What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-18 14:15:05 | 5 meilleures pratiques pour sécuriser les ressources Azure 5 Best Practices to Secure Azure Resources (lien direct) |
Le cloud computing est devenu l'épine dorsale des entreprises modernes en raison de son évolutivité, de sa flexibilité et de sa rentabilité.Alors que les organisations choisissent les fournisseurs de services cloud pour alimenter leurs transformations technologiques, ils doivent également sécuriser correctement leur environnement cloud pour protéger les données sensibles, maintenir la confidentialité et se conformer aux exigences réglementaires strictes.Les organisations d'aujourd'hui sont confrontées au défi complexe de dépasser [& # 8230;]
Cloud computing has become the backbone for modern businesses due to its scalability, flexibility and cost-efficiency. As organizations choose cloud service providers to power their technological transformations, they must also properly secure their cloud environments to protect sensitive data, maintain privacy and comply with stringent regulatory requirements. Today\'s organizations face the complex challenge of outpacing […] |
Cloud | ★★★ | |
 |
2024-03-18 11:36:56 | Pourquoi les entreprises SaaS doivent repenser leur approche de test de pénétration Why SaaS businesses need to rethink their penetration testing approach (lien direct) |
> Chaque année, les entreprises comptent de plus en plus sur des plates-formes logicielles en tant que service (SAAS) pour gérer une variété de tâches, telles que l'analyse du site Web, la comptabilité, la paie et l'automatisation des e-mails.La dépendance à l'égard du SaaS est inévitable.Mais il présente des risques et des problèmes de sécurité, ce qui rend les tests de sécurité encore plus critiques.Dans cet article de blog, nous explorerons pourquoi les tests de sécurité pour les entreprises SaaS [& # 8230;]
>Every year, companies increasingly rely on software-as-a-service platforms (SaaS) to handle a variety of tasks, such as website analysis, accounting, payroll, and email automation. Reliance on SaaS is unavoidable. But it introduces risks and security issues, making security testing even more business critical. In this blog post, we’ll explore why security testing for SaaS businesses […] |
Cloud | ★★★ | |
 |
2024-03-18 10:00:00 | Explorer les risques de la technologie de suivi des yeux dans la sécurité VR Exploring the risks of eye-tracking technology in VR security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) offers profound benefits across industries, particularly in education and training, thanks to its immersive nature. Through derivatives, such as 3D learning environments, VR enables learners to gain a deeper understanding of theoretical concepts more quickly and efficiently. However, with the benefits come some dangers. One such risk is the integration of eye-tracking technology within virtual reality environments. While eye-tracking promises to make experiences better and improve security through biometric verification, it also raises privacy concerns. This technology, though handy, could be exploited by cybercriminals. For instance, a recent paper by Rutgers University shows that hackers could use common virtual reality (AR/VR) headsets with motion sensors to capture facial movements linked to speech. This could lead to the theft of sensitive data communicated through voice commands, like credit card numbers and passwords. | Tool Cloud | ★★★ | |
 |
2024-03-15 08:20:02 | Les frais de sortie en voie d\'extinction chez les hyperscalers (lien direct) | Dans la lignée de Google Cloud et d'AWS, Microsoft met fin aux frais de sortie sur Azure, se conformant ainsi au Data Act. | Cloud | ★★ | |
 |
2024-03-14 21:37:36 | Red Canary annonce une couverture complète de tous les principaux fournisseurs de cloud Red Canary Announces Full Coverage of All Major Cloud Providers (lien direct) |
Pas de details / No more details | Cloud | ★★ | |
 |
2024-03-14 16:00:00 | Le nouveau rapport suggère une augmentation des actifs SaaS, le partage des données des employés New Report Suggests Surge in SaaS Assets, Employee Data Sharing (lien direct) |
Docontrol a déclaré qu'un employé sur six aurait partagé les données de l'entreprise par e-mail personnel
DoControl said one in six employees was found to have shared company data via personal email |
Studies Cloud | ★★ | |
 |
2024-03-14 15:54:00 | 3 choses que les cisos réalisent avec Cato 3 Things CISOs Achieve with Cato (lien direct) |
Être un CISO est un acte d'équilibrage: s'assurer que les organisations sont sécurisées sans compromettre la productivité des utilisateurs.Cela nécessite de prendre en considération plusieurs éléments, comme le coût, la complexité, les performances et l'expérience utilisateur.Les CISO du monde entier utilisent Cato SSE 360, dans le cadre de la plate-forme cloud & nbsp; Cato Sase & NBSP; pour équilibrer ces facteurs sans compromis.
Cet article détaille comment sont les cisos
Being a CISO is a balancing act: ensuring organizations are secure without compromising users\' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are |
Cloud | ★★ | |
 |
2024-03-14 15:53:12 | 23andMe Sparks Repenser sur la sauvegarde des données: Stratégies de cloud sur site et hybride 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies (lien direct) |
Récemment 23andMe, le service de test ADN populaire, a fait une admission surprenante: les pirates avaient acquis un accès non autorisé aux données personnelles de 6,9 millions d'utilisateurs, en particulier leurs données \\ 'ADN \'.Ce type de violation de haut niveau a fait la une des journaux à l'échelle mondiale et met naturellement en évidence la nécessité de mesures de sécurité strictes lors de la gestion des données organisationnelles & # 8211;Surtout le type de sensible [& # 8230;]
Le post 23andMe étincelles repenser les données de sauvegarde: les stratégies sur les prévisions par rapport au cloud hybride est apparue pour la première fois sur guru de sécurité informatique .
Recently 23andMe, the popular DNA testing service, made a startling admission: hackers had gained unauthorised access to the personal data of 6.9 million users, specifically their \'DNA Relatives\' data. This kind of high-profile breach made headlines globally, and naturally highlights the need for stringent security measures when handling organisational data – especially the type of sensitive […] The post 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies first appeared on IT Security Guru. |
Cloud | ★★ | |
 |
2024-03-14 14:56:45 | Rapport sur la sécurité des données de Docontrol \\'s 2024 Rapport de sécurité des données SAAS a trouvé que les entreprises créent 286k de nouveaux actifs SaaS chaque semaine et 1 des 6 employés partagés des données avec des e-mails personnels DoControl\\'s 2024 State of SaaS Data Security Report Found Companies Create 286K New SaaS Assets Weekly, and 1 out of 6 Employees Shared Company Data With Personal Email (lien direct) |
Rapport sur la sécurité des données de State of SaaS de Docontrol \\ a trouvé que les entreprises ont trouvé 286k de nouveaux actifs SaaS chaque semaine et 1 des 6 employés partagés les données de l'entreprise avec des e-mails personnels.
L'augmentation de l'exposition des actifs SaaS augmente considérablement le risque de violations potentielles
-
revues de produits
DoControl\'s 2024 State of SaaS Data Security Report Found Companies Create 286K New SaaS Assets Weekly, and 1 out of 6 Employees Shared Company Data With Personal Email. Increased exposure of SaaS assets greatly heightens risk for potential breaches - Product Reviews |
Studies Cloud | ★★★★ | |
|
2024-03-14 14:44:36 | Cellebrite Di Ltd. dévoile l'inspecteur de point de terminaison Cellebrite SaaS Cellebrite DI Ltd. unveils Cellebrite Endpoint Inspector SaaS (lien direct) |
Cellebrite révolutionne la collecte de données avec une solution SaaS révolutionnaire, faisant partie intégrante de la plate-forme de cas à casque de l'entreprise
La nouvelle livraison SaaS transforme l'accès, la collecte et l'analyse des données à partir d'une grande variété d'appareils distants de l'entreprise avec une efficacité inégalée et une sécurité basée sur le consentement
-
revues de produits
Cellebrite Revolutionizes Data Collection with Ground-breaking SaaS Solution, Integral Part of Company\'s Case-to-Closure Platform New SaaS delivery transforms access, collection and analysis of data from a wide variety of remote devices across the enterprise with unparalleled efficiency and consent-based security - Product Reviews |
Cloud | ★★ | |
|
2024-03-14 14:40:51 | CADO Security lance la collecte et le support d'analyse des environnements SaaS Cado Security Launches Collection and Analysis Support of SaaS Environments (lien direct) |
CADO Security lance la collecte et l'analyse du support des environnements SaaS pour accélérer la réponse aux compromis Microsoft 365
La nouvelle fonctionnalité permet aux organisations de comprendre la portée et l'impact entre les environnements SaaS, sur site et cloud.
-
revues de produits
Cado Security Launches Collection and Analysis Support of SaaS Environments to Expedite Response to Microsoft 365 Compromises New feature enables organisations to understand scope and impact across SaaS, on-premise, and cloud environments. - Product Reviews |
Cloud | ★★ | |
|
2024-03-14 13:39:28 | Google Cloud annonce Security Command Center Enterprise (lien direct) | Présentation de Security Command Center Enterprise : La première solution de gestion des risques multicloud avec une approche SecOps et l'apport des l' IA et de la connaissance sur les menaces. Construit sur la base de la structure de sécurité de Google et optimisé par les informations sur les menaces de Mandiant. - Produits | Threat Cloud | ★★★ | |
 |
2024-03-14 12:01:32 | Protection d'URL en temps réel et préservant la confidentialité Real-time, privacy-preserving URL protection (lien direct) |
Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing
For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world. As attackers grow more sophisticated, we\'ve seen the need for protections that can adapt as quickly as the threats they defend against. That\'s why we\'re excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.
Current landscape
Chrome automatically protects you by flagging potentially dangerous sites and files, hand in hand with Safe Browsing which discovers thousands of unsafe sites every day and adds them to its lists of harmful sites and files.
So far, for privacy and performance reasons, Chrome has first checked sites you visit against a locally-stored list of known unsafe sites which is updated every 30 to 60 minutes – this is done using hash-based checks.
Hash-based check overview
But unsafe sites have adapted - today, the majority of them exist for less than 10 minutes, meaning that by the time the locally-stored list of known unsafe sites is updated, many have slipped through and had the chance to do damage if users happened to visit them during this window of opportunity. Further, Safe Browsing\'s list of harmful websites continues to grow at a rapid pace. Not all devices have the resources necessary to maintain this growing list, nor are they always able to receive and apply updates to the list at the frequency necessary to benefit from full protection.
Safe Browsing\'s Enhanced protection mode already stays ahead of such threats with technologies such as real-time list checks and AI-based classification of malicious URLs and web pages. We built this mode as an opt-in to give users the choice of sharing more security-related data in order to get stronger security. This mode has shown that checking lists in real time brings significant value, so we decided to bring that to the default Standard protection mode through a new API – one that doesn\'t share the URLs of sites you visit with Google.
Introducing real-time, privacy-preserving Safe Browsing
How it works
In order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server. The server-side list can include unsafe sites as soon as they are discovered, so it is able to capture sites that switch quickly. It can also grow as large as needed because the |
Malware Mobile Cloud | ★★ | |
|
2024-03-14 11:32:53 | # MIWIC2024: Zinet Kemal, Cloud Security Engineer & # 8211;Meilleur achat #MIWIC2024: Zinet Kemal, Cloud Security Engineer – Best Buy (lien direct) |
Organisé par Eskenzi PR en partenariat médiatique avec le gourou de la sécurité informatique, les femmes les plus inspirantes des Cyber Awards visent à faire la lumière sur les femmes remarquables de notre industrie.Ce qui suit est une caractéristique sur l'une des 20 meilleures femmes de 2024 sélectionnées par un groupe de juges estimé.Présenté dans un format Q & # 38;
Le post # miwic2024: Zinet Kemal,Cloud Security Engineer & # 8211;Best Buy est apparu pour la première fois sur gourou de la sécurité informatique .
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] The post #MIWIC2024: Zinet Kemal, Cloud Security Engineer – Best Buy first appeared on IT Security Guru. |
Cloud | ★★ | |
 |
2024-03-14 06:00:19 | Comment nous avons déployé Github Copilot pour augmenter la productivité des développeurs How We Rolled Out GitHub Copilot to Increase Developer Productivity (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. Inspired by the rapid rise of generative artificial intelligence (GenAI), we recently kicked off several internal initiatives at Proofpoint that focused on using it within our products. One of our leadership team\'s goals was to find a tool to help increase developer productivity and satisfaction. The timing was perfect to explore options, as the market had become flush with AI-assisted coding tools. Our project was to analyze the available tools on the market in-depth. We wanted to choose an AI assistant that would provide the best productivity results while also conforming to data governance policies. We set an aggressive timeline to analyze the tools, collaborate with key stakeholders from legal, procurement, finance and the business side, and then deploy the tool across our teams. In the end, we selected GitHub Copilot, a code completion tool developed by GitHub and OpenAI, as our AI coding assistant. In this post, we walk through how we arrived at this decision. We also share the qualitative and quantitative results that we\'ve seen since we\'ve introduced it. Our analysis: approach and criteria When you want to buy a race car-or any car for that matter-it is unlikely that you\'ll look at just one car before making a final decision. As engineers, we are wired to conduct analyses that dive deeply into all the possible best options as well as list all the pros and cons of each. And that\'s what we did here, which led us to a final four list that included GitHub Copilot. These are the criteria that we considered: Languages supported IDEs supported Code ownership Stability AI models used Protection for intellectual property (IP) Licensing terms Security Service-level agreements Chat interface Innovation Special powers Pricing Data governance Support for a broad set of code repositories We took each of the four products on our shortlist for a test drive using a specific set of standard use cases. These use cases were solicited from several engineering teams. They covered a wide range of tasks that we anticipated would be exercised with an AI assistant. For example, we needed the tool to assist not just developers, but also document writers and automation engineers. We had multiple conversations and in-depth demos from the vendors. And when possible, we did customer reference checks as well. Execution: a global rollout Once we selected a vendor, we rolled out the tool to all Proofpoint developers across the globe. We use different code repos, programming languages and IDEs-so, we\'re talking about a lot of permutations and combinations. Our initial rollout covered approximately 50% of our team from various business units and roles for about 30 days. We offered training sessions internally to share best practices and address challenges. We also built an internal community of experts to answer questions. Many issues that came up were ironed out during this pilot phase so that when we went live, it was a smooth process. We only had a few issues. All stakeholders were aware of the progress, from our operations/IT team to our procurement and finance teams. Our journey from start to finish was about 100 days. This might seem like a long time, but we wanted to be sure of our choice. After all, it is difficult to hit “rewind” on an important initiative of this magnitude. Monitoring and measuring results We have been using GitHub Copilot for more than 150 days and during that period we\'ve been collecting telemetry data from the tool and correlating it with several productivity and quality metrics. Our results have been impressive. When it comes to quantitative results, we have seen a general increase in | Tool Cloud Technical | ★★★ | |
|
2024-03-13 16:08:29 | La recherche révèle que les infostelleurs ciblent les données du secteur des soins de santé Research Reveals That Infostealers Target Healthcare Sector Data (lien direct) |
Les nouvelles recherches de NetSkope Threat Labs ont révélé que les infostateurs étaient les principaux familles de logiciels malveillants et Ransowmare utilisés pour cibler le secteur des soins de santé.Les soins de santé ont été parmi les meilleurs secteurs touchés en 2023 par Mega Breachs, une attaque où plus d'un million de disques ont été volés.Le rapport a également examiné l'augmentation continue de l'adoption des applications cloud [& # 8230;]
Le post Les recherches révèlent que les infostellers ciblent HealthcareLes données du secteur sont apparues pour la première fois sur gourou de la sécurité informatique .
New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where over one million records were stolen. The report also examined the continued increase in cloud app adoption […] The post Research Reveals That Infostealers Target Healthcare Sector Data first appeared on IT Security Guru. |
Malware Threat Medical Cloud | ★★ | |
|
2024-03-13 16:03:00 | Rejoignez notre webinaire sur la protection des identités humaines et non humaines dans les plateformes SaaS Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms (lien direct) |
Les identités sont le dernier point idéal pour les cybercriminels, ciblant désormais fortement les applications SaaS qui sont particulièrement vulnérables dans ce vecteur d'attaque.
L'utilisation des applications SaaS implique un large éventail d'identités, y compris l'homme et le non-humain, tels que les comptes de service, les clés API et les autorisations d'OAuth.Par conséquent, toute identité dans une application SaaS peut créer une ouverture pour les cybercriminels pour
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to |
Cloud | ★★ | |
|
2024-03-13 15:22:30 | Insight expert: comment des perspectives plus diverses peuvent conduire à des solutions plus innovantes Expert Insight: How more diverse perspectives can lead to more innovative solutions (lien direct) |
Depuis un certain temps, il y a un manque inquiétant des compétences requises concernant la sécurité du cloud, la sécurité des données et la sécurité des applications.Surtout au milieu et au niveau supérieur.Une partie de la raison en est que les architectures cloud et les systèmes de plus en plus distribués auxquels nous sommes maintenant habitués ont créé de nouvelles surfaces d'attaque qui [& # 8230;]
Le post Insight expert: comment des perspectives plus diverses peuvent conduire à des solutions plus innovantes est apparue pour la première fois sur gourou de la sécurité informatique .
For some time now, there has been a worrying lack of the requisite skills around cloud security, data security, and application security. Especially within the mid and senior level. Part of the reason is that cloud architectures and the ever more distributed systems we are now used to today has created new attack surfaces that […] The post Expert Insight: How more diverse perspectives can lead to more innovative solutions first appeared on IT Security Guru. |
Cloud | ★★★ | |
|
2024-03-13 14:01:00 | Les attaques de compte nuage ont augmenté de 16 fois en 2023 Cloud Account Attacks Surged 16-Fold in 2023 (lien direct) |
Red Canary a déclaré que les détections de compromis sur les comptes de nuages ont augmenté de 16 fois en 2023, devenant la quatrième technique la plus répandue utilisée par les acteurs de la menace
Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors |
Threat Studies Cloud | ★★★★ | |
|
2024-03-13 10:00:00 | 25 conseils essentiels de cybersécurité et meilleures pratiques pour votre entreprise 25 Essential Cybersecurity tips and best practices for your business (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercrime is quickly becoming one of the biggest threats worldwide, impacting businesses across all sectors. To avoid the risk of a damaging security breach, it\'s crucial to stay updated on the latest cybersecurity tips and practices. Protecting yourself or your business from cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1. Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. | Ransomware Malware Tool Vulnerability Mobile Cloud | LastPass | ★★ |
|
2024-03-13 08:35:54 | Sysdig, nommé 1er pour son CSPM dans le Gartner "Voice of the Customer" (lien direct) | Sysdig, nommé 1er pour son CSPM dans le Gartner "Voice of the Customer" Sysdig se voit attribuer la note la plus élevée dans le rapport Gartner Peer Insights "Voice of the Customer" pour les outils de Cloud Security Posture Management (CSPM). - Magic Quadrant | Tool Cloud | ★★★ | |
|
2024-03-13 08:33:11 | Rubrik lance une solution de sécurité des données de l\'industrie combinant DSPM et cyber-récupération (lien direct) | Rubrik lance la première solution de sécurité des données de l'industrie combinant DSPM et cyber-récupération Rubrik Enterprise Proactive Edition supporte la gestion de la posture de sécurité des données (DSPM) pour le cloud, SaaS et sur site. - Produits | Cloud | ★★★ | |
 |
2024-03-12 23:49:20 | Les nouveaux logiciels malveillants VCURMS ciblent les navigateurs populaires pour le vol de données New Vcurms Malware Targets Popular Browsers for Data Theft (lien direct) |
> Par waqas
Un autre jour, un autre logiciel malveillant exploitant les services cloud pour voler des données sensibles aux utilisateurs de Windows sans méfiance.
Ceci est un article de HackRead.com Lire le post d'origine: Les nouveaux logiciels malveillants VCURMS ciblent les navigateurs populaires pour le vol de données
>By Waqas Another day, another malware exploiting cloud services to steal sensitve data from unsuspecting Windows users. This is a post from HackRead.com Read the original post: New Vcurms Malware Targets Popular Browsers for Data Theft |
Malware Cloud | ★★ | |
|
2024-03-12 16:21:49 | Allier le FinOps au GreenOps pour des dépenses Cloud plus écoresponsables (lien direct) | En adoptant la méthode FinOps, une entreprise s'assure une optimisation de ses investissements Cloud. En l'alliant à une approche GreenOps, elle optimisera aussi l'empreinte carbone de son utilisation du Cloud. | Cloud | ★★ | |
|
2024-03-12 16:15:00 | New Cloud Attack cible Crypto CDN Meson avant le lancement New Cloud Attack Targets Crypto CDN Meson Ahead of Launch (lien direct) |
Sysdig a déclaré que la montée du réseau Meson en blockchain signale une nouvelle frontière pour les attaquants
Sysdig said the rise of the Meson Network in blockchain signals a new frontier for attackers |
Cloud | ★★ | |
|
2024-03-12 15:14:57 | Tout ce que vous avez toujours voulu savoir sur la gestion des politiques de sécurité, et bien plus encore.Catégories Everything you ever wanted to know about security policy management, and much more. Categories (lien direct) |
Tout ce que vous avez toujours voulu savoir sur la gestion des politiques de sécurité, et bien plus encore.
Catégories.Ce message vous guidera à travers la sécurité des applications cloud, y compris son importance.Nous discuterons également des principales menaces de sécurité des applications cloud et de la façon de les atténuer.par
Rony Moshkovich, Algosec
-
nouvelles commerciales
/ /
affiche
Everything you ever wanted to know about security policy management, and much more. Categories. This post will walk you through cloud application security, including its importance. We will also discuss the main cloud application security threats and how to mitigate them. by Rony Moshkovich, Algosec - Business News / affiche |
Cloud | ★ | |
 |
2024-03-12 14:25:08 | Autonomiser l'adoption sécurisée du cloud: une réponse aux directives de la NSA et de la CISA à la cybersécurité Empowering Secure Cloud Adoption: A Response to the NSA and CISA Cybersecurity Guidelines (lien direct) |
> Dans le paysage en constante évolution de la cybersécurité, l'effort de collaboration entre l'Agence nationale de sécurité (NSA) et la Cybersecurity and Infrastructure Security Agency (CISA) dans la publication de cinq fiches d'information conjointes de cybersécurité (CSIS) marque une étape importante dans l'achat d'organisations vers la sécurisation de la sécurisation (CSIS).Adoption du cloud.Ces documents témoignent de la nature critique de sécuriser le cloud [& # 8230;]
>In the ever-evolving landscape of cybersecurity, the collaborative effort between the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in issuing five joint Cybersecurity Information Sheets (CSIs) marks a significant milestone in guiding organizations towards secure cloud adoption. These documents serve as a testament to the critical nature of securing cloud […] |
Cloud | ★★ | |
|
2024-03-12 13:22:25 | Parallels a lancé son parallèle Isolement du navigateur Parallels launched its Parallels Browser Isolation (lien direct) |
Parallels ajoute une solution d'isolement du navigateur à distance à son portefeuille d'espace de travail holistique, permettant un SaaS sécurisé et l'accès aux applications Web
Opérationnel en moins de 10 minutes, l'isolement parallèle du navigateur applique une approche de confiance zéro pour se défendre contre les menaces de sécurité basées sur le navigateur des applications SaaS
-
revues de produits
Parallels Adds Remote Browser Isolation Solution to its Holistic Workspace Portfolio, Enabling Secure SaaS, and Web Application Access Operational in less than 10 minutes, Parallels Browser Isolation enforces Zero Trust approach to defend against browser-based security threats of SaaS applications - Product Reviews |
Cloud | ★★ | |
|
2024-03-12 11:59:14 | Programme de récompense de vulnérabilité: 2023 Année en revue Vulnerability Reward Program: 2023 Year in Review (lien direct) |
Posted by Sarah Jacobus, Vulnerability Rewards Team
Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our 600+ researchers based in 68 countries.
New Resources and Improvements
Just like every year, 2023 brought a series of changes and improvements to our vulnerability reward programs:
Through our new Bonus Awards program, we now periodically offer time-limited, extra rewards for reports to specific VRP targets.
We expanded our exploit reward program to Chrome and Cloud through the launch of v8CTF, a CTF focused on V8, the JavaScript engine that powers Chrome.
We launched Mobile VRP which focuses on first-party Android applications.
Our new Bughunters blog shared ways in which we make the internet, as a whole, safer, and what that journey entails. Take a look at our ever-growing repository of posts!
To further our engagement with top security researchers, we also hosted our yearly security conference ESCAL8 in Tokyo. It included live hacking events and competitions, student training with our init.g workshops, and talks from researchers and Googlers. Stay tuned for details on ESCAL8 2024.
As in past years, we are sharing our 2023 Year in Review statistics across all of our programs. We would like to give a special thank you to all of our dedicated researchers for their continued work with our programs - we look forward to more collaboration in the future!
Android and Google Devices
In 2023, the Android VRP achieved significant milestones, reflecting our dedication to securing the Android ecosystem. We awarded over $3.4 million in rewards to researchers who uncovered remarkable vulnerabilities within Android |
Vulnerability Threat Mobile Cloud Conference | ★★★ | |
|
2024-03-12 07:03:40 | Si vous utilisez l'archivage de Veritas, quelle est votre prochaine étape? If You\\'re Using Veritas Archiving, What\\'s Your Next Step? (lien direct) |
By now, much of the industry has seen the big news about Cohesity acquiring the enterprise data protection business of Veritas Technologies. The transaction will see the company\'s NetBackup technology-software, appliances and cloud (Alta Data Protection)-integrated into the Cohesity ecosystem. But what about other Veritas products? As stated in the Cohesity and Veritas press releases, the “remaining assets of Veritas\' businesses will form a separate company, \'DataCo.\' \'DataCo\' will comprise Veritas\' InfoScale, Data Compliance, and Backup Exec businesses.” Data Compliance includes Veritas Enterprise Vault (EV), which might raise concerns for EV customers. As a new, standalone entity, \'DataCo\' has no innovation track record. In this blog, I provide my opinion on the questionable future of Veritas archiving products, why EV customers should start looking at alternative archiving tools, and why you should trust Proofpoint as your next enterprise archiving solution. EV architecture isn\'t future-proof EV gained a following because it came onto the market just when it was needed. With its big, robust on-premises architecture, EV was ideal to solve the challenges of bloated file and email servers. Companies had on-premises file and email servers that were getting bogged down with too much data. They needed a tool to offload legacy data to keep working and so they could be backed up in a reasonable amount of time. However, with key applications having moved to the cloud over the last decade-plus, storage optimization is no longer a primary use case for archiving customers. While EV has adapted to e-discovery and compliance use cases, its underlying on-premises architecture has struggled to keep up. EV customers still have headaches with infrastructure (hardware and software) planning, budgeting and maintenance, and archive administration. What\'s more, upgrades often require assistance from professional services and support costs are rising. And the list goes on. Today, most cloud-native archives remove virtually all of these headaches. And just like you moved on from DVDs and Blu-ray discs to streaming video, it\'s time to migrate from legacy on-premises archiving architectures, like EV, to cloud-native solutions. Future investments are uncertain When you look back over EV\'s last 5-6 years, you might question what significant innovations Veritas has delivered for EV. Yes, Veritas finally released supervision in the cloud. But that was a direct response to the EOL of AdvisorMail for EV.cloud many years ago. Yes, Veritas added dozens of new data sources for EV. But that was achieved through the acquisition of Globanet-and their product Merge1-in 2020. (They still list Merge1 as an independent product on their website.) Yes, they highlight how EV can store to “Azure, AWS, Google Cloud Storage, and other public cloud repositories” via storage tiering. But that just means that EV extends the physical storage layer of a legacy on-prem archiving architecture to the cloud-it doesn\'t mean it runs a cloud-native archiving solution. Yes, Veritas has cloud-based Alta Archiving. But that\'s just a rebranding and repackaging of EV.cloud, which they retired more than two years ago. Plus, Alta Archiving and Enterprise Vault are separate products. With the Cohesity data protection acquisition, EV customers have a right to question future investments in their product. Will EV revenue alone be able to sustain meaningful, future innovation in the absence of the NetBackup revenue “cash cow”? Will you cling to hope, only to be issued an EOL notice like Dell EMC SourceOne customers? Now is the time to migrate from EV to a modern cloud-native archiving solution. How Proofpoint can help Here\'s why you should trust Proofpoint for your enterprise archiving. Commitment to product innovation and support Year after year, Proofpoint continues to invest a double-digit percentage of revenue into all of our businesses, including Proofpoint Int | Tool Studies Cloud Technical | ★★ | |
|
2024-03-11 20:17:00 | Embrasser le cloud: révolutionner la gestion de l'accès privilégié avec une seule identité Pam Essentials Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials (lien direct) |
Alors que les cybermenaces se profilent à chaque coin de rue et que les comptes privilégiés deviennent des cibles privilégiées, l'importance de la mise en œuvre d'une gestion robuste & nbsp; privilégied Access Management (PAM) & nbsp; la solution ne peut pas être surestimée.Avec les organisations de plus en plus migrant vers des environnements cloud, le marché de la solution PAM connaît un changement transformateur vers des offres basées sur le cloud.Une identité Pam Essentials est
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can\'t be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands |
Cloud | ★★ | |
|
2024-03-11 17:03:00 | Prévention des fuites de données à l'ère du cloud computing: une nouvelle approche Data Leakage Prevention in the Age of Cloud Computing: A New Approach (lien direct) |
Alors que le changement de l'infrastructure informatique vers des solutions basés sur le cloud célèbre son anniversaire de 10 ans, il devient clair que les approches traditionnelles sur site de la sécurité des données deviennent obsolètes.Plutôt que de protéger le point final, les solutions DLP doivent recentrer leurs efforts pour savoir où résident les données de l'entreprise - dans le navigateur.
Un nouveau guide de Layerx intitulé "Sur-Prem est mort. Avez-vous ajusté votre Web
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web |
Cloud | ★★★ | |
|
2024-03-11 16:01:47 | Les équipes de sécurité doivent s\'organiser pour gérer les menaces croissantes au sein des applications cloud natives (lien direct) | Les équipes de sécurité doivent s'organiser pour gérer les menaces croissantes au sein des applications cloud natives Eric Salviac, Full-Stack Observability Sales Specialist, Cisco - Points de Vue | Threat Cloud | ★★★ | |
|
2024-03-11 15:00:00 | Comment ne pas devenir la cible du prochain hack Microsoft How Not to Become the Target of the Next Microsoft Hack (lien direct) |
Le nombre alarmant de cyber-menaces ciblant les applications Cloud Microsoft montre que la cybersécurité a besoin d'une refonte.
The alarming number of cyber threats targeting Microsoft cloud applications shows cybersecurity needs an overhaul. |
Hack Cloud | ★★★ | |
|
2024-03-11 14:07:15 | Open Trusted Cloud : que retenir du 1er Baromètre des éditeurs de logiciels européens d\'OVHcloud (lien direct) | Menée par OpinionWay pour OVHcloud en collaboration avec Silicon, la première édition du baromètre Open Trusted Cloud des éditeurs de logiciels (ISV) a recueilli les retours de 167 éditeurs en Europe. Résultat : une cartographie de leur activité et des défis à relever, en particulier dans les domaines de la souverianeté des données et de la cybersécurité. | Studies Cloud | ★★★★ | |
 |
2024-03-11 13:43:18 | Faits saillants hebdomadaires OSINT, 11 mars 2024 Weekly OSINT Highlights, 11 March 2024 (lien direct) |
## Weekly OSINT Highlights, 11 March 2024 The OSINT reporting last week underscores several prevalent trends in cyber threats. Firstly, ransomware continues to be a significant threat, with groups like GhostSec conducting double extortion attacks and offering RaaS programs, while threat actors like SocGholish exploit vulnerabilities in web platforms like WordPress. Additionally, phishing remains a persistent tactic, exemplified by the discovery of the CryptoChameleon kit targeting cryptocurrency platforms and governmental agencies. Furthermore, attackers are targeting misconfigured servers and leveraging 1-day vulnerabilities to conduct various malicious activities, from cryptocurrency mining to unauthorized data collection. These trends emphasize the evolving tactics and motivations of cyber threat actors, highlighting the need for robust cybersecurity measures and vigilance across various sectors and platforms. 1. **[SocGholish Malware Targeting WordPress](https://security.microsoft.com/intel-explorer/articles/0218512b?)**: WordPress websites are targeted by SocGholish malware, initiating with a JavaScript malware framework and leading to potential ransomware infections, often through compromised administrator accounts. 2. **[GhostSec Ransomware Activities Surge](https://security.microsoft.com/intel-explorer/articles/ee5a4e56?)**: GhostSec, a financially motivated hacking group, collaborates with Stormous ransomware in double extortion attacks across various business verticals, offering a ransomware-as-a-service (RaaS) program, with a surge in activities observed recently. 3. **[CryptoChameleon Phishing Kit](https://security.microsoft.com/intel-explorer/articles/9227be0c?)**: Lookout uncovers the CryptoChameleon phishing kit, adept at stealing sensitive data from cryptocurrency platforms and the FCC, utilizing custom single sign-on (SSO) pages and SMS lures, primarily targeting victims in the United States. Notably, the kit includes an administrative console to monitor phishing attempts and offers customized redirections based on victims\' responses, with an emphasis on mimicking authentic MFA processes. 4. **[Malware Campaign Targeting Misconfigured Servers](https://security.microsoft.com/intel-explorer/articles/68797fe5?)**: Cado Security Labs discovers a malware campaign targeting misconfigured servers, leveraging unique payloads and exploiting n-day vulnerabilities for Remote Code Execution (RCE) attacks and cryptocurrency mining. 5. **[Earth Kapre Espionage Group](https://security.microsoft.com/intel-explorer/articles/d2d46a48?)**: Trend Micro exposes the Earth Kapre espionage group, conducting phishing campaigns across multiple countries, with malicious attachments leading to unauthorized data collection and transmission to command-and-control (C&C) servers. 6. **[Magnet Goblin Exploiting 1-Day Vulnerabilities](https://security.microsoft.com/intel-explorer/articles/11616c16?)**: Check Point identifies Magnet Goblin\'s financially motivated attacks, rapidly adopting 1-day vulnerabilities, particularly targeting Ivanti Connect Secure VPN, with a diverse arsenal including a Linux version of NerbianRAT and JavaScript credential stealers. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) - [Cryptojacking: Understanding and defending against cloud compute resource abuse](https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/) Microsoft customers can use the following reports in Mi | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★★ | |
 |
2024-03-11 13:30:06 | La bibliothèque britannique pousse le bouton nuage British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild (lien direct) |
cinq mois après et la récupération de la gigantesque post-ransomware a à peine commencé La bibliothèque britannique dit que l'héritage est le facteur écrasant retardant les efforts pour se remettre de l'attaque du ransomware de Rhysida à la fin de 2023.…
Five months in and the mammoth post-ransomware recovery has barely begun The British Library says legacy IT is the overwhelming factor delaying efforts to recover from the Rhysida ransomware attack in late 2023.… |
Ransomware Cloud | ★★★ | |
|
2024-03-11 13:30:00 | La NSA lance les 10 meilleures stratégies d'atténuation de la sécurité du cloud NSA Launches Top 10 Cloud Security Mitigation Strategies (lien direct) |
L'avis est associé à dix feuilles d'information de cybersécurité complémentaires détaillant comment mettre en œuvre chaque stratégie
The advisory is associated with ten companion cybersecurity information sheets detailing how to implement each strategy |
Cloud | ★★★ | |
|
2024-03-11 13:25:27 | adista : la convergence des expertises connectivité, cloud et cybersécurité au service du Groupe Lagardère et de ses enjeux (lien direct) | adista : la convergence des expertises connectivité, cloud et cybersécurité au service du Groupe Lagardère et de ses enjeux - Marchés | Cloud | ★★ | |
 |
2024-03-11 09:24:09 | OT-ISAC, partenaire Xage pour renforcer les stratégies de cyber-défense à travers OT, IT, Cloud OT-ISAC, Xage partner to bolster cyber defense strategies across OT, IT, cloud (lien direct) |
> Le centre de partage et d'analyse des informations sur les technologies opérationnels (OT-ISAC) a annoncé lundi un partenariat avec Xage Security pour fournir OT-ISAC ...
>Operational Technology Information Sharing and Analysis Center (OT-ISAC) announced Monday a partnership with Xage Security to provide OT-ISAC... |
Industrial Cloud | ★★★ | |
|
2024-03-11 08:36:11 | Dropbox abusé dans le nouveau phishing, l'escroque Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins (lien direct) |
> Par waqas
Ce nouvel atterrissage par e-mail Dropbox dans votre boîte de réception pourrait faire partie d'une attaque de phishing ou de calspam!
Ceci est un article de HackRead.com Lire le post original: Dropbox abusé dans un nouveau phishing, l'escroquerie de calspam pour voler des connexions SaaS
>By Waqas That new Dropbox email landing in your inbox might be part of a phishing or malspam attack! This is a post from HackRead.com Read the original post: Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins |
Cloud | ★★ | |
|
2024-03-11 06:00:16 | How Proofpoint aide les agences gouvernementales fédérales à se défendre contre les cybercriminels et les menaces d'initiés How Proofpoint Helps Federal Government Agencies Defend Against Cybercriminals and Insider Threats (lien direct) |
Protecting people and defending data are ongoing priorities for federal agencies whose missions are constantly under attack. These entities struggle to keep pace with an array of potent threats, like insiders who steal secrets about missile technology and threat actors who use living off the land techniques (LOTL). Proofpoint can provide agencies with a critical edge in their efforts to defend data from risky users and detect real-time identity threats. Products to help with these challenges include: Proofpoint Insider Threat Management Proofpoint Identity Threat Defense This blog takes a closer look at these products and how they help our federal customers. Understand the context behind user behavior with Proofpoint ITM Across all levels of government, data loss is costly-these incidents have cost agencies $26 billion over the past eight years. A critical first step toward preventing data loss and risky behavior is to understand that data does not lose itself. People lose it. Employees, third parties and contractors have access to more data than ever-on their laptops, in email and the cloud. But you can\'t reduce the risk of insider threats without first understanding the context behind user behavior. Context also helps you to choose the best response when an insider-led incident occurs, whether it\'s due to a malicious, compromised or careless user. Proofpoint ITM can help you gain that vital context. It also helps you to move swiftly to address insider threats. Here\'s how: Get a clear picture of threats. You can gain complete context into users and their data activity on endpoints, and web and cloud applications. User attribution is easy thanks to a clear, visual timeline and flexible, real-time screenshots. Identify risks proactively. Proofpoint includes preconfigured indicators of risk that can help you catch user activities in real time, like data exfiltration, privilege abuse, unauthorized access and security controls bypass. The out-of-the-box Insider Threat Library was built using feedback from our customers as well as guidelines from NIST, MITRE and the CERT Division of the Software Engineering Institute at Carnegie Mellon. Investigate faster. You can investigate incidents with more efficiency when you can see user intent. With Proofpoint ITM, you can gather, package and export the evidence (who, what, where, when and user intent) and share it easily with groups outside of security such as HR, legal and privacy. This saves time and reduces the cost of investigations. Get better time to value. Proofpoint ITM has a single, lightweight user-mode agent that is easy to install and invisible to your users. With a converged DLP and ITM solution, you can monitor everyday and risky users. Gain efficiencies and manage risks Here are more ways that Proofpoint ITM helps federal agencies: Manage alert rules efficiently. Alert rules are grouped by categories and assigned to user lists, which streamlines management. Comply with privacy laws. Agencies can protect privacy by anonymizing users in the dashboard, which helps eliminate bias in investigations. Manage risks at a department level. Large agencies can manage employee risks based on their department or group by using Active Directory group-based permissions. Each group has a dedicated security team member or manager. Meet zero trust and CMMC needs Agencies can use ITM to meet their zero trust and Cybersecurity Maturity Model Certification (CMMC) needs as well. Proofpoint ITM capabilities support several pillars of Zero Trust and more than seven domains of CMMC. For Zero Trust, Proofpoint ITM helps agencies align to these pillars: Department of Defense: Data and Visibility and Analytics Pillar Cybersecurity and Infrastructure Security Agency: Data and Devices Pillars Proofpoint Information Protection products help our customers with these CMMC domains: Access Controls Asset Management Audit and Accountability Configuration Management Incident Response Media Protect | Ransomware Vulnerability Threat Cloud | ★★★ | |
|
2024-03-07 21:55:26 | Veeam et Microsoft annoncent le développement conjoint de solutions d\'IA (lien direct) | Veeam et Microsoft annoncent le développement conjoint de solutions d'IA pour la plateforme leader de protection des données et de lutte contre les ransomwares Les deux sociétés commercialiseront conjointement l'offre Veeam Data Cloud pour Microsoft Azure et pour Microsoft 365 annoncée récemment, et qui s'appuie sur la plateforme leader sur le marché de la sauvegarde pour Microsoft 365 avec plus de 18 millions d'utilisateurs protégés. - Produits | Cloud | ★★ | |
|
2024-03-07 19:20:18 | Échange de cloud Netskope pour votre voyage de confiance zéro Netskope Cloud Exchange for Your Zero Trust Journey (lien direct) |
> Au début de 2023, mon collègue et vice-président des intégrations technologiques et du développement commercial, David Willis nous a guidés en réalisant la véritable puissance de Netskope Cloud Exchange.Dans l'article, David a peint l'évolution de l'échange de nuages en mettant l'accent sur la façon dont le module Netkope Cloud Kenet Exchange (CTE) a mûri depuis sa libération.Dans [& # 8230;]
>Early in 2023 my colleague, and VP of Technology Integrations and Business Development, David Willis walked us through Realizing the True Power of Netskope Cloud Exchange. In the article, David painted the evolution of Cloud Exchange with a focus on how the Netskope Cloud Threat Exchange (CTE) module has matured since it was released. In […] |
Threat Cloud | ★★ | |
|
2024-03-07 16:47:17 | Falcon Cloud Security prend en charge le pilote automatique GKE pour sécuriser plus de charges de travail GCP Falcon Cloud Security Supports GKE Autopilot to Secure More GCP Workloads (lien direct) |
Dans le paysage en constante évolution de la sécurité des nuages, rester en avance sur la courbe est primordial.Aujourd'hui, nous annonçons une amélioration passionnante: Crowdsstrike Falcon & Reg;Cloud Security prend désormais en charge le pilote automatique Google Kubernetes Engine (GKE).Cette intégration marque une étape importante dans notre engagement à fournir une sécurité et des solutions axées sur les DevseCops de pointe pour les environnements cloud modernes.Cette nouvelle capacité [& # 8230;]
In the ever-evolving landscape of cloud security, staying ahead of the curve is paramount. Today, we are announcing an exciting enhancement: CrowdStrike Falcon® Cloud Security now supports Google Kubernetes Engine (GKE) Autopilot. This integration marks an important milestone in our commitment to providing cutting-edge DevSecOps-focused security and solutions for modern cloud environments. This new capability […] |
Cloud | ★★★ | |
|
2024-03-07 16:41:00 | Identité humaine vs non humaine en SaaS Human vs. Non-Human Identity in SaaS (lien direct) |
Dans l'environnement SaaS en évolution rapide d'aujourd'hui, l'accent est mis sur les utilisateurs humains.Il s'agit de l'un des domaines les plus compromis de la gestion de la sécurité SaaS et nécessite une gouvernance stricte des rôles et des autorisations utilisateur, la surveillance des utilisateurs privilégiés, leur niveau d'activité (dormant, actif, hyperactif), leur type (interne / externe), qu'ils soientMenés, déménageurs, ou sortants, et plus encore. & nbsp;
Pas
In today\'s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more. Not |
Cloud | ★★ | |
|
2024-03-07 14:51:14 | Cellebrite lance le processus d'autorisation FedRamp Cellebrite Launches FedRAMP Authorization Process (lien direct) |
Cellebrite lance le processus d'autorisation Fedramp pour fournir aux clients fédéraux une sécurité cloud améliorée.La collaboration avec Coalfire offrira aux clients fédéraux l'accès à la technologie SaaS Cellebrite
-
revues de produits
Cellebrite Launches FedRAMP Authorization Process to Provide Federal Customers with Enhanced Cloud Security. Collaboration with Coalfire Will Deliver Federal Customers Access to Cellebrite SaaS Technology - Product Reviews |
Cloud | ★★ | |
 |
2024-03-07 12:00:13 | Comment l'IA publique peut renforcer la démocratie How Public AI Can Strengthen Democracy (lien direct) |
avec la concentration du monde en se tournant vers Misinformation , Manipulation , et propagande pure et simple avant l'élection présidentielle américaine de 2024, nous savons que la démocratie a un problème d'IA.Mais nous apprenons que l'IA a également un problème de démocratie.Les deux défis doivent être relevés pour le bien de la gouvernance démocratique et de la protection du public.
Just Trois grandes entreprises technologiques (Microsoft, Google et Amazon) contrôlent environ les deux tiers du marché mondial des ressources de cloud computing utilisées pour former et déployer des modèles d'IA.Ils ont beaucoup de talents d'IA, la capacité d'innovation à grande échelle et font face à peu de réglementations publiques pour leurs produits et activités ...
With the world’s focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we’re learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic governance and public protection. Just three Big Tech firms (Microsoft, Google, and Amazon) control about two-thirds of the global market for the cloud computing resources used to train and deploy AI models. They have a lot of the AI talent, the capacity for large-scale innovation, and face few public regulations for their products and activities... |
Cloud | ★★ | |
|
2024-03-07 11:00:00 | Sécuriser l'IA Securing AI (lien direct) |
With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from | Tool Vulnerability Threat Mobile Medical Cloud Technical | ChatGPT | ★★ |
 |
2024-03-07 09:16:25 | ANY.RUN – La sandbox cloud des chasseurs de malwares (lien direct) | ANY.RUN est un service basé sur le cloud pour l'analyse des malwares sous Windows et Linux, aidant les analystes à étudier les menaces en toute sécurité. Offrant un contrôle total sur l'activité des malwares, la plateforme présente des avantages tels que l'accès instantané aux résultats et une structure arborescente visuelle interactive. ANY.RUN est compatible avec les navigateurs et systèmes d'exploitation populaires, et prend en charge l'analyse des malwares Linux. Il offre une solution rentable pour les organisations. | Threat Cloud | ★★ |
To see everything:
Our RSS (filtrered)
