SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-01-03 16:16:00	5 façons de réduire les risques de sécurité SaaS 5 Ways to Reduce SaaS Security Risks (lien direct)	Alors que l'adoption de la technologie s'est déplacée pour être dirigée par des employés, juste à temps, et de tout emplacement ou appareil, les équipes informatiques et de sécurité se sont retrouvées à affronter une surface d'attaque SaaS en constante évolution, dont une grande partie est souvent inconnue ou non gérée.Cela augmente considérablement le risque de menaces basées sur l'identité et, selon un récent rapport de CrowdStrike, 80% des violations utilisent aujourd'hui As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised	Cloud		★★★
	2024-01-03 06:54:15	Tenable atteint Fedramp \\ 'Ready \\' désignation pour la sécurité du cloud tenable Tenable achieves FedRAMP \\'Ready\\' designation for Tenable Cloud Security (lien direct)	> La société de gestion de l'exposition Tenable a annoncé qu'elle avait atteint la désignation \\ 'prête \' au niveau d'impact modéré de ... >Exposure management company Tenable announced that it has achieved the \'Ready\' designation at the moderate impact level from...	Cloud		★★★
	2024-01-02 15:31:00	Le guide de l'acheteur de navigateur de l'entreprise définitive \\ The Definitive Enterprise Browser Buyer\\'s Guide (lien direct)	Les parties prenantes de la sécurité ont réalisé que le rôle de premier plan du navigateur dans l'environnement d'entreprise moderne nécessite une réévaluation de la façon dont il est géré et protégé.Bien que les risques Web d'origine du Web ne sont pas encore abordés par un patchwork de solutions de point final, de réseau et de cloud, il est maintenant clair que la protection partielle que ces solutions fournies ne sont plus suffisantes.Donc, Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,	Cloud		★★
	2024-01-02 13:41:44	Bases de données cloud : entre écosystèmes et data fabrics (lien direct)	Garter a actualisé son Magic Quadrant des bases de données cloud (dbPaaS). D'écosystèmes en data fabrics, quelle vision donne-t-il de ce marché ?	Cloud Commercial		★★
	2024-01-02 11:08:18	Etude Zscaler : 86 % des cyberattaques transitent par des canaux chiffrés, et l\'industrie manufacturière est la plus ciblée (lien direct)	Etude Zscaler : 86 % des cyberattaques transitent par des canaux chiffrés, et l'industrie manufacturière est la plus ciblée Principaux constats : Les menaces via HTTPS sont en hausse de 24 % sur un an dans le cloud de Zscaler, soit près de 30 milliards de menaces bloquées. Les logiciels malveillants et les contenus malveillants chiffrés représentent une menace majeure, à l'origine de 78 % des attaques observées. L'industrie manufacturière a été le secteur le plus ciblé, et a subi 32 % des attaques chiffrées, alors que plus de 2,1 milliards de transactions liées à l'IA/au ML ont été traitées. Les exploits de navigateur et les sites de logiciels espions sont en hausse de 297 % et 290 % sur un an. - Investigations	Threat Studies Cloud		★★★★
	2023-12-31 10:09:18	Android Game Dev \\'s Google Drive Misconfig met en évidence les risques de sécurité cloud Android game dev\\'s Google Drive misconfig highlights cloud security risks (lien direct)	Le développeur de jeux japonais Ateam a prouvé qu'une simple erreur de configuration de Google Drive peut entraîner une exposition potentielle mais improbable d'informations sensibles pour près d'un million de personnes sur une période de six ans et huit mois.[...] Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. [...]	Mobile Cloud		★★★
	2023-12-29 15:20:27	Les hôpitaux demandent aux tribunaux de forcer l'entreprise de stockage du cloud de retourner des données volées Hospitals ask courts to force cloud storage firm to return stolen data (lien direct)	Deux hôpitaux à but non lucratif de New York recherchent une ordonnance du tribunal pour récupérer les données volées dans une attaque de ransomware d'août qui est maintenant stockée sur les serveurs d'une société de stockage de Boston Cloud.[...] Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack that\'s now stored on the servers of a Boston cloud storage company. [...]	Ransomware Legislation Medical Cloud		★★★
	2023-12-28 18:50:00	Google Cloud résout l'escalade du privilège Flaw impactant le service Kubernetes Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service (lien direct)	Google Cloud a abordé un défaut de sécurité de la sévérité moyenne dans sa plate-forme qui pourrait être maltraité par un attaquant qui a déjà accès à un cluster Kubernetes pour augmenter ses privilèges. "Un attaquant qui a compromis le conteneur & nbsp; bit Cluent & nbsp; journalisation pourrait combiner cet accès avec des privilèges élevés requis par & nbsp; Anthos Service Mesh & nbsp; (sur des clusters qui l'ont permis) à Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to	Cloud		★★★
	2023-12-28 14:18:07	Concevoir un indice de texte mutable à l'échelle de la pétaoctet rentable Designing a Cost-Efficient, Petabyte-Scale Mutable Full Text Index (lien direct)	Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. At Proofpoint, running a cost-effective, full-text search engine for compliance use cases is an imperative. Proofpoint customers expect to be able to find documents in multi-petabyte archives for legal and compliance reasons. They also need to index and perform searches quickly to meet these use cases. However, creating full-text search indexes with Proofpoint Enterprise Archive can be costly. So we devote considerable effort toward keeping those costs down. In this blog post, we explore some of the ways we do that while still supporting our customers\' requirements. Separating mutable and immutable data One of the most important and easiest ways to reduce costs is to separate mutable and immutable data. This approach doesn\'t always fit every use case, but for the Proofpoint Enterprise Archive it fits well. For archiving use cases-and especially for SEC 17a-4 compliance-data that is indexed can\'t be modified. That includes data-like text in message bodies and attachments. The Proofpoint Enterprise Archive has features that require the storage and mutation of data alongside a message, in accordance with U.S. Securities and Exchange Commission (SEC) compliance. (For example, to which folders a message is a member, and to which legal matters a message pertains.) To summarize, we have: Large immutable indexes Small mutable indexes By separating data into mutable and immutable categories, we can index these datasets separately. And we can use different infrastructure and provisioning rules to manage that data. The use of different infrastructure allows us to optimize the cost independently. Comparing the relative sizes of mutable and immutable indexes. Immutable index capacity planning and cost Normally, full-text search indexes must be provisioned to handle the load of initial write operations, any subsequent update operations and read operations. By indexing immutable data separately, we no longer need to provision enough capacity to handle the subsequent update operations. This requires less IO operations overall. To reduce IO needs further, the initial index population is managed carefully with explicit IO reservation. Sometimes, this will mean adding more capacity (nodes/servers/VMs) so that the IO needs of existing infrastructure are not overloaded. When you mutate indexes, it is typically best practice to leave an abundance of disk space to support the index merge operations when updates occur. In some cases, this can be as much as 50% free disk space. But with immutable indexes, you don\'t need to have so much spare capacity-and that helps to reduce costs. In summary, the following designs can help keep costs down: Reduce IO needs because documents do not mutate Reduce disk space requirements because free space for mutation isn\'t needed Careful IO planning on initial population, which reduces IO requirements Mutable index capacity planning and cost Meanwhile, mutable indexes benefit from standard practices. They can\'t receive the same reduced capacity as immutable indexes. However, given that they\'re a fraction of the size, it\'s a good trade-off. Comparing the relative free disk space of mutable and Immutable indexes. Optimized join with custom partitioning and routing In a distributed database, join operations can be expensive. We often have 10s to 100s of billions of documents for the archiving use case. When both sides of the join operation have large cardinality, it\'s impractical to use a generalized approach to join the mutable and immutable data. To make this high-cardinality join practical, we partition the data in the same way for both the mutable and immutable data. As a result, we end up with a one-t	Cloud Technical		★★★
	2023-12-28 00:00:07	Optimisation de la sécurité du cloud: un processus d'amélioration continue Cloud Security Optimization: A Process for Continuous Improvement (lien direct)	L'optimisation du cloud est le processus de sélection correctement et d'attribuer les bonnes ressources à une charge de travail ou à une application dans l'objectif ultime de minimiser les coûts tout en améliorant les performances et l'efficacité.Ces ressources peuvent aller de la puissance de calcul, de la mémoire et du stockage aux capacités du réseau.Le processus d'optimisation du cloud implique une surveillance, analyser et affiner en permanence ces ressources pour assurer des performances optimales.Qu'est-ce que la sécurité du cloud?La sécurité du cloud est un ensemble de politiques, de contrôles, de procédures et de technologies qui travaillent ensemble pour protéger les systèmes basés sur le cloud, les données ... Cloud optimization is the process of correctly selecting and assigning the right resources to a workload or application with the ultimate goal of minimizing costs while improving performance and efficiency. These resources can range from computational power, memory, and storage to network capabilities. The cloud optimization process involves continuously monitoring, analyzing, and fine-tuning these resources to ensure optimal performance. What Is Cloud Security? Cloud Security is a set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data...	Cloud		★★
	2023-12-27 09:19:46	3 incontournables des performances de recherche d'archives: une comparaison de logiciels d'archives de messagerie 3 Must-Haves of Archive Search Performance: An Email Archive Software Comparison (lien direct)	Yes, it\'s true that customers who use legacy on-premises archives or even modern cloud solutions say “fast search performance” is a primary reason to migrate to Proofpoint Archive. Our customers often highlight “fast search performance” as a key email archiving solution element. For reference, look no further than Gartner Peer Insights, where “search/index” is ranked the highest out of product feature areas evaluated by our customers. However, you don\'t buy a Tesla Model X just for its top speed. You don\'t purchase a Rolex just to tell time. And you don\'t subscribe to or license an archive just for its search performance. Of course, not having adequate search performance can spell dire consequences when you need to address e-discovery requests. Think of having to settle a lawsuit early because you can\'t get search results in time to determine whether it makes better sense to litigate. But there\'s more to email archive search performance than just speed. In this blog, we\'ll explore three factors that drive positive outcomes for our customers. Speed is one, and the other two are scalability and ease of use. 1: Speed When you run a search for specific information in your email archive, how long does it take to retrieve that information? Hours? Days? Longer? Search speed dictates how fast you receive results from a search. While some vendor email archiving tools are incredibly slow, Proofpoint Archive has a financially backed search service-level agreement (SLA) that obligates us to return search results in seconds, on average, for our customers. To give you with some context, here\'s what we found when we compared the email archive search speeds of Microsoft Purview eDiscovery and Proofpoint Archive-specifically when searching 100 mailboxes and 50,000 mailboxes. For this example, a total of 200 searches were run, based on an average of 10 cases managed per month with each case requiring 20 searches to be performed. Microsoft doesn\'t have search performance SLAs. But they provide “guidelines for average search time” based on the number of mailboxes searched. (See the table below.) Guidelines for average search times for Microsoft Purview eDiscovery solutions. Based on internal, anonymous archive usage reports, as of August 2023 the average search time for Proofpoint Archive was 3.28 seconds. Also, it\'s estimated that Microsoft will take about 1.67 hours to return results when searching 100 mailboxes. Proofpoint Archive returned results in about 0.18 hours, as shown below. A comparison of search speed between Microsoft and Proofpoint. At this level of searching, the search speed difference may not seem significant. However, if you factor in rerunning searches due to new data or a system failure (like index corruption) with Microsoft, the numbers can grow rapidly. The search speed expectation with Proofpoint remains consistent, given our average search performance, particularly when you run consecutive searches. The search speed difference becomes more noteworthy when you consider highly litigious organizations that need to run hundreds or thousands of searches across hundreds or thousands of mailboxes. In the second scenario, when searching 50,000 mailboxes, it\'s estimated that Microsoft will take about 66.67 hours to return search results. That\'s like having your team “babysit” Microsoft e-discovery searches for more than a week and a half every month! Separately, Proofpoint Archive is expected to remain the same at 0.18 hours. With Proofpoint, you get search results from the archive when you need them, helping to improve your ability to respond to e-discovery requests and internal investigations in a timely fashion. 2: Scalability When you address an e-discovery request, do you run only one search? Probably not. The factor of search scalability defines your ability to achieve your expected search speed performance time and time again, regardless of whether you\'re searching 100 mailboxes or 50,000 mailboxes-and regardless of	Tool Cloud		★★★
	2023-12-25 13:17:00	Cloud Atlas \\ 'Les attaques de phishing de lance ciblent l'agro russe et les sociétés de recherche Cloud Atlas\\' Spear-Phishing Attacks Target Russian Agro and Research Companies (lien direct)	L'acteur de menace appelé & nbsp; cloud atlas & nbsp; a été lié à un ensemble d'attaques de lance-plipage contre les entreprises russes. Les objectifs comprenaient une entreprise agro-industrielle russe et une société de recherche appartenant à l'État, selon A & NBSP; Report & NBSP; de F.A.C.T.T., une société autonome de cybersécurité s'est formée après la sortie officielle du groupe-ib \\ de Russie plus tôt cette année. Cloud Atlas, actif depuis à The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB\'s formal exit from Russia earlier this year. Cloud Atlas, active since at	Threat Cloud		★★★
	2023-12-22 20:00:00	Cisco parie en grande partie sur la sécurité multicloud avec une transaction isovalente Cisco Bets Big on Multicloud Security With Isovalent Deal (lien direct)	Cisco affirme qu'Isovalent aidera à étendre les capacités de Security Cloud, une plate-forme de sécurité intégrée dirigée par l'IA, livrée par le cloud. Cisco says Isovalent will help expand the capabilities of Security Cloud, an AI-driven, cloud-delivered, integrated security platform.	Cloud		★★
	2023-12-22 13:08:13	Cisco pour acquérir l'isovalent Cisco to Acquire Isovalent (lien direct)	Cisco à acquérir isovalent pour définir l'avenir de la mise en réseau et de la sécurité multicloud Cisco a l'intention d'acquérir des privés Isovalent, Inc., un leader de la mise en réseau et de la sécurité natifs du cloud open source. Ensemble, Cisco et Isovalent renforceront la protection des pointes pour chaque charge de travail sur chaque cloud. Cisco s'engage à nourrir, à investir et à contribuer à l'EBPF, au cilium,Tetragon et Cloud Native Open Source Communities. - nouvelles commerciales Cisco to Acquire Isovalent to Define the Future of Multicloud Networking and Security Cisco intends to acquire privately held Isovalent, Inc., a leader in open source cloud native networking and security. Together, Cisco and Isovalent will build leading edge protection for every workload on every cloud. Cisco is committed to nurturing, investing in and contributing to eBPF, Cilium, Tetragon, and cloud native open source communities. - Business News	Cloud Commercial		★★
	2023-12-22 13:00:23	Le radar de sécurité du réseau cloud de Gigaom \\ est le point de contrôle en tant que leader de l'industrie GigaOm\\'s Cloud Network Security Radar Ranks Check Point as the Industry Leader (lien direct)	> Le cloud offre une grande puissance, notamment l'agilité, l'évolutivité et la flexibilité, les économies potentielles et le temps de commercialisation plus rapide.Déménager dans le cloud est une entreprise difficile pour toutes les organisations, y compris la grande responsabilité de sécuriser les actifs et les charges de travail dans un ou plusieurs nuages dynamiques et éphémères avec plusieurs nouvelles surfaces d'attaque et vecteurs de menace.Les organisations évaluant les solutions de sécurité cloud ont de multiples considérations, notamment les prix et le TCO, le support multi-et hybride et la facilité d'utilisation & # 8211;En savoir plus sur ces considérations dans le guide de l'acheteur sur la sécurité du réseau cloud.L'une des principales considérations est la reconnaissance de l'industrie: le fournisseur de solution est-il très évalué [& # 8230;] >The cloud provides great power, including agility, scalability and flexibility, potential cost savings and faster time to market. Moving to the cloud is a challenging undertaking for all organizations, including the great responsibility of securing assets and workloads in one or more dynamic and ephemeral clouds with multiple new attack surfaces and threat vectors. Organizations evaluating cloud security solutions have multiple considerations, including pricing and TCO, multi- and hybrid-cloud support, and ease-of-use – read more about these considerations in the Buyer’s Guide to Cloud Network Security. One of the main considerations is industry recognition: Is the solution vendor highly rated […]	Threat Cloud		★★★
	2023-12-22 13:00:11	Principales raisons d'assister au CPX 2024 Top Reasons to Attend CPX 2024 (lien direct)	> Qu'est-ce que CPX 2024?CPX 2024 est une conférence annuelle de cybersécurité organisée par Check Point pour les professionnels de la sécurité dans le monde entier.L'inscription est maintenant ouverte et nous vous invitons à nous rejoindre pour apprendre les dernières tendances, défis et opportunités qui façonnent la cybersécurité.Sécurisez votre place aujourd'hui et obtenez une remise des lève-tôt, valable jusqu'au 30 décembre 2023. Tirez le meilleur parti de votre expérience au CPX 2024 Apprentissage et réseautage avec plus de 100 séances, il y a quelque chose pour tout le monde au CPX 2024. Vous pouvezDans l'attente des conversations autour de l'intelligence artificielle (AI), de la confiance Zero, du service d'accès sécurisé (SASE), de la sécurité du cloud, de l'e-mail [& # 8230;] >What is CPX 2024? CPX 2024 is an annual cyber security conference hosted by Check Point for security professionals worldwide. Registration is now open and we invite you to join us to learn the latest trends, challenges, and opportunities shaping cybersecurity. Secure your spot today and get an early bird discount, valid until December 30, 2023. Get the Most Out of Your Experience at CPX 2024 Learning and Networking With over 100 sessions, there\'s something for everyone at CPX 2024. You can look forward to conversations around artificial intelligence (AI), zero trust, secure access service edge (SASE), cloud security, email […]	Cloud Conference		★★
	2023-12-21 19:30:00	Le groupe de cyber-espionnage Cloud Atlas cible les entreprises russes avec des attaques de phishing liées à la guerre Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (lien direct)	Le groupe de pirates connu sous le nom de Cloud Atlas a ciblé une entreprise agro-industrielle russe et une société de recherche publique dans une nouvelle campagne d'espionnage, ont révélé des chercheurs.Cloud Atlas est un acteur de menace soutenu par l'État, actif depuis au moins 2014, qui attaque principalement des organisations en Russie, en Biélorussie, en Azerbaïdjan, en Turquie et en Slovénie.Dans sa nouvelle campagne, les pirates ont envoyé The hacker group known as Cloud Atlas targeted a Russian agro-industrial enterprise and a state-owned research company in a new espionage campaign, researchers have found. Cloud Atlas is a state-backed threat actor, active since at least 2014, that mostly attacks organizations in Russia, Belarus, Azerbaijan, Turkey, and Slovenia. In its new campaign, the hackers sent	Threat Cloud		★★★
	2023-12-20 19:57:47	La fuite de données expose 1,5 milliard de dossiers immobiliers, notamment Elon Musk, Kylie Jenner Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner (lien direct)	> Par waqas Une plate-forme de formation immobilière basée à Campbell, à New York, appelé Real Estate Wealth Network, a exposé un trésor massif de dossiers immobiliers en raison de la mauvaise configuration du serveur cloud. Ceci est un article de HackRead.com Lire le post original: La fuite de données expose 1,5 milliard de registres immobiliers, y compris Elon Musk, Kylie Jenner >By Waqas A Campbell, New York-based real estate training platform called Real Estate Wealth Network exposed a massive treasure trove of real estate records due to cloud server misconfiguration. This is a post from HackRead.com Read the original post: Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner	Cloud		★★★
	2023-12-20 18:56:00	Le géant de la technologie indienne HCL enquêtant sur l'attaque des ransomwares Indian tech giant HCL investigating ransomware attack (lien direct)	La société indienne de technologies de l'information HCL Technologies a signalé mercredi une attaque de ransomware aux régulateurs et a déclaré qu'elle enquêtait sur l'incident.Dans un déposée auprès de la Bourse nationale de l'Inde, la société a déclaré qu'elle "avait pris conscience d'un incident de ransomware dans un isolé dans une isolée isoléeenvironnement cloud pour l'un de ses projets. »«Il y a Indian information technology company HCL Technologies reported a ransomware attack to regulators on Wednesday and said that it is investigating the incident. In a filing with the National Stock Exchange of India, the company said it “has become aware of a ransomware incident in an isolated cloud environment for one of its projects.” “There has	Ransomware Cloud		★★★
	2023-12-20 18:06:55	GCP-2023-049 (lien direct)	Publié: 2023-12-20 Description Description Gravité notes Les vulnérabilités suivantes ont été découvertes dans le noyau Linux qui peut conduire à une escalade de privilège sur le système d'exploitation optimisé et les nœuds Ubuntu. CVE-2023-3090 Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité GKE GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur gke sur le bulletin de sécurité nue High CVE-2023-3090 Published: 2023-12-20Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.CVE-2023-3090 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3090	Vulnerability Cloud
	2023-12-20 09:40:49	Orange Business s\'offre Expertime, spécialiste des solutions Microsoft (lien direct)	Orange Business se renforce sur les solutions cloud de Microsoft en rachetant Expertime et ses 165 collaborateurs.	Cloud		★★
	2023-12-20 09:16:43	IA, Ransomwares, Cloud : de gros chantiers attendent encore les entreprises en 2024 (lien direct)	IA, Ransomwares, Cloud : de gros chantiers attendent encore les entreprises en 2024 Par Jean-Pierre Boushira, VP Southern EMEA, Benelux and Nordics chez Veritas Technologies - Points de Vue	Cloud		★★
	2023-12-20 09:12:09	Appomni a présenté Askomni AppOmni introduced of AskOmni (lien direct)	Appomni dévoile d'abord l'assistant de gestion de la posture de sécurité de l'AI SAAS, Askomni, redéfinir la sécurité et l'utilisabilité du SaaS Askomni simplifie et améliore la sécurité SaaS, permettant aux administrateurs de demander leur chemin pour sécuriser leur domaine SaaS - revues de produits AppOmni Unveils First AI SaaS Security Posture Management Assistant, AskOmni, Redefining SaaS Security and Usability AskOmni simplifies and enhances SaaS security, enabling administrators to ask their way to securing their SaaS estate - Product Reviews	Cloud		★★
	2023-12-20 04:29:13	Singapour veut des centres de données, des nuages, réglementés comme une infrastructure critique Singapore wants datacenters, clouds, regulated like critical infrastructure (lien direct)	Même des systèmes situés en dehors de l'état de la ville pourraient être considérésLa surveillance de son agence de cybersécurité aux fournisseurs de services cloud et aux opérateurs de données.… Even systems located outside city-state could be considered \'foundational\' and face performance demands Singapore\'s government has proposed amendments to its 2018-era Cybersecurity Bill that would extend the oversight of its cyber security agency to cloud service providers and datacenter operators.…	Cloud		★★
	2023-12-19 13:00:33	Prenez de l'avance sur le jeu: Protéger vos applications natives Cloud avec CloudGuard CNApp Get Ahead of the Game: Protecting Your Cloud Native Applications with CloudGuard CNAPP (lien direct)	> Dans le paysage numérique à rythme rapide et en constante évolution de la Today, les applications natives cloud sont devenues un élément crucial pour que les entreprises restent compétitives et agiles.Cependant, avec la dépendance accrue de ces applications vient la nécessité de mesures de sécurité robustes pour les protéger des menaces potentielles.C'est là que CNAPP (Cloud Native Application Protection Platform) entre en jeu.Et quand il s'agit de choisir le bon CNApp pour votre organisation, Check Point est un nom qui ne devrait pas être négligé.Dans cet article de blog, nous discuterons des 10 principales considérations pour évaluer une solution CNApp, avec un accent particulier sur le point de contrôle & # 8217; s [& # 8230;] >In today’s fast-paced and ever-evolving digital landscape, cloud native applications have become a crucial component for businesses to stay competitive and agile. However, with the increased reliance on these applications comes the need for robust security measures to protect them from potential threats. This is where CNAPP (Cloud Native Application Protection Platform) come into play. And when it comes to choosing the right CNAPP for your organization, Check Point is a name that should not be overlooked. In this blog post, we will discuss the Top 10 Considerations for Evaluating a CNAPP Solution, with a special focus on Check Point’s […]	Cloud Commercial		★★
	2023-12-19 11:21:37	Comment Interflora a construit sa Modern Data Stack (lien direct)	Interflora s'est doté d'une nouvelle plateforme Data pour évoluer vers une entreprise Data Driven. Les solutions on-premise ont fait place à une approche Cloud.	Cloud		★★
	2023-12-18 20:10:00	Top 7 Tendances façonnant la sécurité SaaS en 2024 Top 7 Trends Shaping SaaS Security in 2024 (lien direct)	Au cours des dernières années, le SaaS est devenu l'épine dorsale de l'informatique de l'informatique.Les entreprises de services, telles que les pratiques médicales, les cabinets d'avocats et les cabinets de services financiers, sont presque entièrement basés sur le SaaS.Les entreprises non services, y compris les fabricants et les détaillants, ont environ 70% de leur logiciel dans le cloud. & NBSP; Ces applications contiennent une mine de données, du général peu sensible Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud. These applications contain a wealth of data, from minimally sensitive general	Prediction Medical Cloud		★★★
	2023-12-16 18:13:07	Le débat sur la sécurité du cloud: peser les risques et avantages The Cloud Security Debate: Weighing Risks and Benefits (lien direct)	#cloud #cybersecurity #security #archangel #ptydeco #data #network #ngfw #vpn #Sydecloud Le débat sur la sécurité du cloud: pesant les risques et avantages par Patrick Houyoux LL.M.ULB, Bruxelles, Trinity College, Cambridge, Royaume-Uni.Président & # 8211;Directeur PT Sydeco - opinion #Cloud #cybersecurity #security #archangel #ptsydeco #data #network #NGFW #VPN #sydecloud The Cloud Security Debate: Weighing Risks and Benefits par Patrick Houyoux LL.M. ULB, Brussels, Trinity College, Cambridge, UK. President – Director PT SYDECO - Opinion	Cloud		★★
	2023-12-15 16:15:00	Émirats arabes unis à chair de la Banque mondiale \\ le groupe de travail sur le cloud computing UAE to Chair World Bank\\'s Cloud Computing Working Group (lien direct)	La Banque mondiale a reconnu les EAU pour son travail avec le secteur privé dans la mise en œuvre et la sécurisation des systèmes cloud. The World Bank recognized UAE for its work with the private sector in implementing and securing cloud systems.	Cloud	GoldenJackal	★★
	2023-12-15 13:31:44	GCP-2023-048 (lien direct)	Publié: 2023-12-15 Description Description Gravité notes Les vulnérabilités suivantes ont été découvertes dans le noyau Linux qui peut conduire à une escalade de privilège sur le système d'exploitation optimisé par le conteneur et les nœuds Ubuntu. CVE-2023-3390 Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité GKE GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur GKE sur le bulletin de sécurité Bare Metal High CVE-2023-3390 Published: 2023-12-15Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.CVE-2023-3390 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3390	Vulnerability Cloud
	2023-12-14 17:28:06	GCP-2023-047 (lien direct)	Publié: 2023-12-14 Description Description Gravité notes Un attaquant qui a compromis le conteneur de journalisation de bit Cluent pourrait combiner cet accès avec des privilèges élevés requis par Anthos Service Mesh (sur des clusters qui l'ont permis) de dégénérer les privilèges dans le cluster. Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité GKE GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur gke sur le bulletin de sécurité nue moyen Published: 2023-12-14Description Description Severity Notes An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster. For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin Medium	Cloud
	2023-12-14 11:00:00	Protéger l'entreprise des fuites de mot de passe Web sombres Protecting the enterprise from dark web password leaks (lien direct)	Referenced in popular films and television programs, “The Dark Web” has achieved what many cyber security concerns fail to do in that it has entered the public consciousness. It is generally understood that the dark web is a collection of on-line sites and marketplaces, notorious for facilitating illegal activities and harboring stolen information. The details of how this underground economy function, the various levels of sophistication of its participants, and how information ends up in these forums is less broadly understood. The trade in compromised passwords in dark web markets is particularly damaging. Cybercriminals often exploit password leaks to access sensitive data, commit fraud or launch further attacks. Let’s explore the various ways passwords are leaked to the dark web and discuss strategies for using dark web data to protect your organization. Data breaches One of the most common ways passwords are leaked to the dark web is through data breaches. Cybercriminals target organizations and gain unauthorized access to their systems and databases. Once inside, they can steal large volumes of user data, including passwords, which are then sold or traded on the dark web. A “first party” data breach is when that breach occurs in a network you are responsible for (i.e. your company). This is typically a top-of-mind concern for security and IT professionals. However, breaches of third parties that hold information about your users can be equally damaging. Because users often reuse passwords across multiple services, or use slight variations or formulaic passwords, these disclosures are critical. They result in threat actors gaining access to your network or SaaS services by simply logging or through brute forcing a greatly reduced key space which may go unnoticed. Phishing attacks Phishing attacks are another prevalent method used by cybercriminals to obtain passwords. These attacks involve sending deceptive emails, text messages, or social media messages that trick users into revealing their login credentials. Once the attacker has the victim\'s password, they can easily access their accounts or sell the information on the dark web. Keyloggers and malware Keyloggers and malware are stealthy tools used by cybercriminals to record a user\'s keystrokes, including passwords. These can be installed on a victim\'s device through malicious emails, downloads, or infected websites. This is particularly concerning in cases where the endpoints in question are not fully managed by the company. Contractors, network devices provided by service providers, users with BYOD equipment or other semi-public or public devices users might access a cloud service from are all examples of devices which can result in loss of credentials because of malware infection - regardless of the endpoint security measures taken on company owned devices. What is particularly insidious about these infections is that, unless addressed, they continue to report current credentials up to the command-and-control services across password changes and platforms. Insider threats Sometimes, passwords are leaked to the dark web through insider threats. Disgruntled employees, contractors, or other individuals with access to sensitive information may intentionally leak passwords as an act of revenge or for financial gain. Protecting Your Passwords: Best Practices While the risks associated with password leaks on the dark web are real, there are steps you can take to protect your organization from being impacted by these disclosures: Educate users: By now it is difficult to find an organization that doesn’t have a policy and technical controls to enforce the use of strong passwords in their environment. Building on that to train users when it is acceptable to use a company provide email address for service	Data Breach Malware Tool Threat Cloud Technical		★★
	2023-12-14 10:30:00	Les attaques persistantes de Oilrig \\ à l'aide de téléchargeurs alimentés par le service cloud OilRig\\'s persistent attacks using cloud service-powered downloaders (lien direct)	Les chercheurs de l'ESET documentent une série de nouveaux téléchargeurs de pétrole, tous s'appuyant sur des fournisseurs de services cloud légitimes pour les communications C& C ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications	Cloud	APT 34	★★
	2023-12-14 10:22:33	Duet AI dans Google Cloud : ce qui est vraiment disponible (lien direct)	Disponibilité générale actée pour Duet AI dans Google Cloud. Que recouvre cette marque à l'heure actuelle ?	Cloud		★★
	2023-12-14 09:44:32	Atténuation des menaces d'initié: 5 meilleures pratiques pour réduire le risque Insider Threat Mitigation: 5 Best Practices to Reduce Risk (lien direct)	(This is an updated version of a blog that was originally published on 1/28/21.) Most security teams focus on detecting and preventing external threats. But not all threats come from the outside. The shift to hybrid work, accelerated cloud adoption and high rates of employee turnover have created a perfect storm for data loss and insider threats over the past several years. Today, insider threats rank amongst the top concerns for security leaders-30% of chief information security officers report that insider threats are their biggest cybersecurity threat over the next 12 months. It\'s easy to understand why. Insider threats have increased 44% since 2020 due to current market dynamics-and security teams are struggling to keep pace. According to the Verizon 2023 Data Breach Investigations Report, 74% of all breaches involve the human element. In short, data doesn\'t lose itself. People lose it. When the cybersecurity risk to your company\'s vital systems and data comes from the inside, finding ways to mitigate it can be daunting. Unlike with tools that combat external threats, security controls for data loss and insider threats can impact users\' daily jobs. However, with the right approach and insider threat management tools, that doesn\'t have to be the case. In this blog post, we\'ll share best practices for insider threat mitigation to help your business reduce risk and overcome common challenges you might face along the way. What is an insider threat? But first, let\'s define what we mean by an insider threat. In the cybersecurity world, the term “insider” describes anyone with authorized access to a company\'s network, systems or data. In other words, it is someone in a position of trust. Current employees, business partners and third-party contractors can all be defined as insiders. As part of their day-to-day jobs, insiders have access to valuable data and systems like: Computers and networks Intellectual property (IP) Personal data Company strategy Financial information Customer and partner lists All insiders pose a risk given their position of trust-but not all insiders are threats. An insider threat occurs when someone with authorized access to critical data or systems misuses that access-either on purpose or by making a mistake. The fallout from an insider threat can be dire for a business, including IP loss, legal liability, financial consequences and reputational damage. The challenge for security firms is to determine which insiders are threats, and what type of threats they are, so they know how to respond. There are three insider threat types: Careless. This type of risky insider is best described as a user with good intentions who makes bad decisions that can lead to data loss. The 2022 Cost of Insider Threats Global Report from Ponemon Institute notes that careless users account for more than half (56%) of all insider-led incidents. Malicious. Some employees-or third parties, like contractors or business partners-are motivated by personal gain. Or they might be intent on harming the business. In either case, these risky users might want to exfiltrate trade secrets or take IP when they leave the company. Industrial espionage and sabotage are examples of malicious insider activity. Ponemon research shows malicious insiders account for 26% of insiders. Compromised. Sometimes, external threat actors steal user login information or other credentials. They then use those credentials to access applications and systems. Ponemon reports that compromised users account for 18% of insiders. Insider threat mitigation best practices Companies can minimize brand and financial damage by detecting and stopping insider threats. How each security team approaches insider threats will vary depending on the industry, maturity and business culture. However, every organization can use the five best practices we\'ve outlined below to improve their insider threat prevention. 1. Identify your risky users Most insiders fall into the “care	Data Breach Tool Threat Industrial Cloud Technical		★★
	2023-12-14 09:00:56	La détection de code QR malveillant fait un bond en avant géant Malicious QR Code Detection Takes a Giant Leap Forward (lien direct)	Proofpoint introduces inline, pre-delivery QR code detection engine to help protect against imaged-based QR code phishing attacks QR code phishing, also known as quishing, is the latest attack hitting inboxes. This emerging threat is able to get around traditional email defenses and is forging a new way to deliver email attacks directly to users. Along with email phishing, executive impersonation, spear phishing and business email compromise (BEC), this threat has become one of the top concerns for security and IT teams. In response, Proofpoint has launched new inline sandboxing capabilities to detect and stop suspicious QR code threats. Not only do we support behavioral and sandbox detection engines, but we also provide pre- and post-scanning for risky QR codes. When combined, these capabilities more accurately detect and better protect against this new threat vector. Most API-based email security tools rely on behavioral signals, which means they can only detect a suspicious QR code email after it has been delivered to the user\'s inbox. In contrast, Proofpoint stops attacks pre-delivery, so threats can never make it to users\' inboxes. In this blog post, we\'ll cover what you should know about QR code phishing and detection-and how Proofpoint can help. Why QR codes? When Microsoft disabled macros to prevent threat actors from exploiting them to deliver malware, threat actors started to test various new attack delivery techniques, such as QR codes. Used by marketers as a quick and easy way to connect with consumers and drive engagement, QR codes have become a part of our daily lives and are now used in retail stores, airline tickets, contactless menus and scan-to-pay, among many others. While it\'s common knowledge that standard QR codes can be used in malicious ways, a recent Scantrust QR code survey found that “over 80% of US-based QR code users said that they think QR codes are safe.” It\'s this inherent trust of QR codes that threat actors depend on. That and the fact that QR codes do not expose malicious URLs make them very hard detect with traditional email security tools. What is QR code phishing? A QR code scam is when a bad actor creates a QR code phishing campaign to trick a user into navigating to a malicious URL. This leads them to a malicious website that then harvests their credentials or downloads malware onto their device. These campaigns include payment scams, package scams, email scams and even donation scams during the holiday season. Because all QR codes look similar, users are easily fooled. Figure 1: How a QR scam typically works. Why are QR codes getting through? Legacy email security providers and most API-based email security tools have a very difficult time detecting these attacks. That\'s because these tools scan email messages for known malicious links-they don\'t scan images for links that are hidden inside QR code images. This attack method also creates a new security blind spot. QR codes are scanned by a separate device, like a smartphone, from where the email is delivered. And smartphones are less likely to have robust security protection, which is needed to detect and prevent these attacks. For this reason, it\'s essential that an email security tool detects and blocks QR code phishing emails before they reach users\' inboxes. When messages are scanned post-delivery, like with API-based tools, there\'s a chance that users will get to them first-before they\'re clawed back. Post-delivery-only detection risks Post-delivery-only email security tools claim to “detect and block” QR code phishing emails, but they simply cannot. While they may “detect” a suspicious QR code email, it\'s only after the threat has been delivered to the user\'s inbox. Moreover, these tools do not sandbox suspicious QR codes. This means they have a high miss rate-which creates more risk for your company. Besides creating more risk, they also create more work for your teams. By relying solely on behavioral anomalies, these tools	Malware Tool Threat Mobile Cloud		★★★
	2023-12-14 08:37:32	WALLIX lance la plateforme SaaS, WALLIX One (lien direct)	Lancement de WALLIX One, la plateforme SaaS de cybersécurité conçue pour s'adapter aux enjeux numériques et économiques des entreprises qui veulent protéger leurs accès et identités • WALLIX propose sa gamme de logiciels de gestion des identités et des accès numériques au travers de sa plateforme SaaS WALLIX One. • WALLIX One-PAM (Privileged Access Management), le service de gestion des accès à privilèges avec un modèle unique de tarification sur le marché, accompagne les entreprises en recherche d'une solution de cybersécurité agile pour gouverner leurs accès numériques internes et externes. • Une transition vers le modèle SaaS qui positionne WALLIX dans une croissance durable et une satisfaction client maximale. - Produits	Cloud		★★★
	2023-12-13 14:32:47	La promesse d\'un cloud plus rapide, moins cher et plus sûr existerait-elle ? (lien direct)	Le cloud doit être pensé comme un facilitateur, ce qui passe par une cartographie exacte des capacités de calcul requises. Pour cela, il est essentiel d'être guidé par un cahier des charges pensé par rapport aux besoins de l'entreprise et non des capacités offertes par les fournisseurs de cloud.	Cloud		★★
	2023-12-13 11:00:00	Qu'est-ce que la sécurité centrée sur les données? What is data-centric security? (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data is the lifeblood of organizations. It drives decision-making, fosters innovation, and underpins business operations. However, this wealth of data is scattered across multiple cloud platforms, making it an attractive target for cybercriminals, and rendering traditional approaches to data protection obsolete. This is where data-centric security comes into play. This article will explore the concept of data-centric security, why businesses need it, and the benefits it offers. Understanding data-centric security Data-centric security is a comprehensive approach to safeguarding sensitive data by focusing on the data itself rather than the network or perimeter. It revolves around protecting data throughout its lifecycle, ensuring that even if security perimeters are breached, the data remains secure. Data-centric security comprises several key components and principles, including: Data discovery and classification: Identifying and categorizing data based on its sensitivity is the first step in protecting it. By knowing what data is most critical, you can allocate resources and protection measures accordingly. Access controls and permissions: Fine-grained access controls and role-based permissions are essential to restrict data access to authorized users and roles, reducing the risk of data exposure. Encryption: Encrypting data at rest and in transit adds an extra layer of protection, making data inaccessible to unauthorized individuals. Activity monitoring: Real-time activity monitoring and auditing capabilities help detect unusual data access or transfer patterns, allowing for immediate response to potential security incidents. Incident response and mitigation: Effective incident response is crucial in case of a breach or unauthorized access, enabling quick identification of the issue and mitigating any damage. Why businesses need data-centric security The amount of data being used by organizations for day-to-day operations is increasing rapidly. The importance of adopting a data-centric approach to data protection can be summarized into three main reasons: 1. Traditional security is insufficient. Businesses leverage multiple cloud environments, and sensitive data, such as personal information or intellectual property, are migrated and sprawled across these platforms, expanding the attack surface. Data vulnerabilities become increasingly common when network perimeters are hard to define in a hybrid work environment. Applying safeguards directly to data is needed to create more barriers that repel unauthorized data distribution. Data-centric security protects data from all kinds of threats, such as external attackers or negligent employees. 2. Apply granular access controls. Data-centric security is a vital approach to protect your data dynamically. It enables you to have more flexibility in managing your systems and networks by providing fine-grained access controls, which are more effective than traditional access controls. This framework is particularly critical in scenarios where not every user should have access to the entire data within their department. 3. Integrate with existing tech stack. Data-centric security is an effective way to protect a company\'s data from cyber threats. It can be added to existing infrastructure without disrupting normal operations or requiring drastic changes. This allows companies to gradually improve their security measures while freeing up resources for other purposes. Benefits of data-centric security As data becomes increasingly valuable as a competitive advantage, organizations have	Data Breach Tool Vulnerability Cloud		★★
	2023-12-13 10:20:51	Cyber Security \'Tax\' and Cloud \'Love Affair\' Driving New IT Spending Despite Flat Budgets in 2024 (lien direct)	L'IA et l'apprentissage automatique seront le sixième domaine le plus important de la croissance des dépenses informatiques en Australie et en Nouvelle-Zélande en 2024, bien que les DSI travaillent avec des budgets plats dans l'ensemble dans la prise de décisions de dépenses. AI and machine learning will be the sixth biggest area of IT spending growth in Australia and New Zealand in 2024, though CIOs are working with flat budgets overall in making spending decisions.	Cloud		★★
	2023-12-13 10:20:51	Cybersécurité \\ 'tax \\' et cloud \\ 'Affaire d'amour \\' conduisant de nouvelles dépenses informatiques malgré des budgets plats en 2024 Cyber Security \\'Tax\\' and Cloud \\'Love Affair\\' Driving New IT Spending Despite Flat Budgets in 2024 (lien direct)	L'IA et l'apprentissage automatique seront le sixième domaine le plus important de la croissance des dépenses informatiques en Australie et en Nouvelle-Zélande en 2024, bien que les DSI travaillent avec des budgets plats dans l'ensemble dans la prise de décisions de dépenses. AI and machine learning will be the sixth biggest area of IT spending growth in Australia and New Zealand in 2024, though CIOs are working with flat budgets overall in making spending decisions.	Cloud		★★
	2023-12-12 19:35:00	Google Cloud \\ 'S \\' Dataproc \\ 'Abuse Risk Denange les magasins de données d'entreprise Google Cloud\\'s \\'Dataproc\\' Abuse Risk Endangers Corporate Data Stores (lien direct)	Il y a une nouvelle façon pour les pirates d'abus du cloud, cette fois avec les analystes de données et les scientifiques de la réticule. There\'s a new way for hackers to abuse the cloud, this time with data analysts and scientists in the crosshairs.	Cloud		★★
	2023-12-12 17:05:17	Mémo sur les menaces du cloud: Extraction des données de formation des modèles de langage générateur AI Cloud Threats Memo: Extracting Training Data from Generative AI Language Models (lien direct)	> Cette année restera dans les mémoires pour la révolution de Chatgpt (le site Web a été visité par 1,7 milliard d'utilisateurs en octobre 2023, avec 13,73% de la croissance par rapport au mois précédent) et pour l'adoption généralisée des technologies génératrices de l'IA dans notre vie quotidienne.L'un des aspects clés des modèles de langue utilisés pour [& # 8230;] >This year will probably be remembered for the revolution of ChatGPT (the website was visited by 1.7 billion users in October 2023, with 13.73% of growth compared to the previous month) and for the widespread adoption of generative AI technologies in our daily life. One of the key aspects of the language models used for […]	Cloud	ChatGPT	★★
	2023-12-12 14:39:15	Retex : Deezer opte pour une gouvernance FinOps distribuée (lien direct)	Deezer a entrepris la migration dans le Cloud de sa plateforme big data en 2019. Un projet sur lequel une démarche FinOps s'est rapidement imposée.	Cloud		★★
	2023-12-12 13:00:24	Rencontrez le nouveau CloudGuard: gestion des risques en action Meet the new CloudGuard: Risk Management in Action (lien direct)	> Une CVE critique ou une vulnérabilité et une exposition communes sont identifiées chaque jour.Les équipes de sécurité doivent planifier les mesures (stratégies d'atténuation) prises pour réduire les effets nocifs d'un CVE, afin de s'assurer que les applications qu'ils gèrent restent en sécurité alors que la disponibilité des entreprises n'est pas affectée, et les développeurs peuvent continuer avec leurs activités quotidiennes.Check Point CloudGuard transforme le flux de travail de l'équipe de sécurité en transitionnant une situation frustrante et chronophage en une liste facilement gérée et bien résolue des actifs de haute priorité basés sur le contexte de l'environnement cloud spécifique.Ensuite, les efforts de correction peuvent être exécutés progressivement, offrant à la fois des affaires plus élevées [& # 8230;] >A critical CVE or Common Vulnerability and Exposure is identified every day. Security teams need to plan the measures (mitigation strategies) taken to reduce the harmful effects of a CVE, to ensure that the applications they are managing remain secure while business availability is not affected, and developers can continue with their day-to-day activities. Check Point CloudGuard transforms the workflow of the security team by transitioning a frustrating, time-consuming situation into an easily managed and well-triaged list of high-priority assets based on the context of the specific cloud environment. Then, patching efforts can be executed gradually, offering both higher business […]	Vulnerability Patching Cloud		★★★
	2023-12-12 08:50:00	Netterra atteint la certification ISO pour une sécurité cloud améliorée Neterra Attains ISO Certification for Enhanced Cloud Security (lien direct)	Neterra atteint la certification ISO pour une sécurité de cloud améliorée L'objectif est que les clients soient assurés que leurs données sont bien protégées dans la plate-forme neterra.cloud - nouvelles commerciales Neterra Attains ISO Certification for Enhanced Cloud Security The goal is for customers to be assured that their data is well-protected in the Neterra.Cloud platform - Business News	Cloud		★★★
	2023-12-11 09:11:29	Cloud public : 2023, l\'année d\'Oracle ? (lien direct)	D'une année à l'autre, la position d'Oracle a progressé au Magic Quadrant du cloud public. Comment se présente ce marché ?	Cloud Commercial		★★
	2023-12-11 02:57:22	L'étude de la main-d'œuvre de la cybersécurité ISC2 2023 plonge dans la sécurité du cloud et l'IA The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI (lien direct)	L'industrie de la sécurité est à un moment critique.La capture de l'état des affaires est un récent rapport publié par le Consortium de certification de la sécurité du système d'information international, ou (ISC) 2.«Une tempête parfaite» comme ils le disent dans leur résumé des exécutifs, «notre étude montre qu'une tempête parfaite d'incertitude économique, de technologies émergentes rapidement, de réglementations fragmentées et de la main-d'œuvre et des lacunes en matière de compétences en constante évolution crée une énorme incertitude pour une profession dont le rôle estpour protéger les infrastructures et les systèmes mondiaux contre les attaques. »Leur conclusion?«La main-d'œuvre de la cybersécurité a besoin de plus ... The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or (ISC)2. “A perfect storm” As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly emerging technologies, fragmented regulations and ever-widening workforce and skills gaps is creating huge uncertainty for a profession whose role it is to protect global infrastructure and systems from attack.” Their conclusion? “The cybersecurity workforce needs more...	Studies Cloud		★★★
	2023-12-08 15:03:32	L\'enquête de Keeper Security révèle que 82% des responsables informatiques souhaitent transférer leur solution de gestion des accès privilégiés (PAM) sur site vers le cloud. (lien direct)	L'enquête de Keeper Security révèle que 82% des responsables informatiques souhaitent transférer leur solution de gestion des accès privilégiés (PAM) sur site vers le cloud. 60% des entreprises disposant de solutions sur site révèlent que le fait que le PAM soit sur site les empêche d'atteindre leurs objectifs. - Investigations	Studies Cloud		★★★
	2023-12-08 09:47:19	Datadog, Inc. ajoute à sa fonctionnalité Security Inbox (lien direct)	Datadog ajoute à Security Inbox des informations sur les identités, les vulnérabilités et les applications et permet aux équipes DevOps et de sécurité de remédier rapidement aux problèmes Les nouvelles fonctionnalités permettent aux équipes DevOps d'améliorer la posture de sécurité, du code jusqu'au cloud et à l'application, en se concentrant uniquement sur les problèmes importants - Produits	Cloud		★★

Last update at: 2024-05-10 02:07:47
See our sources.

To see everything: Our RSS (filtrered)