What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-08-18 20:14:00 | ProjectDiscovery annonce une série de 25 millions de dollars A financement et lancement de la plate-forme cloud ProjectDiscovery Announces $25M Series A Financing and Launch of Cloud Platform (lien direct) |
Cloud | ★★ | ||
|
2023-08-18 18:15:00 | Il est temps de répondre à ce qui sape la sécurité SaaS, dit Appomni Time To Address What\\'s Undermining SaaS Security, AppOmni Says (lien direct) |
Dans ce segment Dark Reading News Desk, Brendan O \\ 'Connor, PDG et co-fondateur d'Appomni décrit certains des plus grands défis de sécurité pour sécuriser les applications logicielles en tant que service (SAAS).
In this Dark Reading News Desk segment, Brendan O\'Connor, CEO and Co-Founder of AppOmni describes some of the biggest security challenges for securing software-as-a-service (SaaS) applications. |
Cloud | ★★ | |
|
2023-08-18 18:15:00 | Développez votre définition du point de terminaison \\ ', \\' Obtenez une meilleure gestion des menaces de cloud Expand Your Definition of \\'Endpoint,\\' Get a Better Handle On Cloud Threats (lien direct) |
Dans ce segment de bureau de lecture sombre, Anna Belak de Sysdig \\ explique comment le boom des services et des applications cloud a élargi la définition de ce qui constitue un point final.
In this Dark Reading News Desk segment, Sysdig\'s Anna Belak discusses how the boom in cloud services and applications expanded the definition of what constitutes an endpoint. |
Cloud | ★★ | |
|
2023-08-17 20:05:00 | Qualys offre des prévisions de menace pour le cloud et des conseils pour réduire les risques de cloud Qualys Offers Threat Forecast For Cloud, and Tips For Reducing Cloud Risks (lien direct) |
Dans ce segment Dark Reading News Desk, le PDG et président de Qualys, Sumedh Thakar, offre des conseils sur la réduction des risques de cloud.
In this Dark Reading News Desk segment, Qualys CEO and president Sumedh Thakar offers advice on reducing cloud risks. |
Threat Cloud | ★★ | |
|
2023-08-17 20:00:00 | Normalyze: comment se concentrer sur les données peut améliorer la sécurité du cloud Normalyze: How Focusing On Data Can Improve Cloud Security (lien direct) |
Dans ce segment Dark Reading News Desk,, Ravi Ithal de Normalyze discute de la sécurité du cloud et de la gestion de la posture de sécurité des données (DPSM).
In this Dark Reading News Desk segment, Normalyze\'s Ravi Ithal discusses cloud security and data security posture management (DPSM). |
Cloud | ★★★ | |
 |
2023-08-17 10:00:00 | Sécuriser vos réseaux cloud: stratégies pour une infrastructure résiliente Securing your cloud networks: Strategies for a resilient infrastructure (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. What exactly is resilience? According to the U.S. National Institute of Standards and Technology, the goal of cyber resilience is to “enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.” In other words, when you’re at odds with cybercriminals and nation-state actors, can you still get your job done? If not, how quickly can you get back up and running? In this article, we outline steps to ensure that if your cloud networks fail, your business won’t fail along with them. Take stock of what you can’t (and can) live without Being resilient during and post-cyber-attack means being able to continue business operations either leanly or back to full throttle soon after. While resources are being pooled to respond and recover from an incident, what data must be protected and what operations must go on? Data that must be protected include those defined by regulation (e.g., personal identifiable information), intellectual property, and financial data. Data itself must be protected in multiple forms: at rest, in transit, and in use. The type of business you’re in may already dictate what’s essential; critical infrastructure sectors with essential operations include telecommunications, healthcare, food, and energy. Anything that your business relies on to survive and sustain should be treated as highest priority for security. Ensure required availability from your cloud provider An essential part of resilience is the ability to stay online despite what happens. Part of the cloud provider’s responsibility is to keep resources online, performing at the agreed level of service. Depending on the needs of your business, you will require certain levels of service to maintain operations. Your cloud provider promises availability of resources in a service-level agreement (SLA), a legal document between the two parties. Uptime, the measure of availability, ranges from 99.9% to 99% in the top tiers of publicly available clouds from Amazon and Microsoft. A difference of 0.9% may not seem like much, but that translates from roughly 9 hours of downtime to over 3.5 days annually—which might be unacceptable for some types of businesses. Store backups—even better, automate As ransomware proliferates, enterprises need to protect themselves against attackers who block access to critical data or threaten to expose it to the world. One of the most fundamental ways to continue business operations during such an incident is to rely on backups of critical data. After you’ve identified which data is necessary for business operations and legal compliance, it’s time to have a backup plan. While your cloud service provider provides options for backup, spreading the function across more than one vendor will reduce your risk—assuming they’re also secure. As Betsy Doughty, Vice President of Corporate Marketing of Spectra Logic says, “it’s smart to adhere to the 3-2-1-1 rule: Make three copies of data, on two different mediums, with one offsite and online, and one offsite and offline.” Automated snapshots and data backup can run in the background, preparing you in the event of a worst-case scenario. Expose and secure your blind spots A recent report from the | Ransomware Cloud | ★★ | |
 |
2023-08-17 02:47:14 | Guide en 5 étapes sur la sécurisation des architectures sans serveur dans le cloud avec RASP 5-Step Guide on Securing Serverless Architectures in the Cloud with RASP (lien direct) |
L'architecture sans serveur a augmenté ces dernières années et devrait augmenter de près de 25% au cours de la prochaine décennie, selon une source, le marché de l'architecture sans serveur valait plus de 9 milliards de dollars en 2022, avec son taux de croissance annuel composé qui devrait augmenter.Le marché pourrait valoir plus de 90 milliards de dollars d'ici 2032. Cela indique l'immense quantité de potentiel que cette industrie a, influencée par l'adoption croissante de DevOps par les organisations.Cependant, tous ces progrès pourraient être entravés par les risques de cybersécurité qui ne sont pas pris en charge de manière robuste.Certains des plus courants ...
Serverless architecture has increased in recent years, and is anticipated to grow by nearly 25% over the next decade, According to one source, the serverless architecture market was worth over $9 billion in 2022, with its compound annual growth rate projected to increase. The market could be worth over $90 billion by 2032. This indicates the immense amount of potential that this industry carries, influenced by the increasing adoption of DevOps by organizations. However, all this progress could be impeded by cybersecurity risks not being attended to in a robust manner. Some of the most common... |
Cloud | ★★ | |
|
2023-08-16 21:16:00 | Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets (lien direct) | L'architecture sans serveur a augmenté ces dernières années et devrait augmenter de près de 25% au cours de la prochaine décennie, selon une source, le marché de l'architecture sans serveur valait plus de 9 milliards de dollars en 2022, avec son taux de croissance annuel composé qui devrait augmenter.Le marché pourrait valoir plus de 90 milliards de dollars d'ici 2032. Cela indique l'immense quantité de potentiel que cette industrie a, influencée par l'adoption croissante de DevOps par les organisations.Cependant, tous ces progrès pourraient être entravés par les risques de cybersécurité qui ne sont pas pris en charge de manière robuste.Certains des plus courants ...
Serverless architecture has increased in recent years, and is anticipated to grow by nearly 25% over the next decade, According to one source, the serverless architecture market was worth over $9 billion in 2022, with its compound annual growth rate projected to increase. The market could be worth over $90 billion by 2032. This indicates the immense amount of potential that this industry carries, influenced by the increasing adoption of DevOps by organizations. However, all this progress could be impeded by cybersecurity risks not being attended to in a robust manner. Some of the most common... |
Cloud | ★★ | |
 |
2023-08-16 16:42:00 | Guide: comment les organisations basées sur l'espace de travail Google peuvent tirer parti de Chrome pour améliorer la sécurité Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security (lien direct) |
De plus en plus d'organisations choisissent Google Workspace comme leur ensemble d'outils d'employé par défaut de choix.Mais malgré les avantages de la productivité, cette action organisationnelle entraîne également une nouvelle dette de sécurité.Les équipes de sécurité doivent désormais trouver un moyen d'ajuster leur architecture de sécurité à cette nouvelle charge de travail cloud.
Certaines équipes peuvent compter sur leurs solutions de sécurité réseau existantes.Selon un nouveau guide
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a new guide |
Cloud | ★★ | |
 |
2023-08-16 13:23:08 | Dig Security State of Cloud Data Security 2023 Le rapport trouve des données sensibles exposées dans plus de 30% des actifs cloud Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets (lien direct) |
Dig Security State of Cloud Data Security 2023 Le rapport trouve des données sensibles exposées dans plus de 30% des actifs cloud
L'analyse des données de la plate-forme DIG DSPM découvre l'exposition sensible aux données, la surpermission et l'accès aux applications risquées et les flux de données dans le stockage cloud
-
rapports spéciaux
Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets Data analysis from the Dig DSPM platform discovers sensitive data exposure, overpermissioning, and risky application access and data flows in cloud storage - Special Reports |
Studies Cloud | ★★★ | |
 |
2023-08-16 13:03:58 | Fuzzing à propulsion AI: brisant la barrière de chasse aux insectes AI-Powered Fuzzing: Breaking the Bug Hunting Barrier (lien direct) |
Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated vulnerability discovery for open source projects. Vulnerability discovery is an important part of keeping software supply chains secure, so our team is constantly working to improve OSS-Fuzz. For the last few months, we\'ve tested whether we could boost OSS-Fuzz\'s performance using Google\'s Large Language Models (LLM). This blog post shares our experience of successfully applying the generative power of LLMs to improve the automated vulnerability detection technique known as fuzz testing (“fuzzing”). By using LLMs, we\'re able to increase the code coverage for critical projects using our OSS-Fuzz service without manually writing additional code. Using LLMs is a promising new way to scale security improvements across the over 1,000 projects currently fuzzed by OSS-Fuzz and to remove barriers to future projects adopting fuzzing. LLM-aided fuzzingWe created the OSS-Fuzz service to help open source developers find bugs in their code at scale-especially bugs that indicate security vulnerabilities. After more than six years of running OSS-Fuzz, we now support over 1,000 open source projects with continuous fuzzing, free of charge. As the Heartbleed vulnerability showed us, bugs that could be easily found with automated fuzzing can have devastating effects. For most open source developers, setting up their own fuzzing solution could cost time and resources. With OSS-Fuzz, developers are able to integrate their project for free, automated bug discovery at scale. | Vulnerability Cloud | ★★ | |
|
2023-08-15 23:44:00 | Les cybercriminels abusant de Cloudflare R2 pour l'hébergement de pages de phishing, avertissent les experts Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (lien direct) |
Les acteurs de la menace \\ 'l'utilisation de CloudFlare R2 pour héberger des pages de phishing ont connu une augmentation de 61 fois au cours des six derniers mois.
"La majorité des campagnes de phishing ciblent les informations d'identification de Microsoft, bien qu'il existe des pages ciblant Adobe, Dropbox et d'autres applications cloud", a déclaré Jan Michael, chercheur en sécurité de Nettskope.
CloudFlare R2, analogue à Amazon Web Service S3, Google Cloud Storage, et
Threat actors\' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and |
Threat Cloud | ★★★ | |
|
2023-08-15 16:03:00 | Microsoft Cloud Security Woes Inspire DHS Security Review (lien direct) | Le gouvernement peut-il aider à résoudre ce qui est mal dans la sécurité du cloud?Une enquête à venir va essayer.
Can the government help fix what\'s wrong in cloud security? An upcoming investigation is going to try. |
Cloud | ★★ | |
|
2023-08-15 10:00:00 | Pourquoi la sécurité de l'API est-elle la prochaine grande chose en cybersécurité? Why is API security the next big thing in Cybersecurity? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. APIs, formally known as application programming interfaces, occupy a significant position in modern software development. They revolutionized how web applications work by facilitating applications, containers, and microservices to exchange data and information smoothly. Developers can link APIs with multiple software or other internal systems that help businesses to interact with their clients and make informed decisions. Despite the countless benefits, hackers can exploit vulnerabilities within the APIs to gain unauthorized access to sensitive data resulting in data breaches, financial losses, and reputational damage. Therefore, businesses need to understand the API security threat landscape and look out for the best ways to mitigate them. The urgent need to enhance API security APIs enable data exchanges among applications and systems and help in the seamless execution of complex tasks. But as the average number of APIs rises, organizations often overlook their vulnerabilities, making them a prime target of hackers. The State of API Security Q1 Report 2023 survey finding concluded that the attacks targeting APIs had increased 400% during the past six months. Security vulnerabilities within APIs compromise critical systems, resulting in unauthorized access and data breaches like Twitter and Optus API breaches. Cybercriminals can exploit the vulnerabilities and launch various attacks like authentication attacks, distributed denial-of-service attacks (DDoS), and malware attacks. API security has emerged as a significant business issue as another report reveals that by 2023, API abuses will be the most frequent attack vector causing data breaches, and also, 50% of data theft incidents will happen due to insecure APIs. As a result, API security has. become a top priority for organizations to safeguard their data, which may cost businesses $75 billion annually. Why does API security still pose a threat in 2023? Securing APIs has always been a daunting task for most organizations, mainly because of the misconfigurations within APIs and the rise in cloud data breaches. As the security landscape evolved, API sprawl became the top reason that posed a threat to API security. API sprawl is the uncontrolled proliferation of APIs across an organization and is a common problem for enterprises with multiple applications, services, and development teams. As more APIs are created, they expanded the attack surface and emerged as an attractive target for hackers. The issue is that the APIs are not always designed by keeping security standards in mind. This leads to a lack of authorization and authentication, exposing sensitive data like personally identifiable information (PII) or other business data. API sprawl | Malware Tool Vulnerability Threat Cloud | Uber | ★★★ |
 |
2023-08-14 17:28:10 | Le point de contrôle remporte Gold Stevie International Business Award Check Point Wins Gold Stevie International Business Award (lien direct) |
> & # 160;Le point de chèque est ravi d'accepter le prix international Business Awards \\ 'Gold Stevie pour notre plateforme de sécurité quantique Titan!Au point de contrôle, nous transformons comment les organisations sécurisent leurs réseaux dans les environnements sur site, cloud et IoT.Propulsé par ThreatCloud AI, Quantum Titan fournit une prévention avancée des menaces et une protection contre les cyberattaques les plus sophistiquées, y compris les exploits de système de phishing et de nom de domaine zéro-jour.Alors que les cyberattaques sont devenues plus sophistiquées avec une fréquence et un coût accrus, l'expansion des appareils IoT sur les réseaux et les environnements multi-clouds a créé plus de complexité des réseaux et de menaces pour une organisation.Quantum Titan répond à la nécessité d'une meilleure sécurité et [& # 8230;]
> Check Point is thrilled to accept the International Business Awards\' Gold Stevie award for our Quantum Titan security platform! At Check Point, we are transforming how organizations secure their networks across on-premise, cloud and IoT environments. Powered by ThreatCloud AI, Quantum Titan provides advanced threat prevention and protection against the most sophisticated cyberattacks, including zero-day phishing and domain name system exploits. While cyberattacks have become more sophisticated with increased frequency and cost, IoT device expansion on networks and multi-cloud environments have created more network complexity and threats to an organization. Quantum Titan addresses the need for better security and […] |
Threat Cloud | ★★ | |
|
2023-08-14 16:43:00 | Détection et réponse de la menace d'identité: déchire votre tissu d'identité Identity Threat Detection and Response: Rips in Your Identity Fabric (lien direct) |
Pourquoi la sécurité SaaS est un défi
Dans le paysage numérique d'aujourd'hui, les organisations comptent de plus en plus sur les applications logicielles en tant que service (SaaS) pour stimuler leurs opérations.Cependant, cette adoption généralisée a également ouvert les portes à de nouveaux risques de sécurité et vulnérabilités.
La surface d'attaque de sécurité SaaS continue de s'élargir.Cela a commencé par gérer des erreurs de condamnation et nécessite maintenant un
Why SaaS Security Is a Challenge In today\'s digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a |
Threat Cloud | ★★ | |
 |
2023-08-14 15:01:22 | La plate-forme OpenXDR stellar Cyber \\ est désormais disponible sur Oracle Cloud Infrastructure Stellar Cyber\\'s OpenXDR Platform Now Available On Oracle Cloud Infrastructure (lien direct) |
Silicon Valley-based cybersecurity company, Stellar Cyber, announced today that their OpenXDR platform is now accessible to those that use Oracle Cloud Infrastructure (OCI). Customers who have adopted the cloud and seek simpler and smarter solutions to improve their security can now purchase Stellar Cyberr\'s platform via the Oracle Cloud Marketplace, applying Oracle Universal Credits (OUCs) toward the purchase price. How does OpenXDR technology help businesses to better manage the security of their cloud structures, and what does this new partnership mean for Oracle Cloud users? Table Of ContentsCapabilities of Stellar Cyber\'s OpenXDR PlatformNow Available on Oracle Cloud InfrastructureThe Future of Cloud Security Capabilities of Stellar Cyber\'s OpenXDR Platform Stellar Cyber has developed Open Extended Detection and Response (OpenXDR) to facilitate security for both companies facing a large volume of attacks and overwhelmed security professionals. To achieve this, it unites the capabilities of several tools that are essential for security - many of which used to be incompatible. Some of the security solutions that are currently integrated into the platform are NextGen SIEM and Network Detection and Response (NDR). One of the key issues that the company has focused on since its beginning is the large quantity of data that is incoming from versatile incompatible security tools. Today, the issue of having to manage and make sense of large amounts of data is more emphasized than ever before. Why? Because organizations have added more security points to their systems - mostly to protect the new cloud technology that is now a regular part of their network. For instance, the data management solution integrated within OpenXDR can gather insights that are generated from versatile tools the platform supports. To make the reports more accurate and comprehensive, it can correlate the findings gathered from the tools it supports. As a result, the professionals retain visibility of ever-growing attack surfaces and get correct as well as actionable reports on the state of security in real-time. This helps them to react to sophisticated threats early - before they escalate into major security incidents. The tools that can be found under Stellar Cyber\'s umbrella platform are AI and machine-learning-powered. This means that they promptly and automatically mitigate well-known threats, but they continually learn about the company and use the findings to detect anomalies early. Also, they\'re available from a single dashboard since the platform unites the capabilities of versatile previously siloed solutions in one place. For those that already use Oracle Cloud, the new collaborations mean they\'ll now have the capabilities of the OpenXDR platform at their disposal as well. “Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes-all for a single license and price on a single platform,” said Jim O\'Hara, Chief Revenue Officer at Stellar Cyber. “This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI.” Now Available on Oracle Cloud Infrastructure Oracle Clou | Tool Threat Cloud | ★★ | |
 |
2023-08-14 14:05:39 | La campagne de phishing évasive vole les informations d'identification cloud à l'aide de CloudFlare R2 et de tourniquet Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (lien direct) |
> De février à juillet 2023, Netskope Threat Labs a suivi une augmentation stupéfiante de 61 fois le trafic vers les pages de phishing hébergées dans CloudFlare R2.La majorité des campagnes de phishing ciblent les informations d'identification de connexion Microsoft, bien qu'il existe des pages ciblant Adobe, Dropbox et d'autres applications cloud.Les attaques ont ciblé les victimes principalement dans le nord [& # 8230;]
>From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North […] |
Threat Cloud | ★★ | |
 |
2023-08-14 13:52:34 | US Cyber Sécurité pour examiner les attaques de cloud US Cyber Safety Board to Review Cloud Attacks (lien direct) |
> Le CSRB du gouvernement américain \\ procédera à un examen de la sécurité du cloud pour fournir des recommandations sur l'amélioration de la gestion et de l'authentification de l'identité.
>The US government\'s CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication. |
Cloud | ★★ | |
|
2023-08-14 10:00:00 | Construire la cybersécurité dans la chaîne d'approvisionnement est essentiel à mesure que les menaces montent Building Cybersecurity into the supply chain is essential as threats mount (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The supply chain, already fragile in the USA, is at severe and significant risk of damage by cyberattacks. According to research analyzed by Forbes, supply chain attacks now account for a huge 62% of all commercial attacks, a clear indication of the scale of the challenge faced by the supply chain and the logistics industry as a whole. There are solutions out there, however, and the most simple of these concerns a simple upskilling of supply chain professionals to be aware of cybersecurity systems and threats. In an industry dominated by the need for trust, this is something that perhaps can come naturally for the supply chain. Building trust and awareness At the heart of a successful supply chain relationship is trust between partners. Building that trust, and securing high quality business partners, relies on a few factors. Cybersecurity experts and responsible officers will see some familiarity - due diligence, scrutiny over figures, and continuous monitoring. In simple terms, an effective framework of checking and rechecking work, monitored for compliance on all sides. These factors are a key part of new federal cybersecurity rules, according to news agency Reuters. Among other measures are a requirement for companies to have rigorous control over system patching, and measures that would require cloud hosted services to identify foreign customers. These are simple but important steps, and give a hint to supply chain businesses as to what they should be doing; putting in measures to monitor, control, and enact compliance on cybersecurity threats. That being said, it can be the case that the software isn’t in place within individual businesses to ensure that level of control. The right tools, and the right personnel, is also essential. The importance of software Back in April, the UK’s National Cyber Security Centre released details of specific threats made by Russian actors against business infrastructure in the USA and UK. Highlighted in this were specific weaknesses in business systems, and that includes in hardware and software used by millions of businesses worldwide. The message is simple - even industry standard software and devices have their problems, and businesses have to keep track of that. There are two arms to ensure this is completed. Firstly, the business should have a cybersecurity officer in place whose role it is to monitor current measures and ensure they are kept up to date. Secondly, budget and time must be allocated at an executive level firstly to promote networking between the business and cybersecurity firms, and between partner businesses to ensure that even cybersecurity measures are implemented across the chain. Utilizing AI There is something of a digital arms race when it comes to artificial intelligence. As ZDNet notes, the lack of clear regulation is providing a lot of leeway for malicious actors to innovate, but for businesses to act, too. While regulations are now coming in, it remains that there is a clear role for AI in prevention. According t | Threat Cloud | APT 28 ChatGPT | ★★ |
 |
2023-08-14 09:45:00 | US Cyber Board pour sonder la sécurité du cloud après le dernier piratage d'échange US Cyber Board to probe cloud security after latest Exchange hack (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The supply chain, already fragile in the USA, is at severe and significant risk of damage by cyberattacks. According to research analyzed by Forbes, supply chain attacks now account for a huge 62% of all commercial attacks, a clear indication of the scale of the challenge faced by the supply chain and the logistics industry as a whole. There are solutions out there, however, and the most simple of these concerns a simple upskilling of supply chain professionals to be aware of cybersecurity systems and threats. In an industry dominated by the need for trust, this is something that perhaps can come naturally for the supply chain. Building trust and awareness At the heart of a successful supply chain relationship is trust between partners. Building that trust, and securing high quality business partners, relies on a few factors. Cybersecurity experts and responsible officers will see some familiarity - due diligence, scrutiny over figures, and continuous monitoring. In simple terms, an effective framework of checking and rechecking work, monitored for compliance on all sides. These factors are a key part of new federal cybersecurity rules, according to news agency Reuters. Among other measures are a requirement for companies to have rigorous control over system patching, and measures that would require cloud hosted services to identify foreign customers. These are simple but important steps, and give a hint to supply chain businesses as to what they should be doing; putting in measures to monitor, control, and enact compliance on cybersecurity threats. That being said, it can be the case that the software isn’t in place within individual businesses to ensure that level of control. The right tools, and the right personnel, is also essential. The importance of software Back in April, the UK’s National Cyber Security Centre released details of specific threats made by Russian actors against business infrastructure in the USA and UK. Highlighted in this were specific weaknesses in business systems, and that includes in hardware and software used by millions of businesses worldwide. The message is simple - even industry standard software and devices have their problems, and businesses have to keep track of that. There are two arms to ensure this is completed. Firstly, the business should have a cybersecurity officer in place whose role it is to monitor current measures and ensure they are kept up to date. Secondly, budget and time must be allocated at an executive level firstly to promote networking between the business and cybersecurity firms, and between partner businesses to ensure that even cybersecurity measures are implemented across the chain. Utilizing AI There is something of a digital arms race when it comes to artificial intelligence. As ZDNet notes, the lack of clear regulation is providing a lot of leeway for malicious actors to innovate, but for businesses to act, too. While regulations are now coming in, it remains that there is a clear role for AI in prevention. According t | Hack Cloud | ★★ | |
|
2023-08-14 03:52:20 | Les cinq étapes de la gestion de la vulnérabilité The Five Stages of Vulnerability Management (lien direct) |
Un fort programme de gestion de la vulnérabilité sous-tend une stratégie de sécurité réussie dans l'ensemble.Après tout, vous ne pouvez pas défendre les points faibles que vous ne savez pas.Il est prévu que 2023 verra en moyenne 1 900 vulnérabilités et expositions communes critiques par mois, en hausse de 13% par rapport à l'année dernière.Cela est dû à une interconnexion accrue, à l'ajout de plus d'outils, de dispositifs IoT et de services SaaS et du risque accru d'erreur humaine.Avec autant de façons de laisser par inadvertance les pirates dans un réseau, la gestion de la vulnérabilité doit être un domaine de force de cybersécurité, pas de faiblesse, pour tout ...
A strong vulnerability management program underpins a successful security strategy overall. After all, you can\'t defend weak points you don\'t know are there. It is predicted that 2023 will see an average of 1,900 critical Common Vulnerabilities and Exposures (CVEs) a month, up 13% from last year. This is due to increased interconnectedness, the addition of more tools, IoT devices and SaaS services, and the increased risk of human error. With so many ways to inadvertently let hackers into a network, vulnerability management needs to be an area of cybersecurity strength, not weakness, for any... |
Vulnerability Cloud | ★★ | |
 |
2023-08-11 15:38:00 | Cyber Sécurité du comité d'examen pour analyser la sécurité du cloud à la sillage de Microsoft Hack Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack (lien direct) |
> La décision intervient dans le sillage d'une violation chinoise de haut niveau des responsables américains \\ 'Microsoft Contacs.
>The decision comes in the wake of a high-profile Chinese breach of U.S. officials\' Microsoft email accounts. |
Hack Cloud | ★★ | |
 |
2023-08-11 13:47:00 | Microsoft Exchange Hack est le centre d'intervention de la prochaine revue de Cyber Board \\ Microsoft Exchange hack is focus of cyber board\\'s next review (lien direct) |
L'attaque liée à la Chine contre les services de courrier électronique Microsoft recevra un examen complet du conseil spécial du gouvernement américain pour l'examen des principaux incidents de cybersécurité, a déclaré vendredi le ministère de la Sécurité intérieure.Le Cyber Safety Review Board concentrera son attention sur «le ciblage malveillant des environnements de cloud computing», selon DHS , y compris la récente intrusion dans
The China-linked attack on Microsoft email services will get a full review by the U.S. government\'s special board for examining major cybersecurity incidents, the Department of Homeland Security said Friday. The Cyber Safety Review Board will focus its attention on “the malicious targeting of cloud computing environments,” according to DHS, including the recent intrusion into |
Hack Cloud | ★★ | |
 |
2023-08-11 13:35:52 | US Cyber Safety Board pour analyser le piratage de Microsoft Exchange des e-mails Govt US cyber safety board to analyze Microsoft Exchange hack of govt emails (lien direct) |
Le Cyber Sécurité du ministère de la Sécurité intérieure (CSRB) a annoncé son intention de procéder à un examen approfondi des pratiques de sécurité du cloud à la suite de récents hacks chinois de comptes d'échange Microsoft utilisés par les agences gouvernementales américaines.[...]
The Department of Homeland Security\'s Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. [...] |
Hack Cloud | ★★ | |
|
2023-08-11 12:00:00 | Mobb remporte la compétition de projecteurs de startup Black Hat Mobb Wins Black Hat Startup Spotlight Competition (lien direct) |
Les quatre finalistes du concours de startup ont résolu les problèmes de sécurité du micrologiciel, d'infrastructure cloud, de logiciels open source et de remédiation de vulnérabilité.
The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation. |
Vulnerability Cloud | ★★ | |
|
2023-08-11 02:31:00 | Microsoft étend la gestion de la posture de sécurité cloud à Google Cloud Microsoft Expands Cloud Security Posture Management to Google Cloud (lien direct) |
Microsoft Defender pour Cloud CSPM, qui fournit une surveillance des risques et de la conformité des AWS, Azure et sur site, ajoute enfin GCP au mélange.
Microsoft Defender for Cloud CSPM, which provides risk and compliance monitoring of AWS, Azure, and on-premises cloud, is finally adding GCP to the mix. |
Cloud | ★★ | |
|
2023-08-10 18:42:00 | EvilProxy Cyberattack Flood cible les cadres via Microsoft 365 EvilProxy Cyberattack Flood Targets Execs via Microsoft 365 (lien direct) |
Une campagne a envoyé 120 000 e-mails de phishing en trois mois, contournant le MFA pour compromettre les comptes cloud des cadres de haut niveau dans les organisations mondiales
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations |
Cloud | ★★ | |
 |
2023-08-10 18:15:10 | CVE-2023-39961 (lien direct) | NextCloud Server fournit un stockage de données pour NextCloud, une plate-forme cloud open source.À partir de la version 24.0.4 et avant les versions 25.0.9, 26.0.4 et 27.0.1, lorsqu'un dossier avec des images ou une image a été partagé sans autorisation de téléchargement, l'utilisateur pourrait ajouter l'image en ligne dans un fichier texte et téléchargeril.Versions NextCloud Server 25.0.9, 26.0.4 et 27.0.1 et NextCloud Enterprise Server Versions 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1 contiennent un correctif pour ce numéro.Aucune solution de contournement connue n'est disponible.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. |
Cloud | ||
|
2023-08-10 18:15:10 | CVE-2023-39959 (lien direct) | NextCloud Server fournit un stockage de données pour NextCloud, une plate-forme cloud open source.À partir de la version 25.0.0 et avant les versions 25.0.9, 26.0.4 et 27.0.1, les utilisateurs non authentifiés pourraient envoyer une demande DAV qui révèle si un calendrier ou un carnet d'adresses avec l'identifiant donné existe pour la victime.Les versions NextCloud Server 25.0.9, 26.0.4 et 27.0.1 et NextCloud Enterprise Server Versions 25.0.9, 26.0.4 et 27.0.1 contiennent un correctif pour ce numéro.Aucune solution de contournement connue n'est disponible.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. |
Cloud | ||
|
2023-08-10 18:15:10 | CVE-2023-39963 (lien direct) | NextCloud Server fournit un stockage de données pour NextCloud, une plate-forme cloud open source.À partir de la version 20.0.0 et avant les versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1, une confirmation de mot de passe manquante a permis un attaquant un attaquant, après avoir réussi à voler une session à un utilisateur connecté, pour créer des mots de passe d'applications pour la victime.Versions NextCloud Server 25.0.9, 26.0.4 et 27.0.1 et NextCloud Enterprise Server Versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1 Contiennent un correctif pour ce problème.Aucune solution de contournement connue n'est disponible.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully stealing a session from a logged in user, to create app passwords for the victim. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. |
Cloud | ||
|
2023-08-10 18:15:10 | CVE-2023-39962 (lien direct) | NextCloud Server fournit un stockage de données pour NextCloud, une plate-forme cloud open source.À partir de la version 19.0.0 et avant les versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1, un utilisateur malveillantpourrait supprimer tout stockage externe personnel ou global, ce qui les rend également inaccessibles pour tout le monde.Versions NextCloud Server 25.0.9, 26.0.4 et 27.0.1 et NextCloud Enterprise Server Versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1 contiennent un correctif pour ce problème.En tant que solution de contournement, désactivez l'application Files_external.Cela rend également le stockage externe inaccessible mais conserve les configurations jusqu'à ce qu'une version corrigée soit déployée.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. |
Cloud | ||
|
2023-08-10 18:15:09 | CVE-2023-39958 (lien direct) | NextCloud Server fournit un stockage de données pour NextCloud, une plate-forme cloud open source.À partir de la version 22.0.0 et avant les versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1, la protection manquante permet à un attaquant de forcer brute les secrets clients des clients configurés OAuth2.Les versions NextCloud Server 25.0.9, 26.0.4 et 27.0.1 et NextCloud Enterprise Server Versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4 et 27.0.1 contiennent un correctif pour ce problème.Aucune solution de contournement connue n'est disponible.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. |
Cloud | ||
|
2023-08-10 16:44:00 | Emerging Attaper Exploit: Microsoft Cross-Renant Synchronisation Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization (lien direct) |
Les attaquants continuent de cibler les identités Microsoft pour accéder aux applications Microsoft connectées et aux applications SAAS fédérées.De plus, les attaquants continuent de progresser leurs attaques dans ces environnements, non pas en exploitant les vulnérabilités, mais en abusant de la fonctionnalité native de Microsoft pour atteindre leur objectif.Le groupe d'attaquant Nobelium, lié aux attaques de Solarwinds, a été
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been |
Cloud | Solardwinds | ★★ |
|
2023-08-10 15:15:09 | CVE-2023-39955 (lien direct) | Notes est une application de prise de notes pour NextCloud, une plate-forme cloud open source.À partir de la version 4.4.0 et avant la version 4.8.0, lors de la création d'un fichier de notes avec HTML, le contenu est rendu dans l'aperçu au lieu que le fichier soit proposé à télécharger.NextCloud Remarques La version 4.8.0 contient un correctif pour le problème.Aucune solution de contournement connue n'est disponible.
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available. |
Cloud | ||
|
2023-08-10 15:15:09 | CVE-2023-39954 (lien direct) | User_OIDC fournit le backend utilisateur OIDC Connect pour NextCloud, une plate-forme cloud open source.À partir de la version 1.0.0 et avant la version 1.3.3, un attaquant qui a obtenu au moins l'accès en lecture à un instantané de la base de données peut usurrer le serveur NextCloud vers des serveurs liés.User_OIDC 1.3.3 contient un patch.Aucune solution de contournement connue n'est disponible.
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available. |
Cloud | ||
|
2023-08-10 14:15:15 | CVE-2023-39952 (lien direct) | NextCloud Server fournit un stockage de données pour NextCloud, une plate-forme cloud open source.À partir de la version 22.0.0 et avant les versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3 et 27.0.1, un utilisateur peut accéder à des fichiers à l'intérieur d'un sous-dossier d'un groupe de groupe accessible,Même si les autorisations avancées bloqueraient l'accès au sous-dossier.Les versions NextCloud Server 25.0.8, 26.0.3 et 27.0.1 et NextCloud Enterprise Server Versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3 et 27.0.1 contiennent un correctif pour ce problème.Aucune solution de contournement connue n'est disponible.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available. |
Cloud | ||
|
2023-08-10 14:15:15 | CVE-2023-39953 (lien direct) | User_OIDC fournit le backend utilisateur OIDC Connect pour NextCloud, une plate-forme cloud open source.À partir de la version 1.0.0 et avant la version 1.3.3, la vérification manquante de l'émetteur aurait permis à un attaquant d'effectuer une attaque de l'homme au milieu de retour corrompu ou connu auquel ils ont également accès.User_OIDC 1.3.3 contient un patch.Aucune solution de contournement connue n'est disponible.
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available. |
Cloud | ||
 |
2023-08-10 13:00:20 | Deloitte sauvegarde le cycle de vie du développement du logiciel Deloitte Safeguards Software Development Lifecycle (lien direct) |
> Palo Alto Networks et Deloitte ont une nouvelle offre SSDL pour renforcer les environnements cloud des clients avec des mesures de sécurité améliorées du code au cloud.
>Palo Alto Networks and Deloitte have a new SSDL offering to reinforce customers\' cloud environments with enhanced security measures from code to cloud. |
Cloud | Deloitte | ★★ |
|
2023-08-10 10:00:00 | Les systèmes Mac se sont transformés en nœuds de sortie proxy par adcharge Mac systems turned into proxy exit nodes by AdLoad (lien direct) |
This blog was jointly written by Fernando Martinez Sidera and Ofer Caspi, AT&T Alien Labs threat intelligence researchers.
Executive summary
AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.
Key takeaways:
AdLoad malware is still present and infecting systems, with a previously unreported payload.
At least 150 samples have been observed in the wild during the last year.
AT&T Alien Labs has observed thousands of IPs behaving as proxy exit nodes in a manner similar to AdLoad infected systems. This behavior could indicate that thousands of Mac systems have been hijacked to act as proxy exit nodes.
The samples analyzed in this blog are unique to MacOS, but Windows samples have also been observed in the wild.
Analysis
AdLoad is one of several widespread adware and bundleware loaders currently impacting macOS. The OSX malware has been present since 2017, with big campaigns in the last two years as reported by SentinelOne in 2021 and Microsoft in 2022. As stated in Microsoft’s report on UpdateAgent, a malware delivering AdLoad through drive-by compromise, AdLoad redirected users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results with a Person-in-The-Middle (PiTM) attack.
These two previous campaigns, together with the campaign described in this blog, support the theory that AdLoad could be running a pay-per-Install campaign in the infected systems.
The main purpose of the malware has always been to act as a downloader for subsequent payloads.
It has been identified delivering a wide range of payloads (adware, bundleware, PiTM, backdoors, proxy applications, etc.) every few months to a year, sometimes conveying different payloads depending on the system settings such as geolocation, device make and model, operating system version, or language settings, as reported by SentinelOne.
In all observed samples, regardless of payload, they report an Adload server during execution on the victim’s system.
This beacon (analyzed later in Figure 3 & 4) includes system information in the user agent and the body, without any relevant response aside from a 200 HTTP response code.
This activity probably represents AdLoad\'s method of keeping count of the number of infected systems, supporting the pay-per-Install scheme.
AT&T Alien Labs™ has observed similar activity in our threat analysis systems throughout the last year, with the AdLoad malware being installed in the infected systems. However, Alien Labs is now observing a previously unreported payload being delivered to the victims. The payload corresponds to a proxy application, converting its targets into proxy exit nodes after infection. As seen in Figure 1, the threat actors behind this campaign have been very active since the beginning of 2022.
Figure 1. Histogram of AdLoad samples identified by Alien Labs.
The vast numb |
Spam Malware Threat Cloud | APT 32 | ★★ |
|
2023-08-09 21:33:00 | Sweet Security atterrit 12 millions de dollars de financement de semences pour changer de sécurité cloud à droite Sweet Security Lands $12M in Seed Funding to Shift Cloud Security Right (lien direct) |
This blog was jointly written by Fernando Martinez Sidera and Ofer Caspi, AT&T Alien Labs threat intelligence researchers.
Executive summary
AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.
Key takeaways:
AdLoad malware is still present and infecting systems, with a previously unreported payload.
At least 150 samples have been observed in the wild during the last year.
AT&T Alien Labs has observed thousands of IPs behaving as proxy exit nodes in a manner similar to AdLoad infected systems. This behavior could indicate that thousands of Mac systems have been hijacked to act as proxy exit nodes.
The samples analyzed in this blog are unique to MacOS, but Windows samples have also been observed in the wild.
Analysis
AdLoad is one of several widespread adware and bundleware loaders currently impacting macOS. The OSX malware has been present since 2017, with big campaigns in the last two years as reported by SentinelOne in 2021 and Microsoft in 2022. As stated in Microsoft’s report on UpdateAgent, a malware delivering AdLoad through drive-by compromise, AdLoad redirected users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results with a Person-in-The-Middle (PiTM) attack.
These two previous campaigns, together with the campaign described in this blog, support the theory that AdLoad could be running a pay-per-Install campaign in the infected systems.
The main purpose of the malware has always been to act as a downloader for subsequent payloads.
It has been identified delivering a wide range of payloads (adware, bundleware, PiTM, backdoors, proxy applications, etc.) every few months to a year, sometimes conveying different payloads depending on the system settings such as geolocation, device make and model, operating system version, or language settings, as reported by SentinelOne.
In all observed samples, regardless of payload, they report an Adload server during execution on the victim’s system.
This beacon (analyzed later in Figure 3 & 4) includes system information in the user agent and the body, without any relevant response aside from a 200 HTTP response code.
This activity probably represents AdLoad\'s method of keeping count of the number of infected systems, supporting the pay-per-Install scheme.
AT&T Alien Labs™ has observed similar activity in our threat analysis systems throughout the last year, with the AdLoad malware being installed in the infected systems. However, Alien Labs is now observing a previously unreported payload being delivered to the victims. The payload corresponds to a proxy application, converting its targets into proxy exit nodes after infection. As seen in Figure 1, the threat actors behind this campaign have been very active since the beginning of 2022.
Figure 1. Histogram of AdLoad samples identified by Alien Labs.
The vast numb |
Cloud | ★ | |
|
2023-08-09 19:26:08 | Les écoles sont plus à risque de cyberattaques que jamais auparavant & # 8211;Nouveau rapport de cybersécurité K-12 Schools are at a Greater Risk for Cyber Attacks Than Ever Before – New K-12 Cybersecurity Report (lien direct) |
Les écoles courent un plus grand risque de cyberattaques que jamais auparavant & # 8211;Nouveau rapport de cybersécurité K-12
Rapport de la société de sécurité du Cloud Zero Trust Edge Iboss et du projet à but non lucratif de l'éducation Tomorrow révèle que le manque de collaboration dans les écoles contribue à l'augmentation du cyber-risque.
Plus de 84% des chefs de district et des administrateurs conviennent que les écoles K-12 sont plus à risque de cyberattaques que jamais.
-
rapports spéciaux
Schools are at a Greater Risk for Cyber Attacks Than Ever Before – New K-12 Cybersecurity Report Report from Leading Zero Trust Edge Cloud Security Company iboss and education nonprofit Project Tomorrow Reveals Lack of Collaboration in Schools is Contributing to Increased Cyber Risk. More than 84% of District Leaders and Administrators Agree That K-12 Schools are at a Higher Risk for Cyber Attacks than Ever Before. - Special Reports |
Cloud | ★★ | |
|
2023-08-09 17:15:09 | CVE-2023-39531 (lien direct) | Sentry est une plate-forme de suivi des erreurs et de surveillance des performances.À partir de la version 10.0.0 et avant la version 23.7.2, un attaquant avec des exploits côté client suffisants pourrait récupérer un jeton d'accès valide pour un autre utilisateur lors de l'échange de jetons OAuth en raison d'une validation d'identification incorrecte.L'ID client doit être connu et l'application API doit déjà avoir été autorisée sur le compte utilisateur ciblé.Les clients Sentry SaaS n'ont pas besoin de prendre aucune mesure.Les installations auto-hébergées doivent passer à la version 23.7.2 ou plus.Il n'y a pas de contournement direct, mais les utilisateurs doivent examiner les applications autorisées sur leur compte et en supprimer qui ne sont plus nécessaires.
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. There are no direct workarounds, but users should review applications authorized on their account and remove any that are no longer needed. |
Cloud | ||
|
2023-08-09 16:26:00 | Sweet Security débute la gestion de l'exécution pour le cloud Sweet Security Debuts Runtime Management for Cloud (lien direct) |
Les outils de détection existants fournissent des fonctionnalités limitées ou sont optimisées pour le cloud, affirme les startups israéliennes.
Existing detection tools either provide limited functionality or aren\'t optimized for the cloud, Israeli startup claims. |
Tool Cloud | ★★ | |
 |
2023-08-09 13:00:00 | Étendre la détection et la réponse des nuages avec Sysdig et Cybearon Extend Cloud Detection and Response with Sysdig and Cybereason (lien direct) |
|
Cloud | ★★ | |
|
2023-08-09 12:45:00 | Contrôlant les lacunes de la couverture où les ressources des clients répondent aux environnements cloud Closing Coverage Gaps Where Customer Resources Meet Cloud Environments (lien direct) |
La protection des espaces où les nuages privés, publics et hybrides rencontrent les technologies des utilisateurs \\ 'nécessite une approche centrée sur le cloud.
Protecting the spaces where private, public, and hybrid clouds meet users\' technologies requires a cloud-centric approach. |
Cloud | ★★ | |
|
2023-08-09 07:48:15 | Rubrik acquiert Laminar (lien direct) | Rubrik acquiert le leader du DSPM Laminar pour accélérer la sécurité des données dans le cloud Avec cette acquisition, le spécialiste de la sécurité des données Zéro Trust veut unifier la sécurité des données au sein de l'entreprise, du cloud et du SaaS afin d'assurer la cyber-résilience. Rubrik annonce une intention d'ouverture d'un nouveau centre R&D en Israël avec Laminar pour stimuler l'innovation en matière de cybersécurité. - Business | Cloud | ★★ | |
|
2023-08-09 03:15:43 | CVE-2023-39341 (lien direct) | "FFRI Yarai", "FFRI Yarai Home and Business Edition" et leurs produits OEM gèrent mal les conditions exceptionnelles, ce qui peut conduire à un état de déni de service (DOS).
Les produits et versions affectés sont les suivants: FFRI YARAI Versions 3.4.0 à 3.4.6 et 3.5.0, FFRI Yarai Home and Business Edition version 1.4.0, Infotrace Mark II Malware Protection (Mark II Zerona) Versions 3.0.1 à 3.2.2, Versions Zerona / Zerona Plus 3.2.32 à 3.2.36, ActSecure?Versions 3.4.0 à 3.4.6 et 3.5.0, Dual SAFED PORTÉE PAR FFRI YARAI Version 1.4.1, EDR Plus Pack (versions FFRI YARAI FFRI 3.4.0 à 3.4.6 et 3.5.0) et Edr Plus Pack Cloud(Versions FFRI Yarai groupées 3.4.0 à 3.4.6 et 3.5.0).
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0). |
Malware Cloud | ||
 |
2023-08-09 00:33:56 | GCP-2023-025 (lien direct) | Publié: | Cloud | ★ | |
|
2023-08-09 00:19:18 | Les 5 principales certifications de sécurité cloud neutres du fournisseur de 2023 The Top 5 Vendor-Neutral Cloud Security Certifications of 2023 (lien direct) |
Tous les segments du marché du cloud devraient voir la croissance en 2023, selon des recherches de Gartner.Dans un communiqué de presse en avril, l'entreprise prévoit que les dépenses mondiales sur les services de cloud public dépasseront 21% cette année, totalisant 597,3 milliards de dollars au total en 2023. Cela augmente plus de 100 milliards de dollars par rapport à 491 milliards de dollars.«Les organisations considèrent aujourd'hui le cloud comme une plate-forme très stratégique pour la transformation numérique, ce qui oblige les fournisseurs de cloud à offrir des capacités plus sophistiquées à mesure que la concurrence pour les services numériques se réchauffe», note Sid Nag, vice-président analyste chez Gartner ...
All segments of the cloud market are predicted to see growth in 2023, according to research by Gartner. In an April Press Release, the firm forecasts that global spending on public cloud services will exceed 21% this year, totaling $597.3 billion overall in 2023. This is up over $100 billion from last year\'s (mere) $491 billion. “Organizations today view cloud as a highly strategic platform for digital transformation, which is requiring cloud providers to offer more sophisticated capabilities as the competition for digital services heats up,” notes Sid Nag, Vice President Analyst at Gartner... |
Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
