What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-09-27 05:00:29 | Une perspective CISO sur les menaces d'identité A CISO Perspective on Identity Threats (lien direct) |
Compromised credentials and commandeered accounts can act as skeleton keys for your networks and corporate systems. With such a potentially lucrative reward on offer, cyber criminals are increasingly focusing their attacks on your identities to unleash data exfiltration, take over IT environments and launch ransomware attacks. To gain a deeper understanding of how industry leaders are tackling this shift in the threat landscape, I recently participated in a webinar led by Proofpoint executives Tim Choi, group vice president of product marketing, and Ofer Israeli, group vice president and general manager, Identity Threat Defense. We discussed why identity attacks are a growing problem, the challenges of identifying vulnerable users, and how to protect people and data from attacks that use compromised accounts. The ease that compromised identities offer Our industry uses the term “people-centric” a lot. We know that attackers target people so they can launch ransomware campaigns or exfiltrate data. But for today\'s cyber criminals, that is no longer the end of the matter. Threat actors now target people to compromise identities. They use those identities to further elevate their access and privileges. And they, they make lateral moves within organizations to gain intel, launch further attacks and steal more data. Thanks to tools like Mimikatz and Bloodhound that can identify hidden relationships, user permissions and attack paths, the whole process of targeting identities, stealing credentials and escalating privileges is now very simple. Understanding high-risk identities Malicious actors need to know two things to increase the chances of a successful attack: where the data is that they want, and which identity will give them access to it. Most of the time, the answer to the latter is a service account. These accounts are not always protected in a privileged access management solution. They often have access to many different files and systems with static passwords that can do nothing. Regular users who are shadow administrators are also very high-risk identities. They\'re not usually marked as privileged but have often inherited all kinds of access through complicated Active Directory group memberships, which are very hard to follow. Where are organizations most vulnerable to identity attacks? Most organizations have struggled with identity and access management (IAM) for many years. Access has a way of becoming a living, breathing organism, so security teams need to make sure they understand what\'s going on with it. There are three main areas of concern: Shared credentials Stored credentials Shared secrets Most users will have tens, if not hundreds, of usernames and passwords across various accounts. And they are likely reusing credentials across at least some of them. All it takes is for just one site to suffer an attack, and those credentials can be sprayed across many more accounts and systems. When it comes to password storage, businesses must be extremely careful. Get them out of the environment they are used in as a starting point. Unfortunately, many identity attacks originate from drive-by hacking, where cyber criminals get credentials from password dumps or data breaches and try their luck, password spraying across corporate accounts. Protecting your identities Cybersecurity is like an asynchronous war. And by the time we\'ve built a new control or defense mechanism, the bad guys have figured out a new way to circumvent it. That is what\'s happening right now. There are plenty of statistics to confirm that even in the largest breaches, threat actors get in right through the front door. How? Because they gain access to a shared credential and identity that has more access than anyone at the target organization was aware it had. Fundamentally, it is a hygiene issue. We\'re all guilty of getting caught up in new, fancy rocket-science security capabilities. But we\'re missing some of the basics. That\'s simp | Ransomware Tool Threat | ★★★ | |
 |
2023-09-26 13:00:00 | Windows 11 22H2 ajoute un gestionnaire dekekey intégré pour Windows Hello Windows 11 22H2 adds a built-in passkey manager for Windows Hello (lien direct) |
La mise à jour Windows 11 d'aujourd'hui comprend plusieurs améliorations de sécurité, y compris un nouveau tableau de bord de gestion de Passkeys conçu pour aider les utilisateurs à passer plus facilement sans mot de passe et à des outils pour réduire la surface d'attaque.[...]
Today\'s Windows 11 update includes several security improvements, including a new passkeys management dashboard designed to help users go passwordless more easily and tools to reduce the attack surface. [...] |
Tool | ★★ | |
|
2023-09-26 12:24:36 | Tendances modernes pour les menaces et risques d'initiés Modern Trends for Insider Threats and Risks (lien direct) |
«Les pirates externes sont la seule menace pour les actifs de l'entreprise» - McKinsey a à juste titre appelé cette affirmation comme un mythe en 2017.\\ est dans le paysage des menaces externes. Pendant trop longtemps, la communauté de la cybersécurité a surestimé (et trop dépensé) sur l'acteur de menace externe.Pourtant, maintes et maintes fois, nous voyons des cas où le risque d'initié devient une menace d'initiés et entraîne des résultats indésirables.Mais nous continuons à passer du temps, de l'argent et des efforts pour sécuriser les applications, les actifs et les données sans considérer les risques que les personnes qui accèdent à ces choses peuvent présenter. Lorsque vous pensez au chemin qu'une menace d'initié emprunte à travers la chaîne d'attaque, il est clair qu'il devrait y avoir des moyens pour empêcher les risques d'initiés d'évoluer en menaces d'initiés.Ces mesures peuvent inclure: Ajout de plus de couches d'accès Nécessitant plus de niveaux d'authentification Demander plus d'approbations dans le processus de partage des données En utilisant d'autres dissuasions, que ce soit le numérique ou la politique Et lorsqu'une menace d'initié échappe à la détection et n'est pas bloquée, nous devons nous appuyer sur la technologie pour la détection et la réponse des menaces d'identité.Les solutions avec ces capacités peuvent rechercher la persistance, la collecte d'informations, le mouvement latéral, l'escalade des privilèges et d'autres signes selon lesquels une menace d'initié essaie activement de renverser les processus et les contrôles de sécurité. Nous avons toujours la possibilité d'arrêter un événement de menace d'initié lorsque les données sont mises en scène et exfiltrées, ou lorsqu'un autre impact est imminent.Mais nous devons également faire ce qu'il faut pour fournir la vue la plus complète sur ce que les gens font dans l'écosystème numérique de l'entreprise.Cela aidera à empêcher les risques d'initiés de se transformer en menaces d'initiés actives. Un paysage changeant avec de nouvelles tendances dans les menaces d'initiés L'incertitude économique crée de nouveaux scénarios pour les menaces d'initiés.Cela amplifie également certains préexistants.Des événements de changement majeurs pour des entreprises telles que les fusions et les acquisitions, les désinvestissements, les nouveaux partenariats et les licenciements permettent aux risques d'initiés de devenir des menaces d'initiés.Il existe de nombreux exemples d'employés mécontents causant des dommages après avoir quitté une entreprise (ou avant).Et les employés tentés par de «meilleures» opportunités peuvent présenter un risque continu d'exfiltration de données. Une nouvelle tendance: des menaces d'initiés qui n'ont pas besoin d'un initié pour mettre en scène des données pour l'exfiltration.Les parties externes, y compris les pourvoyeurs de l'espionnage d'entreprise, payent plutôt l'accès.Nous avons vu des cas, comme le programme AT & amp; T «déverrouiller», où les employés recrutés par de mauvais acteurs recruteront ensuite d'autres dans l'entreprise pour s'engager dans une activité néfaste.Et nous avons vu des cas tels que le cas de menace d'initié Cisco - où les employés détruiront une infrastructure d'une entreprise pour des raisons malveillantes. L'émergence d'une IA générative souligne en outre la nécessité de modifier l'approche traditionnelle «extérieure» de la sécurité.Le blocage de l'utilisation d'outils comme Chatgpt, Bard AI de Google \\, Microsoft Copilot et autres n'est pas réaliste, car de nombreuses entreprises dépendront de l'IA générative pour les gains de productivité.Les initiés qui sont imprudents de protéger les données internes lors de l'utilisation de ces plates-formes hébergées sont un risque.L'atténuation de ce risque nécessitera la mise en œuvre d'un éventail de contrôles.(Il existe déjà des moyens de sauvegarder vos données dans une IA générative comme ChatGpt et d'autres plates-fo | Tool Threat | ChatGPT ChatGPT | ★★ |
 |
2023-09-26 10:00:00 | Fortifier votre réseau sans fil: un guide complet pour se défendre contre les attaques sans fil Fortifying your wireless network: A comprehensive guide to defend against wireless attacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our increasingly interconnected world, wireless networks have become the lifeblood of modern communication and productivity. However, this convenience comes with a price – the heightened risk of wireless attacks. In this in-depth blog, we will delve into the technical intricacies of safeguarding your network against wireless threats. Armed with this knowledge, you can confidently defend your wireless infrastructure against potential attackers. Before we embark on a journey to strengthen our defenses, it\'s crucial to comprehend the various forms of wireless attacks that pose a threat: Rogue access points (APs): Malicious actors may set up rogue APs to mimic legitimate networks, luring unsuspecting users into connecting to them. Man-in-the-Middle (MitM) attacks: In MitM attacks, attackers intercept and manipulate communications between two parties, often operating undetected. Evil twin attacks: Evil twin attacks are akin to rogue APs but more sinister. Attackers create duplicate networks to deceive users, potentially leading to data theft or credential compromise. Password cracking: Cybercriminals employ various techniques, including brute force and dictionary attacks, to crack Wi-Fi passwords. Deauthentication attacks: These attacks forcefully disconnect users from a Wi-Fi network, causing disruption and creating opportunities for data capture. Comprehensive strategies to protect against wireless attacks: Encryption: WPA3 security: Implement the latest WPA3 security protocol, which offers robust encryption and protection against brute-force attacks. AES encryption: Embrace AES (Advanced Encryption Standard) for data encryption, steering clear of weaker protocols like WEP (Wired Equivalent Privacy). Secure authentication: Strong passwords: Enforce complex, lengthy passwords for your Wi-Fi network. Two-factor authentication (2FA): Enable 2FA for network access to add an extra layer of security. Network segmentation: Divide your network into segments, each with its security controls, to contain potential breaches and restrict lateral movement within your infrastructure. Guest networks: Isolate guest devices from the primary network, limiting access to sensitive resources. VLANs (Virtual LANs): Deploy VLANs to segment network traffic, preventing lateral movement by attackers. Regular firmware updates: Keep your router and wireless devices\' firmware up to date to patch vulnerabilities and enhance overall security. Intrusion detection systems (IDS) and intrusion prevention systems (IPS): Deploy IDS/IPS to monitor network traffic for suspicious activity and block potential threats. Rogue AP detection: Employ specialized tools to detect rogue access points and take appropriate action when identified. Wireless intrusion prevention system (WIPS): Invest in WIPS solutions to actively defend against unauthorized access and attacks. Wi-Fi protected setup (WPS): Disable WPS, as it is susceptible to brute-force attacks. MAC address filtering: Although not foolproof, MAC address filtering can add an extra layer of protection by allowing only trusted devices to connect. EAP-TLS authentication: Implement EAP-TLS | Tool Vulnerability Guideline | ★★★ | |
|
2023-09-26 05:00:51 | Zenrat: les logiciels malveillants apportent plus de chaos que de calme ZenRAT: Malware Brings More Chaos Than Calm (lien direct) |
Key Takeaways Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. The malware is specifically targeting Windows users and will redirect people using other hosts to a benign webpage. At this time, it is unknown how the malware is being distributed. The malware is a modular remote access trojan (RAT) with information stealing capabilities. Overview Proofpoint Emerging Threats often receives tips from the community leading to the investigation and detection of novel malware. On 10 August 2023, Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes shared a malware sample that was being distributed as a part of a Windows software installation package. The sample was initially discovered on a website pretending to be associated with Bitwarden, bitwariden[.]com, a very convincing lookalike to the real bitwarden.com. Packaged with a standard Bitwarden installation package is a malicious .NET executable that we have dubbed “ZenRAT”. At this time, it is unknown how the malware is being distributed, however historic activities that have masqueraded as fake software installers have been delivered via SEO Poisoning, adware bundles, or via email. Figure 1: Fake Bitwarden website, bitwariden[.]com. bears a remarkable resemblance in theme with bitwarden.com. It is uncertain as to how traffic is being directed to this domain. Specifically Targeting Windows Users The malicious website only displays the fake Bitwarden download if a user accesses it via a Windows host. If a non-Windows user attempts to navigate to this domain, the page changes to something entirely different. Figure 2: If a non-Windows user attempts to visit the malicious website, they are instead redirected to a cloned opensource.com article. This screen capture was taken using Mozilla Firefox on Ubuntu 22.04. The website instead masquerades as the legitimate website “opensource.com”, going so far as to clone an article from Opensource.com by Scott Nesbitt, about the Bitwarden password manager. Additionally, if Windows users click download links marked for Linux or MacOS on the Downloads page, they are instead redirected to the legitimate Bitwarden site, vault.bitwarden.com. Clicking the Download button or the Desktop installer for Windows download button results in an attempt to download Bitwarden-Installer-version-2023-7-1.exe. This payload is hosted on the domain crazygameis[.]com, which as of this writing no longer appears to be hosting the payload: Figure 3: When Windows users click either the Download button or the desktop installer for Windows option, a request is made to crazygameis[.]com to retrieve the malicious Bitwarden installer. The domain registrar for both domains appears to be NiceNIC International Group, while the sites themselves appear to be hosted on Cloudflare. Installer Details The malicious installer, Bitwarden-Installer-version-2023-7-1.exe appears to have been first reported on VirusTotal on 28 July 2023, under a different name CertificateUpdate-version1-102-90. Figure 4: So far, the installer sample has been seen twice in relatively close proximity under two entirely different names. Looking at the details of the installer, we can see that the digital signature is not valid, but more interestingly, the installer is claiming to be Piriform\'s Speccy – a software application for gathering system specifications. Figure 5: The file metadata for the malicious bitwarden installer claims that it is Speccy, an application that is used to gather information (specs) about the system on which the application is run. Not only that, the installer claims that it is signed by Tim Kosse, an open-source software developer most well-known for the Filezilla FTP/SFTP software. Figure 6: In addition to the questionable file properties, the installer has an invalid digital signature, and claims to have been signed by Tim Kosse, an open-source developer most well-k | Malware Tool Threat | ★★ | |
 |
2023-09-26 02:59:24 | 10 meilleurs podcasts de cybersécurité Best 10 Cybersecurity Podcasts (lien direct) |
L'industrie de la cybersécurité est celle dans laquelle rester dans la boucle sur les développements récents est incroyablement important.Étant donné que les technologies, les conditions de l'industrie et le paysage des menaces changent si fréquemment, il peut être difficile de rester à jour sur les nouvelles, les pratiques standard et les menaces importantes.Les articles écrits peuvent être d'une grande aide dans cette entreprise, mais un autre excellent outil est le vaste domaine des podcasts de cybersécurité.De nombreux experts et organisations de l'industrie produisent des podcasts pour informer le public et faciliter une meilleure compréhension des sujets importants de la cybersécurité.Blueprint Blueprint est un ...
The cybersecurity industry is one in which staying in the loop on recent developments is incredibly important. Because technologies, industry conditions, and the threat landscape all change so frequently, it can be difficult to remain up to date on news, standard practices, and significant threats. Written articles can be of great help in this endeavor, but another great tool is the vast realm of cybersecurity podcasts. Many industry experts and organizations produce podcasts to inform audiences and facilitate a greater understanding of important cybersecurity topics. Blueprint Blueprint is a... |
Tool Threat | ★★ | |
 |
2023-09-25 18:37:07 | Spyware du Predator: Les téléphones à la tournure de prédateur silencieux en outils de surveillance (avec vidéo) Predator Spyware: The Silent Predator Turning Phones Into Surveillance Tools (with video) (lien direct) |
Ne vous demandez-vous pas à quel point votre smartphone est en sécurité?Dans un monde où les gouvernements semblent accélérer
Don’t you ever wonder how safe your smartphone really is? In a world where governments seem to be ramping up |
Tool | ★★ | |
 |
2023-09-25 18:35:00 | L'armée ukrainienne ciblée dans la campagne de phishing tirant parti des manuels de drones Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (lien direct) |
Les entités militaires ukrainiennes sont la cible d'une campagne de phishing qui tire parti des manuels de drones comme des leurres pour livrer une boîte à outils après l'exploitation open source d'Open basée sur GO appelée Merlin.
"Depuis que les drones ou les véhicules aériens sans pilote (UAV) ont été un outil intégré utilisé par l'armée ukrainienne, les fichiers de leurre de logiciels malveillants sur le thème car les manuels de service UAV ont commencé à faire surface", a déclaré les chercheurs de Securonix
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den |
Tool | ★★★ | |
|
2023-09-25 17:11:00 | Regardez le webinaire - AI vs AI: exploitation des défenses de l'IA contre les risques alimentés par l'IA Watch the Webinar - AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks (lien direct) |
L'IA générative est une épée à double tranchant, s'il y en a jamais eu une.Il existe un large accord que des outils comme Chatgpt libèrent des vagues de productivité dans l'entreprise, de l'informatique, de l'expérience client, de l'ingénierie.C'est une part d'une part.
À l'autre extrémité de ce match d'escrime: risque.Des fuites IP et des risques de confidentialité des données à l'autonomisation des cybercriminels avec des outils d'IA, une IA générative
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That\'s on the one hand. On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI |
Tool | ChatGPT ChatGPT | ★★ |
 |
2023-09-25 15:44:20 | Comment le culte de la vache morte prévoit de sauver Internet How the Cult of the Dead Cow plans to save the internet (lien direct) |
> Le "SuperGroup de piratage original" essaie de concevoir des outils pour reconstruire Internet à partir de zéro.
>The "original hacking supergroup" is trying to design tools to rebuild the internet from the ground up. |
Tool | ★★ | |
 |
2023-09-25 13:00:32 | La ville de Kamloops protège les données et les réseaux de la ville avec un logiciel de point de contrôle The City of Kamloops Protects City Data and Networks with Check Point Software (lien direct) |
> Vérifier le point de l'harmonie par e-mail & # 38;La collaboration a réussi à bloquer plus de 14 000 e-mails de phishing sur les serveurs Kamloops \\ 'qui ont échappé au compromis de l'e-mail commercial de protection par e-mail est un type d'attaque de phishing de lance dans lequel les cybercriminels utilisent des outils commerciaux pour inciter les utilisateurs à leur envoyer de l'argent.Selon le Federal Bureau of Investigation, BEC a coûté aux organisations du monde entier plus de 10 milliards de dollars de pertes en 2022. Check Point Software Technologies s'associe à la ville de Kamloops, en Colombie-Britannique.Pour empêcher les cyberattaques de compromis par courrier électronique d'entreprise (BEC), tout en ajoutant une couche supplémentaire de protection à l'infrastructure de cybersécurité de la ville.Avec près de 100 000 [& # 8230;]
>Check Point Harmony Email & Collaboration successfully blocked over 14,000 phishing emails on Kamloops\' servers that evaded the previous email protection Business email compromise is a type of spear phishing attack in which cyber criminals use business tools to trick users into sending them money. According to the Federal Bureau of Investigation, BEC cost organizations around the world more than $10 billion in losses in 2022. Check Point Software Technologies is partnering with the City of Kamloops, B.C. to prevent business email compromise (BEC) cyberattacks, while adding an additional layer of protection to the city\'s cybersecurity infrastructure. With nearly 100,000 […] |
Tool | ★★ | |
 |
2023-09-25 11:00:00 | Les logiciels espions de votre boss pourraient former l'IA pour vous remplacer Your Boss\\'s Spyware Could Train AI to Replace You (lien direct) |
Les entreprises utilisent un logiciel pour surveiller les employés à grande échelle.Certains experts craignent les données que ces outils collectent pourraient être utilisées pour automatiser les gens de leur travail.
Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs. |
Tool | ★★★ | |
 |
2023-09-25 09:01:38 | Les incontournables à l\'adoption d\'un système de gestion (lien direct) | Les ERP sont des outils de gestion incontournables pour les professionnels. Néanmoins, des difficultés peuvent persister sur les ERP et influer sur la productivité des équipes lors de l'utilisation. Ainsi, d'ici 2025, 70 % des organisations utiliseront des solutions d'adoption numérique comme les plateformes d'adoption digitale, pour surmonter les difficultés d'adoption et d'expérience des utilisateurs sur les applications (1). Voici les grandes étapes qui faciliteront l'adoption d'un ERP. Trouver (...) - Points de Vue | Tool | ★★ | |
|
2023-09-25 08:33:10 | Trustée Connectivity Alliance publie un nouvel outil pour promouvoir l'interopérabilité des services basés sur ESIM Trusted Connectivity Alliance Releases New Tool to Promote Interoperability of eSIM-Based Services (lien direct) |
Trusta Connectivity Alliance (TCA) a publié un outil gratuit à utiliser pour promouvoir davantage le déploiement interopérable de services à valeur ajoutée basés sur SIM.Le nouvel outil Tcaloader permet aux opérateurs mobiles et aux développeurs d'applications de télécharger, d'installer et de gérer les applications sur l'UICC / EUICC pour tester l'interopérabilité entre différents déploiements.Cela soutient l'augmentation de la demande de l'industrie pour la prestation de divers services via la technologie ESIM. Comme l'outil a été testé largement (...)
-
nouvelles commerciales
Trusted Connectivity Alliance (TCA) has released a free to use tool to further promote the interoperable deployment of SIM-based value-added services. The new TCALoader tool enables mobile operators and application developers to download, install and manage applications on the UICC / eUICC to test interoperability across different deployments. This supports increasing industry demand for the delivery of various services through eSIM technology. As the tool has been extensively tested (...) - Business News |
Tool | ★★ | |
 |
2023-09-25 07:00:00 | Czkawka – Pour bien nettoyer votre disque dur de fond en comble (lien direct) | Découvrez **Czkawka**, un logiciel open-source et sans publicité pour supprimer les fichiers inutiles sur Linux, Windows et macOS. Doté d'algorithmes avancés, **Czkawka** offre une expérience rapide et efficace pour rechercher des fichiers en double, dossiers vides et fichiers temporaires. Retrouvez un système propre et ordonné grâce à cet outil indispensable. | Tool | ★★★★ | |
|
2023-09-25 05:00:10 | Comment la sécurité des e-mails gérée par la preuve aide à combler l'écart de talents de cybersécurité How Proofpoint Managed Email Security Helps Fill the Cybersecurity Talent Gap (lien direct) |
Talent shortages continue to plague the cybersecurity industry. Cyberseek.org reports that only 69% of cybersecurity jobs in the United States are staffed. Without the right talent, companies are at risk from attacks by threat actors. By 2025, Gartner predicts that talent shortages or human lapses will be at the root of over half of significant cyber incidents. Here\'s a rundown of some of today\'s biggest talent challenges faced by organizations: The impacts of the global cybersecurity skills shortage on businesses. (Source: “The Life and Times of Cybersecurity Professionals” by ISSA and Enterprise Strategy Group by TechTarget, 2023.) Challenges with recruiting and retaining security talent Email remains the go-to threat vector for many threat actors who target it to launch phishing scams, distribute malware, pursue business email compromise (BEC) campaigns, and more. BEC is an especially significant threat. In the 2023 State of the Phish report Proofpoint research showed that 75% percent of businesses experienced at least one BEC attack last year. Many businesses want to hire experienced email security professionals with extensive domain knowledge to help defend against BEC and other email-based threats. However, these professionals are hard to find in the hiring market. Email security professionals also need analytical and problem-solving skills. They need to translate identified threats and assessments into practical steps for remediation. In other words, the nature of the role is multidimensional, as it combines skill sets from email security and threat intelligence. Proofpoint Managed Email Threat Protection elevates email security As the threat landscape is dynamic, your organization\'s email management and incident response need to be a continuous process. Without an adequate supply of talent, how can businesses keep their email secure? Proofpoint Managed Email Threat Protection can help. As a co-managed service delivered by our email security and threat protection experts, it can help you fill gaps in your cybersecurity team. Here\'s what our expert team can offer: They can provide expertise in email security and threat protection Our experts deftly deploy and manage Proofpoint email security and threat protection products. They use a proactive approach to optimize your email system settings, rules and policies and update the latest threat intelligence. And they help to protect your business against emerging attack vectors and threat actors. “If I did not have [Proofpoint] Managed Services … I had said to my boss I would have to hire three skilled people, not entry-level people coming out of college.” - Information Security Director of a U.S. healthcare system and medical school with 20,000 users They can co-manage your daily email operations and provide staff continuity Attracting and retaining cyber talent are high priorities for security executives. But CISOs are expected to do more with less in these cautionary economic conditions. Amid these resource constraints, experts with Proofpoint can provide guidance and co-management of a company\'s daily email operations. Their support helps to foster operational stability. It reduces staffing needs and enhances cost-efficiency. “Massive value for dollars spent. We could only do one-third of the basic tasks you do, and we could not even conceptualize the strategic approach you take.” – CISO of a global equipment manufacturer with 35,000 users They can give valuable insights to your executives Our experts address email security gaps discovered during health checks. They provide configuration efficacy analysis, regular checkpoints and reports. This information adds transparency to your email security. It also empowers you and your leadership to monitor mitigations and gauge progress. “Proofpoint reports contain a lot of very useful information that helps us improve our operating performance. They give our nontechnical stakeholders a way to underst | Tool Threat Medical | ★★★ | |
|
2023-09-22 14:15:05 | Pirate «eminэm» Von Check Point Research Entlarvt Hacker „EMINэM“ von Check Point Research entlarvt (lien direct) |
Le pirate est derrière les cyberattaques avec un logiciel apparemment légitime dans EMEA et APAC.Recherche de point de contrôle (RCR), le département de recherche deVérifier Point & Reg;Software Technologies Ltd. (NASDAQ: CHKP), expose le pirate "Eminэm", qui est responsable des logiciels malveillants, les objectifs de la région EMEA et APAC se réunissentt.Le pirate diffuse le malware et Uuml; sur un logiciel apparemment légitime: Trojan à distance à distance (rat) et Guloader (égalementConnu sous le nom de Clouye et TheProtect) sont annoncés comme des outils légitimes.Cependant, ils sont utilisés dans de grandes formes de cyberattaques et régulièrement aux programmes malveillants les plus répandus.
-
malware
Der Hacker steckt hinter Cyberangriffen mit scheinbar legitimer Software in EMEA und APAC. Check Point Research (CPR), die Forschungsabteilung von Check Point® Software Technologies Ltd. (NASDAQ: CHKP), entlarvt den Hacker „EMINэM“, der sich für eine Malware verantwortlich zeichnet, die Ziele in der EMEA- und APAC-Region trifft. Der Hacker verbreitet die Malware über scheinbar legitime Software: Remcos Remote Access Trojan (RAT) und GuLoader (auch bekannt als CloudEyE und TheProtect) werden zwar vordergründig als legitime Tools beworben. Sie werden jedoch in großem Umfang für Cyberangriffe genutzt und zählen durchweg zu den am weitesten verbreiteten Schadprogrammen. - Malware |
Malware Tool | ★★ | |
|
2023-09-22 10:26:15 | ESET découvre que le groupe OilRig a déployé un nouveau malware sur des victimes israéliennes (lien direct) | ESET découvre que le groupe OilRig a déployé un nouveau malware sur des victimes israéliennes Vue d'ensemble de la chaîne de compromission spatiale d'OilRig • ESET Research a analysé deux campagnes menées par le groupe OilRig en 2021 (Outer Space) et 2022 (Juicy Mix). Ce groupe APT est aligné avec les intérêts de l'Iran. • Les opérateurs ont ciblé exclusivement des organisations israéliennes et compromettaient des sites Web israéliens légitimes afin de les utiliser comme centre de communications et de contrôle (C & C / C2). • Ils ont utilisé une nouvelle porte dérobée inédite dans chaque campagne : Solar in Outer Space, puis son successeur Mango in Juicy Mix. • Une grande variété d'outils a été déployée à la suite des compromissions. Ces outils ont été utilisés pour collecter des informations sensibles à partir des principaux navigateurs et du Gestionnaire de mots de passe de Windows. - Malwares | Malware Tool | APT 34 | ★★★ |
 |
2023-09-21 20:42:00 | \\ 'Gold Melody \\' Le courtier d'accès joue sur les serveurs non corrigées \\ 'Strings \\'Gold Melody\\' Access Broker Plays on Unpatched Servers\\' Strings (lien direct) |
Un acteur de menace à motivation financière utilise des vulnérabilités connues, des TTP ordinaires et des outils standard pour exploiter les non préparés, soulignant le fait que de nombreuses organisations ne se concentrent toujours pas sur les bases de la sécurité.
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don\'t focus on the security basics. |
Tool Threat | ★★★ | |
 |
2023-09-21 13:00:00 | La plupart des organisations souhaitent une consolidation des fournisseurs de sécurité Most organizations want security vendor consolidation (lien direct) |
> La cybersécurité est compliquée, pour dire le moins.Le maintien d'une forte posture de sécurité va bien au-delà de la connaissance des groupes d'attaque et de leurs TTPS sournois.La compréhension, la coordination et l'unification des outils de sécurité peuvent être difficiles.Nous avons rapidement traversé le & # 8220; pas si, mais quand & # 8221;étape des cyberattaques.Maintenant, il est courant que les entreprises aient subi plusieurs violations.[& # 8230;]
>Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. […] |
Tool | ★★★ | |
 |
2023-09-21 12:00:57 | Échec de l'adoption de la rouille grâce à la formation Scaling Rust Adoption Through Training (lien direct) |
Posted by Martin Geisler, Android team Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits: Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as confidence in the code quality and ease of code review. Security: There has been a reduction in memory safety vulnerabilities as we shift more development to memory safe languages. These positive early results provided an enticing motivation to increase the speed and scope of Rust adoption. We hoped to accomplish this by investing heavily in training to expand from the early adopters. Scaling up from Early Adopters Early adopters are often willing to accept more risk to try out a new technology. They know there will be some inconveniences and a steep learning curve but are willing to learn, often on their own time. Scaling up Rust adoption required moving beyond early adopters. For that we need to ensure a baseline level of comfort and productivity within a set period of time. An important part of our strategy for accomplishing this was training. Unfortunately, the type of training we wanted to provide simply didn\'t exist. We made the decision to write and implement our own Rust training. Training Engineers Our goals for the training were to: Quickly ramp up engineers: It is hard to take people away from their regular work for a long period of time, so we aimed to provide a solid foundation for using Rust in days, not weeks. We could not make anybody a Rust expert in so little time, but we could give people the tools and foundation needed to be productive while they continued to grow. The goal is to enable people to use Rust to be productive members of their teams. The time constraints meant we couldn\'t teach people programming from scratch; we also decided not to teach macros or unsafe Rust in detail. Make it engaging (and fun!): We wanted people to see a lot of Rust while also getting hands-on experience. Given the scope and time constraints mentioned above, the training was necessarily information-dense. This called for an interactive setting where people could quickly ask questions to the instructor. Research shows that retention improves when people can quickly verify assumptions and practice new concepts. Make it relevant for Android: The Android-specific tooling for Rust was already documented, but we wanted to show engineers how to use it via worked examples. We also wanted to document emerging standards, such as using thiserror and anyhow crates for error handling. Finally, because Rust is a new language in the Android Platform (AOSP), we needed to show how to interoperate with existing languages such as Java and C++. With those three goals as a starting point, we looked at the existing material and available tools. Existing Material Documentation is a key value of the Rust community and there are many great resources available for learning Rust. First, there is the freely available Rust Book, which covers almost all of the language. Second, the standard library is extensively documented. Because we knew our target audience, we could make stronger assumptions than most material found online. We created the course for engineers with at least 2–3 years of coding experience in either C, C++, or Java. This allowed us to move | Tool | ★★ | |
|
2023-09-21 10:08:29 | Quelle est la force de mon mot de passe?Un guide pour permettre à vos employés de définir des mots de passe solides How Strong Is My Password? A Guide to Enable Your Employees to Set Strong Passwords (lien direct) |
Have you seen the meme about needing to rename your dog now that your password has been stolen? We all have ways to make everyday tasks feel easy and comfortable-and setting up passwords for accounts and services often falls into this category. Many passwords are used daily, or multiple times in a day, so people want passwords that are easy to remember and fast to type. As security professionals, we recognize that password strength is a safeguard for personal and professional data. Weak passwords are more easily guessed or cracked. However, the question of "How strong is my password?" is often overlooked by the average person, like your employees. We might also recognize that password effectiveness is on a downward slope. Features like multifactor authentication (MFA) add a security layer, but people get frustrated with the additional task. Also, complex attacks such as MFA-bypass techniques and reverse proxy services such as EvilProxy can increasingly get past this account protection. It\'s essential for security professionals to continually evaluate and adapt newer approaches such as FIDO authentication and other passwordless methods. In this article, we will help you motivate your employees to do their part by providing effective strategies that will help them create stronger passwords and gauge their strength. Security consequences at work and home How do you explain the consequences of using a weak password? It\'s helpful to emphasize that employees might accidentally expose sensitive information that hurts them both professionally and personally. At work, a weak password might give access to office computers or the company network. The attackers can install malicious software (malware) which could lead to financial loss, data loss or data theft for your organization. Depending on the size and impact, this breach could negatively affect the company\'s health and reputation-and ultimately that person\'s job. At home, a weak password might give access to personal accounts such as banks, credit cards, emails and social media. This credential exposure could hurt not only the person but also their family members, colleagues or friends. For instance, threat actor getting into their Venmo account will see their personal credit card data and the history of transactions with people they know. We are creatures of habit, so the way you set work passwords at work is often the way you set personal passwords. It\'s natural for people to be most concerned about their home life, so there is great impact in relating the domino effect of password security. Four common mistakes of weak passwords Before you explain how to set a strong password, it\'s useful to share the common mistakes that people make in creating weak passwords. You can evaluate the weakness of a password by looking at whether it is personal, ordinary, simple and predictable. Here are four essential password “DON\'Ts”: Don\'t use identifying words. Avoid words that are personally identifying or publicly available such as your name, birthday, street address, email address or account username. Attackers can leverage a person\'s background and history for educated password guesses-especially if that attacker is someone who knows you. Don\'t use family words. For similar reasons, avoid names, numbers and dates that identify your children, animals or parents such as their age, name or birthday. Don\'t use real words. Avoid words that are straightforward or straight from the dictionary, such as “puppy” or “puppydog” or “puppy1.” Attackers can run software that processes every word in a dictionary to crack passwords. Don\'t use simple patterns. Avoid a string of characters that are consecutive numbers or a part of the alphabet, such as “1011121314” or “ghijklmn.” Attackers can run comprehensive lists of frequently used passwords to test against a password. In summary: A weak password uses personally identifying words, family dates or names, dictionary words, or simple character s | Tool Threat | ★★ | |
|
2023-09-21 10:00:00 | Au-delà du pare-feu: naviguer dans les défis de sécurité SaaS Beyond the firewall: Navigating SaaS security challenges (lien direct) |
Le contenu de ce post est uniquement la responsabilité de l'auteur. & nbsp;AT & amp; t n'adopte ni n'approuve aucune des vues, des positions ou des informations fournies par l'auteur dans cet article. & Nbsp; Introduction: À l'ère numérique d'aujourd'hui, les entreprises ont connu un changement profond dans leur fonctionnement.Les solutions logicielles en tant que service (SaaS) sont devenues l'épine dorsale de nombreuses organisations, offrant une flexibilité et une évolutivité.Alors que les pare-feu restent un élément essentiel de la cybersécurité, la sécurisation de vos actifs numériques dans le domaine SaaS est un défi à multiples facettes.Cet article explore pourquoi l'investissement dans un pare-feu n'est que le début de votre parcours de sécurité SaaS et offre un aperçu d'une approche holistique pour protéger votre paysage numérique. Le rôle vital du pare-feu \\: Les pare-feu sont les sentinelles de votre réseau, se gardant contre l'accès non autorisé, les logiciels malveillants et les menaces.Ils établissent un périmètre sécurisé autour de votre organisation, servant de défense initiale contre les dangers externes. Pourquoi les pare-feu seuls échouent à l'ère SaaS: Migration de cloud: Les applications SaaS prospèrent dans le cloud, offrant des avantages sans précédent.Cela signifie que vos données et opérations peuvent ne plus être confinées à votre réseau d'entreprise, ce qui rend la sécurité traditionnelle centrée sur le pare-feu moins efficace. Prolifération des points de terminaison: Le périmètre de réseau traditionnel s'est dissous car les employés utilisent divers appareils et réseaux pour accéder aux applications SaaS.Cette multitude de points d'extrémité rendent uniquement sur les pare-feu inadéquats. Journey complexe de Data \\: Les applications SaaS gèrent de grandes quantités de données sensibles, souvent stockées dans les centres de données distants.La protection des données au repos et en transit dans ces centres nécessite des mesures spécialisées au-delà de la portée du pare-feu. Stratégies pour améliorer la sécurité SaaS: Contrôle d'accès et gestion de l'identité: Implémentez les solutions robustes de contrôle d'accès et de gestion de l'identité.Assurez-vous que seuls les utilisateurs autorisés peuvent accéder à vos applications SaaS, en incorporant l'authentification multi-facteurs (MFA) pour une couche de sécurité supplémentaire. Encryption de données: Utilisez le chiffrement des données pour les deux données en transit et au repos.La plupart des fournisseurs SaaS offrent des caractéristiques de chiffrement, mais il est essentiel de comprendre leurs protocoles de chiffrement et leur alignement avec vos besoins de sécurité. Audits réguliers et conformité: effectuer des audits réguliers de vos applications et prestataires SaaS pour garantir la conformité aux normes de l'industrie et aux réglementations de protection des données, telles que le RGPD ou HIPAA.Vérifiez que vos fournisseurs adhèrent à des pratiques de sécurité robustes. Informations de sécurité et gestion des événements (SIEM): Implémentez les solutions SIEM pour une visibilité en temps réel dans vos applications SaaS.Ces outils centralisent la surveillance de la sécurité et facilitent la réponse aux incidents en détectant les anomalies et les violations potentielles. Prévention de la perte de données (DLP): Déployez les solutions DLP pour empêcher les fuites de données et le partage non autorisé d'informations sensibles dans vos applications SaaS.Ces outils numérisent et classent les données, appliquant les stratégies pour protéger les actifs critiques. Formation de sensibilisation à la sécur | Tool Cloud | ★★ | |
|
2023-09-20 16:04:00 | Faites-vous vraiment confiance à votre chaîne d'application d'application Web? Do You Really Trust Your Web Application Supply Chain? (lien direct) |
Eh bien, vous ne devriez pas.Il peut déjà cacher des vulnérabilités.
C'est la nature modulaire des applications Web modernes qui les ont rendues si efficaces.Ils peuvent faire appel à des dizaines de composants Web tiers, de frameworks JS et d'outils open-source pour fournir toutes les différentes fonctionnalités qui gardent leurs clients heureux, mais cette chaîne de dépendances est également ce qui les rend si vulnérables.
Un grand nombre de
Well, you shouldn\'t. It may already be hiding vulnerabilities. It\'s the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy, but this chain of dependencies is also what makes them so vulnerable. Many of |
Tool | ★★★ | |
 |
2023-09-20 10:36:44 | Règles automatiques des boîtes mail : des outils de choix pour les attaquants (lien direct) | Une étude montre comment les pirates peuvent utiliser les règles des boîtes mail piratées pour échapper aux détections, tout en déplaçant des infos hors du réseau de l'entreprise.... | Tool | ★★ | |
|
2023-09-20 05:00:00 | Les logiciels malveillants chinois apparaissent sérieusement dans le paysage des menaces de cybercriminalité Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (lien direct) |
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators. Overview Since early 2023, Proofpoint observed an increase in the email distribution of malware associated with suspected Chinese cybercrime activity. This includes the attempted delivery of the Sainbox Remote Access Trojan (RAT) – a variant of the commodity trojan Gh0stRAT – and the newly identified ValleyRAT malware. After years of this malware not appearing in Proofpoint threat data, its appearance in multiple campaigns over the last six months is notable. The phrase “Chinese-themed” is used to describe any of the observed content related to this malicious activity, including lures, malware, targeting, and any metadata that contains Chinese language usage. Campaigns are generally low-volume and are typically sent to global organizations with operations in China. The email subjects and content are usually written in Chinese, and are typically related to business themes like invoices, payments, and new products. The targeted users have Chinese-language names spelled with Chinese-language characters, or specific company email addresses that appear to align with businesses\' operations in China. Although most campaigns have targeted Chinese speaking users, Proofpoint observed one campaign targeting Japanese organizations, suggesting a potential expansion of activity. These recently identified activity clusters have demonstrated flexible delivery methods, leveraging both simple and moderately complex techniques. Commonly, the emails contain URLs linking to compressed executables that are responsible for installing the malware. However, Proofpoint has also observed Sainbox RAT and ValleyRAT delivered via Excel and PDF attachments containing URLs linking to compressed executables. Proofpoint researchers assess those multiple campaigns delivering Sainbox RAT and ValleyRAT contain some similar tactics, techniques, and procedures (TTPs). However, research into additional activity clusters utilizing these malwares demonstrate enough variety in infrastructure, sender domains, email content, targeting, and payloads that researchers currently conclude that all use of these malwares and associated campaigns are not attributable to the same cluster, but likely multiple distinct activity sets. The emergence and uptick of both novel and older Chinese-themed malware demonstrates a new trend in the overall 2023 threat landscape. A blend of historic malware such as Sainbox – a variant of the older Gh0stRAT malware – and the newly uncovered ValleyRAT may challenge the dominance that the Russian-speaking cybercrime market has on the threat landscape. However, the Chinese-themed malware is currently mostly targeted toward users that likely speak Chinese. Proofpoint continues to monitor for evidence of increasing adoption across other languages. For network defenders, we include several indicators of compromise and Emerging Threats detections to provide the community with the ability to cover these threats. Campaign Details Proofpoint has observed over 30 campaigns in 2023 leveraging malware typically associated with Chinese cybercrime activity. Nearly all lures are in Chinese, although Proofpoint has also observed messages in Japanese targeting organizations in that country. Gh0stRAT / Sainbox Proofpoint has observed an increase in a variant of Gh0stRAT Proofpoint researchers refer to as Sainbox. Sainbox was first i | Malware Tool Threat Prediction | ★★★ | |
|
2023-09-19 22:00:00 | Les entreprises comptent sur plusieurs méthodes pour sécuriser les outils d'IA génératifs Companies Rely on Multiple Methods to Secure Generative AI Tools (lien direct) |
Pour protéger leurs propres données et leurs clients, les organisations explorent différentes approches pour se prémunir contre les effets indésirables de l'utilisation de l'IA.
To protect their own and their customers\' data, organizations are exploring different approaches to guard against unwanted effects of using AI. |
Tool | ★★ | |
|
2023-09-19 19:16:29 | Discern Security Lands Funding Round car il lance la première plateforme de gestion de la politique de sécurité alimentée par World \\ Discern Security lands funding round as it launches world\\'s first AI powered security policy management platform (lien direct) |
discerner la sécurité des terrains de financement car il lance la première plateforme de gestion des politiques de sécurité alimentée par World \\
Discerne la sécurité lance avec un tour de financement de 3 millions de dollars car il améliore les performances des outils de cybersécurité utilisés par les entreprises, tout en créant de la dynamique avec les entreprises du Fortune 500 et des partenariats stratégiques avec les entreprises de cybersécurité.
-
nouvelles commerciales
Discern Security lands funding round as it launches world\'s first AI powered security policy management platform Discern Security launches with $3m funding round as it enhances the performance of cybersecurity tools used by businesses, while building momentum with Fortune 500 enterprises and strategic partnerships with cybersecurity firms. - Business News |
Tool | ★★ | |
 |
2023-09-19 17:06:25 | Hackers utilisant de fausses applications YouTube pour infecter les appareils Android Hackers Using Fake YouTube Apps To Infect Android Devices (lien direct) |
Le groupe de piratage APT36, également connu sous le nom de \\ 'Tribe Transparent, a été découvert à l'aide d'applications Android malveillantes qui imitent YouTube pour infecter leurs cibles \' avec le Troie (rat) d'accès à distance mobile appelé \\ appelé \'Caprarat \'. Pour les personnes inconscientes, l'APT36 (ou la tribu transparente) est un groupe de piratage présumé lié au Pakistan principalement connu pour avoir utilisé des applications Android malveillantes pour attaquer la défense indienne et les agences gouvernementales, les organisations impliquées dans la région du Cachemire, ainsi que les militants des droits de l'homme travaillant travailsur des questions liées au Pakistan. Sentinelabs, une entreprise de cybersécurité, a pu identifier trois packages d'applications Android (APK) liés à la Caprarat de la tribu transparente, qui a imité l'apparence de YouTube. & # 8220; Caprarat est un outil très invasif qui donne à l'attaquant un contrôle sur une grande partie des données sur les appareils Android qu'il infecte, & # 8221;Le chercheur de sécurité Sentinellabs Alex Delamotte a écrit dans une analyse lundi. Selon les chercheurs, les APK malveillants ne sont pas distribués via Google Play Store d'Android, ce qui signifie que les victimes sont probablement socialement conçues pour télécharger et installer l'application à partir d'une source tierce. L'analyse des trois APK a révélé qu'elles contenaient le Caprarat Trojan et ont été téléchargées sur Virustotal en avril, juillet et août 2023. Deux des Caprarat APK ont été nommés \\ 'YouTube \', et l'un a été nommé \'Piya Sharma \', associée à un canal potentiellement utilisé pour les techniques d'ingénierie sociale basées sur la romance pour convaincre les cibles d'installer les applications. La liste des applications est la suivante: base.media.service moves.media.tubes videos.watchs.share Pendant l'installation, les applications demandent un certain nombre d'autorisations à risque, dont certaines pourraient initialement sembler inoffensives pour la victime pour une application de streaming médiatique comme YouTube et la traiter sans soupçon. L'interface des applications malveillantes tente d'imiter l'application YouTube réelle de Google, mais ressemble plus à un navigateur Web qu'à une application en raison de l'utilisation de WebView à partir de l'application Trojanisée pour charger le service.Ils manquaient également de certaines fonctionnalités et fonctions disponibles dans l'application Android YouTube native légitime. Une fois que Caprarat est installé sur le dispositif de victime, il peut effectuer diverses actions telles que l'enregistrement avec le microphone, les caméras avant et arrière, la collecte de SMS et les contenus de messages multimédias et les journaux d'appels, d'envoi de messages SMS, de blocage des SMS entrants, initier les appels téléphoniques, prendre des captures d'écran, des paramètres système primordiaux tels que GPS & AMP;Réseau et modification des fichiers sur le système de fichiers du téléphone \\ Selon Sentinelabs, les variantes de caprarat récentes trouvées au cours de la campagne actuelle indiquent un développement continu des logiciels malveillants par la tribu transparente. En ce qui concerne l'attribution, les adresses IP des serveurs de commande et de contrôle (C2) avec lesquels Caprarat communique sont codées en dur dans le fichier de configuration de l'application et ont été liés aux activités passées du groupe de piratage. Cependant, certaines adresses IP étaient liées à d'autres campagnes de rats, bien que la relation exacte entre ces acteurs de menace et la tribu transparente reste claire. | Malware Tool Threat | APT 36 | ★★ |
|
2023-09-19 12:26:00 | Transparent Tribe utilise de fausses applications Android YouTube pour répandre Caprarat malware Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware (lien direct) |
L'acteur de menace présumé lié au Pakistan, connu sous le nom de Tribe Transparent, utilise des applications Android malveillantes imitant YouTube pour distribuer le Troie à distance à distance caprarat (rat), démontrant l'évolution continue de l'activité.
"Caprarat est un outil très invasif qui donne à l'attaquant un contrôle sur une grande partie des données sur les appareils Android qu'il infecte", Sentinelone Security
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security |
Malware Tool Threat | APT 36 | ★ |
 |
2023-09-19 11:08:45 | Détection du texte généré par l'AI Detecting AI-Generated Text (lien direct) |
Il n'y a pas de moyens fiables de distinguer le texte écrit par un humain du texte écrit par un modèle de langue large.Openai écriture:
Les détecteurs AI fonctionnent-ils?
En bref, no.Alors que certains (y compris OpenAI) ont publié des outils qui prétendent détecter le contenu généré par l'AI, aucun de ces éléments ne s'est révélé de manière fiable de distinguer de manière fiable entre le contenu généré par l'AI et l'homme.
De plus, ChatGpt n'a pas & # 8220; connaissances & # 8221;de quel contenu pourrait être généré par l'AI.Il inventera parfois des réponses à des questions comme & # 8220; Avez-vous écrit cet [essai]? & # 8221;ou & # 8220; cela aurait-il pu être écrit par AI? & # 8221;Ces réponses sont aléatoires et n'ont aucune base en fait.
...
There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes: Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content. Additionally, ChatGPT has no “knowledge” of what content could be AI-generated. It will sometimes make up responses to questions like “did you write this [essay]?” or “could this have been written by AI?” These responses are random and have no basis in fact. ... |
Tool | ChatGPT ChatGPT | ★★ |
 |
2023-09-19 10:08:48 | Vente d'outils d'administration à distance, fuite de base de données de grand livre et attaque DDOS Dark Strom Remote Administration Tool Sale, Ledger Database Leak, and Dark Strom DDoS Attack (lien direct) |
Dans cette semaine, nous vous apportons une série de développements concernant les développements que ...
In this week’s dark web roundup, we bring you a series of concerning developments that... |
Tool | ★★ | |
|
2023-09-18 10:00:00 | Démasage des techniques anti-réorensiques: stratégies pour une défense efficace Unmasking antiforensics techniques: Strategies for effective defense (lien direct) |
Le contenu de ce post est uniquement la responsabilité de l'auteur. & nbsp;AT & amp; t n'adopte ni n'approuve aucune des vues, des positions ou des informations fournies par l'auteur dans cet article. & Nbsp; Introduction: Dans le monde de la criminalistique numérique, où les experts analysent méticuleusement des preuves numériques pour découvrir la vérité, une contre-force connue sous le nom de "anriforrensics" cherche à cacher, manipuler ou détruire ces preuves.Les techniques antirivorensiques visent à échapper à la détection et à l'analyse, posant un défi important pour les enquêteurs médico-légaux.Dans ce blog complet, nous explorerons le domaine de l'anticorensics, comprendrons ses techniques et discuterons des stratégies pour se défendre efficacement contre eux. Comprendre l'anticorensics: un manteau pour une mauvaise orientation numérique Les techniques antiforensiques englobent une variété de stratégies utilisées pour gêner ou contrecarrer les recherches médico-légales numériques.Ces techniques peuvent impliquer la modification des horodatages, l'essuyage des données, le chiffrement et même l'utilisation de la stéganographie pour masquer des informations dans des fichiers apparemment inoffensifs. Types de techniques antirifordésiques Suppression et écrasement des données: La suppression délibérée de fichiers ou les écraser avec des données aléatoires peut rendre la récupération difficile, voire impossible, pour les enquêteurs. Encryption et stéganographie: crypter des fichiers ou dissimuler des données dans d'autres fichiers à l'aide de techniques de stéganographie peut masquer efficacement les informations sensibles. Manipulation des métadonnées: La modification des métadonnées du fichier, telles que les horodatages, peut perturber le calendrier des événements et induire les enquêteurs. Fragmentation des fichiers: La division des fichiers en fragments et les diffuser sur un dispositif de stockage peut entraver les efforts de reconstruction. Gébotage de mémoire: Les données en mémoire, telles que les mots de passe ou les clés de chiffrement, peuvent être effacées pour empêcher leur extraction par des outils médico-légaux. Défendre contre les techniques antirifordésiques: stratégies à utiliser La détection précoce est la clé: L'identification rapide des signes de techniques anti-orifordésiques est cruciale.Des modèles de données inhabituels, des incohérences dans les horodatages ou des modifications suspectes des fichiers peuvent tous être des indicateurs. Sauvegres complètes: sauvegarde régulièrement les données vers des emplacements distants et sécurisés.Cela réduit l'impact de la perte de données ou des tentatives de falsification. Hachats et signatures cryptographiques: Utilisez des hachages cryptographiques et des signatures numériques pour vérifier l'intégrité des fichiers.Toute modification sera immédiatement détectable. Analyse d'horodatage: Étudiez les horodatages approfondis pour identifier les écarts.Cela peut impliquer une référence avec les journaux réseau et d'autres sources de données. Analyse de la mémoire: La criminalistique de la mémoire peut aider à découvrir des données volatiles qui auraient pu être essuyées ou cachées.L'étude des vidages de mémoire peut fournir des informations critiques. Carving de fichiers: Implémentez Dépôt des techniques de sculpture Pour récupérer des dossiers fragmentés ou partiellement supprimés.Cela peut aider à reconstruire les données modifiées. | Tool | ★★★ | |
|
2023-09-18 05:00:09 | Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment (lien direct) |
Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents. While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats. That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery). “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” Source: 2023 Gartner Market Guide for Email Security The rise of cloud-based email security solutions Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market. Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses. The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them. Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs. Post-delivery deployment (API-based model) In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats. Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive. Pre-delivery deployment (MX-based model) This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in | Ransomware Data Breach Malware Tool Threat Prediction Cloud | ★★★ | |
 |
2023-09-15 21:15:11 | CVE-2023-41886 (lien direct) | OpenRefine est un puissant outil open source gratuit pour travailler avec des données désordonnées.Avant la version 3.7.5, une vulnérabilité de lecture de fichiers arbitraires permet à tout utilisateur non authentifié de lire un fichier sur un serveur.La version 3.7.5 résout ce problème.
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue. |
Tool Vulnerability | ||
|
2023-09-15 21:15:11 | CVE-2023-41887 (lien direct) | OpenRefine est un puissant outil open source gratuit pour travailler avec des données désordonnées.Avant la version 3.7.5, une vulnérabilité d'exécution de code distante permet à tout utilisateur non authentifié d'exécuter du code sur le serveur.La version 3.7.5 a un correctif pour ce problème.
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue. |
Tool Vulnerability | ||
|
2023-09-15 16:38:22 | La Californie passe l'outil de suppression de courtier de données de la première nation California passes first-in-the-nation data broker deletion tool (lien direct) |
> Les législateurs de Californie continuent de placer en avance sur le gouvernement fédéral en écrivant une législation pour répondre aux problèmes de confidentialité.
>Lawmakers in California are continuing to speed ahead of the federal government in writing legislation to address privacy concerns. |
Tool | ★★ | |
|
2023-09-15 14:11:38 | Capslock: De quoi votre code est-il vraiment capable? Capslock: What is your code really capable of? (lien direct) |
Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection TeamWhen you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren\'t doing anything unexpected. If that trust is violated, the consequences can be huge-regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2021. Supply chain security is a growing issue, and we hope that greater transparency into package capabilities will help make secure coding easier for everyone.Avoiding bad dependencies can be hard without appropriate information on what the dependency\'s code actually does, and reviewing every line of that code is an immense task. Every dependency also brings its own dependencies, compounding the need for review across an expanding web of transitive dependencies. But what if there was an easy way to know the capabilities–the privileged operations accessed by the code–of your dependencies? Capslock is a capability analysis CLI tool that informs users of privileged operations (like network access and arbitrary code execution) in a given package and its dependencies. Last month we published the alpha version of Capslock for the Go language, which can analyze and report on the capabilities that are used beneath the surface of open source software. | Tool Vulnerability | ★★ | |
|
2023-09-15 09:50:31 | L'avenir de l'autonomisation de la conscience de la cybersécurité: 5 cas d'utilisation pour une IA générative pour augmenter votre programme The Future of Empowering Cybersecurity Awareness: 5 Use Cases for Generative AI to Boost Your Program (lien direct) |
Social engineering threats are increasingly difficult to distinguish from real media. What\'s worse, they can be released with great speed and at scale. That\'s because attackers can now use new forms of artificial intelligence (AI), like generative AI, to create convincing impostor articles, images, videos and audio. They can also create compelling phishing emails, as well as believable spoof browser pages and deepfake videos. These well-crafted attacks developed with generative AI are creating new security risks. They can penetrate protective defense layers by exploiting human vulnerabilities, like trust and emotional response. That\'s the buzz about generative AI. The good news is that the future is wide open to fight fire with fire. There are great possibilities for using a custom-built generative AI tool to help improve your company\'s cybersecurity awareness program. And in this post, we look at five ways your organization might do that, now or in the future. Let\'s imagine together how generative AI might help you to improve end users\' learning engagement and reduce human risk. 1. Get faster alerts about threats If your company\'s threat intelligence exposes a well-designed credential attack targeting employees, you need to be quick to alert and educate users and leadership about the threat. In the future, your company might bring in a generative AI tool that can deliver relevant warnings and alerts to your audiences faster. Generative AI applications can analyze huge amounts of data about emerging threats at greater speed and with more accuracy than traditional methods. Security awareness administrators might run queries such as: “Analyze internal credential phishing attacks for the past two weeks” “List BEC attacks for credentials targeting companies like mine right now” In just a few minutes, the tool could summarize current credential compromise threats and the specific “tells” to look for. You could then ask your generative AI tool to create actionable reporting about that threat data on the fly, which saves time because you\'re not setting up dashboards. Then, you use the tool to push out threat alerts to the business. It could also produce standard communications like email messages and social channel notifications. You might engage people further by using generative AI to create an eye-catching infographic or a short, animated video in just seconds or minutes. No need to wait days or weeks for a designer to produce that visual content. 2. Design awareness campaigns more nimbly Say that your security awareness team is planning a campaign to teach employees how to spot attacks targeting their credentials, as AI makes phishing emails more difficult to spot. Your security awareness platform or learning management system (LMS) has a huge library of content you can tap for this effort-but your team is already overworked. In the future, you might adapt a generative AI tool to reduce the manual workload by finding what information is most relevant and providing suggestions for how to use it. A generative AI application could scan your content library for training modules and awareness materials. For instance, an administrator could make queries such as: “Sort existing articles for the three biggest risks of credential theft” “Suggest training assignments that educate about document attachments” By applying this generative AI use case to searching and filtering, you would shortcut the long and tedious process of looking for material, reading each piece for context, choosing the most relevant content, and deciding how to organize what you\'ve selected. You could also ask the generative AI tool to recommend critical topics missing in the available content. The AI might even produce the basis for a tailored and personalized security campaign to help keep your people engaged. For instance, you could ask the tool to sort content based on nonstandard factors you consider interesting, such as mentioning a geographic region or holiday season. 3. Produce | Tool Vulnerability Threat | ChatGPT ChatGPT | ★★ |
 |
2023-09-14 17:46:27 | Activer facilement le cryptage: séries de développement du cloud-natif sécurisé Easily Enable Encryption: Secure Cloud-native Development Series (lien direct) |
Créez des applications sécurisées dans le cloud-natives en évitant les cinq premiers pièges de sécurité que nous présentons dans notre série de développement Secure Cloud-Native.Ce blog est la quatrième partie de la série, et il vous apprendra pourquoi et comment activer facilement le cryptage et vous sauver les maux de tête.
Voici une nouvelle devise: crypter tout!Lorsque vous vous déplacez en toute sécurité vers des technologies natives dans le cloud, la construction de chiffrement dès le début nous fera économiser beaucoup de maux de tête plus tard.Et c'est en fait tout sauf un mal de tête pour activer le chiffrement tout en configurant vos workflows de développement natif du cloud.Ici, je vais expliquer pourquoi l'activation du cryptage sera si pratique et quels outils vous aideront à le faire avec la plus grande facilité.
Un scénario sur les raisons pour lesquelles vous devez activer le cryptage
Imaginez le scénario suivant: vous avez été chargé d'un POC rapide et sale pour une prochaine version de service.Vous le concevez et construisez quelque chose qui fonctionne, mais pour des raisons pour lesquelles nous n'avons pas besoin d'entrer, la version a été poussée, et maintenant nous…
Build secure cloud-native applications by avoiding the top five security pitfalls we lay out in our Secure Cloud-native Development Series. This blog is the fourth part of the series, and it will teach you why and how to easily enable encryption and save yourself headaches down the road. Here\'s a new motto: encrypt everything! When securely moving to cloud-native technologies, building encryption in from the start will save us a lot of headaches later. And it\'s actually anything but a headache to enable encryption while setting up your cloud-native development workflows. Here I\'ll explain why enabling encryption will come in so handy, and what tools will help you do this with the greatest ease. A Scenario on Why You Need to Enable Encryption Imagine the following scenario: you have been tasked with a quick and dirty POC for an upcoming service release. You design it and build something that works, but for reasons we don\'t need to go into, the release has been pushed up, and now we… |
Tool | ★★ | |
|
2023-09-14 08:57:19 | Sophos : Les escroqueries de type CryptoRom ajoutent à leur arsenal des outils de discussion alimentés par l\'IA, à l\'image de ChatGPT, et simulent des piratages sur des comptes crypto (lien direct) | Les escroqueries de type CryptoRom ajoutent à leur arsenal des outils de discussion alimentés par l'IA, à l'image de ChatGPT, et simulent des piratages sur des comptes crypto, selon les recherches de Sophos Le rapport indique également l'introduction de 7 nouvelles applications frauduleuses sur l'Apple Store et Google Play Store - Malwares | Tool | ChatGPT | ★★ |
|
2023-09-14 05:00:42 | Maximiser les soins aux patients: sécuriser le cheval de travail des e-mails des portails de santé, des plateformes et des applications Maximizing Patient Care: Securing the Email Workhorse of Healthcare Portals, Platforms and Applications (lien direct) |
In the modern healthcare industry, healthcare portals, platforms and applications serve as tireless workers. They operate around the clock, making sure that crucial information reaches patients and providers. At the heart of it all is email-an unsung hero that delivers appointment reminders, test results, progress updates and more. Healthcare portals, platforms and applications and many of the emails they send contain sensitive data. That means they are a top target for cyber criminals. And data breaches can be expensive for healthcare businesses. Research from IBM shows that the average cost of a healthcare data breach-$10.93 million-is the highest of any industry. In addition, IBM reports that since 2020 data breach costs have increased 53.3% for the industry. In this post, we explore how a Proofpoint solution-Secure Email Relay-can help healthcare institutions to safeguard patient information that is transmitted via these channels. Healthcare technology in use today First, let\'s look at some of the main types of healthcare portals, platforms and applications that are in use today. Patient portals. Patient portals have transformed the patient and provider relationship by placing medical information at patients\' fingertips. They are a gateway to access medical records, view test results and schedule appointments. And they offer patients a direct line to communicate with their healthcare team. The automated emails that patient portals send to patients help to streamline engagement. They provide useful information and updates that help people stay informed and feel more empowered. Electronic health record (EHR) systems. EHR applications have revolutionized how healthcare providers manage and share patient information with each other. These apps are digital repositories that hold detailed records of patients\' medical journeys-data that is used to make medical decisions. EHR apps send automated emails to enhance how providers collaborate on patient care. Providers receive appointment reminders, critical test results and other vital notifications through these systems. Health and wellness apps. For many people, health and wellness apps are trusted companions. These apps can help them track fitness goals, monitor their nutrition and access mental health support, to name a few services. Automated emails from these apps can act as virtual cheerleaders, too. They provide users with reminders, progress updates and the motivation to stick with their goals. Telemedicine platforms. Telemedicine platforms offer patients access to virtual medical consultations. They rely on seamless communication-and emails are key to that experience. Patients receive emails to remind them about appointments, get instructions on how to join virtual consultations, and more. The unseen protector: security in healthcare emails Healthcare providers need to safeguard patient information, and that includes when they rely on healthcare portals, platforms and applications to send emails to their patients. Proofpoint Secure Email Relay (SER) is a tool that can help them protect that data. SER is more than an email relay. It is a security-centric solution that can ensure sensitive data is only exchanged within a healthcare ecosystem. The solution is designed to consolidate and secure transactional emails that originate from various clinical and business apps. SER acts as a guardian. It helps to ensure that compromised third-party entities cannot exploit domains to send malicious emails-which is a go-to tactic for many attackers. Key features and benefits of Proofpoint SER Here are more details about what the SER solution includes. Closed system architecture Proofpoint SER features a closed-system approach. That means it permits only verified and trusted entities to use the email relay service. This stringent measure can lead to a drastic reduction in the risk associated with vulnerable or compromised email service providers. No more worrying about unauthorized users sending emails in your business\'s name. Enhanced security contro | Data Breach Tool Medical Cloud | ★★ | |
|
2023-09-13 22:15:09 | CVE-2023-41162 (lien direct) | Une vulnérabilité reflétée de script inter-sites (XSS) dans l'onglet Manager de fichiers dans Usermin 2.000 permet aux attaquants distants d'injecter un script Web arbitraire ou un HTML via le champ de masque de fichier lors de la recherche sous les outils déroulant.
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down. |
Tool Vulnerability | ||
|
2023-09-13 15:02:36 | Sentinelone & Reg;lance la criminalistique des télécommandes Singularity ™ pour la réponse aux incidents et l'acquisition de preuves SentinelOne® launches Singularity™ RemoteOps Forensics for incident response and evidence acquisition (lien direct) |
Une nouvelle solution combine des preuves médico-légales avec une télémétrie en temps réel pour fournir des informations unifiées sur les incidents de sécurité Les analystes doivent effectuer des activités d'investigation et de réponse avec l'efficacité et la vitesse
-
revues de produits
New solution combines forensics evidence with real-time telemetry to deliver unified insights into security incidents analysts need to perform investigation and response activities with efficiency and speed - Product Reviews |
Tool | ★★★ | |
 |
2023-09-12 19:53:00 | Nouvel outil de porte dérobée repéré par des cibles au Brésil, en Israël, aux Émirats arabes unis New backdoor tool spotted in use against targets in Brazil, Israel, UAE (lien direct) |
Des pirates présumés de l'État national iranien ont attaqué des organisations au Brésil, en Israël et aux Émirats arabes unis à l'aide de logiciels de porte dérobée non identifiés auparavant, ont découvert des chercheurs.Le groupe de pirates a étiqueté bobcat balistique, également connu sous le nom de Charming Kitten, a déployé la porte dérobée entre mars 2021 et juin 2022 contre au moins 34 victimes, principalement en Israël, selon la société de cybersécurité ESET.
Suspected Iranian nation-state hackers attacked organizations in Brazil, Israel and the United Arab Emirates using previously unidentified backdoor malware, researchers have discovered. The hacker group labeled Ballistic Bobcat, also known as Charming Kitten, deployed the backdoor between March 2021 and June 2022 against at least 34 victims, mostly in Israel, according to cybersecurity company ESET. |
Tool | APT 35 | ★★★ |
 |
2023-09-12 15:00:00 | Les cybercriminels «jailbreak» AI chatbots pour les fins malveillantes Cyber-criminals “Jailbreak” AI Chatbots For Malicious Ends (lien direct) |
Slashnext Research montre que la plupart de ces outils se connectent aux versions jailbreakées de chatbots publics
SlashNext research shows that most of these tools connect to jailbroken versions of public chatbots |
Tool | ★ | |
|
2023-09-12 14:07:47 | Pourquoi réduire les risques de la chaîne d'approvisionnement des logiciels avec la sécurité des logiciels intelligents Why Reduce Software Supply Chain Risks with Intelligent Software Security (lien direct) |
Il y a un éventail croissant de risques qui se cachent dans la chaîne d'approvisionnement des solutions numériques dont nous dépendons de plus en plus.Laisser les lacunes dans la sécurité de votre chaîne d'approvisionnement logicielle (SSCS) pourrait épeler une catastrophe pour votre organisation.Soit \\ explorer comment une nouvelle analyse définit une solution de bout en bout et pourquoi Veracode a été classé en tant que leader global, chef de produit, leader de l'innovation et leader du marché dans le leadership de la sécurité de la chaîne d'approvisionnement logicielle Compass 2023 par KuppingerCole Analysts AG.
Diriger la charge: Sécurité de la chaîne d'approvisionnement du logiciel
Imaginez un monde où votre sécurité n'est aussi forte que votre lien le plus faible, et ce lien pourrait être une seule ligne de code enterrée profondément dans les logiciels open source d'un contributeur inconnu.C'est la réalité de la chaîne d'approvisionnement des logiciels d'aujourd'hui.Chaque composant, qu'il s'agisse de code personnalisé, de bibliothèques tierces ou de configuration des outils et d'infrastructure CI / CD, présente un point d'entrée potentiel pour un attaquant.
De nombreux joueurs travaillent à fournir des solutions pour…
There\'s a growing array of risks lurking within the supply chain of the digital solutions we increasingly depend upon. Leaving gaps in your software supply chain security (SSCS) could spell disaster for your organization. Let\'s explore how new analysis defines an end-to-end solution and why Veracode was ranked as an Overall Leader, Product Leader, Innovation Leader, and Market Leader in the Software Supply Chain Security Leadership Compass 2023 by KuppingerCole Analysts AG. Leading the Charge: Software Supply Chain Security Picture a world where your security is only as strong as your weakest link, and that link could be a single line of code buried deep within open-source software from an unknown contributor. This is the reality of today\'s software supply chain. Each component, whether it\'s custom code, third-party libraries, or the configuration of CI/CD tools and infrastructure, presents a potential entry point for an attacker. Many players are working to provide solutions for… |
Tool | ★★ | |
|
2023-09-12 10:00:00 | Réseaux résilients: éléments constitutifs de l'architecture de la cybersécurité moderne Resilient networks: Building blocks of modern Cybersecurity architecture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today\'s interconnected digital landscape, where data flows like a river through intricate networks, the importance of cybersecurity has never been more pronounced. As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture. Understanding resilient networks Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions. They aren\'t just about preventing breaches; they\'re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover. Network security It\'s essential to distinguish between network security and network resilience. Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods. On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures. Resilience Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It\'s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached. Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes. Key components of resilient networks Consider your home\'s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats. Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience. Redundancy Redundancy involves creating backup systems or pathways. It\'s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions. Diversity Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact. Segmentation and isolation Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it\'s isolated, preventing the entire building from | Tool Vulnerability Threat Prediction Medical | ★★ | |
|
2023-09-11 21:30:00 | Council of Europe Rapport appelle l'utilisation du logiciel espion de Pegasus par plusieurs pays potentiellement illégaux Council of Europe report calls use of Pegasus spyware by several countries potentially illegal (lien direct) |
Plusieurs États européens connus pour avoir acquis ou déployé de puissants outils de surveillance commerciale étrangers les ont potentiellement utilisés illégalement, selon un rapport publié vendredi par l'Assemblée parlementaire du Conseil de l'Europe (PACE).Le Comité des affaires juridiques et des droits de l'hommeseptembre-2751-3843-91761docx "> a demandé au moins 14 pays de l'Union européenne
Several European states known to have acquired or deployed powerful foreign commercial surveillance tools have potentially used them illegally, according to a report released Friday by the Parliamentary Assembly of the Council of Europe (PACE). The PACE\'s Committee on Legal Affairs and Human Rights, which produced the report, asked at least 14 European Union countries |
Tool | ★★★ | |
|
2023-09-11 19:15:42 | CVE-2023-38829 (lien direct) | Un problème dans les systèmes NETIS WF2409E V.3.6.42541 permet à un attaquant distant d'exécuter du code arbitraire via les fonctions Ping et Traceroute du composant des outils de diagnostic dans l'interface de gestion de l'administrateur.
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. |
Tool |
To see everything:
Our RSS (filtrered)
