utilisés avec AWS et Google Cloud.Cela présente un risque majeur pour les développeurs, montrant la nécessité de pratiques de sécurité solides.Apprenez à atténuer Leakycli et fortifier votre infrastructure cloud. Ceci est un article de HackRead.com Lire la publication originale: | Tool Vulnerability Cloud | ★★★ | |
|
2024-04-16 16:40:00 | Identité dans l'ombre: faire la lumière sur les menaces invisibles de la cybersécurité Identity in the Shadows: Shedding Light on Cybersecurity\\'s Unseen Threats (lien direct) |
Dans le paysage numérique en évolution rapide d'aujourd'hui, les organisations sont confrontées à un éventail de plus en plus complexe de menaces de cybersécurité.La prolifération des services cloud et des dispositions de travail à distance a renforcé la vulnérabilité des identités numériques à l'exploitation, ce qui rend impératif pour les entreprises de fortifier leurs mesures de sécurité de l'identité.
Notre récent rapport de recherche, & nbsp; The Identity Underground
In today\'s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground |
Vulnerability Cloud | ★★ | |
|
2024-04-16 16:36:32 | Slashnext Cloud Email Security démontre le taux de détection le plus élevé pour BEC et les menaces avancées de phishing dans une nouvelle évaluation de Tolly SlashNext Cloud Email Security Demonstrates Highest Detection Rate for BEC and Advanced Phishing Threats in New Tolly Evaluation (lien direct) |
Slashnext Cloud Email Security démontre le taux de détection le plus élevé pour BEC et les menaces avancées de phishing dans la nouvelle évaluation Tolly
La précision de la détection de 99% de Slashnext \\ est la plus élevée du marché selon le groupe de test indépendant par rapport à la sécurité anormale et à d'autres fournisseurs de sécurité par e-mail cloud
-
nouvelles commerciales
SlashNext Cloud Email Security Demonstrates Highest Detection Rate for BEC and Advanced Phishing Threats in New Tolly Evaluation SlashNext\'s 99% detection accuracy is the highest in the market according to independent testing group compared to Abnormal Security and other cloud email security providers - Business News |
Cloud | ★★ | |
 |
2024-04-16 13:15:00 | Lefakycli Flaw expose AWS et Google Cloud Credentials LeakyCLI Flaw Exposes AWS and Google Cloud Credentials (lien direct) |
Orca Security a déclaré que le problème reflète une vulnérabilité précédemment identifiée dans Azure CLI
Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI |
Vulnerability Cloud | ★★★ | |
|
2024-04-16 11:57:36 | Genetec Inc. lance Security Center SaaS (lien direct) | Genetec Security Center SaaS se connecte de manière transparente aux dispositifs directement reliés au cloud et optimise les investissements existants dans le contrôle d'accès et les caméras La nouvelle offre prend en charge les flux de travail de connexion directe au cloud ("direct-to-cloud") des appareils Axis, Bosch, Hanwha et i-PRO. Et la nouvelle gamme de dispositifs Genetec Cloudlink permet aux équipements de contrôle d'accès et de caméras déjà déployés de se connecter au cloud. - Produits | Cloud | ★★ | |
|
2024-04-16 08:06:59 | My1Login publie de nouvelles fonctionnalités de plate-forme pour améliorer la sécurité et prendre en charge la migration du cloud d'entreprise My1Login releases new platform features to enhance security and support enterprise cloud migration (lien direct) |
My1Login publie de nouvelles fonctionnalités de plate-forme pour améliorer la sécurité et prendre en charge la migration du cloud d'entreprise
-
revues de produits
My1Login releases new platform features to enhance security and support enterprise cloud migration - Product Reviews |
Cloud | ★★ | |
|
2024-04-16 08:00:38 | Alibaba cloud propose de nouveaux services produits (lien direct) | Alibaba Cloud accélère sa croissance à l'international avec une nouvelle stratégie de tarification et de disponibilité de ses services Alibaba cloud propose de nouveaux services produits pour stimuler le développement de l'IA générative. Cette stratégie de tarification vise à garantir aux entreprises une base stable pour développer leurs stratégies à long terme lors de la planification et du développement de leurs propres applications d'IA. Selina Yuan, présidente de l'activité internationale d'Alibaba Cloud Intelligence, présentant la nouvelle stratégie de tarification d'Alibaba Cloud - Produits | Cloud | ★★ | |
 |
2024-04-15 21:44:22 | L'homme du Nebraska aurait fraudé les fournisseurs de nuages de millions de personnes via le cryptojacking Nebraska man allegedly defrauded cloud providers of millions via cryptojacking (lien direct) |
Pas de details / No more details | Cloud | ★★ | |
|
2024-04-15 18:59:00 | Les changements de Balance confondus se concentrent sur le SaaS et le nuage pour les attaques d'extorsion et de vol de données Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks (lien direct) |
L'acteur de menace connu sous le nom de & nbsp; Mouddled Balance & NBSP; a été observé activement ciblant les applications logicielles en tant que logiciels (SaaS) et les environnements du fournisseur de services cloud (CSP) dans le but d'exfiltrer des données sensibles.
«Les organisations stockent souvent une variété de données dans les applications SaaS et les services d'utilisation des CSP», Palo Alto Networks Unit 42 & NBSP; Said & NBSP; dans un rapport publié la semaine dernière.
"La menace
The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week. "The threat |
Threat Cloud | ★★ | |
 |
2024-04-15 13:00:27 | Ce qui est suivant dans le cortex - XSIAM pour le cloud et d'autres innovations What\\'s Next in Cortex - XSIAM for Cloud and Other Innovations (lien direct) |
> Cortex XSIAM présente de nouvelles capacités pour aider à relever une grande variété de défis, y compris de nouvelles capacités cloud et des améliorations de fonctionnalités.
>Cortex XSIAM introduces new capabilities to help tackle a wide variety of challenges, including new cloud capabilities and feature enhancements. |
Cloud | ★★★ | |
|
2024-04-15 10:59:45 | ESG : comment le " datacenter vert " gagne du terrain (lien direct) | Pour combiner performances cloud et responsabilité environnementale, le datacenter évolue de fond en comble. Les directives de l'Union européenne, les hausses de prix de l'énergie et la demande "ESG" des clients sont les principaux accélérateurs de cette évolution. | Cloud | ★★ | |
|
2024-04-15 08:13:08 | MongoDB étend sa collaboration avec Google Cloud (lien direct) | MongoDB étend sa collaboration avec Google Cloud pour aider ses clients à déployer et à mettre à l'échelle de nouvelles catégories d'applications La disponibilité de MongoDB Atlas Search Nodes sur Google Cloud permet aux entreprises d'isoler et de mettre à l'échelle les charges de travail d'IA générative de manière plus simple et plus rentable. L'extension Vertex AI de Google Cloud pour MongoDB Atlas et la nouvelle intégration entre Spark et BigQuery permettent aux clients de créer des applications d'IA générative de manière encore plus transparente en utilisant leurs propres données. MongoDB rejoint le réseau Industry Value Network (IVN) de Google Cloud et présente une nouvelle intégration de MongoDB Atlas à la solution Manufacturing Data Engine de Google Cloud pour aider les entreprises à créer des solutions adaptées à leur secteur. Le déploiement des outils de gestion de base de données MongoDB Enterprise Advanced (EA) dans le portefeuille de solutions Google Distributed Cloud (GDC) aide les entreprises à exécuter des applications conformes aux exigences de sécurité et de confidentialité des données les plus strictes. - Produits | Tool Cloud | ★★★ | |
 |
2024-04-12 21:24:21 | VPN par Google One Service pour arrêter plus tard cette année VPN By Google One Service To Shut Down Later This Year (lien direct) |
Google a annoncé qu'il fermait son service complémentaire gratuit, VPN de Google One, dans les prochains mois après son lancement il y a moins de quatre ans.
Pour les personnes inconscientes, en octobre 2020, Google a déployé un service de réseau privé virtuel gratuit (VPN) appelé "VPN par Google One" dans certains pays à tous les clients avec des plans d'abonnement de 2 To ou plus sur Google One, son abonnementService de stockage cloud.
De plus, le service VPN gratuit a été annoncé comme une couche supplémentaire de protection en ligne pour votre téléphone Android & # 8221;Et cela permet de la tranquillité d'esprit que vos données sont sûres. & # 8221;
Cependant, 9to5Google rapporte que la société envoie désormais un e-mail à Google One utilisateurs pour les informer de sa fermeture.
«En mettant l'accent sur la fourniture des fonctionnalités et des avantages les plus demandés, nous cessons la livraison gratuite pour sélectionner des commandes imprimées de Google Photos (au Canada, au Royaume-Uni, aux États-Unis et à l'UE) à partir du 15 mai etVPN par Google One plus tard cette année », lit l'e-mail envoyé aux utilisateurs.
Bien que l'e-mail ne mentionne pas la raison spécifique de la fermeture ou la date de clôture exacte du service VPN Google One, un porte-parole de l'entreprise a déclaré à 9to5Google que la société abandonnait la fonctionnalité VPN en raison de l'équipe & # 8220;Les gens trouvés n'étaient tout simplement pas utilisés. & # 8221;
Le porte-parole a également ajouté que la dépréciation permettra à l'équipe de «recentrer» et de «prendre en charge des fonctionnalités plus demandées avec Google One».
Cependant, les propriétaires des smartphones de Pixel 7 de Google et au-dessus pourront toujours utiliser la fonction VPN intégrée gratuite par Google One après qu'il n'est pas disponible via l'application Paramètres sur les périphériques Pixel.
De plus, la fonction VPN disponible avec Google Fi Wireless Service sera également disponible.
Outre ce qui précède, Google a également annoncé la disponibilité de Magic Editor, un outil de retouche photo basé sur l'IA dans Google Photos, à tous les utilisateurs de Pixel, qui était initialement limité aux utilisateurs de Pixel 8 et Pixel 8 Pro.
Google has announced that it is shutting down its free add-on service, VPN by Google One, in the coming months after it was launched less than four years ago. For those unaware, in October 2020, Google rolled out a free virtual private network (VPN) service called “VPN by Google One” in select countries to all customers with 2TB or higher subscription plans on Google One, its subscription-based cloud storage service. Further, the free VPN service was advertised as an “extra layer of online protection for your Android phone” and that allows for “peace of mind that your data is safe.” However, 9to5Google reports that the company is now emailing Google One users to notify them of its shutdown. “With a focus on providing the most in-demand features and benefits, we\'re discontinuing free shipping for select print orders from Google Photos (in Canada, the UK, US, and EU) starting on May 15 and VPN by Google One later this year,” reads the email sent to the users. Although the email doesn\'t mention the specific reason for the shutdown or the exact closing date for the Google One VPN service, a company spokesperson told 9to5Google that the company is discontinuing the VPN feature because the team “found people simply weren\'t using it.” The spokesperson also adde |
Tool Mobile Cloud | ★★ | |
|
2024-04-12 11:11:38 | Palo Alto Networks offre une plateforme SOC de l\'industrie pour le cloud (lien direct) | Palo Alto Networks offre une plateforme SOC de l'industrie pour le cloud Alors que les entreprises investissent dans le cloud, les nouvelles fonctionnalités de Cortex XSIAM permettent aux équipes SecOps d'identifier et de remédier aux menaces sur les applications cloud native, en temps réel. - Produits | Threat Cloud | ★★ | |
 |
2024-04-12 06:10:54 | Législation européenne sur le cloud : Un changement favorable aux fournisseurs américains (lien direct) | Dans un revirement surprenant, il semble que l'Europe n'exige finalement pas que les fournisseurs de cloud soient exemptés des lois non européennes. | Cloud | ★★★ | |
|
2024-04-12 06:00:03 | Arrêt de cybersécurité du mois: vaincre les attaques de création d'applications malveillantes Cybersecurity Stop of the Month: Defeating Malicious Application Creation Attacks (lien direct) |
This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. The goal of this series is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain-reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Supplier compromise EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion MFA manipulation Supply chain compromise Multilayered malicious QR code attack In this post, we examine an emerging threat-the use of malicious cloud applications created within compromised cloud tenants following account takeover. We refer to it as MACT, for short. Background Cloud account takeover (ATO) attacks are a well-known risk. Research by Proofpoint found that last year more than 96% of businesses were actively targeted by these attacks and about 60% had at least one incident. Financial damages reached an all-time high. These findings are unsettling. But there is more for businesses to worry about. Cybercriminals and state-sponsored entities are rapidly adopting advanced post-ATO techniques. And they have embraced the use of malicious and abused OAuth apps. In January 2024, Microsoft revealed that a nation-state attacker had compromised its cloud environments and stolen valuable data. This attack was attributed to TA421 (aka Midnight Blizzard and APT29), which are threat groups that have been attributed to Russia\'s Foreign Intelligence Service (SVR). Attackers exploited existing OAuth apps and created new ones within hijacked cloud tenants. After the incident, CISA issued a new advisory for businesses that rely on cloud infrastructures. Proofpoint threat researchers observed attackers pivoting to the use of OAuth apps from compromised-and often verified-cloud tenants. Threat actors take advantage of the trust that\'s associated with verified or recognized identities to spread cloud malware threats as well as establish persistent access to sensitive resources. The scenario Proofpoint monitors a malicious campaign named MACT Campaign 1445. It combines a known tactic used by cloud ATO attackers with new tactics, techniques and procedures. So far, it has affected dozens of businesses and users. In this campaign, attackers use hijacked user accounts to create malicious internal apps. In tandem, they also conduct reconnaissance, exfiltrate data and launch additional attacks. Attackers use a unique anomalous URL for the malicious OAuth apps\' reply URL-a local loopback with port 7823. This port is used for TCP traffic. It is also associated with a known Windows Remote Access Trojan (RAT). Recently, Proofpoint researchers found four accounts at a large company in the hospitality industry compromised by attackers. In a matter of days, attackers used these accounts to create four distinct malicious OAuth apps. The threat: How did the attack happen? Here is a closer look at how the attack unfolded. Initial access vectors. Attackers used a reverse proxy toolkit to target cloud user accounts. They sent individualized phishing lures to these users, which enabled them to steal their credentials as well as multifactor authentication (MFA) tokens. A shared PDF file with an embedded phishing URL that attackers used to steal users\' credentials. Unauthorized access (cloud account takeover). Once attackers had stolen users\' credentials, they established unauthorized access to the four targeted accounts. They logged in to several native Microsoft 365 sign-in apps, including “Azure Portal” and “Office Home.” Cloud malware (post-access OAuth app creat | Spam Malware Tool Threat Cloud | APT 29 | ★★★ |
 |
2024-04-12 00:00:00 | Les applications s'ouvrent maintenant - Cyber Innova la bourse de cybersécurité avec MTU. Applications Open Now- Cyber Innovates Cyber Security Scholarship with MTU. (lien direct) |
In today\'s digital age, cybersecurity has become paramount. With cyber threats evolving constantly, there\'s a pressing need for innovative solutions and skilled professionals in this field. Munster Technological University (MTU) is stepping up to address this challenge with its groundbreaking Cyber Innovate scholarship programme.
Announced recently by Brian O\'Donovan in an RTE article on Cyber Innovates Scholarship Programme with MTU, MTU\'s Cyber Innovate programme is now open for applications. This initiative aims to foster a new generation of cybersecurity innovators and entrepreneurs by offering a comprehensive 10-month programme coupled with a tax-free scholarship of €38,000. Successful candidates will not only receive a postgraduate qualification in cybersecurity innovation but will also have the opportunity to contribute to the creation of new startups and innovations.
Unlike traditional cybersecurity courses, applicants are not required to have a background in cybersecurity or IT. This opens doors for individuals from diverse fields such as IT, humanities, and business to apply, fostering a collaborative environment where varied skill sets come together to produce groundbreaking solutions.
Dr. Donna O\'Shea, Chair of Cybersecurity at MTU, emphasizes the significance of this initiative, stating, "Our graduates will be catalysts, educators, and leaders-architecting innovative cybersecurity solutions that bolster our national security and propel Ireland to the forefront of global cyber entrepreneurship."
Centered around the Cyber Innovate Immersive Environment (CIIE), participants will dive into real-world cybersecurity challenges and functions. Teams of individuals from diverse backgrounds including cybersecurity, IT, business, and humanities will collaborate closely. Their goal is to identify unmet needs within the cybersecurity sector and leveraging their diverse expertise to develop groundbreaking solutions. They will be supported by a mentorship network comprising industry leaders, cybersecurity experts, venture capitalists, and academics. Participants will also have access to MTU\'s world class cyber security infrastructure including the Cyber Range and Q Cloud.
As Josette O\'Mullane said, "In working with leading cybersecurity educators, researchers, innovators, and industry champions, we envisage the graduates from this programme will initiate a new wave of cybersecurity innovation and entrepreneurship in the region."
A recent report from Cyber Ireland and Cyber Skills highlights the opportunity to grow the cybersecurity workforce to over 17,000 by 2030. MTU\'s Cyber Innovate programme contributes significantly to this vision.
Apply for the cyber security scholarship through the Cyber Innovate website here- MTU Cyber Innovate Scholarship- Applications open until April 19th, 5pm.
In today\'s digital age, cybersecurity has become paramount. With cyber threats evolving constantly, there\'s a pressing need for innovative solutions and skilled professionals in this field. Munster Technological University (MTU) is stepping up to address this challenge with its groundbreaking Cyber Innovate scholarship programme. Announced recently by Brian O\'Donovan in an RTE article on Cyber Innovates Scholarship Programme with MTU, MTU\'s Cyber Innovate programme is now open for applications. This initiative aims to foster a new generation of cybersecurity innovators and entrepreneurs by offering a comprehensive 10-month programme coupled with a tax-free scholarship of €38,000. Successful candidates will not only receive a postgraduate qualification in cybersecurity innovation but will also have the opportunity to contribute to the creation of new startups and innovations. Unlike traditional cybersecurity courses, applicants are not required to have a background in cybersecurity or IT. This opens doors for individuals from diverse fields such as IT, humanities, and business to apply, fostering a collaborative environment where varied skill sets come toget |
Cloud | ★★ | |
|
2024-04-11 18:22:12 | Le service redis expiré a maltraité pour utiliser Metasploit Meterpreter malicieusement Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously (lien direct) |
Les attaquants ont compromis une version de 8 ans de la plate-forme cloud pour distribuer divers logiciels malveillants qui peuvent reprendre les systèmes infectés.
Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems. |
Malware Cloud | ★★★ | |
|
2024-04-11 16:00:43 | Google Cloud et Palo Alto Networks offrent un service NGFW natif du cloud Google Cloud and Palo Alto Networks Deliver Cloud-Native NGFW Service (lien direct) |
> Google Cloud et Palo Alto Networks annoncent l'entreprise de pare-feu de nouvelle génération Google Cloud.Il a de vastes capacités de prévention des menaces.
>Google Cloud and Palo Alto Networks announce Google Cloud Next-Generation Firewall Enterprise. It has extensive threat prevention capabilities. |
Threat Cloud | ★★ | |
|
2024-04-11 13:54:48 | Cado Security rejoint la plate-forme d'intégration Wiz (WIN) Cado Security joins Wiz Integration (WIN) platform (lien direct) |
CADO Security rejoint la plate-forme d'intégration Wiz (WIN) pour permettre la criminalistique cloud et la réponse aux incidents
Le partenariat technologique permet aux clients mutuels de réduire le risque de cloud et d'accélérer les investigations médico-légales des ressources cloud critiques
-
nouvelles commerciales
Cado Security joins Wiz Integration (WIN) platform to enable cloud forensics and incident response Technology partnership enables mutual customers to reduce cloud risk and expedite forensic investigations of critical cloud resources - Business News |
Cloud | ★★ | |
|
2024-04-11 13:27:54 | Revisiter MACT: Applications malveillantes dans des locataires cloud crédibles Revisiting MACT: Malicious Applications in Credible Cloud Tenants (lien direct) |
For years, the Proofpoint Cloud Research team has been particularly focused on the constantly changing landscape of cloud malware threats. While precise future predictions remain elusive, a retrospective examination of 2023 enabled us to discern significant shifts and trends in threat actors\' behaviors, thereby informing our projections for the developments expected in 2024. There is no doubt that one of the major, and most concerning, trends observed in 2023 was the increased adoption of malicious and abused OAuth applications by cybercriminals and state-sponsored actors. In January, Microsoft announced they, among other organizations, were targeted by a sophisticated nation-state attack. It seems that the significant impact of this attack, which was attributed to TA421 (AKA Midnight Blizzard and APT29), largely stemmed from the strategic exploitation of pre-existing OAuth applications, coupled with the creation of new malicious applications within compromised environments. Adding to a long list of data breaches, this incident emphasizes the inherent potential risk that users and organizations face when using inadequately protected cloud environments. Expanding on early insights shared in our 2021 blog, where we first explored the emerging phenomenon of application creation attacks and armed with extensive recent discoveries, we delve into the latest developments concerning this threat in our 2024 update. In this blog, we will: Define key fundamental terms pertinent to the realm of cloud malware and OAuth threats. Examine some of the current tactics, techniques, and procedures (TTPs) employed by threat actors as part of their account-takeover (ATO) kill chain. Provide specific IOCs related to recently detected threats and campaigns. Highlight effective strategies and solutions to help protect organizations and users against cloud malware threats. Basic terminology OAuth (Open Authorization) 2.0. OAuth is an open standard protocol that enables third-party applications to access a user\'s data without exposing credentials. It is widely used to facilitate secure authentication and authorization processes. Line-of-business (LOB) applications. LOB apps (also known as second-party apps) typically refer to applications created by a user within their cloud environment in order to support a specific purpose for the organization. Cloud malware. A term usually referring to malicious applications created, utilized and proliferated by threat actors. Malicious apps can be leveraged for various purposes, such as: mailbox access, file access, data exfiltration, internal reconnaissance, and maintaining persistent access to specific resources. MACT (Malicious Applications Created in Compromised Credible Tenants). A common technique wherein threat actors create new applications within hijacked environments, exploiting unauthorized access to compromised accounts to initiate additional attacks and establish a persistent foothold within impacted cloud tenants. Apphish. A term denoting the fusion of cloud apps-based malware with phishing tactics, mainly by utilizing OAuth 2.0 infrastructure to implement open redirection attacks. Targeted users could be taken to a designated phishing webpage upon clicking an app\'s consent link. Alternatively, redirection to a malicious webpage could follow authorizing or declining an application\'s consent request. Abused OAuth applications. Benign apps that are authorized or used by attackers, usually following a successful account takeover, to perform illegitimate activities. What we are seeing Already in 2020, we witnessed a rise in malicious OAuth applications targeting cloud users, with bad actors utilizing increasingly sophisticated methods such as application impersonation and diverse lures. In October 2022, Proofpoint researchers demonstrated how different threat actors capitalized on the global relevance of the COVID-19 pandemic to spread malware and phishing threats. Proofpoint has also seen this trend include the propagation of malicious OAuth applications seamlessly integ | Malware Threat Prediction Cloud | APT 29 | ★★★ |
|
2024-04-11 09:52:16 | (Déjà vu) Genetec annonce la disponibilité du SaaS du centre de sécurité Genetec announces availability of Security Center SaaS (lien direct) |
Genetec annonce la disponibilité du centre de sécurité SaaS
La solution SaaS de qualité d'entreprise donne aux organisations la liberté de choisir les contrôleurs de porte, les caméras et les appareils qui fonctionnent le mieux pour leur entreprise.
-
revues de produits
Genetec announces availability of Security Center SaaS Enterprise-grade SaaS solution gives organizations the freedom to choose the door controllers, cameras, and devices that work best for their business. - Product Reviews |
Cloud | ★★ | |
|
2024-04-11 09:39:17 | Genetec annonce la disponibilité de Security Center SaaS (lien direct) | Genetec annonce la disponibilité de Security Center SaaS Cette solution SaaS professionnelle donne aux organisations la liberté de choisir les contrôleurs de porte, les caméras et les dispositifs qui conviennent le mieux à leur entreprise. - Produits | Cloud | ★★ | |
|
2024-04-11 06:23:43 | FAQS de l'état de l'État 2024 du rapport Phish, partie 1: Le paysage des menaces FAQs from the 2024 State of the Phish Report, Part 1: The Threat Landscape (lien direct) |
In this two-part blog series, we will address many of the frequently asked questions submitted by attendees. In our first installment, we address questions related to the threat landscape. Understanding the threat landscape is paramount in crafting a human-centric security strategy. That\'s the goal behind our 10th annual State of the Phish report. When you know what threats are out there and how people are interacting with them, you can create a modern cybersecurity strategy that puts the complexity of human behavior and interaction at the forefront. Our report was launched a month ago. Since then, we\'ve followed up with a few webinars to discuss key findings from the report, including: Threat landscape findings: Over 1 million phishing threats involved EvilProxy, which bypasses multifactor authentication (MFA). Yet, 89% of security pros still believe that MFA provides complete protection against account takeover. BEC threat actors benefit from generative AI. Proofpoint detected and stopped over 66 million targeted business email compromise (BEC) attacks per month on average in 2023. User behavior and attitude findings: 71% of surveyed users took at least one risky action, and 96% of them knew that those actions were associated with risk. 58% of those risky actions were related to social engineering tactics. 85% of security pros believed that most employees know they are responsible for security. Yet nearly 60% of employees either weren\'t sure or disagreed. These findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are the definitions of BEC and TOAD? Business email compromise (BEC) essentially means fraud perpetrated through email. It can take many forms, such as advance fee fraud, payroll redirection, fraudulent invoicing or even extortion. BEC typically involves a deception, such as the spoofing of a trusted third party\'s domain or the impersonation of an executive (or literally anyone the recipient trusts). BEC is hard to detect because it is generally pure social engineering. In other words, there is often no credential harvesting portal or malicious payload involved. Threat actors most often use benign conversation to engage the victim. Once the victim is hooked, attackers then convince that person to act in favor of them, such as wiring money to a specified account. Similarly, telephone-oriented attack delivery (TOAD) attacks also use benign conversations. But, in this case, a threat actor\'s goal is to motivate the victim to make a phone call. From there, they will walk their target through a set of steps, which usually involve tricking the victim into giving up their credentials or installing a piece of malware on their computer. TOAD attacks have been associated with high-profile malware families known to lead to ransomware, as well as with a wide variety of remote access tools like AnyDesk that provide the threat actors direct access to victims\' machines. The end goal might still be fraud; for example, there have been cases where payment was solicited for “IT services” or software (Norton LifeLock). But the key differentiator for TOAD, compared with BEC, is the pivot out of the email space to a phone call., is the pivot out of the email space to the phone. What is the difference between TOAD and vishing? TOAD often starts with an email and requires victims to call the fraudulent number within that email. Vishing, on the other hand, generally refers to fraudulent solicitation of personally identifiable information (PII) and may or may not involve email (it could result from a direct call). Some TOAD attempts may fall into this category, but most perpetrators focus on getting software installed on a victim\'s machine. How do you see artificial intelligence (AI) affecting phishing? What are security best practices to help defend against these novel phishing attacks? AI allows threat actors to tighten up grammatical and s | Ransomware Malware Tool Threat Cloud Technical | ★★★ | |
|
2024-04-10 21:10:20 | Wiz acquiert la sécurité des gemms pour étendre la détection et l'offre de réponse au cloud Wiz Acquires Gem Security to Expand Cloud Detection and Response Offering (lien direct) |
Pas de details / No more details | Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
