What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-03-13 14:10:02 | SOC Performance Improves, But Remains Short of Optimum: Report (lien direct) | The good news is that security operations centers (SOCs) are becoming more efficient. The not-so-good news is that there is still considerable scope for improvement. This is the conclusion of the fifth annual Micro Focus State of Security Operations Report for 2018 (PDF), which draws on the experience of 200 assessments of 144 discreet SOC organizations in 33 countries. In greater detail, there has been an overall 12% improvement in SOC maturity -- the most significant shift yet in the five years of the survey. Despite this, the median SOC maturity level stands at just 1.42 across all industries; significantly below the Micro Focus recommended target of 3.0, The report uses the Micro Focus Security Operations Maturity Model (SOMM) methodology for assessments. This is based on the Carnegie Mellon Software Engineering Institute Capability Maturity Model for Integration (SEI-CMMI), which has been updated by Micro Focus at regular intervals to remain relevant with current information security trends and threat capabilities. SOMM evaluates SOCs on the basis of people and processes, technology, and business capabilities. Despite the remaining room for improvement, this year's results show that organizations are beginning to see a return on their security investments and are seeing more value out of the security solutions they have deployed. “Over the last five years, we have watched organizations attempt to achieve a complete security transformation by applying Band-Aids – such as the purchase of peripheral products or dismantling of solutions – only to find poor results and poor business alignment,” said Matthew Shriner, vice president, Security Professional Services for Micro Focus. “With that in mind, it is refreshing that when it comes to cyber defense capability, Micro Focus is seeing a much higher degree of operational sophistication than ever before. Nearly 25% of organizations assessed are meeting business goals, representing a nearly 10% year-over-year improvement.” The SOMM gives a rating between 0 and 5. '0' represents a complete lack of capability, while '5' is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. Micro Focus believes that enterprises should seek a maturity level of 3, while managed security service providers should target a level between 3 and 4. The reliable detection of malicious activity, and a systematic approach to managing that activity are considered to be the most important success criteria for mature cyber defense. Despite the overall improvement in maturity levels, the report notes that "20 percent of cyber defense organizations that were assessed over the past 5 years failed to score a security operations maturity model (SOMM) level 1. These organizations continue to operate in an ad-hoc manner with undocumented processes and significant gaps in security and risk management." Geographically, the top performing areas are South America (SOMM score of 1.89) and the Benelux countries (1.79). In both cases the | |||
|
2018-03-13 13:28:00 | Firefox 63 to Distrust All Symantec Root Certificates (lien direct) | Mozilla this week detailed its plans to completely distrust Symantec root certificates in Firefox 63, set to arrive in October 2018. | |||
|
2018-03-13 10:15:04 | Stealthy Data Exfiltration Possible via Headphones, Speakers (lien direct) | A team of researchers has demonstrated how air-gapped computers can stealthily communicate with each other using speakers or headphones over ultrasonic waves. | Threat | ||
|
2018-03-13 03:39:00 | Trump Blocks Broadcom\'s Bid to Buy Qualcomm (lien direct) | US President Donald Trump blocked Monday an unsolicited bid by Singapore-based Broadcom to take over smartphone chipmaker Qualcomm, citing national security concerns. | General Information | ||
|
2018-03-13 03:26:04 | New Cyberespionage Attacks Linked to MuddyWater Campaign (lien direct) | Recent attacks targeting organizations in Turkey, Pakistan and Tajikistan appear to be linked to the previously detailed MuddyWater campaigns, according to Trend Micro. | Studies | ||
|
2018-03-13 03:22:01 | Patchwork Cyberspies Update the Badnews Backdoor (lien direct) | Recent infection campaigns conducted by the Patchwork cyberespionage group have revealed the use of an EPS exploit and an updated backdoor, Palo Alto Networks reports. | |||
|
2018-03-13 02:52:04 | Hacked Japan Crypto Exchange Refunds Customers (lien direct) | Japan-based virtual currency exchange Coincheck said Tuesday it had refunded more than $440 million to customers following the hack of its systems, which was one of the largest thefts of its kind. | |||
|
2018-03-12 17:27:05 | Internet Provider Redirects Users in Turkey to Spyware: Report (lien direct) | Hundreds of users in Turkey and Syria have been redirected to nation-state malware at the Internet Service Provider (ISP) level, a recent Citizen Lab report reveals. | |||
|
2018-03-12 15:27:04 | IIC Publishes Best Practices for Securing Industrial Endpoints (lien direct) | Industrial Internet Consortium Guidance Aims to Improve IIoT Endpoint Security for Manufacturers and Practitioners | General Information | ||
|
2018-03-12 14:46:01 | New Hacking Team Spyware Samples Detected: ESET (lien direct) | New samples of Hacking Team's Remote Control System (RCS) flagship spyware have recently emerged, slightly different from previously observed variations, ESET warns.Hacking Team, an Italian spyware vendor founded in 2003, is well known for selling surveillance tools to governments worldwide. | Threat | ||
|
2018-03-12 14:27:04 | Remotely Exploitable Flaws Found in SmartCam Cameras (lien direct) | Hanwha's SmartCam cameras are affected by more than a dozen vulnerabilities, including critical flaws that can be exploited remotely to take control of devices. | Threat | ||
|
2018-03-12 13:10:00 | Behavioral Biometrics Firm BioCatch Raises $30 Million (lien direct) | New York and Tel Aviv-based behavioral biometric authentication firm BioCatch has raised $30 million in new growth financing led by Maverick Ventures, and including American Express Ventures, NexStar Partners, Kreos Capital, CreditEase, OurCrowd, JANVEST Capital and other existing investors. | General Information | ||
|
2018-03-12 05:58:00 | China-Linked Spies Used New Malware in U.K. Government Attack (lien direct) | A known cyber espionage group believed to be operating out of China was last year spotted using new malware in an attack aimed at an organization that provides services to the U.K. government. Details about the attack were presented last week at Kaspersky's Security Analyst Summit (SAS) in Cancun by Ahmed Zaki, senior malware researcher at NCC Group. | |||
|
2018-03-12 01:38:00 | Concern Over China Influence Shadows Chip Sector Deal (lien direct) | Concern over China's potential influence, and rising US protectionist sentiment, hangs over an effort by California-based Qualcomm to repel a Singaporean firm's hostile takeover bid. Concern over China's potential influence, and rising US protectionist sentiment, hangs over an effort by California-based Qualcomm to repel a Singaporean firm's hostile takeover bid. If finalized, a tie-up between Broadcom and Qualcomm would be worth an estimated $117 billion and potentially the biggest-ever deal in the tech sector. | |||
|
2018-03-09 18:10:03 | Cisco Patches Hard-coded Password in PCP Software (lien direct) | Cisco this week announced the availability of software updates to address a hard-coded password vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software. | |||
|
2018-03-09 18:02:01 | Mobile Malware Attacks Surged in 2017: Kaspersky (lien direct) | The number of mobile malware attacks detected in 2017 has increased to 42.7 million, according to a new report from Kaspersky Lab. | |||
|
2018-03-09 17:22:01 | New North Korea-linked Cyberattacks Target Financial Institutions (lien direct) | New North Korean Hidden Cobra / Lazarus Campaign Targets Financial Institutions in Turkey Hidden Cobra, also known as the Lazarus Group from North Korea, is now targeting the Turkish financial system with a new and 'aggressive' operation that resembles earlier attacks against the global SWIFT financial network. | Medical | APT 38 | |
|
2018-03-09 16:45:04 | Sofacy Attacks Overlap With Other State-Sponsored Operations (lien direct) | 
|
|||
|
2018-03-09 15:40:04 | My Friends, it\'s True. The Times, They Are A\'changin.\' (lien direct) | If you've ever heard that Bob Dylan song, you'll know what I'm talking about. As the music legend serenades you with his unique voice, you start to realize that what he's really saying is that nothing stays the same. The things of yesterday are not the things of tomorrow. | |||
|
2018-03-09 15:20:02 | Sophisticated Cyberspies Target Middle East, Africa via Routers (lien direct) | 
|
|||
|
2018-03-09 14:01:04 | Researchers Demonstrate Ransomware Attack on Robots (lien direct) | CANCUN - KASPERSKY SECURITY ANALYST SUMMIT - IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. | |||
|
2018-03-08 23:18:03 | New Attack Bypasses Microsoft\'s Code Integrity Guard (lien direct) | Morphisec security researchers warn of a newly discovered attack vector that allows attackers to bypass Microsoft's Code Integrity Guard (CIG) in order to load malicious libraries into protected processes. | |||
|
2018-03-08 20:02:04 | Microsoft Detects Massive Dofoil Attack (lien direct) | Mid-day Tuesday (PST), Microsoft's Windows Defender blocked more than 80,000 instances of several new variants of the Dofoil (aka Smoke Loader) downloader. The signatureless machine learning capabilities of Defender detected anomalous behavior, and within minutes had protected Windows 10, 8.1 and 7 users from the outbreak. | |||
|
2018-03-08 18:01:04 | Cortana Can Expose Enterprises to Attacks, Researchers Warn (lien direct) | Malicious actors may be able to abuse voice-based virtual assistants to hack into enterprise systems and researchers proved it through an attack that targets Microsoft Cortana. | |||
|
2018-03-08 17:42:04 | CCleaner Incident Investigation Reveals Possible Stage 3 Payload (lien direct) | CANCUN - KASPERSKY SECURITY ANALYST SUMMIT - The investigation into the September 2017 CCleaner incident has revealed what appears to be a stage three payload that attackers supposedly intended to deliver to infected users. | CCleaner | ||
|
2018-03-08 14:54:04 | Sophisticated False Flags Planted in Olympic Destroyer Malware (lien direct) | 
|
|||
|
2018-03-08 13:44:00 | GDPR Compliance: A Carrot or Stick Approach? (lien direct) | There's Little Value in Heading Down the GDPR Path Simply to Avoid Being Hit With Penalties | |||
|
2018-03-08 13:12:01 | Web App Security Firm Netsparker Raises $40 Million (lien direct) | Web application scanner company Netsparker announced on Thursday that it has raised $40 million from San Francisco-based growth and private equity firm Turn/River. | |||
|
2018-03-07 20:28:01 | Exploiting the User PII Held in Everyone\'s Web Browser (lien direct) | Browsers are the single most used application today. Everyone uses at least one browser, whether in the office or at home. But not everyone realizes just how much personal data is left hanging around inside their browsers; nor how easy it is for third-parties to extract it. | General Information | ★★★ | |
|
2018-03-07 19:25:01 | Memcached DDoS Attack \'Kill Switch\' Found (lien direct) | Corero Network Security says they have discovered a “kill switch” to counteract the Memcached vulnerability that recently fueled some of the largest distributed denial-of-service (DDoS) attacks in history. | |||
|
2018-03-07 17:31:03 | Qualcomm Requests National Security Review of Broadcom Bid (lien direct) | US chipmaker Qualcomm postponed its annual shareholders' meeting after secretly requesting a national security review of Broadcom's bid to take over the company, the Singapore-based Broadcom announced Monday. | General Information | ★★★ | |
|
2018-03-07 17:09:02 | Gozi Banking Trojan Uses "Dark Cloud" Botnet for Distribution (lien direct) | The well-known Gozi ISFB banking Trojan recently started using the elusive "Dark Cloud" botnet for distribution, Talos warns. | Threat | ★★★ | |
|
2018-03-07 15:53:04 | Cryptocurrencies and the Revolution in Cybercrime Economics (lien direct) | 
|
Threat | ||
|
2018-03-07 12:57:00 | Chrome 65 Patches 45 Vulnerabilities (lien direct) | Released in the stable channel this week, Chrome 65 brings 45 security fixes, including 27 patches for vulnerabilities discovered by external researchers. | |||
|
2018-03-07 12:49:04 | McAfee Launches Security Platform for Azure Cloud (lien direct) | Migrating to the cloud is complex. One of the biggest concerns is a loss of visibility on data in the cloud; and this concern only grows with increasing regulatory requirements. GDPR, coming into force in less than 3 months time, is a case in point. | |||
|
2018-03-07 12:41:04 | 10 Ways to Close That Security Sale (lien direct) | In my previous column, I took a look at some of the behaviors that salespeople sometimes exhibit that make it more difficult for them to close security sales. The feedback I received about that piece indicated that people very much appreciated it. More than a few people reached out to me to request a follow-on piece around behaviors that help close security deals. | |||
|
2018-03-07 12:02:00 | NSA Used Simple Tools to Detect Other State Actors on Hacked Devices (lien direct) | 
|
|||
|
2018-03-06 20:20:01 | BlackBerry Sues Facebook Over Messaging Apps (lien direct) | Canadian telecommunications firm BlackBerry sued Facebook on Tuesday, accusing the American social media company of infringing on its patents for messaging apps. | |||
|
2018-03-06 18:53:00 | Researchers Devise New Attacks Against 4G LTE Mobile Networks (lien direct) | A team of researchers from Purdue University and the University of Iowa have discovered 10 new attacks against the 4G LTE protocol, which could allow adversaries snoop on messages, deny service, and even track the location of users. | |||
|
2018-03-06 18:23:01 | "ComboJack" Malware Steals Multiple Virtual Currencies (lien direct) | A newly discovered piece of malware is capable of stealing a variety of crypto-coins from its victims by replacing legitimate wallet addresses with that of the attacker. | |||
|
2018-03-06 15:21:02 | Kaspersky Lab Offers $100,000 for Critical Vulnerabilities (lien direct) | Just days before its annual Security Analyst Summit kicks off in Cancun, Mexico, Kaspersky Lab this week announced an extension to its bug bounty program and plans to pay rewards of up to $100,000 for severe vulnerabilities in some of its products. | |||
|
2018-03-06 14:55:05 | Test, Test & Test Again - Are Your Safety Instrumented Systems Cybersecure? (lien direct) | The benefits of implementing an Industrial Internet of Things (IIoT) strategy are indisputable. Cloud computing, big data, remote sensors and converged networks are continuing to help industrial facilities work smarter. However, in recent years it has become apparent that the cybersecurity of these environments has been somewhat of an afterthought. | |||
|
2018-03-06 14:24:02 | Android\'s March 2018 Patches Fix Critical, High Risk Flaws (lien direct) | Google has released its March 2018 set of security updates for Android to address numerous Critical and High severity vulnerabilities in the popular mobile operating system. | |||
|
2018-03-06 13:11:00 | Two Scammers, Five Mules Arrested in BEC Bust (lien direct) | A criminal investigation commenced by the French National Gendarmerie in June 2016 led to the arrest of one French and one Belgian national on February 20, 2018 for their part in large scale CEO fraud (also known as business email compromise -- BEC). | |||
|
2018-03-06 12:22:03 | World Economic Forum Announces New Fintech Cybersecurity Consortium (lien direct) | Following the announcement of a new Global Centre for Cybersecurity, the World Economic Forum (WEF) has today launched a new fintech-focused initiative: WEF's Fintech Cybersecurity Consortium. Its aim is to create a framework for the assessment of cybersecurity in financial technology firms and data aggregators. | |||
|
2018-03-06 03:16:03 | Mobile Banking Trojans Targeting Crypto-Currencies (lien direct) | Mobile malware is now targeting crypto-currencies with the intent of stealing victims' funds, IBM says. | |||
|
2018-03-05 22:34:04 | Cisco Adds Vulnerability Identification to Tetration Platform (lien direct) | Cisco today announced the availability of identification of software vulnerabilities and exposures as part of the security capabilities of its Tetration platform. | |||
|
2018-03-05 16:14:05 | Triada Trojan Pre-Installed on Low Cost Android Smartphones (lien direct) | Security researchers have discovered the sophisticated Triada Trojan in the firmware of more than 40 low-cost Android smartphone models. | |||
|
2018-03-05 14:08:01 | Largest Ever 1.3Tbps DDoS Attack Includes Embedded Ransom Demands (lien direct) | On Tuesday, 27 February, three major DDoS mitigation service providers (Akamai, Cloudflare and Arbor) warned that they had seen spikes in a relatively rare form of reflection/amplification DDoS attack via Memcached servers. Each service provider warned that this type of reflection attack had the potential to deliver far larger attacks. | ★★ | ||
|
2018-03-05 12:07:04 | The 3 Biggest Malware Trends to Watch in 2018 (lien direct) | As the Threat Landscape Shifts, So Too Must Protections |
To see everything:
Our RSS (filtrered)
