What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Cybereason.webp 2025-03-11 18:06:18 Craquer le code: comment identifier, atténuer et empêcher les attaques de bacs
Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks (lien direct)		 Cracking the Code: comment identifier, atténuer, et prévenir les attaques de bin Takeways clés Comprendre les attaques de bacs: Les attaques de bacs exploitent les numéros d'identification bancaire (bacs) accessibles au public sur les cartes de paiement aux détails de la carte brute valides, permettant des transactions frauduleuses. L'identification des modèles d'échec des tentatives d'autorisation est essentielle pour la détection précoce. Stratégies d'atténuation efficaces: Mise en œuvre de la limitation des taux, de l'authentification améliorée (par exemple, CAPTCHA, MFA), des pare-feu d'application Web (WAFS), du géofencing et des outils de détection basés sur l'apprentissage automatique peuvent réduire considérablement la probabilité d'attaques de bac à succès. Réponse des incidents collaboratifs: Engagez les processeurs de paiement, les émetteurs de cartes et les équipes de criminalistique numérique pour tracer des attaques, geler les cartes compromises et mettre en œuvre des mesures à long terme comme la tokenisation et la conformité PCI DSS pour renforcer la sécurité des paiements. Les acteurs de menace ayant des motivations financières exploitent souvent des attaques de bacs lors du ciblage des services financiers ou des victimes de commerce électronique. Les attaques de bacs impliquent des acteurs de menace testant systématiquement les numéros de carte résultant d'un numéro d'identification bancaire (BIN) pour trouver des détails de carte valides. Les valeurs de bac sont affectées aux émetteurs de cartes et forment les 6 à 8 premiers chiffres sur les cartes de paiement. Ces valeurs sont publiées auprès des commerçants, des processeurs de paiement et d'autres fournisseurs de services pour faciliter les transactions et sont accessibles au public. Le bac est ensuite suivi d'un ensemble supplémentaire de nombres (le numéro de compte) pour former un complete numéro de compte primaire (pan), ou numéro de carte.
Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks KEY TAKEAWAYS Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection. Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks. Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS complianc		 Tool Threat ★★
Cybereason.webp 2024-10-24 16:00:44 Déverrouiller le potentiel de l'IA dans la cybersécurité: embrasser l'avenir et ses complexités
Unlocking the Potential of AI in Cybersecurity: Embracing the Future and Its Complexities (lien direct)		 Tool Threat ★★
Cybereason.webp 2024-10-04 16:09:32 Cuckoo Spear Part 2: acteur de menace Arsenal
CUCKOO SPEAR Part 2: Threat Actor Arsenal (lien direct)		 Tool Threat ★★
Cybereason.webp 2023-01-09 18:47:58 MITRE ATT&CK and the Art of Building Better Defenses (lien direct) MITRE ATT&CK and the Art of Building Better Defenses MITRE's Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is a critical tool for security practitioners seeking to understand how attackers move, operate, and conduct their attacks. Designed to look at attacks from the attacker's perspective, it catalogs the attack lifecycle of different adversaries and the platforms they choose to target, all based on real-world observations. Tool ★★
Cybereason.webp 2022-06-02 16:35:43 Latest SOC Survey Anticipates Shift Toward MDR and XDR (lien direct) Latest SOC Survey Anticipates Shift Toward MDR and XDR The challenges faced by Security Operations Centers (SOCs) around the world-workforce shortages, lack of visibility and automation, tool sprawl, and alert overload-continue to have a negative impact on SOC effectiveness and will likely result in increasing adoption of Managed Detection and Response (MDR) services and Extended Detection and Response (XDR) solutions. Tool
Cybereason.webp 2022-02-10 10:00:00 CISO Stories Podcast: Creating Security Budget Where There is No Budget (lien direct) CISO Stories Podcast: Creating Security Budget Where There is No Budget Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin Richards, President at Secure Systems Innovation, walks through a very creative method for getting the budget you need, and explains how to leverage the current environment to “find” new sources of funding for the right cybersecurity investments - check it out... Tool
Cybereason.webp 2021-12-16 17:48:04 (Déjà vu) THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool (lien direct) THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.  Tool Threat
Cybereason.webp 2021-04-30 12:11:34 PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector (lien direct) PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which  employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets.  Tool Threat
Cybereason.webp 2021-01-21 14:08:16 SolarWinds Attacks Highlight Importance of Operation-Centric Approach (lien direct) SolarWinds Attacks Highlight Importance of Operation-Centric Approach We're still learning the full extent of the SolarWinds supply chain attacks. On January 11, for instance, researchers published a technical breakdown of a malicious tool detected as SUNSPOT that was employed as part of the infection chain involving the IT management software provider's Orion platform.  Tool Solardwinds Solardwinds
Last update at: 2025-05-10 07:08:01
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter