What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-31 15:08:46 | Prévisions Forrester sur la cybersécurité, les risques et la confidentialité pour 2024 (lien direct) | Forrester vient de dévoiler ses prévisions pour 2024 dans les domaines de la cybersécurité, du risque, de la confidentialité des données et de la confiance. - Points de Vue | Prediction | ★★★ | |
 |
2023-10-30 17:15:51 | CVE-2023-21366 (lien direct) | Dans Scudo, il existe un moyen possible pour un attaquant de prédire les modèles d'allocation de tas en raison de la mise en œuvre / de la conception non sécurisée.Cela pourrait entraîner une divulgation d'informations locales sans aucun privilège d'exécution supplémentaire nécessaire.L'interaction utilisateur n'est pas nécessaire pour l'exploitation.
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
Prediction | ||
|
2023-10-30 10:03:14 | Trend Micro annonce Trend Vision One (lien direct) | #Cybersecurité #Cloud #ContainerSecurity. Trend Micro annonce Trend Vision One – Container Security et poursuit la consolidation de sa plateforme unifiée de cybersécurité : Trend Vision One™. • L'offre de sécurité des containers vient enrichir la plateforme unifiée de Trend, conçue pour simplifier les opérations de sécurité sur une console unique. • Trend Container Security permet aux entreprises de réduire les risques liés à la sécurité du cloud et aux équipes SOC de gagner jusqu'à deux semaines d'effort par incident. - Produits | Prediction Cloud | ★★ | |
 |
2023-10-30 00:00:00 | Trend Micro reconnue comme un favori des clients Trend Micro Recognized as a Customer Favorite (lien direct) |
Les commentaires des clients valident le leadership de la tendance \\ dans XDR, la sécurité de terminaison, le cloud hybride
Customer feedback validates Trend\'s leadership in in XDR, endpoint security, hybrid Cloud |
Prediction Cloud | ★★ | |
 |
2023-10-28 00:08:00 | 10 conseils pour une formation de sensibilisation à la sécurité qui atteint la cible 10 Tips for Security Awareness Training That Hits the Target (lien direct) |
Essayez ces astuces pour concevoir un programme d'éducation qui fait investir les employés - et reste avec eux une fois la formation terminée.
Try these tricks for devising an education program that gets employees invested - and stays with them after the training is over. |
Guideline Prediction | ★★ | |
|
2023-10-26 19:56:00 | Verve buy de Rockwell \\ Enlivens Critical Infrastructure Security Rockwell\\'s Verve Buy Enlivens Critical Infrastructure Security (lien direct) |
Le géant de l'automatisation industrielle accepte d'acheter une protection industrielle de Verve, se joignant à une tendance ICS à apporter des capacités de cybersécurité en interne pour suivre les attaquants.
The industrial automation giant agrees to buy Verve Industrial Protection, joining in an ICS trend of bringing cybersecurity capabilities in-house to keep up with attackers. |
Industrial Prediction | ★★★ | |
|
2023-10-26 13:55:43 | Une année 2024 chargée pour les DPO et les RSSI (lien direct) | Une année 2024 chargée pour les DPO et les RSSI. Le président de l\'AFCDP, l\'Association française des correspondants à la protection des données à caractère personnel, Paul-Olivier Gibert confirme que la mise en œuvre de la directive NIS 2 (Network and Information Security), cinq ans après le RGPD, occupera l\'agenda des DPO et celui des RSSI en 2024.
-
Investigations
Une année 2024 chargée pour les DPO et les RSSI. Le président de l\'AFCDP, l\'Association française des correspondants à la protection des données à caractère personnel, Paul-Olivier Gibert confirme que la mise en œuvre de la directive NIS 2 (Network and Information Security), cinq ans après le RGPD, occupera l\'agenda des DPO et celui des RSSI en 2024. - Investigations |
Prediction | ★★ | |
 |
2023-10-26 13:00:35 | The Financial Implications of Cyber Security: How Catch Rates Impact Organizational Risk (lien direct) | >Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […]
>Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […] |
Threat Prediction Cloud | ★★ | |
 |
2023-10-26 06:00:18 | Break the Attack Chain with Identity Threat Protection (lien direct) | “The attacker only has to be right once. Defenders have to get it right every time.” This well-known saying has shaped countless cybersecurity strategies. The belief is that a single compromise of our defenses can lead to a catastrophic outcome. As new risks emerge and attackers develop tactics to evade controls, defenders face the daunting task of protecting an ever-expanding array of connected identities. Many companies now embrace resilience strategies, accepting that an incident is inevitable - “It\'s not a matter of if, but when.” That\'s because defenders have been fixated on the impossible task of protecting everything within the business. But a new industry approach to cyber defense in recent years has emerged that points the path towards a better way. Instead of protecting everything, defenders should aim to neutralize attackers\' tactics, techniques and procedures (TTPs), which are hard to replace. This disrupts the completion of the attack chain. What is the attack chain? And how does identity threat protection disrupt it? That\'s what we\'re here to discuss. The enduring relevance of the attack chain No other concept has captured the essence of successful cyber attacks like the attack chain (aka the “cyber kill chain”), which was developed by Lockheed Martin in 2011. Even 12 years later, the attack chain remains relevant, while defenders struggle to prevent the most impactful incidents. While cyber criminals don\'t follow the same steps every time, the basic phases of an attack are pretty much always the same: Steps in the cyber attack chain. The challenge of initial compromise The first phase in the attack chain is the initial compromise. Modern cyber criminals use an array of tactics to infiltrate companies and wreak havoc on their systems, from BEC attacks to cloud account takeovers and ransomware incidents. One trend is to exploit trusted third-party relationships to compromise companies through their suppliers. What seems like an innocuous initial email can escalate into a full-scale compromise with great speed. Once attackers gain unrestricted access to a company\'s domain, they can infiltrate email accounts to commit fraudulent activities. One alarming twist to credential phishing emails is that they can evade detection. They leave behind no traces of compromise or malware. Even with the rise of multifactor authentication (MFA), these attacks continue to surge. Once accounts are compromised through a credential phishing email or a vulnerable remote desktop session, businesses face the next phase of the attack chain: privileged escalation and lateral movement within their networks. Next phase: privilege escalation and lateral movement This is the middle of the attack chain. And it\'s where threat actors try to breach a company\'s defenses. Often, they do this by compromising the identities of employees, contractors, service providers or edge devices. Their main goal is to use this initial access to elevate their privileges, typically targeting Active Directory (AD). AD, which many businesses around the world use, is susceptible to compromise. It can provide attackers with unparalleled control over a company\'s computing infrastructure. With this access, they can engage in lateral movement and spread malware across the business, causing more harm. Finally, the risk of data loss Attackers don\'t rely on a single stroke of luck. Their success hinges on a series of precise maneuvers. Monetary gains through data exfiltration are often their objective. And once they have navigated the intricate web of identities, they can target valuable data and orchestrate data theft operations. Defenders must disrupt this chain of events to prevent the loss of sensitive data, like intellectual property or customer identifiable data. Then, they can gain the upper hand and steer the course of cybersecurity in their favor. The three best opportunities to break the attack chain. Building a map of your organizat | Ransomware Malware Tool Threat Prediction Cloud | ★★ | |
 |
2023-10-25 03:03:28 | Sécurité dans l'industrie immobilière: défis et comment éviter les attaques Security in the Property Industry: Challenges and How to Avoid Attacks (lien direct) |
Ces dernières années, il y a eu une tendance majeure en cours vers une plus grande infrastructure numérique et une dépendance accrue à l'égard de la technologie dans une grande variété de secteurs.Dans l'industrie immobilière, cela s'est manifesté fortement dans la croissance du marché de la technologie immobilière (Proptech).Ces développements ont eu un impact sérieux sur le secteur, permettant des progrès qui améliorent les processus existants et ajoutent de nouvelles fonctionnalités aux transactions immobilières.Malheureusement, l'omniprésence de la technologie numérique dans l'industrie immobilière en fait également une cible primordiale pour les cybercriminels, laissant les organisations et ...
In recent years, there has been a major ongoing trend toward more digital infrastructure and an increased dependence on technology across a wide variety of sectors. In the property industry, this has manifested heavily in the growth of the property technology (PropTech) market. These developments have had a serious impact on the sector, enabling advances that both improve existing processes and add new features to real estate transactions. Unfortunately, the ubiquity of digital technology in the property industry also makes it a prime target for cybercriminals, leaving organizations and... |
Prediction | ★★ | |
|
2023-10-23 13:00:45 | Dans le cyber-abîme: les prédictions de Riveting 2024 de Check Point \\ révèlent une tempête de l'IA, du hacktivisme et des fasks profonds armés Into the Cyber Abyss: Check Point\\'s Riveting 2024 Predictions Reveal a Storm of AI, Hacktivism, and Weaponized Deepfakes (lien direct) |
 Les activités criminelles ont bondi au premier semestre, avec des recherches sur le point de contrôle (RCR) signalant une augmentation de 8% des cyberattaques hebdomadaires mondiales au deuxième trimestre, marquant le volume le plus élevé en deux ans.Les menaces familières telles que le ransomware et le hacktivisme ont évolué, les gangs criminels modifiant leurs méthodes et outils pour infecter et affecter les organisations du monde entier.Même les technologies héritées telles que les périphériques de stockage USB ont repris la popularité en tant que véhicule pour répandre les logiciels malveillants.L'un des développements les plus importants de cette année a été l'évolution du paysage des ransomwares.Les données dérivées de plus de 120 «sites de honte» ransomwares ont révélé que dans le premier [& # 8230;]
Criminal activities surged in the first half of the year, with Check Point Research (CPR) reporting an 8% increase in global weekly cyberattacks in the second quarter, marking the highest volume in two years. Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology such as USB storage devices regained popularity as a vehicle to spread malware. One of the most significant developments this year was the evolution of the ransomware landscape. Data derived from over 120 ransomware “shame-sites” revealed that in the first […]
|
Ransomware Tool Prediction | ★★★ | |
 |
2023-10-23 02:24:33 | 2023 août & # 8211;Rapport de tendance des menaces sur les statistiques des ransomwares et les problèmes majeurs 2023 Aug – Threat Trend Report on Ransomware Statistics and Major Issues (lien direct) |
Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en août 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) Tactiques de pression élargies des ransomwares sur les entreprises ciblées 2) Rhysida Ransomware Connection avec la vice Society 3) Monti Ransomware a introduit une nouvelle technique de chiffrement Linux Aug_Thereat Trend Rapport sur les statistiques des ransomwares et les principaux problèmes
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in August 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) CLOP ransomware expanded pressure tactics on targeted businesses 2) Rhysida ransomware connection with Vice Society 3) Monti ransomware introduced new Linux encryption technique Aug_Threat Trend Report on Ransomware Statistics and Major Issues |
Ransomware Threat Prediction | ★★ | |
|
2023-10-23 02:22:46 | 2023 Jul & # 8211;Rapport sur la tendance des menaces du Web Deep et Dark 2023 Jul – Deep Web and Dark Web Threat Trend Report (lien direct) |
Ce rapport de tendance sur le Web Deep et le Web sombre d'août 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteurs de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) Alphv (Blackcat) (2) Lockbit (3) NoEscape (4) Metaencryptor (5) Rhysida 2) Forum & # 38;Black Market (1) Le retour du voleur de raton laveur (2) Anonfiles a fermé (3) violation de données du site Web d'apprentissage des langues étrangères 3) ...
This trend report on the deep web and dark web of August 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) LockBit (3) NoEscape (4) MetaEncryptor (5) Rhysida 2) Forum & Black Market (1) The Return of Raccoon Stealer (2) Anonfiles Shut Down (3) Data Breach of Foreign Language Learning Website 3)... |
Ransomware Data Breach Threat Prediction | ★★ | |
|
2023-10-23 02:22:16 | 2023 août & # 8211;Rapport de tendance des menaces sur les groupes APT 2023 Aug – Threat Trend Report on APT Groups (lien direct) |
août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT
August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups |
Threat Prediction | APT 38 APT 38 APT 37 APT 29 APT 31 | ★★★ |
|
2023-10-23 02:21:45 | 2023 août & # 8211;Rapport de tendance des menaces sur le groupe Kimsuky 2023 Aug – Threat Trend Report on Kimsuky Group (lien direct) |
Les activités de Kimsuky Group & # 8217;Les activités d'autres types étaient relativement faibles.De plus, des échantillons de phishing ont été trouvés dans l'infrastructure connue pour la distribution de logiciels malveillants antérieurs (fleurs, randomquery et appleseed), et des échantillons de babyshark ont été découverts dans l'infrastructure RandomQuery.Cela suggère la probabilité de plusieurs types de logiciels malveillants en utilisant une seule infrastructure.Rapport de tendance AUG_TRÉTÉE sur le groupe Kimsuk
The Kimsuky group’s activities in August 2023 showed a notable surge in the BabyShark type, while the activities of other types were relatively low. Also, phishing samples were found in the infrastructure known for distributing previous malware (FlowerPower, RandomQuery, and AppleSeed), and BabyShark samples were discovered in the RandomQuery infrastructure. This suggests the likelihood of multiple types of malware utilizing a single infrastructure. Aug_Threat Trend Report on Kimsuky Group |
Malware Threat Prediction | APT 43 | ★★★ |
|
2023-10-19 10:15:09 | CVE-2022-26943 (lien direct) | La série Motorola MTM5000 Firmwares génère des défis d'authentification TETRA en utilisant un PRNG à l'aide d'un registre de comptage de tiques comme seule source d'entropie.Low Boottime Entropy et une réensemence limitée de la piscine rend le défi d'authentification vulnérable à deux attaques.Tout d'abord, en raison de l'entropie limitée du pool de boottime, un adversaire peut dériver le contenu du pool d'entropie par une recherche exhaustive de valeurs possibles, sur la base d'un défi d'authentification observé.Deuxièmement, un adversaire peut utiliser la connaissance du pool d'entropie pour prédire les défis d'authentification.En tant que tel, l'unité est vulnérable au CVE-2022-24400.
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400. |
Prediction | ||
|
2023-10-19 10:15:08 | CVE-2022-24400 (lien direct) | Une faille dans la procècure d'authentification Tetra permet à un adversaire MITM qui peut prédire le défi MS Rand2 de définir la clé de session DCK à zéro.
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. |
Prediction | ||
 |
2023-10-16 13:00:00 | Les coûts de violation des soins de santé montent en flèche nécessitant une nouvelle réflexion pour la sauvegarde des données Healthcare breach costs soar requiring new thinking for safeguarding data (lien direct) |
> À l'ère numérique, les données sont souvent appelées la nouvelle huile.Sa valeur réside dans les idées qu'elle peut céder, en particulier en ce qui concerne les soins de santé, où les données peuvent aider à détecter les maladies, à prédire les résultats des patients et à aider les professionnels de la santé à personnaliser les traitements.Mais avec la numérisation croissante des informations de santé sensibles, il existe des [& # 8230;] légitimes [& # 8230;]
>In the digital age, data is often referred to as the new oil. Its value lies in the insights it can yield, particularly when it comes to healthcare, where data can help detect diseases, predict patient outcomes and help health professionals personalize treatments. But with the increasing digitization of sensitive health information, there are legitimate […] |
Prediction Medical | ★★★ | |
 |
2023-10-16 10:00:00 | Renforcement de la cybersécurité: multiplication de force et efficacité de sécurité Strengthening Cybersecurity: Force multiplication and security efficiency (lien direct) |
In the ever-evolving landscape of cybersecurity, the battle between defenders and attackers has historically been marked by an asymmetrical relationship. Within the cybersecurity realm, asymmetry has characterized the relationship between those safeguarding digital assets and those seeking to exploit vulnerabilities. Even within this context, where attackers are typically at a resource disadvantage, data breaches have continued to rise year after year as cyber threats adapt and evolve and utilize asymmetric tactics to their advantage. These include technologies and tactics such as artificial intelligence (AI), and advanced social engineering tools. To effectively combat these threats, companies must rethink their security strategies, concentrating their scarce resources more efficiently and effectively through the concept of force multiplication. Asymmetrical threats, in the world of cybersecurity, can be summed up as the inherent disparity between adversaries and the tactics employed by the weaker party to neutralize the strengths of the stronger one. The utilization of AI and similar tools further erodes the perceived advantages that organizations believe they gain through increased spending on sophisticated security measures. Recent data from InfoSecurity Magazine, referencing the 2023 Checkpoint study, reveals a disconcerting trend: global cyberattacks increased by 7% between Q1 2022 and Q1 2023. While not significant at first blush, a deeper analysis reveals a more disturbing trend specifically that of the use of AI. AI\'s malicious deployment is exemplified in the following quote from their research: "...we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains." Furthermore, the report highlights: "Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks." As threat actors continue to employ asymmetrical strategies to render organizations\' substantial and ever-increasing security investments less effective, organizations must adapt to address this evolving threat landscape. Arguably, one of the most effective methods to confront threat adaptation and asymmetric tactics is through the concept of force multiplication, which enhances relative effectiveness with fewer resources consumed thereby increasing the efficiency of the security dollar. Efficiency, in the context of cybersecurity, refers to achieving the greatest cumulative effect of cybersecurity efforts with the lowest possible expenditure of resources, including time, effort, and costs. While the concept of efficiency may seem straightforward, applying complex technological and human resources effectively and in an efficient manner in complex domains like security demands more than mere calculations. This subject has been studied, modeled, and debated within the military community for centuries. Military and combat efficiency, a domain with a long history of analysis, | Tool Vulnerability Threat Studies Prediction | ChatGPT | ★★★ |
 |
2023-10-13 20:01:00 | Nouvelle campagne de cyberattaque de Peapod ciblant les femmes dirigeantes politiques New PEAPOD Cyberattack Campaign Targeting Women Political Leaders (lien direct) |
Le personnel militaire de l'Union européenne et les dirigeants politiques travaillant sur les initiatives d'égalité des sexes sont devenus la cible d'une nouvelle campagne qui offre une version mise à jour de RomCom Rat appelé Peapod.
La société de cybersécurité Trend Micro a attribué les attaques à un acteur de menace qu'il suit sous le nom de vide Rabisu, également connu sous le nom de Storm-0978, Tropical Scorpius et UNC2596, et qui est également
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also |
Threat Prediction | ★★ | |
|
2023-10-13 14:03:55 | Dans l\'abîme du cyberespace : les prédictions alarmantes de Check Point pour 2024, une tempête d\'IA, d\'hacktivisme et de Deepfakes. (lien direct) | Dans l'abîme du cyberespace : les prédictions alarmantes de Check Point pour 2024, une tempête d'IA, d'hacktivisme et de Deepfakes. - Points de Vue | Prediction | ★★★ | |
 |
2023-10-12 11:44:24 | XDR : quatre offres pour une approche cyber qui décolle (lien direct) | Alors que les EDR ont démontré leur efficacité à détecter des attaques passées sous les radars des antivirus classiques, une évolution vers les XDR semble inéluctable. Passage en revue des offres de SentinelOne, Bitdefender, Trend Micro et Sekoia.io. | Prediction | ★★ | |
|
2023-10-12 10:52:45 | Une journée dans la vie d'un analyste de cybersécurité A Day in the Life of a Cybersecurity Analyst (lien direct) |
The day-to-day experience of cybersecurity professionals can vary widely, even though we face similar threats and have many of the same tools at our disposal. In this post, I\'d like to shine a light on what a typical day looks like for a business information security analyst in the world of cybersecurity-a role I know well. Getting started in cybersecurity I\'m a musician-a bagpiper. It\'s a strange one, I know, but that\'s how I started my career. For a couple of years after leaving school, I taught and performed pipe music. But after finishing my music diploma, I knew that there were only so many hours in the week, and only so many people to teach. So, perhaps I should learn another skill, too. It was my dad who suggested cybersecurity. From the outside, it looked interesting and seemed like an industry on the up and up. So I applied for a cybersecurity course at Robert Gordon University in Aberdeen, Scotland. At that time, I didn\'t have much technical knowledge. However, after a chance meeting with the head of the cybersecurity course on a university open day, I felt it was an area I could potentially break into. Within a few weeks, I had signed up for a five-year course with the option of a placement after the second year. Fast-forward to today, and here I am two years into the job, and I\'ve just finished my third year at university. My work placement transitioned into a full-time role, which I still balance with my full-time studies. What does a “normal” day look like for a cybersecurity analyst? No two days are ever the same. It\'s typical for people new to this role to ask, “What are my tasks?” The honest answer is that they\'re hard to define. It depends on what\'s going on in the business at that time, and who you know and work with regularly. While we have great security tools in place to flag suspicious activity, a lot of the time I\'m dealing with situations where I must trust my gut instincts. A task I have grown into managing in my current role is the security training program and phishing simulations across the company. Just yesterday, I issued approvals for a new training campaign that we\'re running for our operations team in Iraq. We aim to carry out targeted team training quarterly in shorter bites, 20 minutes here and there, to try to keep people engaged more than once a year. I\'ll usually spend part of my day managing our external support teams and service providers, too. I manage our security exceptions process, which involves vetting and approving requests from the business. For me, it\'s a case of making sure we have the right information from our users, asking the “Why?” to their wants, and finding out if there are more secure alternatives for providing a solution. Indicator of compromise (IOC) checks are an ongoing task. We\'re part of a service organisation forum, so we often gather and share important information with our industry peers. We have a shared spreadsheet that\'s automatically tracked, and we always receive possible indicators internally from our ever-growing network of security champions. I just need to make sure that our email security and firewall security are ticked off, blocked and managed. Measuring success Being part of the service organisation forum means that we are constantly sharing information with our peers. It allows us to compare the results of our training programs over time to see how we trend against each other. We also look back at how we have performed in these areas internally over the last few years to make sure we\'re always improving. We\'re also passionate about data governance. We want to ensure that our users not only understand risk but also how to appropriately manage company and client data. We want to always use best practices and build an internal security culture from the ground up. There\'s that saying, “You\'re only as good as your weakest player.” When it comes to cybersecurity issues, an organization is like a football team. You have 40,000 employees-and if just one of them doesn\'t know what | Tool Prediction | ★★★ | |
|
2023-10-12 10:00:00 | L'évolution des attaques de phishing The evolution of phishing attacks (lien direct) |
A practical guide to phishing and best practices to avoid falling victim. Introduction Over the past several years, remote and hybrid work has quickly gained popularity amongst those seeking a to reduce the amount of time on the road or an improved work/life balance. To accomplish this, users are often working from multiple devices, some of which may be company issued, but others may be privately owned. Cyberattackers have leveraged this trend to bypass traditional security controls using social engineering, with phishing attacks being a favored tactic. In fact, the FBI Internet Crime Report issued in 2022 reported phishing as the top reported internet crime for the past 5 years. Its ability to persuade individuals to divulge sensitive information to seemingly familiar contacts and companies over email and/or SMS text messages has resulted in significant data breaches, both personal and financial, across all industries. Mobile phishing, in particular, is quickly becoming a preferred attack vector among hackers seeking to use them as a jump point to gain access to proprietary data within a company’s network. This article provides an overview of the origins of phishing, its impact on businesses, the types of mobile phishing attacks hackers employ, and ways in which companies can best defend themselves against such attacks. The origins of phishing The belief among many in the cybersecurity industry is that phishing attacks first emerged in the mid-90s when dial-up was the only means of gaining access to the internet. Hackers posing as ISP administrators used fake screen names to establish credibility with the user, enabling them to “phish” for personal log-in data. Once successful, they were able to exploit the victim’s account by sending out phishing emails to other users in their contact list, with the goal of scoring free internet access or other financial gain. Awareness of phishing was still limited until May 2000 when Love Bug entered the picture. Love Bug, a highly effective and contagious virus designed to take advantage of the user’s psyche was unleashed in the Philippines, impacting an estimated 45 million Window PCs globally. Love Bug was sent via email with the subject line reading “ILOVEYOU”. The body of the message simply read “Kindly check the attached LOVELETTER coming from me”. Users who couldn’t resist opening the message unleashed a worm virus infecting and overwriting user’s files with copies of the virus. When the user opened the file, they would reinfect the system. Lovebug elevated phishing to a new level as it demonstrated the ability to target a user’s email mailing list for the purpose of spamming acquaintances thereby incentivizing the reader to open his/her email. This enabled the lovebug worm to infect computer systems and steal other user’s passwords providing the hacker the opportunity to log-in to other user accounts providing unlimited internet access. Since Love Bug, the basic concept and primary goal of phishing tactics has remained consistent, but the tactics and vectors have evolved. The window of opportunity has increased significantly for hackers with the increased use of social media (e.g., Linkedin, Twitter, Facebook). This provides more personal data to the hackers enabling them to exploit their targets with more sophisticated phishing tactics while avoiding detection. Phishing’s impact in the marketplace today Phishing attacks present a significant threat for organizations as their ability to capture proprietary business and financial data are both costly and time consuming for IT organizations to detect and remediate. Based on a | Ransomware Malware Tool Threat Prediction | ★★★ | |
 |
2023-10-10 12:00:00 | La moitié des cisos se rendent désormais au PDG à mesure que l'influence se développe Half of CISOs Now Report to CEO as Influence Grows (lien direct) |
La tendance est plus prononcée en Europe que l'Amérique
Trend is more pronounced in Europe than America |
Prediction | ★★★ | |
|
2023-10-04 22:00:00 | Trend Micro Drive Dernière phase de la prospérité et de l'engagement des canaux Trend Micro Drives Latest Phase of Channel Prosperity and Engagement (lien direct) |
Pas de details / No more details | Prediction | ★★ | |
|
2023-10-03 07:45:20 | Trend Micro : Etat des attaques de ransomware au premier semestre 2023 (lien direct) | Etat des attaques de ransomware au premier semestre 2023 par Trend Micro Les institutions américaines sont majoritairement prises pour cible par LockBit. • Le rapport de Trend Micro évalue le ratio d'attaque à une sur six. • Le volume de victimes de ransomware est en forte hausse : +47%. • LockBit, BlackCat et Clop sont les familles de ransonwares les plus actives.#Cybersecurité #Ransomware #LockBit - Investigations | Ransomware Studies Prediction | ★★★★ | |
|
2023-09-30 15:19:00 | Le FBI met en garde contre la tendance à la hausse des attaques à double rançon ciblant les entreprises américaines FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies (lien direct) |
Le Federal Bureau of Investigation (FBI) des États-Unis met en garde contre une nouvelle tendance d'attaques à double ransomware ciblant les mêmes victimes, au moins depuis juillet 2023.
"Au cours de ces attaques, les acteurs de cyber-menaces ont déployé deux variantes de ransomware différentes contre les sociétés de victimes des variantes suivantes: Avoslocker, Diamond, Hive, Karakurt, Lockbit, Quantum et Royal", a déclaré le FBI dans une alerte."Variantes
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants |
Ransomware Threat Prediction | ★★ | |
|
2023-09-30 14:51:00 | Iranian APT Group OilRig Utilisation de nouveaux logiciels malveillants Menorah pour les opérations secrètes Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (lien direct) |
Les cyber-acteurs sophistiqués soutenus par l'Iran connu sous le nom de OilRig ont été liés à une campagne de phistes de lance qui infecte les victimes d'une nouvelle souche de malware appelé Menorah.
"Le malware a été conçu pour le cyberespionnage, capable d'identifier la machine, de lire et de télécharger des fichiers à partir de la machine, et de télécharger un autre fichier ou un malware", Trend Micro Researchers Mohamed Fahmy et Mahmoud Zohdy
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy |
Malware Prediction | APT 34 | ★★★ |
|
2023-09-27 13:00:00 | Célébrer plus de 20 000 heures de formation de cyber-piratage via l'esprit de contrôle et le partenariat NotSosecure Celebrating Over 20,000 Hours of Cyber Hacking Training via the Check Point MIND and NotSoSecure Partnership (lien direct) |
> Notre rapport de cybersécurité en milieu d'année en 2023 a révélé que les cyberattaques avaient bondi de 8% au premier semestre de 2023, avec plus d'attaques que jamais.Les cybercriminels ne montrent aucun signe de ralentissement.Malheureusement, les chercheurs de ISC2 prédisent qu'en 2025, il y aura 3,5 millions de postes non remplis au sein de la main-d'œuvre de la cybersécurité.Laissez cela s'enfoncer un instant.Plus que toute autre chose, l'écart existant au sein de la main-d'œuvre de la cybersécurité est le principal défi de l'industrie.Il est si massif qu'aucune organisation ne peut l'attaquer à elle seule.Reconnaître ce point de contrôle de besoin croissant a développé l'organisation Mind, sous l'égide de [& # 8230;]
>Our 2023 Mid-Year Cybersecurity Report found that cyberattacks surged 8% in the first half of 2023, with more attacks than ever before. Cyber criminals show no signs of slowing down. Unfortunately, researchers at ISC2 predict that by 2025, there will be 3.5 million unfilled positions within the cybersecurity workforce. Let that sink in for a moment. More than anything else, the existing gap within the cyber security workforce is our industry’s main challenge. It\'s so massive that no single organization can tackle it on its own. Recognizing this growing need Check Point developed the MIND organization, under the umbrella of […] |
Prediction | ★★ | |
|
2023-09-26 14:31:49 | Guillaume Leseigneur, Cybereason : nous arrivons aujourd\'hui à un nouveau point de basculement dans le paysage des menaces (lien direct) | Guillaume Leseigneur, Cybereason : nous arrivons aujourd'hui à un nouveau point de basculement dans le paysage des menaces - Interviews | Threat Prediction | ★★★ | |
|
2023-09-22 07:17:18 | Les cybercriminels exploitent la tragédie marocaine dans une nouvelle campagne d\'escroquerie (lien direct) | Cédric Pernet, Senior Threat Researcher – Trend Micro, présente une escroquerie qui a profité du tremblement de terre au Maroc en trompant les donateurs pour qu'ils achètent du matériel de secours prétendument destiné à aider les victimes de ce séisme. Les fraudeurs ont enregistré deux noms de domaines, dont l'un usurpe l'identité de la Croix-Rouge française et redirige vers le second. - Malwares | Threat Prediction | ★★ | |
|
2023-09-21 14:15:00 | Les nouvelles victimes de ransomwares augmentent de 47% avec des gangs ciblant les petites entreprises New Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses (lien direct) |
Le Micro Report Trend a observé que les petites organisations sont de plus en plus ciblées par les gangs de ransomware, y compris Lockbit et Blackcat
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat |
Ransomware Prediction | ★★ | |
 |
2023-09-21 00:00:00 | Décodage Turla: Trend Micro \\'s Mitre Performance Decoding Turla: Trend Micro\\'s MITRE Performance (lien direct) |
Cette année, l'évaluation de l'ingéniosité à la mitre a testé les fournisseurs de cybersécurité contre des scénarios d'attaque simulés imitant le groupe adversaire «Turla».Renseignez-vous sur les performances de protection à 100% réussies de Trend Micro \\.
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro\'s 100% successful protection performance. |
Prediction | ★ | |
 |
2023-09-20 11:06:33 | Sur la pénurie d'emplois de cybersécurité On the Cybersecurity Jobs Shortage (lien direct) |
En avril, Cybersecurity Ventures Sur la pénurie de travaux de cybersécurité extrême: | Prediction | ★★ | |
|
2023-09-20 10:58:00 | Trend Micro verse une solution urgente pour la vulnérabilité de sécurité critique exploitée activement Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability (lien direct) |
La société de cybersécurité Trend Micro a publié des correctifs et des hotfixs pour aborder un défaut de sécurité critique dans Apex One et des solutions de sécurité commerciale sans souci pour Windows qui ont été activement exploitées dans des attaques réelles.
Suivi comme CVE-2023-41179 (score CVSS: 9.1), il se rapporte à un module de désinstallation antivirus tiers qui a été emballé avec le logiciel.La liste complète des impacts
Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that\'s bundled along with the software. The complete list of impacted |
Vulnerability Prediction | ★★ | |
|
2023-09-20 05:00:47 | Toutes les vulnérabilités ne sont pas créées égales: les risques d'identité et les menaces sont la nouvelle vulnérabilité Not All Vulnerabilities Are Created Equal: Identity Risks and Threats Are the New Vulnerability (lien direct) |
If the history of cyber threats has taught us anything, it\'s that the game is always changing. The bad actors show us a move. We counter the move. Then, the bad actors show us a new one. Today, that “new move” is the vulnerable state of identities. Attackers realize that even if the network and every endpoint and device are secured, they can still compromise an enterprise\'s resources by gaining access to one privileged account. There is a lot of opportunity to do that, too. Within companies, one in six endpoints has an exploitable identity risk, as research for the Analyzing Identity Risks (AIR) Research Report from Proofpoint found. “Well, that escalated quickly.” The latest Data Breach Investigations Report from Verizon highlights the risks of complex attacks that involve system intrusion. It also underscores the need to disrupt the attacker once they are inside your environment. Once they have that access, they will look for ways to escalate privileges and maintain persistence. And they will search for paths that will allow them to move across the business so that they can achieve their goals, whatever they may be.hey may be. This problem is getting worse because managing enterprise identities and the systems to secure them is complex. Another complication is the constant changes to accounts and their configurations. Attackers are becoming more focused on privileged identity account takeover (ATO) attacks, which allow them to compromise businesses with ease and speed. At least, as compared with the time, effort and cost that may be required to exploit a software vulnerability (a common vulnerability and exposure or CVE). We should expect this trend to continue, given that ATOs have reduced attacker dwell times from months to days. And there is little risk that attackers will be detected before they are able to complete their crimes. How can IT and security leaders and their teams respond? A “back to the basics” approach can help. Shifting the focus to identity protection Security teams work to protect their networks, systems and endpoints in their infrastructure, and they have continued moving up the stack to secure applications. Now, we need to focus more on ways to improve how we protect identities. That is why an identity threat detection and response (ITDR) strategy is so essential today. We tend to think of security in battle terms; as such, identity is the next “hill” we need to defend. As we have done with the network, endpoint and application hills in the past, we should apply basic cyber hygiene and security posture practices to help prevent identity risk. There is value in using preventative and detective controls in this effort, but the former type of control is preferred. (It can cost less to deploy, too.) In other words, as we take this next hill to secure identity threats, we should keep in mind that an ounce of prevention is worth a pound of cure. Identity as a vulnerability management asset type Businesses should consider managing remediation of the identity vulnerabilities that are most often attacked in the same or a similar way to how they manage the millions of other vulnerabilities across their other asset types (network, host, application, etc.). We need to treat identity risk as an asset type. Its vulnerability management should be included in the process for prioritizing vulnerabilities that need remediation. A requirement for doing this is the ability to scan the environment on a continuous basis to discover identities that are vulnerable now-and learn why are at risk. Proofpoint SpotlightTM provides a solution. It enables: The continuous discovery of identity threats and vulnerability management Their automated prioritization based on the risk they pose Visibility into the context of each vulnerability And Spotlight enables fully automated remediation of vulnerabilities where the remediation creates no risk of business interruption. Prioritizing remediation efforts across asset types Most enterprises have millions of vulnerabilities across their | Data Breach Vulnerability Threat Prediction | ★★ | |
|
2023-09-20 05:00:00 | Les logiciels malveillants chinois apparaissent sérieusement dans le paysage des menaces de cybercriminalité Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (lien direct) |
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators. Overview Since early 2023, Proofpoint observed an increase in the email distribution of malware associated with suspected Chinese cybercrime activity. This includes the attempted delivery of the Sainbox Remote Access Trojan (RAT) – a variant of the commodity trojan Gh0stRAT – and the newly identified ValleyRAT malware. After years of this malware not appearing in Proofpoint threat data, its appearance in multiple campaigns over the last six months is notable. The phrase “Chinese-themed” is used to describe any of the observed content related to this malicious activity, including lures, malware, targeting, and any metadata that contains Chinese language usage. Campaigns are generally low-volume and are typically sent to global organizations with operations in China. The email subjects and content are usually written in Chinese, and are typically related to business themes like invoices, payments, and new products. The targeted users have Chinese-language names spelled with Chinese-language characters, or specific company email addresses that appear to align with businesses\' operations in China. Although most campaigns have targeted Chinese speaking users, Proofpoint observed one campaign targeting Japanese organizations, suggesting a potential expansion of activity. These recently identified activity clusters have demonstrated flexible delivery methods, leveraging both simple and moderately complex techniques. Commonly, the emails contain URLs linking to compressed executables that are responsible for installing the malware. However, Proofpoint has also observed Sainbox RAT and ValleyRAT delivered via Excel and PDF attachments containing URLs linking to compressed executables. Proofpoint researchers assess those multiple campaigns delivering Sainbox RAT and ValleyRAT contain some similar tactics, techniques, and procedures (TTPs). However, research into additional activity clusters utilizing these malwares demonstrate enough variety in infrastructure, sender domains, email content, targeting, and payloads that researchers currently conclude that all use of these malwares and associated campaigns are not attributable to the same cluster, but likely multiple distinct activity sets. The emergence and uptick of both novel and older Chinese-themed malware demonstrates a new trend in the overall 2023 threat landscape. A blend of historic malware such as Sainbox – a variant of the older Gh0stRAT malware – and the newly uncovered ValleyRAT may challenge the dominance that the Russian-speaking cybercrime market has on the threat landscape. However, the Chinese-themed malware is currently mostly targeted toward users that likely speak Chinese. Proofpoint continues to monitor for evidence of increasing adoption across other languages. For network defenders, we include several indicators of compromise and Emerging Threats detections to provide the community with the ability to cover these threats. Campaign Details Proofpoint has observed over 30 campaigns in 2023 leveraging malware typically associated with Chinese cybercrime activity. Nearly all lures are in Chinese, although Proofpoint has also observed messages in Japanese targeting organizations in that country. Gh0stRAT / Sainbox Proofpoint has observed an increase in a variant of Gh0stRAT Proofpoint researchers refer to as Sainbox. Sainbox was first i | Malware Tool Threat Prediction | ★★★ | |
|
2023-09-19 21:11:00 | L'acteur lié à la Chine puise la porte dérobée Linux dans une campagne d'espionnage énergique China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign (lien direct) |
"Sprysocks" mélange les fonctionnalités de plusieurs badware précédemment connus et ajoute à l'arsenal de logiciels malveillants croissants de la menace, dit Trend Micro.
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor\'s growing malware arsenal, Trend Micro says. |
Malware Threat Prediction | ★★★ | |
|
2023-09-19 20:20:00 | Trend micro patchs vulnérabilité de point final zéro jour Trend Micro Patches Zero-Day Endpoint Vulnerability (lien direct) |
La vulnérabilité critique implique une désinstallation de produits de sécurité tiers et a été utilisé dans les cyberattaques.
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks. |
Vulnerability Prediction | ★★ | |
|
2023-09-19 16:40:00 | Les nouvelles cotes de la terre de Lusca \\ ont cible la porte dérobée Linux cible les entités gouvernementales Earth Lusca\\'s New SprySOCKS Linux Backdoor Targets Government Entities (lien direct) |
L'acteur de menace lié à la Chine connue sous le nom de Lusca Earth Lusca a été observé ciblant les entités gouvernementales à l'aide d'une porte dérobée Linux jamais vue appelée Sprysocks.
Earth Lusca a été documenté pour la première fois par Trend Micro en janvier 2022, détaillant les attaques de l'adversaire contre les entités du secteur public et privé à travers l'Asie, l'Australie, l'Europe, l'Amérique du Nord.
Actif depuis 2021, le groupe s'est appuyé sur
The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary\'s attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on |
Threat Prediction | ★★ | |
|
2023-09-19 14:15:21 | CVE-2023-41179 (lien direct) | Une vulnérabilité dans le tiers du module de désinstallation AV contenu dans Trend Micro Apex One (sur site et SaaS), la sécurité commerciale sans inquiétude et les services de sécurité commerciale sans souci pourraient permettre à un attaquant de manipuler le module pour exécuter des commandes arbitraires sur un affecté d'un affecté concernéinstallation.
Notez qu'un attaquant doit d'abord obtenir un accès à la console administrative sur le système cible afin d'exploiter cette vulnérabilité.
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. |
Vulnerability Prediction | ||
|
2023-09-19 13:00:32 | Est-ce que le VRAI Slim Shady se lèvera?La recherche sur les points de contrôle expose le cybercriminé derrière un logiciel malveillant impactant EMEA et APAC Will the Real Slim Shady Please Stand Up? Check Point Research Exposes Cybercriminal Behind Malicious Software Impacting EMEA and APAC (lien direct) |
Bien que la RPR de profit ait identifié «Eminэm» comme l'un des cyberciminaux derrière la distribution Remcos et Guloader RCR a révélé ses conclusions à l'entité d'application de la loi pertinente que le logiciel «légitime» devient le choix de cyberclinal \\ 'dans une tendance alarmante mise en évidence par chèqueLe rapport de sécurité en milieu d'année en 2023 de Point \\, un logiciel apparemment légitime est devenu le choix préféré des cybercriminels.Les exemples notables sont [& # 8230;]
>Highlights: Advertised as legitimate tools, Remcos and GuLoader are malware in disguise, heavily utilized in cyberattacks Check Point Research (CPR) has uncovered evidence that the distributor is deeply entwined within the cybercrime scene, leveraging their platform to facilitate cybercrime, while making a profit CPR has identified “EMINэM” as one of the cyberciminals behind the distribution Remcos and GuLoader CPR has disclosed its findings to the relevant law enforcement entity “Legit” software becomes cybercrminals\' preferred choice In an alarming trend highlighted in Check Point\'s 2023 Mid-Year Security Report, seemingly legitimate software has become the preferred choice of cybercriminals. Notable examples are […] |
Malware Prediction | ★★ | |
|
2023-09-18 09:37:48 | Trend Micro rejoint le Hacking Policy Council (lien direct) | Trend Micro rejoint le Hacking Policy Council. • Le spécialiste de la cybersécurité renforce son engagement de protection cyber auprès des Etats-Unis. • Grâce à son programme Zero Day Initiative, Trend Micro aura la capacité de livrer des informations sur les menaces au consortium. - Business | Threat Prediction | ★★ | |
|
2023-09-18 05:00:09 | Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment (lien direct) |
Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents. While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats. That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery). “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” Source: 2023 Gartner Market Guide for Email Security The rise of cloud-based email security solutions Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market. Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses. The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them. Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs. Post-delivery deployment (API-based model) In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats. Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive. Pre-delivery deployment (MX-based model) This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in | Ransomware Data Breach Malware Tool Threat Prediction Cloud | ★★★ | |
 |
2023-09-15 15:26:04 | Trend Micro protège l'Université de Kingston pendant la période de compensation de pointe Trend Micro Protects Kingston University During Peak Clearing Period (lien direct) |
Leur période la plus occupée de l'année pour le recrutement des étudiants.«La compensation universitaire est comme la course à Noël pour les détaillants.Et de la même manière, menace [& # 8230;]
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that it is supplying managed detection and response (MDR) capabilities to Kingston University free of charge to mitigate the threat of serious cyber disruption during their busiest time of year for student recruitment. “University clearing is like the run up to Christmas for retailers. And in the same way, threat […] |
Threat Prediction | ★★ | |
|
2023-09-15 14:19:00 | Les cybercriminels combinent des certificats de phishing et de véhicules électriques pour livrer les charges utiles des ransomwares Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (lien direct) |
Les acteurs de la menace derrière les voleurs d'informations Redline et Vidar ont été observés pivotant des ransomwares grâce à des campagnes de phishing qui répartissent les charges utiles initiales signées avec des certificats de signature de code de validation (EV) prolongés.
"Cela suggère que les acteurs de la menace rationalisent les opérations en faisant leurs techniques polyvalentes", a déclaré les micro-chercheurs Trend dans une nouvelle analyse publiée
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this |
Ransomware Threat Prediction | ★★ | |
 |
2023-09-14 00:00:00 | La petite idée avec un grand impact sur l'écart de talents de cybersécurité The Small Idea With a Big Impact on the Cybersecurity Talent Gap (lien direct) |
The cost of cybercrime is expected to reach $8 trillion globally this year, yet the scarcity of security talent is becoming more pronounced. With more than 750,000 cybersecurity positions unfilled in the U.S. and 3.5 million positions worldwide unfilled, the race is on to close the skills shortage that is estimated to contribute to 80% of all security breaches. In 2022, cyberattacks increased by 38%. The global average cost of a data breach reached $4.35 million, while the average cost of a data breach in the U.S. reached $9.44 million, according to a report by IBM and the U.S.-based Ponemon Institute. Bringing on more technical talent is central to companies in order to stop these threat actors. “Cybercrime can be very lucrative. And the reality is, talent is your best line of defense,” said Donna O\'Shea, chair of cybersecurity at Munster Technological University (MTU) in Cork, Ireland. Easing the Talent Crunch With Bite-Sized Learning As the digital economy evolves, more opportunities for malicious attacks are coming to the fore. Creative approaches aimed at increasing the pool of security professionals are emerging–and bringing down the barriers that once kept people from pursuing these lucrative roles. “There has been a lot of progress made in terms of the way that we deliver cybersecurity education,” O\'Shea said. Micro-credentials are small, accredited courses that allow candidates to pursue highly focused upskilling and reskilling that respond to niche labor market needs. Experts predict that lowering the time and costs involved in post-graduate studies will attract more learners and help address the cybersecurity talent scarcity. In 2020, the Irish Universities Association (IUA) was awarded €12.3 million through the country\'s Department of Further and Higher Education to become the first European country to establish a national framework for nationally accredited micro-credentials. “This is a real innovation in workforce development and lifelong learning,” says Aisling Soden, talent transformation & innovation manager for IDA Ireland. The cyberskills micro-credential programs are administered through academic institutes, co-designed by industry and, in time, will be transferrable across Europe. Because they are offered online, Soden also sees micro-credentials as a way to help companies upskill staff with specific cybersecurity skills to an international standard of education. These highly specific cybersecurity short courses will also benefit companies looking to upskill internal staff or access new talent in 25+ critical areas such as network systems, security standards & risk, security architecture, malware, reverse engineering and more. Soden envisions the micro-credential standards playing a bigger role on the global stage: “In the future, I can see these standards being recognized worldwide.” Underrepresented Communities: An Untapped Resource In 2022, Ireland was one of only a few countries to make headway in the quest to narrow cybersecurity talent shortages. Most regions around the world reported an increase in their cybersecurity workforce gap, according to a report by (ISC)², the world\'s leading cybersecurity professional organization. Last year, Ireland closed its cybersecurity skills gap by 19.5% while the global gap grew by 26.2%. O\'Shea stressed the need to do a “much better job globally of reaching underrepresented populations to fill these open positions.” Especially now, she says, as micro-credentials bring down the cost, time commitments and previously required masters-level studies for training for cybersecurity jobs, opportunities must increase for women, military veterans, minority groups and people from financially disadvantaged communities. There\'s also an untapped market of individuals displaced from hospitality and other service sectors during the pandemic. Society needs to do a better job of fostering cybersecurity talent across the entire hiring spectrum, said O\'Shea. This should start with thought-provoking conversa | Data Breach Malware Threat Studies Prediction Technical | ★★ | |
|
2023-09-13 10:00:00 | Eco-Hacks: l'intersection de la durabilité et des cyber-menaces Eco-hacks: The intersection of sustainability and cyber threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Environmental sustainability is more important than ever before for organizations across all sectors. Sustainability concerns including geopolitics, future-focused developments, advanced ESG reporting, and building sustainability into supply chains going forward are all significant trends shaping businesses in 2023 and beyond. While the shift towards environmental sustainability is a worthy pursuit no matter the industry, the trend towards adopting new technologies that provide more sustainability and eco-friendliness can have some unintended consequences on the realm of cybersecurity. Today we can see many hybrid endeavors that combine both cutting-edge technology and green, eco-friendly initiatives to create long-term ecologically sustainable solutions for businesses in all fields. But since these collaborations tend to utilize new technology, they may not provide the kind of advanced-level cybersecurity protocols needed to secure these endeavors against cyberattacks, resulting in unintended consequences: an increase in cyber vulnerabilities. In this article, we will take an in-depth look at the enhanced cybersecurity risks presented by certain sustainability and tech initiatives. Then we will explore best practices intended to keep businesses cyber secure as they transition to new, more environmentally friendly modes of operation and production. 1. The unexpected cybersecurity risks of going green While new green technology rollouts provide highly visible, obvious benefits, contributing to the important global cause of sustainability, the cybersecurity underpinnings that run in the background are easy to ignore but no less significant. There is a subtle interdependence between new green tech and expanded cybersecurity risks. 2. New developments in green technology New developments in green technology are vast and wide-ranging, offering revolutionary potential to cut down on harmful greenhouse gas emissions. By some estimates, Green IT can contribute to reducing greenhouse gas emissions by ten times more than it emits. Green coding focuses on creating more energy efficient modes of engaging computational power that can be applied to everything from virtual reality gaming devices in development to cloud computing. Sustainable data collection centers aim to reduce carbon and greenhouse gas emissions by finding alternative methods of collecting data that require less energy. Smart city technology, such as IoT-enabled power grids, smart parking meters, and smart traffic controls, can utilize predictive capabilities to ensure that urban infrastructures are running at optimal energy levels, reducing resource and energy waste and improving city living experiences. Similarly, smart HVAC systems can respond to global climate change issues by managing the internal temperature of buildings using smart regulators that reduce energy waste and carbon emissions, while still heating or cooling buildings. All of these innovations are building towards a more sustainable future by reducing our need for harmful fossil fuel consumption, managing power usage across the energy grid, and creating more sustainable alternatives to existing technologies for transportation, waste management, entertainment, and more. But each of these new technologies also presents a broader risk level | Vulnerability Threat Prediction Cloud | ★★★ | |
|
2023-09-12 10:00:00 | Réseaux résilients: éléments constitutifs de l'architecture de la cybersécurité moderne Resilient networks: Building blocks of modern Cybersecurity architecture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today\'s interconnected digital landscape, where data flows like a river through intricate networks, the importance of cybersecurity has never been more pronounced. As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture. Understanding resilient networks Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions. They aren\'t just about preventing breaches; they\'re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover. Network security It\'s essential to distinguish between network security and network resilience. Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods. On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures. Resilience Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It\'s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached. Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes. Key components of resilient networks Consider your home\'s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats. Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience. Redundancy Redundancy involves creating backup systems or pathways. It\'s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions. Diversity Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact. Segmentation and isolation Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it\'s isolated, preventing the entire building from | Tool Vulnerability Threat Prediction Medical | ★★ |
To see everything:
Our RSS (filtrered)
