What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-16 22:00:00 | Savvy lance l'identité de sécurité d'abord pour lutter contre les combinaisons toxiques à l'origine du risque SaaS Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk (lien direct) |
Cloud | ★★ | ||
 |
2024-01-16 15:24:48 | Les équipes de SentinelLabs alertent sur un malware qui cible les services cloud et de paiement (lien direct) | Les équipes de SentinelLabs alertent sur un malware qui cible les services cloud et de paiement - Malwares | Malware Cloud | ★★★ | |
|
2024-01-16 14:37:37 | Trend Cloud One™ for Government obtient une nouvelle mise en conformité avec l\'autorisation d\'exploitation FedRAMP® (lien direct) | Grâce à l'autorisation FedRAMP®, la plateforme de cybersécurité de Trend Micro s'impose comme la plus conforme du marché. Les entreprises et les gouvernements du monde entier font confiance à Trend Micro pour combler le fossé entre la sécurité et la conformité. - Business | Prediction Cloud | ★★ | |
 |
2024-01-16 14:33:29 | NetSkope Protection en temps réel et résultats de test AV Netskope Real-time Threat Protection and AV-TEST Results (lien direct) |
> Netskope continue de faire progresser les capacités de protection des menaces en ligne et a amélioré sa détection et son blocage des logiciels malveillants et des attaques de phishing tout en abaissant et en améliorant son taux de faux positifs dans le dernier rapport AV-Test.Dans toutes les parties des tests, NetSkope s'est amélioré.Aujourd'hui, plus de la moitié du trafic de sortie des utilisateurs implique des applications et des services cloud [& # 8230;]
>Netskope continues to advance inline threat protection capabilities and has improved its detection and blocking of malware and phishing attacks while also lowering and improving its false positive rate in the latest AV-TEST Report. In every part of the testing, Netskope improved. Today more than half of user egress traffic involves applications and cloud services […] |
Malware Threat Cloud | ★★★ | |
 |
2024-01-16 12:34:28 | FBI: AndroxGH0st malware botnet vole AWS, Microsoft FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials (lien direct) |
La CISA et le FBI ont averti aujourd'hui que les acteurs de la menace utilisant des logiciels malveillants AndroxGH construisent un botnet axé sur le vol d'identification cloud et utilisent les informations volées pour fournir des charges utiles malveillantes supplémentaires.[...]
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. [...] |
Malware Threat Cloud | ★★★ | |
 |
2024-01-16 11:00:00 | Prédictions inhabituelles et stimulantes pour la cybersécurité en 2024 Unusual, thought-provoking predictions for cybersecurity in 2024 (lien direct) |
This is part one of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster. And just like that, off we went - to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago. With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead? Maturing the industry: It’s the business that matters. Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls. Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction. Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams. Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating. The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider. Cybersecurity budgets are changing, creating an approach to get funding differently. This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing - in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem. The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different. As computing moves closer to the data source, every deployment should contribute to the b | Tool Mobile Prediction Cloud Technical | ★★★ | |
 |
2024-01-16 10:30:00 | Les 7 péchés de sécurité du nuage mortel et comment les PME peuvent mieux faire les choses The 7 deadly cloud security sins and how SMBs can do things better (lien direct) |
En éliminant ces erreurs et ces angles morts, votre organisation peut faire des progrès massifs vers l'optimisation de son utilisation du nuage sans s'exposer au cyber-risque
By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk |
Cloud | ★★★ | |
|
2024-01-16 10:19:46 | LogPoint a annoncé la sortie de LogPoint Business-Critical Security Logpoint has announced the release of Logpoint Business-Critical Security (lien direct) |
LogPoint augmente la solution BCS avec les capacités de sécurité du cloud
Le nouveau BCS de LogPoint \\ pour SAP BTP offre des capacités de sécurité cloud pour aider les organisations à gérer la surveillance et la détection des menaces dans SAP Business Technology Platform (BTP)
-
revues de produits
Logpoint boosts BCS solution with cloud security capabilities Logpoint\'s new BCS for SAP BTP offers cloud security capabilities to help organisations manage monitoring and threat detection in SAP Business Technology Platform (BTP) - Product Reviews |
Threat Cloud Commercial | ★★ | |
 |
2024-01-16 08:32:19 | Défense post-livraison à propulsion du cloud: la dernière innovation de Proofpoint \\ dans la protection des e-mails Cloud-Powered Post-Delivery Defense: Proofpoint\\'s Latest Innovation in Email Protection (lien direct) |
Cybercriminals are constantly innovating so that they can infiltrate your systems and steal your valuable data. They do this through a complex multi-stage method commonly known as the attack chain. During the initial compromise, attackers use advanced email threats like phishing scams, malware attachments, business email compromise (BEC) and QR code threats to get a foothold in your systems. That\'s why email security tools typically focus on stopping these threats. Steps in the attack chain. But no technology is foolproof. Inevitably, some emails will get through. To keep your company safe, you need an email security solution that can detect, analyze and remediate email threats post-delivery. That\'s where Proofpoint can help. Proofpoint Cloud Threat Response is the cloud-based alternative to TRAP (Threat Response Auto-Pull), known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams. In this blog post, we\'ll highlight some of its capabilities and benefits. Overview of Cloud Threat Response capabilities Proofpoint Cloud Threat Response keeps you safer by remediating threats post-delivery. Plus, it helps security teams prioritize and execute response actions three different ways: Automatically by Proofpoint. Cloud Threat Response automatically analyzes emails post-delivery. It identifies and quarantines malicious emails within user inboxes. Doing so reduces the risk that users will interact with them, helping to prevent your business from being compromised. Manually by the SOC team. Your security team gains instant access to detailed email analysis, historical data and risk scoring through an integration with Proofpoint Smart Search. This integration makes it easier for you to delve into specific emails and swiftly identify and remove any lurking threats. With the assistance of end users. Users can report messages that look suspicious thanks to a simple button directly integrated into their mailboxes. Reported emails are automatically investigated and are neutralized if determined to be a threat. Proofpoint Cloud Threat Response benefits At many companies, security incident response is a slow and labor-intensive process. Responding to security incidents may take days or weeks depending on the size of your security team. Time-intensive tasks can turn into painful bottlenecks. Compare that to Proofpoint Cloud Threat Response, which automates and simplifies threat response tasks. Here\'s what you can expect: Enjoy a simplified management interface. Our centralized, modern interface simplifies how you manage email security. From this dashboard, you can manage a range of tasks, including threat reporting, threat analysis and user administration. The simplified, modern interface of Proofpoint Cloud Threat Response. Respond to incidents faster. Proofpoint Cloud Threat Response acts on intelligence from our Supernova detection engine, which improves threat detection and reduces the mean time to respond (MTTR). Spend less time on deployment and maintenance. Because it\'s cloud native, our platform is not only easy to deploy but it eliminates the need for on-premises infrastructure. Plus, your investment is future-proof, and it comes with automated maintenance and security updates. Streamline security operations. Use Single Sign-On (SSO) to seamlessly navigate between Cloud Threat Response and other Proofpoint apps such as Targeted Attack Protection, Email Fraud Defense and Email Protection. This helps to boost analyst efficiency and response times. See more threats. It automatically shares a threat\'s remediation status across your other Proofpoint platforms. This increases threat visibility and helps you to identify and neutralize threats faster. Proofpoint Cloud Threat Response is integrated with Proofpoint threat intelligence and abuse mailbox sources. Contain threats quickly. Malici | Malware Tool Threat Cloud | ★★ | |
|
2024-01-15 18:00:00 | À mesure que le cloud d'entreprise grandit, il en va de même pour les défis As Enterprise Cloud Grows, So Do Challenges (lien direct) |
La parentalité enseigne de nombreuses leçons, y compris que les difficultés se compliquent à mesure que vous grandissez.Voici ce qu'il faut rechercher dans un partenaire pour partager les "problèmes de gros kid" du cloud distribué.
Parenting teaches many lessons, including that difficulties get more complicated as you grow. Here\'s what to look for in a partner to share the "big-kid problems" of distributed cloud. |
Cloud | ★★★ | |
|
2024-01-15 18:00:00 | Zero Trust, AI, les marchés des capitaux conduisent la consolidation dans la sécurité du cloud Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security (lien direct) |
Les entreprises qui se sont rapidement déplacées vers les opérations natives dans le cloud recherchent une plus grande visibilité et protection - et les avantages de l'IA - tandis qu'un avenir économique incertain a des VC qui se tournent vers la sécurité.
Companies that quickly shifted to cloud-native operations are looking for greater visibility and protection - and AI benefits - while an uncertain economic future has VCs looking toward safety. |
Cloud | ★★★ | |
 |
2024-01-15 16:30:00 | L'outil basé sur Python FBOT perturbe la sécurité du cloud Python-Based Tool FBot Disrupts Cloud Security (lien direct) |
Découvert par l'équipe Sentinelabs, FBOT cible les serveurs Web, les services cloud et les plateformes SaaS
Discovered by the SentinelLabs team, FBot targets web servers, cloud services and SaaS platforms |
Tool Cloud | ★★ | |
 |
2024-01-15 15:24:00 | Ukrainien arrêté pour avoir infecté le fournisseur de cloud américain par des logiciels malveillants de cryptomine Ukrainian arrested for infecting US cloud provider with cryptomining malware (lien direct) |
Un ressortissant ukrainien a été arrêté la semaine dernière pour avoir prétendument infecté les serveurs d'un fournisseur de services cloud américain «bien connu» avec un malware de cryptominage, selon la police ukrainienne .On pense qu'un pirate de 29 ans de la ville sud de Mykolaiv aura miné illicitement plus de 2 millions de dollars en crypto-monnaie au cours des deux dernières années.La police a dit
A Ukrainian national was arrested last week for allegedly infecting the servers of “a well-known” American cloud service provider with a cryptomining malware, according to Ukrainian police. A 29-year-old hacker from the southern city of Mykolaiv is believed to have illicitly mined over $2 million in cryptocurrency over the past two years. The police said |
Malware Cloud | ★★ | |
 |
2024-01-15 12:02:14 | Services réseau managés : six marqueurs du marché en 2024 (lien direct) | SD-LAN, visibilité du cloud, prix des firewalls... Voici quelques-unes des perceptions de Gartner sur le marché des services réseau managés (MNS). | Cloud | ★★★ | |
|
2024-01-15 08:19:50 | Exposition du cloud, architecture hybride et attaques des PME : les prédictions cybersécurité de Tenable pour 2024 (lien direct) | Exposition du cloud, architecture hybride et attaques des PME : les prédictions cybersécurité de Tenable pour 2024 - Points de Vue | Prediction Cloud | ★★★ | |
 |
2024-01-15 04:25:55 | Aperçu expert pour sécuriser votre infrastructure critique Expert Insight for Securing Your Critical Infrastructure (lien direct) |
Au groupe de travail sur l'énergie et la conformité de l'énergie et la NERC de Tripwire, nous avons eu l'occasion de parler avec le directeur de la mesure du gaz, des contrôles et de la cybersécurité dans une grande entreprise d'énergie.Plus précisément, nous nous sommes concentrés sur la SCADA et les actifs sur le terrain de la technologie opérationnelle du gaz.L'expérience au niveau de la gestion d'une telle organisation a fourni une multitude de connaissances aux participants.L'environnement SCADA et l'infrastructure de la plupart des Cloud SCADA restent sur site.Cela est vrai pour de nombreuses entités du secteur de l'énergie et c'est plus que simplement être «démodé».L'implémentation très axée sur le matériel ...
At Tripwire\'s recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA Environment and the Cloud Most SCADA infrastructure remains on-premises. This is true of many Energy sector entities and it is more than simply being "old-fashioned." The very hardware-focused implementation... |
Cloud | ★★★ | |
 |
2024-01-13 15:31:00 | Le cryptojacking ukrainien de 29 ans a été arrêté pour exploiter les services cloud 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (lien direct) |
Un ressortissant ukrainien de 29 ans a été arrêté dans le cadre de la gestion d'un «programme de cryptojacking sophistiqué», leur rapporte plus de 2 millions de dollars (et 1,8 million) de bénéfices illicites.
La personne a été appréhendé à Mykolaiv, en Ukraine, le 9 janvier par la police nationale d'Ukraine avec le soutien d'Europol et un fournisseur de services cloud sans nom après «mois de collaboration intensive».
"Un nuage
A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.” “A cloud |
Cloud | ★★ | |
|
2024-01-12 20:58:00 | Microsoft pour garder tous les clients personnels du cloud européen \\ 'dans le cadre de l'UE Microsoft to keep all European cloud customers\\' personal data within EU (lien direct) |
 "
Microsoft stockera tous les données personnelles des clients du cloud au sein de l'Union européenne plutôt que d'autoriser les transferts à l'étranger, a déclaré jeudi la société - la dernière étape des efforts continus des fournisseurs de cloud pour naviguer dans des réglementations de confidentialité variables entre les juridictions.En vertu de la nouvelle politique, Microsoft conservera dans ce qu'il appelle la «limite de données de l'UE»
Microsoft will store all cloud customers\' personal data within the European Union rather than allowing transfers abroad, the company said on Thursday - the latest step in ongoing efforts by cloud providers to navigate varying privacy regulations across jurisdictions. Under the new policy, Microsoft will keep within what it calls the “EU data boundary” all |
Cloud | ★★★ | |
 |
2024-01-12 19:55:57 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
#### Description
FBOT est un outil de piratage basé sur Python distinct des autres familles de logiciels malveillants cloud, ciblant les serveurs Web, les services cloud et les plateformes SaaS comme AWS, Office365, PayPal, SendGrid et Twilio.Les caractéristiques clés incluent la récolte des informations d'identification pour les attaques de spam, les outils de détournement de compte AWS et les fonctions pour permettre des attaques contre PayPal et divers comptes SaaS.
FBOT possède plusieurs fonctionnalités qui ciblent les services de paiement ainsi que les configurations SaaS.La fonction Validator PayPal valide l'état du compte PayPal en contactant une URL codée en dur avec une adresse e-mail lue à partir d'une liste de saisies.L'e-mail est ajouté à la demande de la section Détails du client pour valider si une adresse e-mail est associée à un compte PayPal.
#### URL de référence (s)
1. https://www.sentinelone.com/labs/exploring-fbot-python-basked-malware-targeting-cloud-and-payment-services/
#### Date de publication
11 janvier 2024
#### Auteurs)
Alex Delamotte
#### Description FBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio. Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts. FBot has several features that target payment services as well as SaaS configurations. The PayPal Validator feature validates PayPal account status by contacting a hardcoded URL with an email address read from an input list. The email is added to the request in the customer details section to validate whether an email address is associated with a PayPal account. #### Reference URL(s) 1. https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/ #### Publication Date January 11, 2024 #### Author(s) Alex Delamotte |
Malware Tool Cloud | ★★ | |
|
2024-01-12 15:27:31 | Comment Slack a développé son usage de Terraform (lien direct) | Slack revient sur la manière dont il a généralisé, à renfort d'outils maison, l'usage de Terraform sur son infrastructure cloud. | Cloud | ★★★ | |
|
2024-01-12 13:16:14 | Sentinellabs: Exploration de FBOT & # 8211;Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement SentinelLabs: Exploring FBot – Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Explorer FBOT & # 8211;Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement
La scène des outils de piratage cloud est très liée, avec de nombreux outils qui se fondent sur le code de l'autre.Cela est particulièrement vrai pour les familles de logiciels malveillants comme Alienfox, Greenbot, Legion et Predator, qui partagent le code à partir d'un module de crampons des informations d'identification appelée AndroxGH0st.
-
mise à jour malveillant
Exploring FBot – Python-Based Malware Targeting Cloud and Payment Services The cloud hack tool scene is highly intertwined, with many tools relying on one another\'s code. This is particularly true for malware families like AlienFox, Greenbot, Legion, and Predator, which share code from a credential-scraping module called Androxgh0st. - Malware Update |
Malware Hack Tool Cloud | ★★★ | |
 |
2024-01-12 13:00:33 | ThreatCloud AI remporte le prix Big Innovation 2024 ThreatCloud AI Wins 2024 BIG Innovation Award (lien direct) |
> Le Business Intelligence Group a décerné à ThreatCloud AI avec un prix Big Innovation 2024.Le portfolio de la sécurité des pouvoirs Ai POWERSCLOUD AI \\ est entier & # 8211;Du bord au nuage en passant par le réseau et au-delà.Il prend deux milliards de décisions de sécurité quotidiennement & # 8211;S'assurer que les cyberattaques sont bloquées avant de pouvoir faire des dégâts.Le menacecloud AI possède plus de 40 moteurs d'IA et d'apprentissage automatique (ML) qui identifient et bloquent les menaces émergentes qui n'ont jamais été vues auparavant.Les caractéristiques clés incluent ThreatCloud Graph, qui fournit une perspective multidimensionnelle sur la prévention des attaques du système de fichiers interplanétaires de cybersécurité (IPFS), qui analyse les URL et détecte les modèles IPF suspects PDF profonde, [& # 8230;]
>The Business Intelligence Group awarded ThreatCloud AI with a 2024 BIG Innovation award. ThreatCloud AI powers Check Point\'s entire security portfolio – from edge to cloud to network and beyond. It makes two billion security decisions daily – ensuring that cyber-attacks are blocked before they can do any damage. ThreatCloud AI has over 40 AI and machine learning (ML) engines that identify and block emerging threats that were never seen before. Key features include ThreatCloud Graph, which provides a multi-dimensional perspective on cyber security Interplanetary File System (IPFS) attack prevention, which scans URLs and detects suspicious IPFS patterns Deep PDF, […] |
Cloud | ★★ | |
 |
2024-01-12 10:39:05 | Être certifié PCI DSS Being PCI DSS certified (lien direct) |
> Être certifié PCI est un long voyage.Nous avons commencé il y a deux ans lorsque nous avons discuté d'une extension de notre couverture avec un client.Ce client traitait les données de la carte et devait par conséquent s'associer à des solutions de sécurité conformes à PCI pour surveiller son périmètre.Nous fournissions déjà notre plate-forme SoC SaaS en ce moment, mais pas une solution certifiée et c'était un problème pour leur conformité.
la publication Suivante être certifié PCI dss est un article de ssekoia.io blog .
>Being PCI certified is a long journey. We started two years ago when we were discussing an extension of our coverage with a customer. This customer was processing card data and consequently had to be partnering with PCI-compliant security solutions to monitor its perimeter. We were already providing our SaaS SOC platform at this time, but not a certified solution and that was a problem for their compliance. La publication suivante Being PCI DSS certified est un article de Sekoia.io Blog. |
Cloud | ★★ | |
|
2024-01-12 09:19:18 | Google Cloud lâche du lest sur les frais de sortie (lien direct) | Scruté sur les frais de sortie, Google Cloud en annonce la fin... pour un cas bien spécifique. | Cloud | ★★★ | |
|
2024-01-12 08:02:02 | Une introduction à la sécurité AWS An Introduction to AWS Security (lien direct) |
Les fournisseurs de cloud deviennent une partie essentielle de l'infrastructure informatique.Amazon Web Services (AWS), le plus grand fournisseur de cloud du monde, est utilisé par des millions d'organisations dans le monde et est couramment utilisé pour exécuter des charges de travail sensibles et critiques.Cela rend les professionnels de l'informatique et de la sécurité de comprendre les bases de la sécurité AWS et de prendre des mesures pour protéger leurs données et leurs charges de travail.En tant que client cloud, il est important de comprendre le modèle de responsabilité partagée AWS et les dix domaines de sécurité dont vous devez être conscient lors de l'utilisation d'AWS.Il existe également les meilleures pratiques exploitables qui ...
Cloud providers are becoming a core part of IT infrastructure. Amazon Web Services (AWS), the world\'s biggest cloud provider, is used by millions of organizations worldwide and is commonly used to run sensitive and mission-critical workloads. This makes it critical for IT and security professionals to understand the basics of AWS security and take measures to protect their data and workloads. As a cloud customer, it is important to understand the AWS shared responsibility model and the ten security domains you need to be aware of when using AWS. There are also actionable best practices that... |
Cloud | ★★ | |
|
2024-01-11 19:30:00 | La nouvelle boîte à outils FBOT de piratage FBOT basée sur Python vise les plates-formes Cloud et SaaS New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms (lien direct) |
Un nouvel outil de piratage basé sur Python appelé & nbsp; fbot & nbsp; a été découvert de ciblage des serveurs Web, des services cloud, des systèmes de gestion de contenu (CMS) et des plateformes SaaS telles que Amazon Web Services (AWS), Microsoft 365, PayPal, SendGrid et Twilio.
«Les caractéristiques clés incluent la récolte des informations d'identification pour les attaques de spam, les outils de détournement de compte AWS et les fonctions pour permettre des attaques contre PayPal et divers
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various |
Tool Cloud | ★★★ | |
|
2024-01-11 16:34:09 | Cloud souverain : l\'EU Data Boundary de Microsoft, encore poreuse (lien direct) | Voilà un an, Microsoft amorçait la mise en place de son EU Data Boundary. Où en est cette initiative axée sur la résidence des données ? | Cloud | ★★★ | |
 |
2024-01-11 13:55:59 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Les acteurs de la menace des armes FBOT avec un outil d'attaque multifonction conçu pour détourner le cloud, le SaaS et les services Web.
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services. |
Malware Tool Threat Cloud | ★★ | |
|
2024-01-11 13:00:23 | Les crédits Azure MACC rassemblent la poussière?Utilisez-les pour obtenir la meilleure prévention de la sécurité préalable Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security (lien direct) |
> Alors que nous entrons en 2024, votre organisation peut avoir des crédits MACC ou Azure Commit-to-Consume (CTC) inutilisés à mesure que votre date de renouvellement annuelle approche.Ces crédits sont «les utiliser ou les perdre» - mais la bonne nouvelle est que vous pouvez maintenant transformer ces crédits inutilisés en une couche supplémentaire de sécurité alimentée par l'IA qui peut empêcher des attaques plus furtives.Que vous ayez des crédits qui expireront bientôt ou commencent à planifier vos dépenses Azure pour les 12 prochains mois, Check Point Horizon XDR / XPR vous offre désormais un moyen de bénéficier de tous les avantages du cadre d'engagement du coût du cloud de Microsoft \\Son MACC et CTC [& # 8230;]
>As we enter 2024, your organization may have unused MACC or Azure commit-to-consume (CtC) credits as your annual renewal date draws near. These credits are “use them or lose them”-but the good news is that you can now transform those unused credits into an additional layer of AI-powered security that can prevent more stealthy attacks. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check Point Horizon XDR/XPR now offers you a way to gain all the benefits of Microsoft\'s cloud cost commitment framework-both its MACC and CtC […] |
Cloud | ★★★ | |
|
2024-01-11 09:27:04 | Étude Netskope Threat Labs : les cybercriminels surfent sur l\'augmentation de 400 % de l\'utilisation d\'applications d\'IA générative par les employés (lien direct) | Étude Netskope Threat Labs : les cybercriminels surfent sur l'augmentation de 400 % de l'utilisation d'applications d'IA générative par les employés Une nouvelle étude détaille la forte croissance de l'adoption de l'intelligence artificielle générative, les risques liés aux applications en cloud, les principales menaces et les adversaires tout au long de l'année 2023. - Investigations | Threat Studies Cloud | ★★★★ | |
 |
2024-01-10 22:00:00 | Des centaines de milliers de dollars d'actifs de crypto-monnaie Solana volés lors de récentes campagnes de draineur Clinksink Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns (lien direct) |
Le 3 janvier 2024, le compte de médias sociaux de Mandiant \\ a été repris et utilisé par la suite pour distribuer des liens vers une page de phishing de drainage de crypto-monnaie.En travaillant avec X, nous avons pu reprendre le contrôle du compte et, sur la base de notre enquête sur les jours suivants, nous n'avons trouvé aucune preuve d'activité malveillante ou de compromis de, tous les systèmes de cloud mandiant ou Google qui ont conduit au compromis de cettecompte.Le billet de blog suivant fournit un aperçu supplémentaire de Draineur Levé dans cette campagne, que nous avons surnommé Clinksink. De nombreux acteurs ont mené des campagnes depuis
On January 3, 2024, Mandiant\'s X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on, or compromise of, any Mandiant or Google Cloud systems that led to the compromise of this account. The following blog post provides additional insight into the drainer leveraged in this campaign, which we have dubbed CLINKSINK.Numerous actors have conducted campaigns since |
Cloud | ★★★ | |
|
2024-01-10 14:23:04 | Comment Pinterest a monté son PaaS Kubernetes (lien direct) | Pinterest a entrepris de moderniser son infrastructure de calcul avec Kubernetes. Des API à la sémantique, il y a greffé ses outils et processus. | Tool Cloud | ★★★ | |
|
2024-01-10 12:27:12 | Rubrik accélère la cyber-résilience de Carhartt (lien direct) | Rubrik accélère la cyber-résilience de Carhartt La marque de vêtements de travail a migré plus de 600 charges de travail de plusieurs fournisseurs de sauvegarde vers Rubrik Security Cloud. - Marchés | Cloud | ★★ | |
|
2024-01-10 08:42:11 | SecurityScorecard annonce les premières évaluations de sécurité du secteur développées exclusivement pour les télécommunications (lien direct) | SecurityScorecard et les leaders du secteur fournissent des évaluations de sécurité spécifiques au secteur des télécommunications, des fournisseurs de services Internet et des fournisseurs de cloud. - Produits | Cloud | ★★★ | |
|
2024-01-09 16:57:00 | Pourquoi les liens publics exposent votre surface d'attaque SaaS Why Public Links Expose Your SaaS Attack Surface (lien direct) |
La collaboration est un argument de vente puissant pour les applications SaaS.Microsoft, Github, Miro et d'autres font la promotion de la nature collaborative de leurs applications logicielles qui permettent aux utilisateurs d'en faire plus.
Les liens vers des fichiers, des référentiels et des conseils peuvent être partagés avec n'importe qui, n'importe où.Cela encourage le travail d'équipe qui aide à créer des campagnes et des projets plus forts en encourageant la collaboration entre les employés
Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees |
Cloud | ★★★ | |
|
2024-01-09 11:28:08 | Le paraguay met en garde contre les attaques de ransomwares de chasse noire après la violation de Tigo Business Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach (lien direct) |
L'armée du Paraguay met en garde contre les attaques de ransomwares de chasse noires après que les activités de Tigo ont subi une cyberattaque la semaine dernière sur le cloud et l'hébergement des services dans la division des affaires de la société.[...]
The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company\'s business division. [...] |
Ransomware Cloud | ★★ | |
|
2024-01-09 09:31:36 | Tendance 2024 : l\'évolution de l\'intelligence artificielle sera un tremplin pour l\'IT (lien direct) | Selon Nutanix, l'IA va s'imposer dans le cloud, son évolution reposera sur l'algèbre linéaire, les systèmes d'infrastructure vont changer et les GPU seront mis de côté alors qu'Apple ne s'est pas encore prononcé sur le sujet. | Prediction Cloud | ★★★ | |
 |
2024-01-09 08:00:00 | Enfin une surveillance vidéo efficace à base d\'intelligence artificielle grâce au combo Frigate + Home Assistant (lien direct) | Frigate est un enregistreur vidéo réseau (NVR) local pour Home Assistant, intégrant une détection d'objets AI en temps réel sans utiliser le cloud. Utilisant OpenCV, TensorFlow et Google Coral Accelerator, il offre des performances optimales, une intégration avec d'autres plateformes d'automatisation et des fonctionnalités telles que MQTT, enregistrements vidéo et streaming RTSP. | Cloud | ★★ | |
|
2024-01-09 01:36:00 | L'exécution de zéro confiance dans le cloud prend une stratégie Executing Zero Trust in the Cloud Takes Strategy (lien direct) |
L'architecture Zero Trust est un catalyseur pivot de la cybersécurité cloud, mais une mise en œuvre appropriée implique une planification spécialisée.
Zero trust architecture is a pivotal enabler of cloud cybersecurity, but proper implementation entails specialized planning. |
Cloud | ★★ | |
|
2024-01-08 16:31:08 | Cybersécurité, Cloud et services à valeur ajoutée : les piliers d\'une infrastructure IT performante (lien direct) | Cybersécurité, Cloud et services à valeur ajoutée : les piliers d'une infrastructure IT performante Par François Guiraud, Directeur du Marketing NXO - Risk Management | Cloud | ★★ | |
|
2024-01-08 06:00:19 | ProofPoint reconnu en 2023 Gartner & Reg;Guide du marché pour les solutions de gestion des risques d'initiés Proofpoint Recognized in 2023 Gartner® Market Guide for Insider Risk Management Solutions (lien direct) |
It\'s easy to understand why insider threats are one of the top cybersecurity challenges for security leaders. The shift to remote and hybrid work combined with data growth and cloud adoption has meant it\'s easier than ever for insiders to lose or steal data. Legacy systems simply don\'t provide the visibility into user behavior that\'s needed to detect and prevent insider threats. With so much potential for brand and financial damage, insider threats are now an issue for the C-suite. As a result, businesses are on the lookout for tools that can help them to better manage these threats. To help businesses understand what to look for, Gartner has recently released Market Guide for Insider Risk Management Solutions. In this report, Gartner explores what security and risk leaders should look for in an insider risk management (IRM) solution. It also provides guidance on how to implement a formal IRM program. Let\'s dive into some of its highlights. Must-have capabilities for IRM tools Gartner states that IRM “refers to the use of technical solutions to solve a fundamentally human problem.” And it defines IRM as “a methodology that includes the tools and capabilities to measure, detect and contain undesirable behavior of trusted accounts in the organization.” Gartner identifies three distinct types of users-careless, malicious and compromised. That, we feel, is in line with our view at Proofpoint. And the 2022 Cost of Insider Threats Global Report from Ponemon Institute notes that most insider risks can be attributed to errors and carelessness, followed by malicious and compromised users. In its Market Guide, Gartner identifies the mandatory capabilities of enterprise IRM platforms: Orchestration with other cybersecurity tooling Monitoring of employee activity and assimilating into a behavior-based risk model Dashboarding and alerting of high-risk activity Orchestration and initiation of intervention workflows This is the third consecutive year that Proofpoint is a Representative Vendor in the Market Guide. Proofpoint was an early and established leader in the market for IRM solutions. Our platform: Integrates with a broad ecosystem of cybersecurity tools. Our API-driven architecture means it\'s easy for you to feed alerts into your security tools. That includes security information and event management (SIEM) as well as SOAR and service management platforms, such as Splunk and ServiceNow. That, in turn, helps you gain a complete picture of potential threats. Provides a single lightweight agent with a dual purpose. With Proofpoint, you get the benefit of data loss prevention (DLP) and ITM in a single solution. This helps you protect against data loss and get deep visibility into user activities. With one agent, you can monitor everyday users. That includes low-risk and regular business users, risky users, such as departing employees, privileged users and targeted users. Offers one centralized dashboard. This saves you time and effort by allowing you to monitor users, correlate alerts and triage investigations from one place. You no longer need to waste your time switching between tools. You can quickly see your riskiest users, top alerts and file exfiltration activity in customizable dashboards. Includes tools to organize and streamline tasks. Proofpoint ITM lets you change the status of events with ease, streamline workflows and better collaborate with team members. Plus, you can add tags to help group and organize your alerts and work with more efficiency. DLP and IRM are converging In its latest Market Guide, Gartner says: “Data loss prevention (DLP) and insider risk strategies are increasingly converging into a unified solution. The convergence is driven by the recognition that preventing data loss and managing insider risks are interconnected goals.” A legacy approach relies on tracking data activity. But that approach is no longer sufficient because the modern way of working is more complex. Employees and third parties have access to more data than ever before. And ex | Tool Threat Cloud Technical | ★★★ | |
|
2024-01-05 06:00:31 | 2023 Année en revue: versions de contenu axées sur les menaces pour la sensibilisation à la sécurité 2023 Year in Review: Threat-Driven Content Releases for Security Awareness (lien direct) |
As a new year approaches, it is natural to reflect on recent accomplishments. At Proofpoint, we are reflecting on our work to deliver security awareness content and updated features in line with our ongoing goal to drive behavior change. Proofpoint Security Awareness integrates our rich threat intelligence, which means it taps into current and emerging attacks. Our threat analysts surface threat trends, such as artificial intelligence (AI)-enhanced vishing, malicious QR codes and remote IT support scams. And then we work quickly to release new training features and awareness material to ensure inform security administrators and educate employees about ever-evolving attacks. In 2023, our content releases focused on three areas: Delivering a threat-driven program Improving how security awareness administrators work Enhancing how people learn Let\'s review the past year and explore how Proofpoint used content releases to respond to the changing threat landscape. Image from AI Chatbot Threats training (play video). Quick turnaround for threat trends Proofpoint Security Awareness alerts customers to threats in two powerful ways-Threat Alerts and Attack Spotlights. It also continuously trains employees with threat-driven training modules. Threat Alerts These weekly releases focus on a specific and current ongoing attack. They explain what the threat is and who it might target. And they describe a specific lure, if applicable. Each alert is linked to activity that our threat analysts see happening in the wild. We recommend applicable training like simulated phishing and awareness material and include suggested email messaging. In 2023, we released Threat Alerts on: IRS-themed phishing lures for tax season (February, March, April) AI-enhanced vishing calls that impersonate loved ones (March) Malicious QR codes for credential phishing (May, August) Telephone-oriented attack delivery (TOAD) using a Geek Squad PDF lure (July, October) Charity donation scams around the Israel-Palestine crisis (October) Christmas party lures for credential phishing (November) Attack Spotlights These monthly releases cast a wider lens on attack types. They focus on a time-based or reoccurring threat that is expected to trend, typically related to holidays, travel seasons or shopping events. Each spotlight is released a month in advance with a campaign plan, awareness material and training modules, and is available in 12 core languages. In 2023, Proofpoint published these Attack Spotlight campaigns: Smishing with package delivery lures (February) Business email compromise (BEC) phishing with requests for quotations (RFQs) (April) LinkedIn phishing lures (May) Amazon phishing lures (June) Remote IT support scams (September) Gift card scams (December) Image from Attack Spotlight video (play video). Threat modules These training videos are relevant to the changing threat landscape. They are inspired by our threat intelligence and our team\'s threat landscape research. These micro-learning modules are grounded in learning science principles that are designed to drive behavior change. Each module has a concise and specific learning objective. The delivery of content is tailored to individual factors such as a person\'s role, learning style, vulnerability level and preferred language. In 2023, we covered these topics in our new threat training modules: Data loss protection AI chatbot threats Amazon phishing scams Cryptocurrency investment scams QR code dangers Multifactor authentication (MFA) Image from Threat Module video (play video). Staying ahead of generative AI attacks AI-powered systems are promoted as tools to help us work faster, and they are transforming businesses and industries. This wide-reaching access can create security risks from potential data breaches to concerns over user privacy. Your employees need to be aware of the limitations and risks of using AI-powered tools, especiall | Ransomware Tool Vulnerability Threat Studies Prediction Cloud | ★★★★ | |
 |
2024-01-04 13:35:17 | Que rechercher dans un scanner de vulnérabilité open source What To Look For in an Open Source Vulnerability Scanner (lien direct) |
L'une des principales préoccupations de sécurité que nous entendons des leaders de la technologie concerne la sécurité des logiciels open source (OSS) et le développement de logiciels cloud.Un scanner de vulnérabilité open source (pour la numérisation OSS) vous aide à découvrir le risque dans le code tiers que vous utilisez.Cependant, ce n'est pas parce qu'une solution scanne l'open source que vous réduisez finalement le risque de sécurité.Voici ce qu'il faut rechercher dans un scanner de vulnérabilité open source et une solution de test de sécurité pour trouver et corriger les vulnérabilités dans l'OSS.
Contexte sur les vulnérabilités en open source et à quoi ressemble le risque
Avant de pouvoir parler de ce qu'il faut rechercher dans une solution de numérisation, nous devons parler des vulnérabilités que les outils recherchent.Né en 1999, la base de données nationale de vulnérabilité (NVD) était un produit de l'Institut national des normes et de la technologie (NIST) conçu pour être «le référentiel du gouvernement américain des données de gestion de la vulnérabilité basées sur les normes».Il représente un indice des vulnérabilités connues…
One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it. Here is what to look for in an open source vulnerability scanner and security testing solution to find and fix vulnerabilities in OSS. Background on Vulnerabilities in Open Source and What the Risk Looks Like Before we can talk about what to look for in a scanning solution, we need to talk about the vulnerabilities the tools are looking for. Born in 1999, the National Vulnerability Database (NVD) was a product of the National Institute of Standards and Technology (NIST) made to be “the U.S. government repository of standards based vulnerability management data.” It represents an index of known vulnerabilities… |
Tool Vulnerability Cloud | ★★★ | |
|
2024-01-04 11:59:00 | Compte Twitter de Mandiant \\ a été restauré après un piratage d'escroquerie de cryptographie de six heures Mandiant\\'s Twitter Account Restored After Six-Hour Crypto Scam Hack (lien direct) |
La société américaine de cybersécurité et la filiale de Google Cloud Mandiant avait son compte X (anciennement Twitter) compromis pendant plus de six heures par un attaquant inconnu pour propager une arnaque de crypto-monnaie.
Au cours de la rédaction, le compte & nbsp; a été restauré & nbsp; sur la plate-forme de médias sociaux.
Il n'est actuellement pas clair comment le compte a été violé.Mais le compte mandiant piraté a été initialement renommé "@
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It\'s currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@ |
Hack Cloud | ★★★★ | |
|
2024-01-04 06:00:10 | Cybersecurity Stop of the Month: MFA Manipulation (lien direct) | This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cybercriminals. Cybersecurity Stop of the Month focuses on the critical first three steps in the attack chain in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have covered the following types of attacks: Supplier compromise EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion In this post, we examine an attack technique called multifactor (MFA) manipulation. This malicious post-compromise attack poses a significant threat to cloud platforms. We cover the typical attack sequence to help you understand how it works. And we dive deeper into how Proofpoint account takeover capabilities detected and prevented one of these threats for our customer. Background MFA manipulation is an advanced technique where bad actors introduce their own MFA method into a compromised cloud account. These attackers are used after a cloud account takeover attack, or ATO. ATOs are an insidious threat that are alarmingly common. Recent research by Proofpoint threat analysts found that in 2023 almost all businesses (96%) were targeted by cloud-based attacks. What\'s more, a whopping 60% were successfully compromised and had at least one account taken over. MFA manipulation attacks can work several ways with bad actors having multiple options for getting around MFA. One way is to use an adversary-in-the-middle (AiTM) attack. This is where the bad actor inserts a proxy server between the victim and the website that they\'re trying to log into. Doing so enables them to steal that user\'s password as well as the session cookie. There\'s no indication to the user that they\'ve been attacked-it just seems like they\'ve logged into their account as usual. However, the attackers have what they need to establish persistence, which means they can maintain access even if the stolen MFA credentials are revoked or deemed invalid. The scenario Recently, Proofpoint intercepted a series of MFA manipulation attacks on a large real estate company. In one case, the bad actors used an AiTM attack to steal the credentials of the firm\'s financial controller as well as the session cookie. Once they did that, they logged into that user\'s business account and generated 27 unauthorized access activities. The threat: How did the attack happen? Here is a closer look at how this MFA manipulation attack played out: 1. Bad actors used the native “My Sign-Ins” app to add their own MFA methods to compromise Microsoft 365 accounts. We observed that the attackers registered their own authenticator app with notification and code. They made this move right after they gained access to the hijacked account as part of an automated attack flow execution. This, in turn, allowed them to secure their foothold within the targeted cloud environment. The typical MFA manipulation flow using Microsoft\'s “My Sign-Ins” app. 2. After the compromise, the attackers demonstrated a sophisticated approach. They combined MFA manipulation with OAuth application abuse. With OAuth abuse, an attacker authorizes and/or uses a third-party app to steal data, spread malware or execute other malicious activities. Attackers also use the abused app to maintain persistent access to specific resources even after their initial access to a compromised account has been cut off. 3. The attackers authorized the seemingly benign application, “PERFECTDATA SOFTWARE,” to gain persistent access to the user\'s account and the systems, as well as the resources and applications that the user could access. The permissions the attackers requested for this app included: | Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2024-01-04 01:00:00 | Début avec Passkeys, un service à la fois Getting Started With Passkeys, One Service at a Time (lien direct) |
PassKeys aide à supprimer les mots de passe pour se connecter aux sites Web et aux services cloud.Ce conseil technique décrit les moyens de commencer.
Passkeys help do away with passwords for logging into websites and cloud services. This Tech Tip outlines ways to get started. |
Cloud | ★★★ | |
|
2024-01-03 22:09:00 | Sonicwall accélère les offres de sase;Acquérir un fournisseur de sécurité cloud éprouvé SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider (lien direct) |
PassKeys aide à supprimer les mots de passe pour se connecter aux sites Web et aux services cloud.Ce conseil technique décrit les moyens de commencer.
Passkeys help do away with passwords for logging into websites and cloud services. This Tech Tip outlines ways to get started. |
Cloud | ★ | |
|
2024-01-03 22:00:00 | Sentinélone pour étendre les capacités de sécurité du cloud avec l'acquisition de Pingsafe SentinelOne to Expand Cloud Security Capabilities With Acquisition of PingSafe (lien direct) |
PassKeys aide à supprimer les mots de passe pour se connecter aux sites Web et aux services cloud.Ce conseil technique décrit les moyens de commencer.
Passkeys help do away with passwords for logging into websites and cloud services. This Tech Tip outlines ways to get started. |
Cloud | ★★ | |
|
2024-01-03 17:34:59 | SentinelOne® acquiert PingSafe (lien direct) | SentinelOne® étend ses capacités de sécurité dans le cloud avec l'acquisition de PingSafe La plateforme de protection des applications cloud natives complètera les capacités de sécurité du cloud alimentée par l'IA et fournira des capacités d'analyse globales. - Business | Cloud | ★★ | |
|
2024-01-03 17:32:40 | Sentinéone a acquis Pingsafe. SentinelOne acquired PingSafe. (lien direct) |
Sentinelone & Reg;Pour étendre les capacités de sécurité du cloud avec l'acquisition de Pingsafe
L'ajout de la plate-forme de protection des applications natifs cloud créera une plate-forme de sécurité cloud complète alimentée par l'IA et les capacités complètes d'analyse
-
nouvelles commerciales
SentinelOne® to expand cloud security capabilities with acquisition of PingSafe Addition of cloud native application protection platform will create a comprehensive cloud security platform powered by AI and full analytics capabilities - Business News |
Cloud | ★★ |
To see everything:
Our RSS (filtrered)
