What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-22 22:13:00 | Lightspin lance le centre d'assainissement pour identifier et réparer les menaces de sécurité du cloud [Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats] (lien direct) | Pas de details / No more details | Cloud Cloud | ★★ | |
|
2023-03-22 21:06:00 | (Déjà vu) XM Cyber annonce l'acquisition de Confluera, ajoutant une protection d'exécution sur les charges de travail cloud [XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud Workloads] (lien direct) | Pas de details / No more details | General Information Cloud | ★★ | |
 |
2023-03-22 17:54:00 | Arsenal évolutif de Scarcruft \\: les chercheurs révèlent de nouvelles techniques de distribution de logiciels malveillants [ScarCruft\\'s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques] (lien direct) | L'acteur de menace persistante avancée nord-coréenne (APT) surnommé Scarcruft utilise des fichiers HTML (CHM) compilés compilés par Microsoft armé pour télécharger des logiciels malveillants supplémentaires.
Selon plusieurs rapports d'Ahnlab Security Emergency Response Center (ASEC), de Sekoia.io et de Zscaler, les résultats illustrent les efforts continus du groupe pour affiner et réorganiser ses tactiques pour contourner la détection.
"
The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware. According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the findings are illustrative of the group\'s continuous efforts to refine and retool its tactics to sidestep detection. " |
Malware Threat General Information Cloud | APT 37 | ★★ |
 |
2023-03-22 17:37:32 | XM Cyber annonce l'acquisition de Confluera [XM Cyber Announces Acquisition of Confluera] (lien direct) | xm Cyber annonce l'acquisition de Confluera, ajoutant une protection contre les temps d'exécution sur les charges de travail cloud pour étendre les capacités CNApp
-
nouvelles commerciales
XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud workloads to Extend CNAPP Capabilities - Business News |
Cloud | ★★ | |
 |
2023-03-22 17:15:15 | CVE-2023-26358 (lien direct) | Creative Cloud version 5.9.1 (et antérieure) est affecté par une vulnérabilité de chemin de recherche non fiable qui pourrait permettre aux attaquants d'exécuter leurs propres programmes, d'accéder aux fichiers de données non autorisés ou de modifier la configuration de manière inattendue.Si l'application utilise un chemin de recherche pour localiser des ressources critiques telles que des programmes, un attaquant pourrait modifier ce chemin de recherche pour pointer vers un programme malveillant, que l'application ciblée exécuterait alors.Le problème s'étend à tout type de ressource critique à laquelle l'application fait confiance.
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. |
Vulnerability Cloud | ||
 |
2023-03-22 10:00:00 | Comment CIAM orchestre en toute sécurité vos clients \\ 'Journey et ses avantages [How CIAM safely orchestrates your customers\\' journey and its benefits] (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Customers’ willingness to give you their personal data begins with the experience they receive. Convincing them requires the right tone, an outlook of what they’ll get in return, and most importantly, a high level of trust. But while companies depend on customer data to unlock growth, user-centric data collection can be tricky. 43% of U.S. consumers say they would not allow companies to collect personal data, even to accommodate more personalized, customized experiences, while 88% will give you their data if they trust your brand. With this in mind, how do you meet customer expectations and proactively build consumer trust throughout the entire customer lifecycle? Effective user journey orchestration, supported by a robust Customer Identity & Access Management (CIAM) solution, can help you balance security, privacy, and convenience, resulting in a trust-worthy digital experience. 5 ways CIAM safely orchestrates your customers’ journey CIAM is an effective solution for hassle-free and secure logins that enables you to retain more customers with seamless access across various digital channels. This is how CIAM safely orchestrates your customers’ journey. Capture and manage customer identities to remove friction at registration and login Businesses spend a lot to acquire new customers but tend to invest less in the experience once acquired. Meanwhile, providing a seamless and convenient experience is what eventually brings loyalty – and thus, the base to harness true ROI. With CIAM, you no longer need to push every customer through the same rigid authentication processes when they visit your site. Put simply, CIAM ensures customers are always met at the digital front door, conveniently and without friction. For example, if customers are registering for the first time, you don\'t need to ask them to enter all their personal data immediately. Ask your customer for only needed information, at the right point in their journey. This will allow them to focus on their shopping experience or the task at hand rather than filling in forms. When an existing customer wants to log into your site, you can make smarter decisions about how many authentication hoops you should make them jump through. For example, suppose the risk environment remains unchanged, and their behavioral context is the same as before. You might decide they don\'t need to enter their password again or authenticate using MFA. CIAM allows you to adjust your authentication experience\'s friction level to make your customers\' experience seamless. 1. Build robust customer profiles based on first-party, consent-based data CIAM captures the personal data that the customer has released to your brand. This first-party data, which is based on consumer consent, enables your business to compile comprehensive client profiles by collecting and combining data from multiple channels. The data produced can assist your company in achieving a unified customer experience as your consumer engages with various business divisions. First-party data is essential as third-party cookies are being blocked from browsers, | Guideline Cloud | ★★ | |
 |
2023-03-22 06:00:00 | Informations clés du rapport de sécurité du cloud 2023 [Key Insights from the 2023 Cloud Security Report] (lien direct) | Lisez comment les entreprises exploitent le cloud, comment leurs équipes de sécurité réagissent aux menaces liées au cloud et aux défis qui naviguent dans le parcours d'adoption du cloud.
Read how businesses are harnessing the cloud, how their security teams respond to cloud-related threats, and the challenges navigating the cloud adoption journey. |
Studies Cloud | ★★ | |
|
2023-03-21 17:15:11 | CVE-2023-1304 (lien direct) | Un attaquant authentifié peut tirer parti d'une méthode GetAttr () exposée via un modèle Jinja pour faire passer les commandes OS et effectuer d'autres actions qui devraient normalement être des méthodes privées.Ce numéro a été résolu dans les déploiements gérés et SaaS le 1er février 2023 et dans la version 23.2.1 de la version autogérée d'InsightCloudsec.
An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. |
Cloud | ||
|
2023-03-21 17:15:11 | CVE-2023-1305 (lien direct) | Un attaquant authentifié peut tirer parti d'un exposé & acirc; & euro; & oelig; box & acirc; & euro; & # 65533;Objet à lire et à écrire des fichiers arbitraires à partir du disque, à condition que ces fichiers puissent être analysés en YAML ou JSON.Ce numéro a été résolu dans les déploiements gérés et SaaS le 1er février 2023 et dans la version 23.2.1 de la version autogérée d'InsightCloudsec.
An authenticated attacker can leverage an exposed “box� object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. |
Cloud | ||
|
2023-03-21 17:15:11 | CVE-2023-1306 (lien direct) | Un attaquant authentifié peut tirer parti d'une méthode accessoire de ressource.db () exposée pour faire passer les appels de méthode Python via un modèle Jinja, ce qui peut conduire à l'exécution de code.Ce numéro a été résolu dans les déploiements gérés et SaaS le 1er février 2023 et dans la version 23.2.1 de la version autogérée d'InsightCloudsec.
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. |
Guideline Cloud | ||
|
2023-03-21 15:41:49 | Ovhcloud & Reg;Les États-Unis ont élargi son large éventail de solutions de stockage [OVHcloud® US has expanded its wide array of storage solutions] (lien direct) | ovhcloud & reg;Les États-Unis ajoutent des performances élevées et un stockage d'objets standard permettant aux mégadonnées et aux applications natives cloud pour les clients ayant une prédiction des coûts
Les services cloud flexibles, sécurisés et transparents sont complétés par de nouveaux stockages de hautes performances et d'objets standard pour prendre en charge une variété de besoins de stockage cloud client
-
revues de produits
OVHcloud® US Adds High Performance and Standard Object Storage Enabling Big Data and Cloud Native Applications for Customers with Cost-Predictability Flexible, secure, and cost-transparent cloud services are complemented by new high-performance and standard object storage to support a variety of customer cloud storage needs - Product Reviews |
Cloud | ★★ | |
 |
2023-03-21 14:35:20 | Statistiques des laboratoires de netskope menace pour février 2023 [Netskope Threat Labs Stats for February 2023] (lien direct) | > Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Le but de cet article est de fournir des renseignements stratégiques et exploitables sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Les attaquants récapitulatifs continuent de tenter de voler sous le radar en utilisant des applications cloud pour fournir des logiciels malveillants, [& # 8230;]
>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, […] |
Threat Cloud | ★★ | |
 |
2023-03-21 10:01:04 | Emploi IT : AWS plie mais ne rompt pas (lien direct) | Le fournisseur cloud Amazon Web Services n'échappe pas aux nouvelles coupes sombres opérées par sa maison mère. | Cloud | ★★ | |
|
2023-03-21 08:06:53 | Liquid Intelligent Technologies a acheté Cysiv MEA (lien direct) | Liquid Intelligent Technologies acquiert un important fournisseur égyptien de services cloud et de cybersécurité et étoffe ainsi son portefeuille en Afrique et au Moyen-Orient Cette acquisition permet au groupe, basé à Londres et actif en Afrique, au Royaume-Uni, aux États-Unis et en Amérique latine, de commercialiser en Égypte une gamme de produits cloud et de cybersécurité parmi les meilleurs - Business | Cloud | ★★ | |
 |
2023-03-20 23:29:00 | Anomali Cyber Watch: APT, China, Data leak, Injectors, Packers, Phishing, Ransomware, Russia, and Ukraine (lien direct) |
& nbsp;
Anomali Cyber Watch: Winter Vivern imite la page Web de cybercrimes de la Poland, le télégramme trojanisé vole les clés de crypto-monnaie à partir de captures d'écran, Silkloder évite l'East Asian Menking Bookbox, et plus encore.
Les diverses histoires de l'intelligence des menaces dans cette itération de l'anomali cyber watch discutent les sujets suivants: apt, Chine, fuite de données, injecteurs, packers, phishing, ransomware, Russie, et Ukraine.Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle.
Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées.
Cyber News et Intelligence des menaces
Visern d'hiver |Découvrir une vague d'espionnage mondial
(Publié: 16 mars 2023)
Depuis décembre 2020, Winter Vivern se livrait à des campagnes de cyberespionnage alignées sur les objectifs du Bélarus et du gouvernement russe.Depuis janvier 2021, il a ciblé les organisations gouvernementales en Lituanie, en Inde, au Vatican et en Slovaquie.De la mi-2022 à décembre 2022, il a ciblé l'Inde et l'Ukraine: a usurpé l'identité du site Web du service de courrier électronique du gouvernement indien et a envoyé un excel macro-compétitif pour cibler un projet facilitant la reddition du personnel militaire russe.Au début de 2023, Winter Vivern a créé de fausses pages pour le bureau central de la Pologne pour la lutte contre la cybercriminalité, le ministère ukrainien des Affaires étrangères et le service de sécurité de l'Ukraine.Le groupe s'appuie souvent sur le simple phishing pour les références.Un autre type d'activité d'hiver VIVERN comprend des documents de bureau malveillants avec des macros, un script de chargeur imitant un scanner de virus et l'installation de la porte dérobée de l'ouverture.L'infrastructure malveillante du groupe comprend des domaines typosquattés et des sites Web WordPress compromis.
Commentaire de l'analyste: Faites attention si un domaine demande vos mots de passe, essayez d'établir son authenticité et sa propriété.Les clients anomalis préoccupés par les risques pour leurs actifs numériques (y compris les domaines similaires / typosquattés) peuvent essayer Service de protection numérique premium d'Anomali \\ 's .De nombreuses attaques avancées commencent par des techniques de base telles que des e-mails injustifiés avec des pièces jointes malveillantes qui obligent l'utilisateur à l'ouvrir et à activer les macroses.Il est important d'enseigner à vos utilisateurs une hygiène de base en ligne et une conscience de phishing.
mitre att & amp; ck: [mitre att & amp; ck] t1583.001 -Acquérir des infrastructures: domaines | [mitre att & amp; ck] t1566.001 - phishing: spearphishing attachement | [mitre att & amp; ck] t1059.001: powershell | [mitre att & amp; ck] t1059.003 - commande et scriptInterprète: Shell de commande Windows | [mitre att & amp; ck] t1105 - transfert d'outils d'en |
Ransomware Malware Tool Vulnerability Threat Cloud | ★★ | |
|
2023-03-20 14:55:52 | Leverage IP and CIDR IOBs with SecLytics Cloud Threat Exchange Plugin (lien direct) | >The Netskope Security team is happy to announce the official release of our newest Cloud Threat Exchange plugin built in-house, which now allows users to pull threat data discovered by SecLytics. This integration leverages the SecLytics Bulk API to allow users to pull identified URL, IP, and CIDR block indicators of behavior (IoBs) into Cloud […] | Threat Cloud | ★★ | |
|
2023-03-20 14:00:00 | Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (lien direct) | There are a number of solutions that can help ensure security and compliance mandates are met in the cloud, but organizations should prioritize integration and policy-based management. | Cloud | ★★ | |
|
2023-03-20 07:54:05 | Evanssion partners with ExtraHop (lien direct) | Evanssion partners with ExtraHop to provide regional businesses with enterprise-grade security and cloud scalability The partnership enhances and deepens Evanssion's diverse cyber defense stack offering for partners and enterprises. - Business News | Cloud | ★★ | |
|
2023-03-17 16:24:02 | Open source : une valeur sûre pour les développeurs (lien direct) | Open source, Cloud computing et Machine learning sont considérés comme les technologies les plus éprouvées par les développeurs. | Cloud | ★★★ | |
|
2023-03-17 16:16:00 | A New Security Category Addresses Web-borne Threats (lien direct) | In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of | General Information Cloud | ★★★ | |
 |
2023-03-17 15:47:26 | Improve your cyber threat coverage with Microsoft E5 (lien direct) | Learn how all of the Microsoft E5 license security features can improve your cyber threat coverage and operational ROI. | Threat Cloud | ★★★ | |
 |
2023-03-17 11:00:13 | CNAPP in a Snap - How Agentless Workload Posture Improves Security Velocity (lien direct) | >By Benny Zemmour – Group Manager Cloud Security Why Modern Development Demands an Agentless Workload Protection Solution What can you do when your security tools are holding you back? Are the solutions that keep you safe also inhibiting innovation? When your developers are creating something new and amazing, you don't put anything in their way.… | General Information Cloud | ★★ | |
|
2023-03-16 13:09:00 | How Best to Secure Applications in Any Cloud (lien direct) | Read about some of the barriers to cloud adoption along with the risks and challenges that come with it to secure your applications. | Cloud | ★★ | |
|
2023-03-16 08:45:50 | Salesforce : derrière Einstein GPT, la timide appropriation du Web3 (lien direct) | Salesforce rebaptise sa solution NFT Cloud et en étend un peu la disponibilité dans le cadre d'une offre Web3. | Cloud | ★★ | |
 |
2023-03-16 00:00:00 | Fonctionnalités natives dans le cloud dans Sonarqube 9.9 LTS Cloud native features in SonarQube 9.9 LTS (lien direct) |
Le meilleur LTS de tous les temps - Sonarqube V9.9 - a emballé beaucoup de nouvelles fonctionnalités et de nouvelles fonctionnalités.En savoir plus pour en savoir plus sur les capacités d'analyse native, IAC et sans serveur incluses dans le LTS.
The best LTS ever - SonarQube v9.9 - packed together a lot of new features and functionality. Read more to learn about the cloud native, IaC and serverless analysis capabilities included in the LTS. |
Cloud | ★★ | |
|
2023-03-15 19:56:02 | CPX 360 in München (lien direct) | Check Point möchte in der Lage sein, Angriffe zu verhindern, anstatt sie nur zu erkennen, und entwickelt daher seine Lösungen so, dass die gesamte Sicherheitsumgebung, also Netzwerk, Cloud und Remote-Benutzer sofort lernen und handeln, selbst wenn nur über einen einzigen Vektor angegriffen wird. Die Herausforderung liegt hier eindeutig in der zunehmenden Anzahl von Permutationen, denen Check Point mit 30 Jahren Threat Intelligence zu begegnen versucht. Das eigene Infinity Portal umfasst Quantum für die Absicherung des Netzwerks, Cloudgard für die Cloud-Sicherheit und Harmony für die Benutzer- und Gerätesicherheit, die alle zusammenarbeiten können, um eine ganzheitliche Cybersicherheitslösung zu gewährleisten. - Sonderberichte / affiche | Threat Cloud | ★ | |
|
2023-03-15 17:24:48 | Le point sur les mesures de Cyberprotection (lien direct) | Le point sur les mesures de Cyberprotection Par Steve José Lourenço Architecte Cloud ITS Integra L'importance de l'antivirus, d'un PRA et de la sauvegarde immuable Une menace toujours aussi présente - Points de Vue | General Information Cloud | ★★ | |
|
2023-03-15 13:00:00 | Understanding Data Protection Needs in a Cloud-enabled Hybrid Work World (lien direct) | >Today, Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the report found that the biggest pain point organizations identify with trying to modernize their data protection strategy is that current […] | Guideline Cloud | ★★★ | |
|
2023-03-15 11:53:55 | Xavier Pestel – Weborama : " Nous faisons du Kubernetes au quotidien " (lien direct) | Xavier Pestel, Lead SRE (Site Reliability Engineering) détaille comment il pilote l'infrastructure DMP de Weborama, qui s'appuie sur deux fournisseurs de Cloud public, avec Kubernetes. | Guideline Guideline Cloud | Uber | ★★★ |
|
2023-03-15 10:00:00 | 10 Ways B2B companies can improve mobile security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Mobile security refers to the technologies and processes that are used to protect mobile devices from malicious attacks, data breaches, and other forms of cybercrime. It also includes measures taken to safeguard personal information stored on these devices, as well as protecting them from physical damage or theft. Mobile security is becoming increasingly important due to the rapid proliferation of smartphones and tablets being used for business purposes around the world. Businesses need to take steps to ensure their data remains secure when accessing company networks via mobile devices, including implementing a few key measures. Below are ten ways B2B companies can do better mobile security. 1. Use a secure email provider A secure domain email address is one of the most important ways to ensure that company emails and other sensitive data remain safe. Email providers such as Google, Microsoft, Zoho, and Postale offer secure domain email addresses which encrypt all emails sent and received in transit. This makes it more difficult for hackers to gain access to confidential information or launch attacks on vulnerable systems. Using a secure email provider is essential for any organization looking to maximize its data protection efforts. By taking advantage of these services, businesses can rest assured knowing their emails are secure and protected from malicious actors. 2. Implement strong authentication Strong authentication refers to the use of two or more forms of authentication to authenticate a user's identity. This could include using a one-time password for each login, biometric factors such as fingerprints, or utilizing an encrypted token. Strong authentication ensures that only authorized users can access company networks and confidential data. Having strong authentication measures in place is an essential step in protecting data, as it helps to prevent unauthorized access and keeps sensitive information secure. 3. Install mobile security software Mobile security software (also known as mobile device management or MDM) can help protect devices from malicious attacks. Mobile security software can be installed on all company-owned devices, providing a layer of protection by scanning for and blocking malicious applications. It can also offer additional layers of protection such as remote wiping capability, encryption, and the ability to remotely lock lost or stolen devices. 4. Enforce use policies By having clear use policies in place, businesses can ensure their employees understand the importance of mobile security and that they are adhering to the established rules. These policies should include restrictions on downloading or installing unapproved apps, accessing unknown or suspicious websites, or sharing confidential information with unauthorized personnel. Enforcing use policies is essential for keeping company networks and data secure. By ensuring that all employees abide by the same set of rules, businesses can greatly reduce their risk of a data breach or other malicious attack. 5. Utilize cloud storage Cloud storage provides an effective way to store business data securely off-site. Data stored in the cloud is encrypted and kept safe from physical damage or theft. It also eliminates the need for large servers and other physical infrastructure, reducing both costs and the potential risk of data breaches. Additionally, cloud storage allows employees to access their data from any device, anytime and anywhere | Data Breach Malware Guideline Cloud | ★★★ | |
|
2023-03-14 21:05:00 | Samsung Next Invests in Mitiga, Brings Total Funding to $45M (lien direct) | Financing will help support increasing customer demand while continuing to transform incident response for cloud and SaaS environments | Cloud | ★★ | |
 |
2023-03-14 20:36:00 | Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (lien direct) |
Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A |
Ransomware Vulnerability Cloud | ★★ | |
|
2023-03-14 18:17:21 | Cloud Threats Memo: Cyber Espionage Campaign Using Remote Access Tools (lien direct) | >Another day, another cyber espionage campaign exploiting two legitimate and well-known cloud services to deliver the malicious payload. Once again, this campaign was unearthed by researchers at Sentinel One, and it is aimed to distribute the Remcos Remote Access Tool (yet another example of a remote control tool used for malicious purposes) through the DBatLoader […] | Tool Cloud | ★★★ | |
|
2023-03-14 18:15:10 | CVE-2023-27588 (lien direct) | Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch. | Vulnerability Cloud | ||
|
2023-03-14 00:30:00 | Grip Security & The Syndicate Group (TSG) Announce Strategic Investment (lien direct) | Grip Security & The Syndicate Group (TSG) Announce Strategic Investment to Accelerate Channel-Led Growth Grip Solutions Meet Critical Need for Channel Ecosystem to Manage SaaS Risk; TSG Expands Reach to 450+ Strategic Partners - Business News | Cloud | ★★ | |
|
2023-03-13 22:15:12 | CVE-2023-27587 (lien direct) | ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. See below for what this error message looks like, with redaction. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds. | Cloud | ||
|
2023-03-13 21:15:13 | CVE-2023-0346 (lien direct) | Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known. | Cloud | ||
|
2023-03-13 17:53:00 | How to Apply NIST Principles to SaaS in 2023 (lien direct) | The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can't be overstated. While NIST hasn't directly developed | Cloud | ★★★ | |
|
2023-03-13 17:42:53 | Dans son rapport sur la sécurité des applications et des API, GigaOm place Check Point Software au rang de leader de l\'innovation (lien direct) | Dans son rapport sur la sécurité des applications et des API, GigaOm place Check Point Software au rang de leader de l'innovation Check Point CloudGuard AppSec (Application Security) se distingue car il utilise l'intelligence artificielle préemptive pour bloquer de manière proactive les attaques complexes de type " zero-day " et pour sécuriser les applications cloud des entreprises - Magic Quadrant | Guideline Cloud | ★★★ | |
|
2023-03-13 17:12:39 | FinOps : 4 certifications qui valorisent votre expertise (lien direct) | Les certifcations de la FinOps Foundation et d'hyperscalers cloud peuvent distinguer les compétences et doper les parcours d'ingénieurs et profils IT. | Cloud | ★★ | |
|
2023-03-13 16:10:05 | Streamlined and secure: Red Canary upgrades to SentinelOne Cloud Funnel 2.0 (lien direct) | Red Canary now supports SentinelOne's newest data export mechanism, Cloud Funnel 2.0, providing customers with more enriched XDR data. | Cloud | ★★ | |
 |
2023-03-13 15:30:00 | Unlocking the Benefits and Trade-Offs of Agentless Cloud Security (lien direct) | Agentless cloud security solutions were among the most talked-about topics during the Cloud & Cyber Security Expo, set in London on March 8-9, 2023 | Cloud | ★★★ | |
|
2023-03-13 14:14:44 | GigaOm Recognizes Check Point Software as a Leader in Innovation in its Application and API Security Report (lien direct) | GigaOm Recognizes Check Point Software as a Leader in Innovation in its Application and API Security Report Check Point CloudGuard AppSec (Application Security) stands out for using Preemptive Artificial Intelligence (AI) to proactively block complex zero-day attacks and secure organizations' Cloud Applications - Malware Update | Guideline Cloud | ★★ | |
|
2023-03-10 21:09:16 | Realizing the True Power of Netskope Cloud Exchange (lien direct) | >When I talk to customers and partners about Cloud Threat Exchange (CTE), I immediately say, “I'm not in marketing, and didn't see the future-so I misnamed the module. I should have named it Cloud Data Exchange.” Why do I say this? Because, as Netskope and Cloud Exchange have matured, the number of use cases the […] | Threat Cloud | ★★★ | |
|
2023-03-10 16:24:15 | Cloud : le FinOps et la sécurité d\'abord (lien direct) | Les équipes chargées de la gestion cloud font du contrôle des coûts la principale priorité, devant la sécurité. Une première en une décennie. | Cloud | ★★★ | |
 |
2023-03-10 11:30:18 | Blackbaud to pay $3M for misleading ransomware attack disclosure (lien direct) | Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC), alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. [...] | Ransomware Cloud | ★★ | |
|
2023-03-10 11:01:30 | SentinelOne et Wiz annoncent un partenariat exclusif pour proposer une solution de sécurité cloud (lien direct) | SentinelOne et Wiz annoncent un partenariat exclusif pour proposer une solution de sécurité cloud globale Deux entreprises de cybersécurité de premier plan unissent leurs forces pour améliorer la sécurité de leurs clients dans le cloud - Business | Cloud | ★★ | |
|
2023-03-09 11:45:00 | Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security (lien direct) | During the Cloud & Cyber Security Expo, cloud security experts attributed the security shortcomings of cloud users to misconceptions over their responsibility | Cloud | ★★★ | |
|
2023-03-09 11:00:18 | Is your security team concerned with unmanaged devices? (lien direct) | >Secure all your organization's devices in a few clicks. By Antoine Korulski and Adi Goldshtein Harel CISOs face major challenges in 2023 when defending against threats coming from unmanaged devices, used by third-party service providers, or employee personal devices (BYOD) to access SaaS or corporate web applications. Those attacks have many faces, including stealing sensitive… | Cloud | ★★★ | |
|
2023-03-09 10:08:17 | Retex : pourquoi la Cnav développe son cloud privé (lien direct) | Depuis 2018, la Cnav déploie un cloud privé développé en interne et qui va évoluer vers davantage de services PaaS, la gestion de conteneurs et une offre "infrastructure as a code". Explications avec Bruno Delibanti, directeur des opérations et services informatiques. | Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
