SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-04-24 10:00:00	Comprendre comment la rationalité, la théorie de la dissuasion et l'indéterminisme influencent la cybercriminalité. Understanding how Rationality, Deterrence Theory, and Indeterminism Influence Cybercrime. (lien direct)	Understanding the factors influencing cybercriminal behavior is essential for developing effective cybercrime prevention strategies. Rationality plays a significant role in shaping criminal decisions, particularly through the lens of the rational actor model and deterrence theory. This blog explores how rationality influences cybercriminal behavior, focusing on the rational actor model, the concepts of deterrence theory, their implications for understanding and preventing cybercrime activities, and how Bayesian theory can help overcome indeterministic human criminal behavior to provide risk management. Brief History of Deterrence Theory: Deterrence theory has its roots in classical criminology and the works of philosophers such as Cesare Beccaria and Jeremy Bentham, who introduced the concept of deterrence as a means of preventing crime through the application of punishment. This idea became further developed during the mid-20th century when the theory of nuclear deterrence emerged as a prominent concept in international relations. The understanding of deterrence broadened to be applied not only in preventing nuclear conflict but also in the context of criminal justice. It was John Nash through his work in game theory that contributed significantly to the understanding of strategic decision-making and the potential for deterrence in various competitive situations. His insights were crucial in shaping the modern understanding of deterrence theory, particularly when applied to criminal decision-making and cybersecurity.[1] Explanation of Deterministic, Non-Deterministic, and Indeterministic: Deterministic: In the context of decision-making, determinism refers to the philosophical concept that all events, including human actions, are the inevitable result of preceding causes. This perspective suggests that given the same initial conditions and knowledge, an individual\'s choices can be predicted with certainty. In other words, under deterministic assumptions, human behavior can be seen as fully predictable.[2] Non-Deterministic: Non-deterministic views reject the idea that every event, including human actions, can be precisely determined or predicted based on preceding causes. Instead, non-deterministic perspectives acknowledge the role of uncertainty, chance, and randomness in decision-making. From this standpoint, human behavior is seen as influenced by a combination of factors, including personal choice, external circumstances, and unpredictable elements.[3] Indeterministic: Indeterminism represents a specific form of non-determinism. In the context of decision-making, indeterministic views emphasize the idea that certain events or actions, particularly human choices, are not entirely determined by preceding causes or predictable factors. Instead, they are seen as influenced by random or unpredictable elements, such as personal spontaneity, free will, or external factors that defy precise prediction.[4] The Indeterministic Nature of Cybercriminal Behavior: The indeterministic nature of cybercriminal behavior suggests that not all cybercrimes are the result of rational choices. Some individuals may engage in cybercriminal behavior due to impulsive actions, vulnerabilities in systems, or external pressures that override rational decision-making processes. These factors highlight the limitations of solely relying on rationality as an explanatory framework for cybercriminal behavior. Rationality and the Rational Actor Model in Cybercrime: The rational actor model suggests that cybercriminals are rational decision-makers who engage in a cost-benefit analysis before committing a cybercrime.[5] According to this model, cybercriminals weigh the potential benefits and costs of engaging in cybercriminal behavior and make a rational choice based on their assessment. The rational actor model assumes that cybercriminals have the capability to accurately assess the potential outcomes of their cyber actions and aim to maximize th	Tool Vulnerability Studies Legislation Prediction		★★★
	2024-04-23 10:00:00	L'impact de l'UNECE R155 sur la cybersécurité automobile The Impact of UNECE R155 on Automotive Cybersecurity (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where technology and transportation converge, the fusion of vehicles with IoT technologies heralds a new dawn of mobility. This leap forward promises enhanced connectivity and autonomous capabilities, yet casts a shadow of cyber vulnerabilities that could jeopardize not just the integrity of the vehicles but the safety of their passengers. Recognizing the urgency of this issue, the UNECE stepped forward with the R155 regulation, a vanguard initiative to fortify the digital fortresses of our vehicles against potential cyber onslaughts. The Genesis of UNECE R155: Forging the Shields of Cybersecurity The essence of the UNECE R155 regulation unfolds as a carefully crafted framework designed to preemptively address the burgeoning threat landscape in the automotive sector. Rooted in the principle of proactive defense, R155 isn\'t just about compliance; it represents a paradigm shift in how vehicle cybersecurity is perceived and integrated. At its core, the regulation mandates the establishment of a Cybersecurity Management System (CSMS), compelling manufacturers to weave a tapestry of cyber resilience that spans the entire lifecycle of a vehicle. The ambition of R155 is pretty clear at this point: to transform the automotive industry\'s approach to cybersecurity from reactive patchwork to a strategic, foundational pillar. This involves not only the adoption of \'security by design\' principles but also a commitment to continual vigilance and adaptation in the face of evolving cyber threats. The regulation, thus, sets the stage for a future where vehicles are not merely transport mechanisms but fortified nodes within an expansive network of connected mobility. The Journey to CSMS Certification The path to CSMS certification under R155 is a clear yet challenging journey that demands attention to detail and a commitment to security from vehicle manufacturers. This process starts with a considerable risk assessment, where manufacturers must identify any potential cybersecurity risks within their vehicles. This step is crucial for understanding where vulnerabilities might exist and how they can be addressed to ensure vehicles are secure. Following this, the principle of \'security by design\' becomes central to the certification process. This means that from the very beginning of designing a vehicle, cybersecurity needs to be a key consideration. It\'s about making sure that security measures are built into the vehicle from the start, rather than being added on later. This approach challenges manufacturers to think about cybersecurity as an integral part of the vehicle, just like its engine or wheels. Achieving certification is a team effort that involves not only the manufacturers but also suppliers and regulatory bodies. It\'s about working together to make sure that every part of the vehicle, from its software to its hardware, meets the high security standards set out by R155. Addressing R155 Implementation Challenges As manufacturers and suppliers are gearing up to align with the R155 regulation, however, they encounter a set of practical challenges that test their adaptability and foresight. One of the most sign	Vulnerability Threat		★★★
	2024-04-22 10:00:00	Apportez votre propre appareil: comment éduquer vos employés sur les meilleures pratiques de cybersécurité Bring Your Own Device: How to Educate Your Employees On Cybersecurity Best Practices (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the rise of remote and flexible work arrangements, Bring Your Own Device (BYOD) programs that allow employees to use their personal devices for work are becoming increasingly mainstream. In addition to slashing hardware costs, BYOD improves employee satisfaction by 56% and productivity by 55%, a survey by Crowd Research Partners finds. Yet, cybersecurity remains a concern for businesses. 72% are worried about data leakage or loss, while 52% fear the potential for malware on personal devices. But by implementing a strong BYOD policy and educating your employees on cybersecurity best practices, you can reap the benefits of BYOD without putting your company assets and data at risk. Put a Formal BYOD Policy in Place Just as your business has acceptable use policies in place for corporate devices, similar policies for personal devices are just as important. Your company’s BYOD policy should provide your employees with clear rules and guidelines on how they can use their devices safely at work without compromising cybersecurity. This policy should cover: Devices, software, and operating systems that can be used to access digital business resources Devices, software, and operating systems that can’t be used to access digital business resources Policies that outline the acceptable use of personal devices for corporate activities Essential security measures employees must follow on personal devices (such as, complex passwords and regular security updates) Steps employees must follow if their device is stolen or lost (like immediately report it to their manager or IT department) A statement that your business will erase company-related data from lost or stolen devices remotely What happens if an employee violates your BYOD policy (are you going to revoke certain access privileges? If you give employees an allowance to cover BYOD costs, will you freeze the funds? Provide additional corrective training?). Don’t forget to also include a signature field the employee must sign in to indicate their agreement with your BYOD policies. The best time to introduce employees to the policy is during onboarding or, for existing employees, during the network registration process for the BYOD device. Setting expectations and educating your employees is essential to protect both company data and employee privacy. Basic Cybersecurity Training When putting together your BYOD employee training program, don’t make the mistake of thinking basic device security is too…basic. It’s not. Since personal devices are usually less secure than corporate devices, they’re generally at a greater risk of data breaches, viruses, and loss or theft. Comprehensive user education that includes the basics is therefore all the more important to mitigate these risks. So as a basic rule, your employees should know not to allow their devices to auto-connect to public networks. If, on rare occasions, employees really do need to access company data on an open network, they should use a virtual private network (VPN). VPNs encrypt data and hide we	Malware Vulnerability		★★★
	2024-04-17 10:00:00	Introduction à l'analyse de la composition logicielle et comment sélectionner un outil SCA Introduction to Software Composition Analysis and How to Select an SCA Tool (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Software code is constantly growing and becoming more complex, and there is a worrying trend: an increasing number of open-source components are vulnerable to attacks. A notable instance was the Apache Log4j library vulnerability, which posed serious security risks. And this is not an isolated incident. Using open-source software necessitates thorough Software Composition Analysis (SCA) to identify these security threats. Organizations must integrate SCA tools into their development workflows while also being mindful of their limitations. Why SCA Is Important Open-source components have become crucial to software development across various industries. They are fundamental to the construction of modern applications, with estimates suggesting that up to 96% of the total code bases contain open-source elements. Assembling applications from diverse open-source blocks presents a challenge, necessitating robust protection strategies to manage and mitigate risks effectively. Software Composition Analysis is the process of identifying and verifying the security of components within software, especially open-source ones. It enables development teams to efficiently track, analyze, and manage any open-source element integrated into their projects. SCA tools identify all related components, including libraries and their direct and indirect dependencies. They also detect software licenses, outdated dependencies, vulnerabilities, and potential exploits. Through scanning, SCA creates a comprehensive inventory of a project\'s software assets, offering a full view of the software composition for better security and compliance management. Although SCA tools have been available for quite some time, the recent open-source usage surge has cemented their importance in application security. Modern software development methodologies, such as DevSecOps, emphasize the need for SCA solutions for developers. The role of security officers is to guide and assist developers in maintaining security across the Software Development Life Cycle (SDLC), ensuring that SCA becomes an integral part of creating secure software. Objectives and Tasks of SCA Tools Software Composition Analysis broadly refers to security methodologies and tools designed to scan applications, typically during development, to identify vulnerabilities and software license issues. For effective management of open-source components and associated risks, SCA solutions help navigate several tasks: 1) Increasing Transparency A developer might incorporate various open-source packages into their code, which in turn may depend on additional open-source packages unknown to the developer. These indirect dependencies can extend several levels deep, complicating the understanding of exactly which open-source code the application uses. Reports indicate that 86% of vulnerabilities in node.js projects stem from transitive (indirect) dependencies, w	Tool Vulnerability Threat Patching Prediction Cloud Commercial		★★
	2024-04-16 10:00:00	Facteur humain de la cybersécurité: fusion de la technologie avec des stratégies centrées sur les personnes Cybersecurity\\'s Human Factor: Merging Tech with People-Centric Strategies (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a digital era marked by rapidly evolving threats, the complexity of cybersecurity challenges has surged, pressing organizations to evolve beyond traditional, tech-only defense strategies. As the cyber landscape grows more intricate, there\'s a pivotal shift towards embracing methods that are not just robust from a technical standpoint but are also deeply human-centric. This also means that a significant percentage of employees, driven by the high demands of operational pressures, may engage in risky cybersecurity behaviors. Such statistics illuminate the urgent need for a more nuanced approach to cybersecurity—one that not only fortifies defenses but also resonates with and supports the people behind the screens. Integrating human-centric design with continuous threat management emerges as a forward-thinking strategy, promising a balanced blend of technical excellence and user empathy to navigate the complex cybersecurity challenges of today and tomorrow. Embracing the Human Element in Cybersecurity Diving into the realm of human-centric security design and culture, it\'s clear that the future of cybersecurity isn\'t just about the latest technology—it\'s equally about the human touch. This approach puts the spotlight firmly on enhancing the employee experience, ensuring that cybersecurity measures don\'t become an unbearable burden that drives people to take shortcuts. By designing systems that people can use easily and effectively, the friction often caused by stringent security protocols can be significantly reduced. Gartner\'s insights throw a compelling light on this shift, predicting that by 2027, half of all Chief Information Security Officers (CISOs) will have formally embraced human-centric security practices. This isn\'t just a hopeful guess but a recognition of the tangible benefits these practices bring to the table—reducing operational friction and bolstering the adoption of essential controls. This strategic pivot also acknowledges a fundamental truth. When security becomes a seamless part of the workflow, its effectiveness skyrockets. It\'s a win-win, improving both the user experience and the overall security posture. CTEM: Your Cybersecurity Compass in Stormy Seas Imagine that your organization\'s cybersecurity landscape isn\'t just a static battleground. Instead, it’s more like the open sea, with waves of threats coming and going, each with the potential to breach your defenses. That\'s where Continuous Threat Exposure Management (CTEM) sails in, serving as your trusted compass, guiding you through these treacherous waters. CTEM isn\'t your average, run-of-the-mill security tactic. It\'s about being proactive, scanning the horizon with a spyglass, looking for potential vulnerabilities before they even become a blip on a hacker\'s radar. Think of it as your cybersecurity early-warning system, constantly on the lookout for trou	Vulnerability Threat Studies Prediction Medical Technical		★★
	2024-04-15 10:00:00	Le cycle de vie d'un fichier numérique The Lifecycle of a Digital File (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the digital world, every document, image, video, or program we create leaves a trail. Understanding the lifecycle of a file, from its creation to deletion, is crucial for various purposes, including data security, data recovery, and digital forensics. This article delves into the journey a file takes within a storage device, explaining its creation, storage, access, and potential deletion phases. File Lifecycle 1. Creation: Birth of a Digital Entity A file\'s life begins with its creation. This can happen in various ways: Software Applications: When you create a new document in a word processor, edit an image in a photo editing software, or record a video, the application allocates space on the storage device and writes the data associated with the file. Downloads: Downloading a file from the internet involves copying data from the remote server to your storage device. Data Transfers: Copying a file from one location to another on the same device or transferring it to a different device creates a new instance of the file. System Processes: Operating systems and applications sometimes create temporary files during various processes. These files may be automatically deleted upon task completion. During creation, the operating system assigns a unique identifier (often a filename) to the file and stores it in a directory (folder) along with additional information about the file, known as metadata. This metadata typically includes: File size: The total amount of storage space occupied by the file. Creation date and time: The timestamp of when the file was first created. Modification date and time: The timestamp of the last time the file content was modified. File access permissions: Restrictions on who can read, write, or execute the file. File type: Information about the type of file (e.g., .docx, .jpg, .exe). 2. Storage: Finding a Home Storage devices like hard disk drives (HDDs), solid-state drives (SSDs), and flash drives hold the data associated with files. However, the data isn\'t stored as a continuous stream of information. Instead, it\'s broken down into smaller chunks called sectors. When a file is created, the operating system allocates a specific number of sectors on the storage device to hold the file content. This allocation process can happen in various ways depending on the file system used. Here are some key points to remember about file storage: Fragmentation: Over time, as files are created, deleted, and resized, the available sectors become fragmented across the storage device. This fragmentation can impact file access speed. File Allocation Table (FAT) or Similar Structures: Some file systems rely on a separate table (FAT) or index that keeps track of which sectors belong to specific files. Deleted Files: When a file is deleted, the operating system typically only removes the reference to the file from the directory structure. The actual data may still reside on the storage device until overwritten by new data. 3. Access: Reading and Writing We interact with files by accessing them for various purposes, such as reading a document, editing an image, or running a program. This involves the following steps: File System Request: When an application attempts to access a file, it sends a request to the operating system. Directory Lookup: The opera	Tool		★★★
	2024-04-10 10:00:00	Les risques de sécurité du chat Microsoft Bing AI pour le moment The Security Risks of Microsoft Bing AI Chat at this Time (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. AI has long since been an intriguing topic for every tech-savvy person, and the concept of AI chatbots is not entirely new. In 2023, AI chatbots will be all the world can talk about, especially after the release of ChatGPT by OpenAI. Still, there was a past when AI chatbots, specifically Bing’s AI chatbot, Sydney, managed to wreak havoc over the internet and had to be forcefully shut down. Now, in 2023, with the world relatively more technologically advanced, AI chatbots have appeared with more gist and fervor. Almost every tech giant is on its way to producing large Language Model chatbots like chatGPT, with Google successfully releasing its Bard and Microsoft and returning to Sydney. However, despite the technological advancements, it seems that there remains a significant part of the risks that these tech giants, specifically Microsoft, have managed to ignore while releasing their chatbots. What is Microsoft Bing AI Chat Used for? Microsoft has released the Bing AI chat in collaboration with OpenAI after the release of ChatGPT. This AI chatbot is a relatively advanced version of ChatGPT 3, known as ChatGPT 4, promising more creativity and accuracy. Therefore, unlike ChatGPT 3, the Bing AI chatbot has several uses, including the ability to generate new content such as images, code, and texts. Apart from that, the chatbot also serves as a conversational web search engine and answers questions about current events, history, random facts, and almost every other topic in a concise and conversational manner. Moreover, it also allows image inputs, such that users can upload images in the chatbot and ask questions related to them. Since the chatbot has several impressive features, its use quickly spread in various industries, specifically within the creative industry. It is a handy tool for generating ideas, research, content, and graphics. However, one major problem with its adoption is the various cybersecurity issues and risks that the chatbot poses. The problem with these cybersecurity issues is that it is not possible to mitigate them through traditional security tools like VPN, antivirus, etc., which is a significant reason why chatbots are still not as popular as they should be. Is Microsoft Bing AI Chat Safe? Like ChatGPT, Microsoft Bing Chat is fairly new, and although many users claim that it is far better in terms of responses and research, its security is something to remain skeptical over. The modern version of the Microsoft AI chatbot is formed in partnership with OpenAI and is a better version of ChatGPT. However, despite that, the chatbot has several privacy and security issues, such as: The chatbot may spy on Microsoft employees through their webcams. Microsoft is bringing ads to Bing, which marketers often use to track users and gather personal information for targeted advertisements. The chatbot stores users\' information, and certain employees can access it, which breaches users\' privacy. - Microsoft’s staff can read chatbot conversations; therefore, sharing sensitive information is vulnerable. The chatbot can be used to aid in several cybersecurity attacks, such as aiding in spear phishing attacks and creating ransomware codes. Bing AI chat has a feature that lets the chatbot “see” what web pages are open on the users\' other tabs. The chatbot has been known to be vulnerable to prompt injection attacks that leave users vulnerable to data theft and scams. Vulnerabilities in the chatbot have led to data le	Ransomware Tool Vulnerability	ChatGPT	★★
	2024-04-09 10:00:00	La menace cachée à la vue: analyse des attaques sous-textuelles dans les communications numériques The Hidden Threat in Plain Sight: Analyzing Subtextual Attacks in Digital Communications (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we\'re facing a new kind of cyber threat that\'s just as sneaky as it is harmful: subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua	Ransomware Tool Vulnerability Threat Medical		★★
	2024-04-08 10:00:00	10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization\'s safety. Late last year, Pennsylvania\'s Municipal Water Authority of Aliquippa (MWAA) fell victim to a sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also	Vulnerability Threat Patching Legislation Industrial		★★★★
	2024-04-03 10:00:00	Le rôle des contrôles d'accès dans la prévention des menaces d'initiés The role of access controls in preventing insider threats (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. If you’ve ever worked in an IT department, you know how easily a single misclick can lead to data breaches and system compromises. Preventive efforts are critical since there’s no reliable way to truly eliminate insider threats. Can robust access controls protect your organization? The impact of insider threats on organizations Insider threats are a prominent danger regardless of the industry you’re in. In fact, 98% of U.S. organizations report being slightly to extremely vulnerable to them. This figure reveals how many are unconfident in their existing deterrents, highlighting the importance of preventative efforts. Even if you don’t believe anyone at your workplace would intentionally cause damage, you should still be wary — insider threats aren’t always malicious. Negligent employees are responsible for 60% of data breaches, meaning carelessness is a more common driver. Unfortunately, the fact that negligence is the primary driver of insider threat attacks isn’t a good thing — it means a single misclick could put your entire organization at risk. Robust access controls are among the best solutions to this situation since they can prevent careless employees from leaking data or unintentionally escalating an attacker’s permissions. Access control mechanisms are crucial for threat mitigation The main way robust access control mechanisms are crucial for addressing insider threats is through unauthorized access mitigation. Employees, whether acting negligently or with ill intent, won’t be able to do any damage to your organization when their permissions limit them from retrieving or editing sensitive data storage systems. No matter how long you’ve spent in the IT department, you know how irresponsible some employees are when dealing with sensitive data, intellectual property or identifiable details. Access control mechanisms keep information assets out of reach of most of the people in your organization, safeguarding them from being tampered with or exfiltrated. If an attacker successfully enters your organization’s systems or network, robust access control mechanisms restrict their lateral movement. Since they aren’t authorized personnel, they aren’t granted meaningful permissions. This act minimizes the damage they can do and prevents them from compromising anything else. Even if an attacker has one of your colleague’s lost or stolen devices, access controls block them from being able to do anything meaningful. Authentication measures prevent them from accessing your organization’s systems and exfiltrating sensitive data. It also helps keep them from escalating their privileges, minimizing their impact. With robust access control mechanisms, you can quickly identify indicators of compromise (IOCs) to stop threats before they become an issue. For example, spotting concurrent logins on a single user account means an attacker is using legitimate credentials, indicating a brute force, phishing or keylogging attack. Which access control systems should you implement? Although insider threats pose an issue regardless of your industry or organization’s size, you can find ways to prevent them from doing any damage. You should consider implementing access control systems to detect and deter unauthorized action, mitigating data breaches and system compromises. A standard system to consid	Tool Threat		★★★
	2024-04-02 10:00:00	Arrestations numériques: la nouvelle frontière de la cybercriminalité Digital Arrests: The New Frontier of Cybercrime (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as "digital arrests." In this scam, fraudsters manipulate technology to instil fear, isolate victims, and ultimately extort them for financial gain. Reports indicate that digital arrests are on the rise globally, leading to devastating consequences for individuals and businesses alike. What are Digital Arrests? Digital arrests refer to a type of a sophisticated cyber fraud where cyber-criminals impersonate law enforcement officials or other authorities. The targets of these scams are often contacted out of the blue usually on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims\' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don\'t cooperate with a series of urgent demands. Fraudsters behind digital arrests are masters of psychological manipulation. They understand that fear and urgency are powerful motivators that can cloud judgment and lead people to act against their best interests. By creating a fabricated sense of crisis, they pressure victims into making hasty decisions without the chance for rational thought or verification. The techniques used in digital arrests are diverse and constantly evolving. Here\'s how they typically unfold: Impersonation: Criminals pose as law enforcement, bank representatives, or other authoritative figures, using forged documents and spoofed phone numbers to create a convincing facade of legitimacy. False Accusations: Victims are accused of involvement in illegal activities, money laundering, identity theft, or other serious crimes. Demands and Threats: Scammers demand sensitive information like banking credentials, passwords, and personal identification details. They instil fear with threats of arrest, hefty fines, or the release of compromising information. Technological Trickery: Fraudsters often trick victims into downloading remote access software like TeamViewer or AnyDesk, inadvertently giving criminals extensive control over their devices. Monitored \'Interrogation\': Criminals may insist on video calls to maintain their illusion of authority and monitor victims. They may threaten to fabricate and disseminate compromising evidence to extort large sums of money. Some real-life incidents as to understand these cybercrimes are given below: Case I: A Noida woman was duped out of over Rs 11 lakh (approximately $13,500 USD) in a digital arrest scam. The scammers, posing as police officers, convinced her that her identity was used in illicit activities and her involvement carried severe legal ramifications. Through prolonged interrogation on a video call, they led her to transfer the funds under the guise of protection. Case II: A 23-year-old woman was defrauded of Rs 2.5 lakh (approximately $3,000 USD) after fraudsters convinced her that her Aadhaar card details were linked to human trafficking activities. Facing threats of arrest and social humiliation, she was coerced into transferring money	Vulnerability Threat Legislation Prediction Cloud		★★
	2024-04-01 10:00:00	AI - le bon, le mauvais et effrayant AI - The Good, Bad, and Scary (lien direct)	AI and machine learning (ML) optimizes processes by making recommendations for optimizing productivity, reducing cycles, and maximizing efficiency. AI also optimizes human capital by performing mundane & repetitive tasks 24x7 without the need for rest and minimizing human errors. There are numerous benefits as to how AI can benefit society. As much as AI can propel human progress forward, it can be consequential to our own detriment without proper guidance. We need to understand the risks and challenges that comes with AI. Growing your knowledge in the new era of AI will help you and your organization evolve. AI can be a battlefield of good and evil. There’s the power to do good and the power to do evil. Here are some examples on the Good, Bad, and Scary of AI. Good Cybersecurity - Detect and respond to cyber-attacks with automation capabilities at machine speed and predict behavioral anomalies and defend against cyber threats before an actual attack occurs Banking & Finance – Detect and prevent fraud, manage risks, enable personalized services, and automate financial-decision processing Healthcare – Optimize patient interactions, develop personalized treatment plans, attain better patient experience, improve patient data accuracy, and reduce misfiled patient records Manufacturing – Predict maintenance, detect defects and quality issues, enhance productivity, generate product & component designs, and optimize inventory & demand forecasting Retail – Secure self-checkout that helps loss prevention, optimize retail operations & supply chain, and enhance customer experiences Smart cities & IoT – Manage traffic of autonomous vehicles & self-driving, manage energy consumption, optimize water usage, and streamline waste management through real-time sensor data Telecom – Predict network congestion and proactively reroute traffic to avoid outages Bad Cybercriminals – Leverage AI-powered tools and social engineering to steal identities, generate ransomware attacks, perform targeted national state attacks, and destroy national critical infrastructure Computing resources – Require heavy power supply, Thermal Design Power (TDP), Graphics Processing Unit (GPU), and Random Access Memory (RAM) Environmental impact - Impact of intensive computing resources have on carbon footprint and environment Energy cost – Rise in electric power usage and water for cooling and increasing computational costs translates into carbon emissions Bias & Discrimination - Propagate biases as a result of bad training data, incomplete data, and poorly trained AI model Inequality – Widen the gap between the rich and poor and increase inequality in society Privacy – Loss of data privacy from insecure AI systems, unencrypted data sources, and misuse & abuse Skills loss - Reduce human critical thinking skills to uncover root issues, solve complex problems, and ability to write at college level and professionally Scary Job loss and displacement - Replace humans with robots across every sector to perform highly skilled professional jobs Overreliance on AI – Rely heavily on AI to make important decisions like electing medical procedures, making life or death decisions, or choosing political candidates Dominance of AI - Potential ability of AI to surpass human intelligence and take control Monopoly by tech – a select number of tech companies could monopolize the economy and have undue influence over the social construct of our daily lives from buying patterns to everyday decision-making Deepfakes – Generate deepfakes with manipulated videos and images to influence discussions on social media and online forums Propaganda & Disinformation – Deploy human a	Ransomware Tool Prediction Medical		★★★
	2024-03-27 10:00:00	Techniques avancées de numérisation NMAP Advanced Nmap Scanning Techniques (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Beyond its fundamental port scanning capabilities, Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems. Let\'s take a look at these techniques: 1. Vulnerability Detection Syntax: nmap -sV --script=vulners Nmap\'s vulnerability detection feature, facilitated by the \'vulners\' script, enables users to identify outdated services susceptible to known security vulnerabilities. By querying a comprehensive vulnerability database, Nmap provides valuable insights into potential weaknesses within target systems. 2. Idle Scanning Syntax: nmap -sI Idle scanning represents a stealthy approach to port scanning, leveraging a "zombie" host to obfuscate the origin of scan requests. By monitoring changes in the zombie host\'s IP identification number (IP ID) in response to packets sent to the target, Nmap infers the state of the target\'s ports without direct interaction. 3. Firewall Testing (Source Port Spoofing) Syntax: nmap --source-port This technique involves testing firewall rules by sending packets with unusual source ports. By spoofing the source port, security professionals can evaluate the effectiveness of firewall configurations and identify potential weaknesses in network defenses. 4. Service-Specific Probes (SMB Example) Syntax: nmap -sV -p 139,445 --script=smb-vuln* Nmap\'s service-specific probes enable detailed examination of services, such as the Server Message Block (SMB) protocol commonly used in Windows environments. By leveraging specialized scripts, analysts can identify vulnerabilities and assess the security posture of target systems. 5. Web Application Scanning (HTTP title grab) Syntax: nmap -sV -p 80 --script=http-title Web application scanning with Nmap allows users to gather information about web servers, potentially aiding in vulnerability identification and exploitation. By analyzing HTTP response headers, Nmap extracts valuable insights about target web applications and server configurations. Nmap Scripting Engine: One of the standout features of Nmap is its robust scripting engine (NSE), which allows users to extend the tool\'s functionality through custom scripts and plugins. NSE scripts enable users to automate tasks, perform specialized scans, gather additional information, and even exploit vulnerabilities in target systems. nmap --script-help scriptname Shows help about scripts. For each script matching the given specification, Nmap prints the script name, its categories, and its description. The specifications are the same as those accepted by --script; so, for example if you want help about the ssl-enum-ciphers script, you would run nmap --script-help ssl-enum-ciphers Users can leverage existing NSE scripts or develop custom scripts tailored to their specific requirements.	Tool Vulnerability Threat		★★★
	2024-03-26 10:00:00	L'importance croissante du CAASM dans la stratégie de cybersécurité de l'entreprise The Growing Importance of CAASM in Company Cybersecurity Strategy (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The recent years\' events, including the proliferation of ransomware, the pandemic, and political tensions, have fast-tracked the development of both offensive and defensive tools in the cyber domain. Cybersecurity concepts that were nascent a few years ago are now being refined, demonstrating the practical benefits of modern digital risk management strategies. Gartner analysts have highlighted the expansion of the attack surface as a significant risk for corporate cyber environments in the upcoming years. The most vulnerable entities include IoT devices, cloud apps, open-source systems, and complex software supply chains. There is an increasing demand for concepts like Cyber Asset Attack Surface Management (CAASM), External Attack Surface Management (EASM), and Cloud Security Posture Management (CSPM) in corporate security frameworks. This trend is also documented in Gartner\'s "hype" chart. Let\'s discuss the concept of CAASM, which is centered on identifying and managing all digital assets within an organization, whether they are internal or external. This approach aims to provide a comprehensive view and control over the organization\'s cyber environment, enhancing security measures and management practices. What Is CAASM CAASM assists IT departments in achieving end-to-end visibility of a company\'s cyber assets. This strategy creates a fuller understanding of the actual state of the infrastructure, enabling the security team to respond promptly to existing threats and potential future ones. CAASM-based products and solutions integrate with a broad array of data sources and security tools. CAASM gathers and aggregates data and analyzes perimeter traffic, providing a continuous, multi-dimensional view of the entire attack surface. Having access to current asset data enables information security officers to visualize the infrastructure and address security gaps promptly. They can prioritize the protection of assets and develop a unified perspective on the organization\'s actual security posture. This sets the stage for proactive risk management strategies. Exploring CAASM\'s Core Functions The CAASM approach equips security professionals with a variety of tools necessary for effectively managing an organization\'s attack surface and addressing risks. Asset Discovery A lack of visibility into all of an organization\'s assets heightens the risk of cyberattacks. Cyber Asset Attack Surface Management products automatically detect and catalog every component of a company\'s digital infrastructure, encompassing local, cloud, and various remote systems, including shadow IT. A company employing CAASM gains a clear overview of all its deployed web applications, servers, network devices, and cloud services. CAASM facilitates a comprehensive inventory of the devices, applications, networks, and users constituting the company\'s attack surface. Vulnerability Detection It is important to understand the risks each asset poses, such as missing the latest security updates or opportunities to access sensitive data. CAASM systems integrate asset data, helping security teams identify misconfigurations, vulnerabilities, and oth	Ransomware Tool Vulnerability Threat Prediction Cloud		★★★
	2024-03-25 10:00:00	Décodage des implications de cybersécurité de l'avancement rapide de l'AI \\ Decoding the Cybersecurity Implications of AI\\'s Rapid Advancement (lien direct)	The genius at the heart of AI—its ability to sift through mountains of data, actually spot a needle in a haystack, and act on threats before they blossom into full-scale emergencies—it’s undeniable. However, here’s the rub—every part of that impressive arsenal? It’s also up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the	Spam Tool Vulnerability Threat Prediction Technical	Deloitte	★★
	2024-03-19 10:00:00	Techniques de numérisation NMAP Nmap scanning techniques (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our previous blog, we explored the significance of host discovery techniques using Nmap, Netdiscover, and Angry IP Scanner. Now, let\'s dive deeper into the network reconnaissance and focus specifically on the powerful features offered by Nmap. Renowned for its versatility and robust feature set, Nmap enables analysts to probe networked systems, map network topology, identify open ports, detect services, and even determine operating system details. Its command-line interface, coupled with a myriad of options and scripting capabilities, makes it an indispensable asset for security professionals, network administrators, and ethical hackers alike. I have used a virtual environment created mainly for demonstration purposes to see these scanning techniques in action, Target machine for this demonstration is metasploitable2 (192.168.25.130), Attacker Machine is Kali Linux (192.168.25.128). We already have seen how to discover hosts in a networked environment in our previous blog. Additionally, you can refer to nmap.org for better understanding of these techniques. Let\'s take a look at different techniques nmap offers: 1. TCP SYN scan (-sS): The TCP SYN scan, also known as a half-open scan, sends SYN pack	Vulnerability		★★★
	2024-03-18 10:00:00	Explorer les risques de la technologie de suivi des yeux dans la sécurité VR Exploring the risks of eye-tracking technology in VR security (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) offers profound benefits across industries, particularly in education and training, thanks to its immersive nature. Through derivatives, such as 3D learning environments, VR enables learners to gain a deeper understanding of theoretical concepts more quickly and efficiently. However, with the benefits come some dangers. One such risk is the integration of eye-tracking technology within virtual reality environments. While eye-tracking promises to make experiences better and improve security through biometric verification, it also raises privacy concerns. This technology, though handy, could be exploited by cybercriminals. For instance, a recent paper by Rutgers University shows that hackers could use common virtual reality (AR/VR) headsets with motion sensors to capture facial movements linked to speech. This could lead to the theft of sensitive data communicated through voice commands, like credit card numbers and passwords.	Tool Cloud		★★★
	2024-03-14 10:00:00	Spyware commercial: la menace furtive Commercial spyware: The stealthy threat (lien direct)	It can be difficult to over-estimate the benefits that we accrue from the use of technology in our day to day lives. But these benefits have come at a price which has redefined what we expect in terms of privacy. As a member of Generation X, which came of age at the dawn of the Internet era and witnessed the rise of an entire industry built on consumer information analytics, I have on occasion struck my own Faustian bargains, offering up my personal data in exchange for convenience. As have we all. In doing so we are implicitly trusting the organization that runs the website or app in question to safeguard our information effectively. Spyware, as the name suggests, is software designed to covertly gather data about a victim without their consent. Spyware can infect both computers and mobile devices, infiltrating them through malicious or hacked websites, phishing emails, and software downloads. Unlike other forms of malware that may seek to disrupt or damage systems, spyware operates discreetly, often evading detection while silently siphoning off sensitive information. When deployed against individuals this data can range from browsing habits and keystrokes to login credentials and financial information. Spyware can access microphones and cameras for purposes of gathering intelligence or evidence when deployed by government agencies, or capturing content for purposes of sale, blackmail, or other monetization schemes if deployed by threat actors. The effects of which can be devastating. The proliferation of commercial spyware poses significant risks to companies as well. Commercial spyware is a niche industry which develops and markets software for the purpose of data collection. Their products use many of the same methods as other kinds of malware. Often, commercial spyware leverages zero-day exploits that were either developed by the vendor in question or purchased from independent researchers. For example, in a recent report, Google researchers concluded that approximately half of the zero-day vulnerabilities targeting their products over the past decade were the work of “Commercial Surveillance Vendors” (https://www.scmagazine.com/news/spyware-behind-nearly-50-of-zeros-days-targeting-google-products).	Ransomware Malware Tool Vulnerability Threat Legislation Mobile Commercial		★★
	2024-03-13 10:00:00	25 conseils essentiels de cybersécurité et meilleures pratiques pour votre entreprise 25 Essential Cybersecurity tips and best practices for your business (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercrime is quickly becoming one of the biggest threats worldwide, impacting businesses across all sectors. To avoid the risk of a damaging security breach, it\'s crucial to stay updated on the latest cybersecurity tips and practices. Protecting yourself or your business from cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1. Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date.	Ransomware Malware Tool Vulnerability Mobile Cloud	LastPass	★★
	2024-03-12 10:00:00	Le rôle des proxies dans le commerce électronique: stimuler le succès en ligne de la vente au détail The role of proxies in e-commerce: Boosting online retail success (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Just as the heart keeps the body going, unseen and often not thought about unless something goes wrong, so do proxies serve as the hidden engines that power the bustling world of online retail. They are the invisible assistants that work hard to ensure the storefront—that shiny website filled with enticing products—remains the focus of our shopping experience. In embracing tools like rotating proxies, services like GoProxies have become indispensable allies in the quest to boost e-commerce success. What exactly are proxies? Imagine you want to send a gift without revealing your identity. You might ask a friend to deliver it for you. That\'s what a proxy does — it\'s your discreet friend in the world of the internet, passing along requests and responses so your online presence remains anonymous and secure. A cloak of invisibility for market research	Tool Prediction		★★★
	2024-03-11 10:00:00	La préparation aux incidents est cruciale pour les gouvernements des États et locaux Incident readiness is crucial for state and local governments (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The current cybersecurity landscape: Navigating threats and safeguarding local government operations Local governments in the United States faced a surge in cyber threats during the latter half of 2023, with over 160 cybersecurity incidents impacting the State, Local, and Education (SLED) sectors. Alarming statistics reveal that many of these incidents were ransomware attacks (45%) and data breaches (37%). As custodians of vast amounts of personal and private information, local governments are entrusted with safeguarding sensitive data against evolving cyber threats. The urgency of cybersecurity incident readiness becomes paramount in this landscape, where the consequences of breaches extend beyond operational disruptions. Protecting sensitive data is not just a matter of legal compliance; it is crucial for preserving privacy and upholding public trust. A breach can lead to severe legal consequences and reputational damage. Demonstrating a commitment to robust cybersecurity practices not only safeguards sensitive information but also enhances confidence in state and local government reassuring community stakeholders that their data is secure. Operational continuity is equally critical, as local governments play a vital role in delivering essential services to communities. Cybersecurity incidents have the potential to disrupt operations, causing service outages and delays. Therefore, the importance of effective incident readiness cannot be overstated, as it helps to maintain the uninterrupted delivery of crucial services and fortifies the resilience of local governments in the face of escalating cyber threats.	Ransomware Threat		★★
	2024-03-07 11:00:00	Sécuriser l'IA Securing AI (lien direct)	With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from	Tool Vulnerability Threat Mobile Medical Cloud Technical	ChatGPT	★★
	2024-03-06 11:00:00	Les escroqueries «Phantom Hacker» ciblant les seniors sont en augmentation “Phantom hacker” scams targeting seniors are on the rise (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. “Phantom hacker” scams — tech support-style scams that trick people into transferring money by falsely claiming their computer or online security is compromised — are on the rise, and “significantly impacting senior citizens, who often lose their entire bank, savings, retirement or investment accounts to such crime”, CNBC reports. Notably, as of August 2023, damages stemming from tech support scams surged by 40%, compared to the corresponding period in 2022, a recent FBI public advisory reveals (specifics on the total financial impact, however, weren’t disclosed). 50% of people targeted were over 60 years old, accounting for 66% of the total financial damages. Financial predation: exploiting seniors\' savings Ample financial resources, technological unfamiliarity, and a generally trusting nature collectively makes the elderly a prime target for phantom hacker scams. “Older adults have generally amassed a larger nest egg than younger age groups, and therefore pose a more lucrative target for criminals. Older adults are also particularly mindful of potential risks to their life savings,” Gregory Nelsen, FBI Cleveland special agent in charge, said in a statement. “These scammers are cold and calculated,” he added. “The criminals are using the victims’ own attentiveness against them”. Additionally, older adults may be less familiar with the intricacies of technology and cybersecurity, making them more susceptible to manipulation and deception. And, due to the generally polite and trusting nature of seniors, scammers can have an easier time establishing rapport and gaining the trust needed to pull off their scams.	Threat		★★★
	2024-03-05 11:00:00	Explorer les techniques de découverte d'hôtes dans un réseau Exploring host discovery techniques in a network (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a network assessment, one of the first tasks is to narrow down a large set of IP addresses to a list of active or interesting hosts. It\'s like trying to find specific houses in a big neighbourhood without knocking on every door. Scanning every possible connection of every single IP address can be slow and often unnecessary. What makes a host interesting depends on what you\'re looking for. For example, network administrators might only care about devices running specific services, while security experts might want to know about every device with an IP address. Imagine a scenario, where a network administrator wants to find all the computers in their office network. They might just want to send a quick signal (like a ping) to see if each computer responds. But if someone outside the network is testing security, they might try different tricks to avoid detection by firewalls and uncover every possible connection. Host discovery serves as the initial phase of network reconnaissance, laying the groundwork for subsequent analysis and exploitation. Host discovery refers to the technique used in a network assessment to find live hosts (online systems) and narrow down the scope of assessment to live hosts only in a network. In this article, we will delve into various ways to perform host discovery in a network using Nmap, netdiscover and angry ip scanner. For this exercise I have used a virtual local area network (LAN) network configured on my local system. The IP range I will use in this exercise is for my network. You have to find your IP before starting a scan for hosts in your LAN. I have used host only as network adapter in my virtual machines, but you can al	Tool		★★★
	2024-03-04 11:00:00	Naviguer dans le paysage de la cybersécurité: une plongée profonde dans des stratégies efficaces SIEM Navigating the Cybersecurity landscape: A deep dive into effective SIEM strategies (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Comprehending and effectively addressing cybersecurity threats is paramount to organizational security. As artificial intelligence continues to evolve, how companies respond to cybersecurity threats and how they take proactive steps to mitigate them will factor heavily into profitability, reputation and long-term success. Within this context, Security Information and Event Management (SIEM) emerges as a critical tool for fortifying your defense against cyber threats. This deep dive aims to guide you through the foundational concepts, the pivotal role of SIEM in cybersecurity, and strategies to ensure its effectiveness. SIEM stands at the forefront, offering a centralized solution for monitoring, analyzing, and responding to security events across your network. This article is designed to be your guide, providing insights into the components of SIEM, the challenges it addresses, and most importantly, how to wield it effectively. Understanding the foundations	Tool Threat		★★
	2024-02-29 11:00:00	Gouvernance de l'IA et préservation de la vie privée AI governance and preserving privacy (lien direct)	AT&T Cybersecurity featured a dynamic cyber mashup panel with Akamai, Palo Alto Networks, SentinelOne, and the Cloud Security Alliance. We discussed some provocative topics around Artificial Intelligence (AI) and Machine Learning (ML) including responsible AI and securing AI. There were some good examples of best practices shared in an emerging AI world like implementing Zero Trust architecture and anonymization of sensitive data. Many thanks to our panelists for sharing their insights. Before diving into the hot topics around AI governance and protecting our privacy, let’s define ML and GenAI to provide some background on what they are and what they can do along with some real-world use case examples for better context on the impact and implications AI will have on our future. GenAI and ML Machine Learning (ML) is a subset of AI that relies on the development of algorithms to make decisions or predictions based on data without being explicitly programmed. It uses algorithms to automatically learn and improve from experience. GenAI is a subset of ML that focuses on creating new data samples that resemble real-world data. GenAI can produce new and original content through deep learning, a method in which data is processed like the human brain and is independent of direct human interaction. GenAI can produce new content based on text, images, 3D rendering, video, audio, music, and code and increasingly with multimodal capabilities can interpret different data prompts to generate different data types to describe an image, generate realistic images, create vibrant illustrations, predict contextually relevant content, answer questions in an informational way, and much more. Real world uses cases include summarizing reports, creating music in a specific style, develop and improve code faster, generate marketing content in different languages, detect and prevent fraud, optimize patient interactions, detect defects and quality issues, and predict and respond to cyber-attacks with automation capabilities at machine speed. Responsible AI Given the power to do good with AI - how do we balance the risk and reward for the good of society? What is an organization’s ethos and philosophy around AI governance? What is the organization’s philosophy around the reliability, transparency, accountability, safety, security, privacy, and fairness with AI, and one that is human-centered? It\'s important to build each of these pillarsn into an organization\'s AI innovation and business decision-making. Balancing the risk and reward of innovating AI/ML into an organization\'s ecosystem without compromising social responsibility and damaging the company\'s brand and reputation is crucial. At the center of AI where personal data is the DNA of our identity in a hyperconnected digital world, privacy is a top priority. Privacy concerns with AI In Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies. Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives 54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud	Studies Prediction Cloud Technical		★★
	2024-02-28 13:00:00	Obtenez le rapport AT & amp; Tybersecurity Insights Rapport: Focus sur l'énergie et les services publics Get the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities (lien direct)	We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Energy and Utilities. The report examines the edge ecosystem, surveying energy and utilities IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on energy and utilities report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report). Get the complimentary 2023 report. The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Energy and Utilities-specific respondents equal 203. At the onset of our research, we established the following hypotheses. · Momentum edge computing has in the market. · Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. · Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED- delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the energy and utilities industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that energy and utilities leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common t	Ransomware Studies		★★★★
	2024-02-28 11:00:00	AT & amp; T Cybersecurity annonce 2024 \\ 'Partner of the Year Award \\' Winners AT&T Cybersecurity announces 2024 \\'Partner of the Year Award\\' winners (lien direct)	We’re pleased to announce our 2024 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform. AT&T Cybersecurity’s 2024 Global Partner of the Year award goes to Cybersafe Solutions for the second year in a row! Cybersafe Solutions experienced incredible growth in 2023 and we’re thrilled to be partnering with their team to help customers orchestrate and automate their security. In addition to Cybersafe Solutions as our Global Partner of the Year, we’re proud to recognize six other partners who demonstrated excellence in 2023. See below for the full list of winners and their feedback regarding their partnership with AT&T Cybersecurity. Global Awards: Global Partner of the Year: Cybersafe Solutions	Threat		★★
	2024-02-27 11:00:00	L'évolution du point de terminaison - passant des critères de terminaison traditionnels aux charges de travail cloud ou conteneurisées et les solutions de sécurité pour les protéger The endpoint evolution - Evolving from traditional endpoints to cloud or containerized workloads and the security solutions to protect them (lien direct)	As organizations grow and more endpoints are added across the enterprise, they create an increasingly broad attack surface sophisticated attackers are looking to compromise. According to the 2019 Endpoint Security Trends Report 70% of breaches originate at the endpoint¹. That is likely because endpoints typically represent the Intersection between humans and machines creating vulnerable points of entry for cybercriminals. This is why it is increasingly important to secure your endpoints. Growth in endpoints An endpoint is defined as any computing device that communicates back and forth with a network to which it is connected. Some end user devices serve as an interface with human users while others are servers that communicate with other endpoints on the network. Traditional endpoints began as physical devices including servers, workstations, desktops, and laptops, all connected to a corporate network. When smartphones and tablets became handheld computing devices with access to corporate email, document sharing and collaboration tools the number of endpoints at least doubled. Then came the rise of the Internet of Things (IoT) including devices like printers, webcams, smartwatches, and thermostats, all of which are connected to the network. Industries like healthcare and manufacturing are using millions of IoT sensors to collect and exchange data. This continued growth in IoT only increases the number of endpoints that need to be protected. Another contribution to the growth in endpoints is the migration to the cloud. It is estimated that 67% of enterprise infrastructure is cloud-based². This cloud transformation is the evolution from physical devices to virtualization and containerization. Endpoint virtualization The cloud is a multi-tenant environment where multiple users run services on the same server hardware. Virtualization and containerization are both virtualization technologies that separate the host operating system from the programs that run in them. Virtualization is achieved using a hypervisor, which splits CPU, RAM, and storage resources between multiple virtual machines (VMs). Each VM behaves like a separate computer that gets a guest operating system and each VM is independent of each other. This allows organizations to run multiple OS instances on a single server. Containerization, on the other hand, runs a single host OS instance and uses a container engine to help package applications into container images that can be easily deployed and re-used. By splitting each individual application function or microservice into containers they can operate independently to improve enterprise resilience and scalability. Kubernetes then manages the orchestration of multiple containers. VMs and containers present very different security challenges so let’s look at the evolution of endpoint security and the solutions that meet the needs of complex customer environments. Securing endpoints For decades, organizations have heavily relied on antivirus (AV) software to secure endpoints. However, traditional antivirus worked by matching known malicious signatures in a database and can no longer protect against today’s sophisticated threats. Modern endpoint security solutions are less signature-based and much more behavior-based. Endpoint protection platforms (EPP) offer cloud native architectures that provide a layered defense against fileless attacks using machine learning and behavioral AI to protect against malicious activity. Endpoint detection and response (EDR) solutions went beyond protection by recording and storing endpoint-system level behaviors to detect malicious threats. EDR solutions use data analytics combined with threat intelligence feeds to provide incident responders with the forensic data for completing investigations and threat hunting. In addi	Malware Tool Vulnerability Threat Mobile Cloud		★★
	2024-02-26 11:00:00	Construire une cyber-résilience contre l'ingénierie sociale alimentée par l'IA Building Cyber resilience against AI-powered social engineering (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Exploring advanced AI tactics in social engineering and effective strategies for cyber defense Long-standing as a significant threat in the business world, social engineering attacks constitute a major portion of global cyberattacks. An average business regularly faces a substantial number of such attacks every year. These attacks manifest in various forms, from intricate phishing emails to complex interactions designed to deceive employees, often leading to grave outcomes. This alarming reality is further underscored by the following statistics: · Social engineering is implicated in 98% of all cyberattacks · Approximately 90% of malicious data breaches occur due to social engineering · The typical organization faces over 700 social engineering attacks each year · The average cost incurred from a social engineering attack is about $130,000	Malware Tool Vulnerability Threat		★★
	2024-02-23 11:00:00	Détection des connexions anormales O365 et des techniques d'évasion Detecting anomalous O365 logins and evasion techniques (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summary Businesses across multiple industries, regardless of size, are at risk of being targeted with Microsoft 365 phishing campaigns. These campaigns trick users into visiting fake Microsoft login page where threat actors capture the user’s credentials. Even accounts with MFA can be victim to these types of attacks. There are several ways in which MFA is being bypassed with these types of campaigns. MFA Fatigue is one of the ways threat actors are bypassing MFA and this method attempts to exploit human error by repeatedly logging in with the stolen credentials causing an overwhelming number of MFA prompts in attempts to get the user to approve the login. Another MFA bypass technique is SIM Swapping. A SIM card is a small chip that your mobile carrier uses to hold identification information to tie your phone to you and your mobile carrier. Threat actors have found a weakness in this because there are scenarios where a customer may need a new SIM card (for example, they lost their phone). Carriers can transfer your identification information from your old SIM card to new one. SIM Swapping is when a threat actor abuses this feature and impersonates you to convince your mobile carrier to switch your phone number to a SIM card that is in the threat actor’s possession. This then allows the threat actor to receive MFA codes sent to your number via phone call or SMS.	Tool Threat Mobile Cloud		★★★
	2024-02-22 11:00:00	L'importance de la cybersécurité dans les services bancaires en ligne The importance of Cybersecurity in online banking (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our digitized world, online banking has become an integral part of managing your finances, offering unparalleled convenience. However, with this convenience comes an increasing need for robust cybersecurity measures. As you embrace the ease of handling your financial affairs online, understanding the importance of cybersecurity becomes paramount. This article delves into the critical role of cybersecurity in safeguarding your financial assets and personal information from the evolving risks associated with online banking. Risks associated with online banking Engaging in online banking exposes you to various risks that demand your vigilance. Financial data breaches, where cybercriminals exploit vulnerabilities to gain unauthorized access to sensitive information, pose a significant threat. Phishing attacks, disguised as legitimate communications, aim to trick you into disclosing personal details. Additionally, identity theft, a direct consequence of these breaches, can lead to severe financial implications. Recognizing these risks is the first step in fortifying your online banking experience and ensuring the protection of your valuable information. Beyond individual concerns, these risks reverberate through financial institutions, impacting their reputation. Financial losses and unauthorized activities not only harm individuals but also erode the trust customers place in their banks and reputational damage becomes a looming threat for financial institutions, highlighting the critical need for comprehensive cybersecurity measures. Offshore banking risks Offshore banking, while offering financial privacy and potential tax advantages, poses certain risks that individuals should be aware of. One significant concern is the potential for increased susceptibility to financial fraud and money laundering due to the less stringent regulations in some offshore jurisdictions. Additionally, the lack of transparency in offshore banking systems may create challenges in recovering funds in the event of disputes or legal issues. It\'s crucial for individuals engaging in offshore banking to carefully evaluate the regulatory environment, conduct thorough due diligence on financial institutions, and be aware of the potential risks associated with this financial strategy. The impact of cyber-attacks on individuals and financial institutions The fallout from cyber-attacks extends far beyond individual victims, leaving lasting effects on financial institutions. Instances of financial losses and unauthorized activities not only harm individuals but also erode the trust customers place in their banks. The repercussions of cyber-attacks reverberate through the broader financial landscape, extending well beyond the immediate impact on individual victims. It is sobering to consider that when a financial institution falls victim to a cyber-attack, the consequences are felt on a systemic level. Instances of financial losses and unauthorized activities create a ripple effect, compromising the overall integrity of the affected institution. The fallout includes not only the immediate financial implications	Vulnerability Threat		★★
	2024-02-21 11:00:00	Le SoC moderne de Next Gen propulsé par l'IA The modern next gen SOC powered by AI (lien direct)	AI is among the most disruptive technologies of our time. While AI/ML has been around for decades, it has become a hot topic with continued innovations in generative AI (GenAI) from start-up OpenAI to tech giants like Microsoft, Google, and Meta. When large language models (LLMs) combined with big data and behavior analytics, AI/ML can supercharge productivity and scale operations across every sector from healthcare to manufacturing, transportation, retail, finance, government & defense, telecommunications, media, entertainment, and more. Within the cybersecurity industry, SentinelOne, Palo Alto Networks, Cisco, Fortinet and others are pioneering AI in Cybersecurity. In a research report of the global markets by Allied Market Research, AI in Cybersecurity is estimated to surge to $154.8 billion in 2032 from $19.2 billion in 2022, rising at a CAGR of 23.6%. Challenges of the traditional SOC SIEM One of the challenges with the traditional Security Operations Center (SOC) is SOC analysts are overwhelmed by the sheer number of alerts that come from Security Information Event Management (SIEM). Security teams are bombarded with low fidelity alerts and spend considerable time separating them from high fidelity alerts. The alerts come from almost any sources across the enterprise and is further compounded with too many point solutions and with multi-vendor environment. The numerous tools and lack of integration across multiple vendor product solutions often require a great deal of manual investigation and analysis. The pressure that comes with having to keep up with vendor training and correlate data and logs into meaningful insights becomes burdensome. While multi-vendor, multi-source, and multi-layered security solutions provides a lot of data, without ML and security analytics, it also creates a lot of noise and a disparate view of the threat landscape with insufficient context. SOAR Traditional Security Orchestration and Automation Response (SOAR) platforms used by mature security operations teams to develop run playbooks that automate action responses from a library of APIs for an ecosystem of security solution is complex and expensive to implement, manage, and maintain. Often SOCs are playing catch up on coding and funding development cost for run playbooks making it challenging to maintain and scale the operations to respond to new attacks quickly and efficiently. XDR Extended Detection and Response (XDR) solves a lot of these challenges with siloed security solutions by providing a unified view with more visibility and better context from a single holistic data lake across the entire ecosystem. XDR provides prevention as well as detection and response with integration and automation capabilities across endpoint, cloud, and network. Its automation capabilities can incorporate basic common SOAR like functions to API connected security tools. It collects enriched data from multiple sources and applies big data and ML based analysis to enable response of policy enforcement using security controls throughout the infrastructure. AI in the modern next gen SOC The use of AI and ML are increasingly essential to cyber operations to proactively identify anomalies and defend against cyber threats in a hyperconnected digital world. Canalys research estimates suggest that more than 7	Ransomware Malware Tool Vulnerability Threat Prediction Cloud		★★
	2024-02-20 11:00:00	Un guide fondamental pour la sécurité des points finaux A fundamental guide to endpoint security (lien direct)	Anyone that utilizes technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so it is necessary that the methods of detecting and preventing these threats do so at an even more rapid pace. However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. The way in which we work has changed not just in where but also in how. Today employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations including on these devices, within corporate data centers, and in the cloud. This means that organizations likely need more than one technology to defend their endpoints against security breach or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine which are ideal for your particular environment. This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences, and explain how they can complement each other. This is not intended to be an exhaustive list and it should be noted that there are some technologies that may fall into more than one category, for example, endpoint and cloud security. Four key endpoint security technologies To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers. Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment. But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds. Although this may seem trivial, it is important to note because they all represent entry points into the network that can be exploited and opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter: Unified endpoint management (UEM) or mobile device management (MDM): There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once the devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located. A key feature of both UEM and MDM is that they allow an organization to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest O	Ransomware Malware Tool Vulnerability Threat Mobile Medical Cloud		★★
	2024-02-16 11:00:00	Des résultats solides dans les tests tiers confirment AT & amp; T cybersécurité en tant que leader XDR Strong results in third-party testing confirm AT&T Cybersecurity as an XDR leader (lien direct)	Here at AT&T Cybersecurity, we know that the technology powering our managed detection and response services is solid—and we’ve got documentation to prove it. But we also know you’ve probably read your share of marketing materials making claims with nothing to back them up, so when we get the opportunity to share third-party metrics that support what we’ve been saying, we jump on it. Recently, the AT&T Cybersecurity USM Anywhere platform was evaluated by an independent third-party test lab for its extended detection and response (XDR) capabilities, and we are delighted to announce that it received an impressive overall score of 96.3%. SecureIQLab evaluated USM Anywhere across multiple attack scenarios that incorporated a wide range of real-world threats and attack stages. The unbiased results confirm what our customers already know: organizations can depend on our XDR platform to help identify and respond to advanced threats before they become a problem. USM Anywhere performed exceptionally well during testing to determine how accurate it is at detecting, correlating, and classifying threats—securing an overall score of 97.6%. In incident response testing, it received an overall score of 97.6%, indicating highly accurate incident management and response. SecureIQLab observed in its testing notes, “The AT&T Cybersecurity XDR solution demonstrated outstanding incident response capabilities, acting and/or successfully responding to almost all validated attack scenarios.” USM Anywhere shined during testing to understand how effective it is at filtering out noise and providing context to produce relevant, actionable alerts, achieving a near-perfect score of 99.8%. “A key factor in the AT&T Cybersecurity solution’s high Overall XDR Solution Score is its ability to rapidly identify and detect a threat and display relevant, correlated threat information.” – SecureIQLab (AT&T Cybersecurity Extended Detection & Response (XDR) Validation Report) The negative impact of false positives in cybersecurity is well understood. They increase noise and can quickly overwhelm security teams, resulting in alert fatigue and the very real risk of true threats being missed. Our solution’s perfect score (100%) during false-positive testing affirms its capability to correctly identify and allow non-malicious traffic without sacrificing operational accuracy. Testing was performed during normal workflows and included more than 30 real-world scenarios for several t	Threat		★★
	2024-02-15 11:00:00	2024: Plan de cyber-action pratique - survivre et prospérer 2024: Practical cyber action plan- Survive and thrive (lien direct)	\'Cyber insecurity\' is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today\'s rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers\' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation. What is top of mind for the CISO in 2024? How do we build a cyber security ecosystem that can manage the threats and opportunities of the future? How do we ensure future technologies are secure by design, not as an afterthought? How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop? Must haves for CISOs in 2024 Protecting privacy Protecting critical assets Mitigating risk Minimizing disruption Maintaining compliance Establishing and maintaining "CRUST" (credibility and trust) Ensuring secure productivity & efficiency At the top of the list of issues driving cybersecurity concerns include: Growing number of hackers/cybercriminals. Evolving threats & advanced skillset of criminals. Privacy concerns handling other\'s data. Generative AI Practical action plan: Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following: 1) Prevents breaches & minimizes the impact of a potential breach Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year. 2) Reduces cybersecurity risks Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allo	Vulnerability Threat Cloud Technical		★★
	2024-02-13 11:00:00	API et automatisation: le bien, le mauvais et le mieux APIs and automation: The good, the bad, and the better (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. APIs are often adopted by businesses as a way to automate certain operational tasks. This not only helps to introduce efficiencies, it also reduces the chance of human error in repetitive, manual actions. But the relationship between APIs and automation doesn’t end there. To streamline the API management process, developers have started automating a variety of tasks in the API lifecycle, from development to production. In this article, we explore where these automations live, how they impact the development process, and what teams need to look out for. What is API automation? API automation is the process of automating a variety of tasks associated with designing, building, deploying, testing, and managing APIs. This automated approach lets developers navigate the API lifecycle by using controlled streamlined processes for repetitive, manual tasks. This enables greater consistency throughout the lifecycle, and can improve the success and reliability of functions like testing (both in development and production) and security. In addition, introducing automation also enables more efficiency in the process, allowing developers to focus more of their efforts on more strategic tasks. While not all tasks related to APIs can be automated, there are a variety that lend themselves to it quite nicely. These include: API documentation: Some tools can automatically generate API documentation based on the code base. Code generation: Other tools can automatically create code snippets, using API documentation and specifications as inputs. Versioning: Automated processes can facilitate the management of multiple API versions, ensuring that new changes don’t break anything. Deployment: Introducing automation into the API deployment process can introduce more consistency and reduce the scope of potential errors.	Tool Vulnerability		★★★
	2024-02-12 11:00:00	Le réseau sécurisé commence (et se termine) au point final Secure networking starts (and ends) at the endpoint (lien direct)	One step behind The last decade has been challenging for the cyber industry. Attackers always seem to have the upper hand while defenders play catch up. It’s common to point to the ever-accelerating frequency and sophistication of attacks, siloed security that creates gaps, and a shortage of skilled cyber professionals as rationale for this lagging position. All are true but none represent the core reason for our current situation. The reason we are where we are is because of cloud computing. Don’t get me wrong, cloud computing has been and continues to be profoundly beneficial. It enabled digital transformation that reshaped how we do business. But it is also a huge disruptor that turned traditional, centralized computing and data networking models on their head, forcing carriers and network suppliers alike to innovate and adapt or risk obsolescence. And as networking models shifted, from centralized to distributed, so too did security, but always at a lagging pace. With cloud computing, distributed networking, and cloud-based security becoming standard, organizations must reassess their cybersecurity approach. It is imperative that they adopt comprehensive end-to-end solutions that align with the evolving landscape of cloud computing and connectivity to address their cyber challenges. Cloud computing’s cascading effect It’s always been about data – where data lives and how it is accessed by users. Shifts in data residency and access have triggered a series of events, beginning with: Our introduction to the cloud Server virtualization and cloud compute infrastructure, frequently referred to as infrastructure as a service (IaaS), ushered in low cost, flexible, and resource efficient computing via virtual machines (VMs) Growth in cloud computing shifted focus to new ways that enabled users, whether in offices (sites) or at home (remote users), to access the data required to perform their job duties Cloud adoption led to new networking models Networks were re-architected to align with shifting data residency, from centralized data centers to distributed cloud infrastructure This transition included moving from MPLS/datacenter designs to SD-WAN with Internet breakouts and hybrid or multi-cloud solutions Network security transformation lagged As data networking models evolved so too did network security, but at a lagging pace Over time, the expansion of cloud-delivered security solutions helped organizations to align and optimize network security within this new cloud and networking environment But this new data and networking paradigm requires consideration beyond network security Endpoint security has become more critical to consider in this new age of cloud computing and network connectivity where the focus is now squarely on enabling users on laptops, desktops, and mobile devices (endpoints) to access data on cloud servers and VMs (also endpoints) Endpoints bookend this continuum of users accessing data on cloud workloads, and as an essential part of the communications flow, they must be considered when designing an end-to-end security solution Doubling down on the cloud We have come a long way from the initial cloud use case of test/dev. We’ve since moved to running production-grade applications in the cloud and are now entering the next phase of cloud application development – microservices and containerization. As the cloud becomes increasingly foundational to your organization, it is crucial to prioritize robust security for all cloud workloads. This includes ensuring top-performing endpoint security not only for VMs but a	Mobile Cloud		★★
	2024-02-08 11:00:00	Avez-vous toujours besoin d'une protection antivirus pour Windows en 2024? Do you still need antivirus protection for Windows in 2024? (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The question of whether you need antivirus (AV) for Windows devices is always up for debate. The advancements and new technology have made the operating system (OS) more secure and reliable. Nevertheless, the effectiveness and lethality of cyber threats have increased as well. And every year, millions of Windows users fall victim to various digital perils. This article will discuss whether antivirus software is needed for Windows devices. You’ll discover how AVs work and the most common cyberattacks they can prevent. Moreover, we’ll review the benefits and drawbacks of built-in and third-party antivirus software. How does antivirus work? Scanning, removing, preventing – these are the 3 main stages of how an antivirus works. Once you install an AV, it scans every email, app, and file. During this process, it compares the results with its database. If something is off, the antivirus marks it as malware. Then, the AV either quarantines the malicious files or entirely obliterates them. And while all that is happening, a reliable antivirus runs smoothly in the background, preventing intruders from harming your devices and stealing your data. According to Datto’s global research, Windows device users should be the most concerned about their safety. Around 91% of gadgets that use this OS have been targeted by ransomware attacks. Nevertheless, none of the OS are entirely immune to various online perils. Whether using a Mac, Windows, or Android device, it’s better to be safe than sorry and use an AV. That way, you won’t put yourself, your devices, or your precious data at risk. What threats can a Windows antivirus prevent? As we briefly mentioned, a reliable antivirus can protect your device from online dangers. There are a few most common ones. Below, you’ll find them and what threat they pose: Viruses: These malicious programs multiply and spread from one computer to another. Viruses can attach themselves to programs and files, damage the system, and let other malware in.	Ransomware Malware Threat Mobile		★★★
	2024-02-07 11:00:00	L'art secret de la stéganographie The Covert Art of Steganography (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In cybersecurity, where information is both an asset and a potential target, various techniques are used to secure data and communications. One such covert art is steganography, which hides information within seemingly innocuous files to avoid detection. This article dives into the fascinating world of steganography, its history, techniques, and applications in the digital age. Understanding steganography Steganography, derived from the Greek words "steganos" (meaning covered) and "graphy" (meaning writing), is the art of concealing information within other data in a way that is not easily noticeable. Unlike cryptography, which seeks to make information unreadable, steganography aims to hide the existence of the information itself. Historical roots Steganography can be traced back to ancient times when people sought secure means of communication. Tattooing messages on shaved heads was one of the earliest recorded uses, allowing messengers to transmit information undetected. Another historical example is using invisible ink to write hidden messages during wartime. Digital steganography Steganography has evolved into a sophisticated practice in the digital age, utilizing the vast amounts of data exchanged on the internet. Digital steganography is the process of hiding information within digital media, such as images, audio files, and even executable files. The goal is to render the hidden data invisible to both human observers and automated tools. Digital steganography techniques Image steganography:	Tool Threat		★★
	2024-02-06 11:00:00	AI en cybersécurité: 8 cas d'utilisation que vous devez connaître AI in Cybersecurity: 8 use cases that you need to know (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercriminals live on the cutting edge of technology, and nothing fits the label more than artificial intelligence. It helps them design sophisticated, evolving malware, pose as higher-ups, and even successfully imitate biometrics like one’s voice. The use of AI in cyber security has developed as a natural response to these new and unpredictable challenges. How are cyber security experts using artificial intelligence to thwart the bad guys? The following eight use cases will tell you all you need to know. 1. Threat prevention and preemption It\'s not uncommon for businesses and organizations to be under persistent attack. Cyber threats can burrow deep into their networks and spread chaos for months before detection. Since AI models have large datasets of past behaviors to draw on, they can spot anomalous behavior far more quickly. Preventing attacks before deployment is among cyber security’s most desirable goals. If you have the right information, it can become a reality. For example, a cybersecurity team can use a proxy network to regularly scrape the contents of forums and other sites dedicated to hacking. They may then act on the gathered info and meet future attacks head-on. 2. Timely incident response Not even an AI-enhanced cybersecurity framework can stop all incoming attacks. Someone might connect an unsanctioned device, or an update might contain malicious code. Either way, a robust cyber security AI can respond to such incidents promptly, blocking or deleting the offending actors. 3. Data protection Data is the basis on which modern economies operate. Whether you obtain it through web scraping API, surveys, as part of your day-to-day operations, etc., the data you collect needs powerful safeguards. AI can help by classifying and automatically encrypting it. Access control is another process you can automate, as is compliance with data protection laws like the GDPR.	Spam Malware Tool Threat		★★
	2024-02-05 11:00:00	PCI DSS et tests de pénétration PCI DSS and penetration testing (lien direct)	PCI DSS PCI DSS (Payment Card Industry Data Security Standard) is a set of security controls created to ensure all companies that accept, process, store or transmit credit card data maintain an audit-ready environment. Version 4.0 was published in March 2022; organizations required to be compliant have until March 31, 2024, when compliance must be complete. The most noteworthy upgrades in PCI DSS version 4.0 to Requirement 11 which are applicable to all organizations are that vulnerability scans must be conducted via authenticated scanning, and that all applicable vulnerabilities must be managed. This eliminates organizations from overlooking vulnerabilities, and selective remediation. The PCI DSS requires penetration testing (pen testing) and vulnerability scanning as part of its requirements for compliance, to keep systems secure and to protect payment cardholder data. Pen testing must take place for any organizations or entities who store, process, or transmit cardholder data in any capacity. Payment card service providers must conduct PCI pen tests twice annually and vulnerability scans four times annually, in addition to performing additional assessments when any significant modifications to systems occur. Specifically, organizations that process cardholder information via web applications could need additional tests & scans whenever significant system modifications take place. PCI pen tests are security assessments that must be conducted at least twice annually and after any significant change to address vulnerabilities across all aspects of the cardholder data environment (CDE), from networks, infrastructure, and applications found inside and outside an organization\'s environment. By contrast, vulnerability scans perform high-level tests that automatically search for vulnerabilities with severe scores; external IP addresses exposed within CDE must also be scanned by an approved scanning vendor at least every three months and after any significant change for potential security threats and reported on accordingly. PCI DSS sets forth specific guidelines and requirements for companies required to run regular PCI pen tests and vulnerability scans in accordance with PCI DSS. System components, including custom software and processes, must be regularly evaluated to maintain cardholder data over time - particularly after changes are introduced into the system. Service providers must conduct PCI pen tests every six months or whenever significant modifications to their systems take place, or whenever any major upgrades or updates take place. Significant changes that would necessitate further pen tests include any addition or change to hardware, software, or networking equipment; upgrading or replacing of current equipment with any changes; storage flow changes which affect cardholder data flow or storage; chang	Vulnerability Threat		★★★
	2024-02-01 11:00:00	Identité auto-souveraine: De quelle vie est-ce de toute façon? Self-sovereign identities: Whose life is it anyway? (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In 2023, the unfettered expansion and acceleration of internet technologies crashed headlong into the generative abilities of AI, leaving people struggling with the concept of what reality is now. Can we trust what we see and hear on social media? Is the image of the person you are looking at a real person? Most importantly, after all those times you have logged into websites using a password and maybe even a phone-based multi-factor authentication (MFA) code, do you know if you are keeping yourself and your information safe? Self-sovereign identity was the topic for discussion with Paul Fisher, Lead Analyst at KuppingerCole, Ward Duchamps, Director of Strategy & Innovation at Thales, and myself, host Steve Prentice, on the Security Sessions Podcast, Self-Sovereign Identities: Whose Life is it Anyway? We explored the idea that personal identity is a crucial part of your existence, but more often than not, we give much of it away or at least use it as payment for access to some highly desired service like TikTok, LinkedIn, or Google. All these services, which appear free, are purely a trade: their engaging content for your data. We have commoditized ourselves through our fascination with everything the internet can deliver. Control over the movement and storage of data Some countries have worked hard to establish controls over the movement and storage of personal information. Perhaps the most famous of these remains Europe’s GDPR. There are others, of course, but they are frequently countered by divisive issues ranging from defending personal freedom through to political agendas. There is no global protection for personal identities. Added to this mess is the fact that consumers find password management tedious and tend to believe any data breach involving their identity will quickly blow over, and life will just go on. It might be time for people to take greater responsibility for their identities – owning and sharing, but in a manner that doesn’t give it all away, retaining control over it while also removing the need to have dozens or hundreds of passwords, basically, creating an identity system for this new century. When people first talk about moving beyond typed passwords, the first thing that often comes to mind is biometrics, like retinal scans, palm scans, and the type of facial recognition technology that allows us all to unlock our phones simply by looking at the camera. But these simple biometric techniques tend to work just like passwords in that they are presented as tokens that open a door somewhere. They are ideally better than text-based passwords since the owner of the face or fingerprint needs to be present to push through the transaction, but they are still static identifiers. There needs to be something more – something deeper, more complex, and most importantly, something that remains solely with its owner, from which selected parts may be produced as needed, without giving everything away to an organization that keeps it all forever. We never needed a wallet inspector to buy a coffee On our podcast, Ward Duchamps analogized this to a physical wallet or purse. A wallet is a physical holder into which you add credit cards, loyalty cards, a driver’s license, health card, paper money, and more. When you go to make a purch			★★
	2024-01-31 11:00:00	Bulletproofing the Retail Cloud avec la sécurité de l'API Bulletproofing the retail cloud with API security (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability. Evolving cyber threats necessitate a dynamic approach to API security, making it a moving target that requires continuous attention and adaptation. Understanding the retail cloud environment API is a set of protocols and tools that allows different software applications to communicate with each other. In cloud environments, it facilitates the interaction between cloud services and applications, enabling features — like data synchronization, payment processing and inventory management — to work seamlessly together. It is also pivotal in the retail sector by connecting various services and applications to deliver a smooth shopping experience. If organizations neglect API security, cybercriminals can exploit APIs to access confidential information, leading to a loss of customer trust, which is critical in the highly competitive retail market. Regular API audits and assessments These audits help identify vulnerabilities before attackers can exploit them, ensuring organizations can promptly address security gaps. Regular assessments are also proactive measures to fix current issues and anticipate future threats. They enable IT teams to verify that security measures are current with the latest protection standards and to confirm APIs comply with internal policies and external regulations. By routinely evaluating API security, retailers can detect anomalies, manage access controls effectively and guarantee they consistently apply encryption standards. Robust authentication and authorization They verify the identity of users and systems, ensuring only legitimate parties can access sensitive retail data. Utilizing multi-factor authentication, which requires more than one verification method, significantly enhances security by adding layers that an unauthorized user must penetrate. With authorization, it’s crucial to implement protocols that dictate what authenticated users can do. Effective approval guarantees users have access only to the data and actions necessary for their role. For instance, role-based access control can help manage user permissions with greater granularity. Retailers can assign roles and permissions based on job functions, enabling tight control over who is authorized to view or alter data within the API ecosystem. Encryption and data protection Encryption is an essential barrier, obscuring data to make it indecipherable to unauthorized users who might intercept it during transmission or gain access to storage systems. It’s also critical for retailers to manage encryption keys with strict policies, ensuring only authorized personnel can decrypt the data. Beyond protection, comprehensive data encryption allows retailers, especially in the apparel industry, to collect and analyze extensive customer data safely. This data is invaluable for forecasting trends, customer pre	Tool Vulnerability Threat Cloud		★★★
	2024-01-30 11:00:00	Darkgate Malware livré via Microsoft Teams - Détection et réponse DarkGate malware delivered via Microsoft Teams - detection and response (lien direct)	Executive summary While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users. In a recent example, an AT&T Cybersecurity Managed Detection and Response (MDR) customer proactively reached out with concerns about a user who was external to their domain sending an unsolicited Teams chat to several internal members. The chat was suspected to be a phishing lure. The customer provided the username of the external user as well as the IDs of multiple users who were confirmed to have accepted the message. With this information, the AT&T Cybersecurity MDR SOC team was able to identify the targeted users, as well as suspicious file downloads initiated by some of them. A review of the tactics and indicators of compromise (IOCs) utilized by the attacker showed them to be associated with DarkGate malware, and the MDR SOC team was able to head off the attack before any significant damage was done. Investigation Initial event review Indicators of compromise The customer provided the below screenshot (Image 1) of the message that was received by one of their users and which was suspected to be a phishing lure. An important detail to note here is the “.onmicrosoft.com” domain name. This domain, by all appearances, is authentic and most users would probably assume that it is legitimate. OSINT research on the domain also shows no reports for suspicious activity, leading the MDR SOC team to believe the username (and possibly the entire domain) was likely compromised by the attackers prior to being used to launch the phishing attack. Image 1: Screenshot from customer of received message Expanded investigation Events search Performing a search of the external username in the customer’s environment led the MDR team to over 1,000 “MessageSent” Teams events that were generated by the user. Although these events did not include the IDs of the recipients, they did include the external user’s tenant ID, as displayed in Image 2 below. Image 2: Event log showing external user tenant ID A Microsoft 365 tenant ID is a globally unique identifier assigned to an organization. It is what allows members of different companies to communicate with one another via Teams. As long as both members of a chat have valid tenant IDs, and External Access is enabled, they can exchange messages. With this in mind, the MDR SOC team was able to query events that contained the external user’s tenant ID and found multiple “MemberAdded” events, which are generated when a user joins a chat in Teams. Image 3: “MemberAdded” event These events include the victim’s user ID, but not the external user ID. In addition to the external tenant ID, the MDR SOC team was able to positively link these “MemberAdded” events back to the attacker via the “ChatThreadId” field, which was also present in the original “MessageSent&rdq	Malware Threat Technical		★★★★
	2024-01-29 11:00:00	Étude de cas: USM de Vertek \\ partout où MDR aide plus grand concessionnaire automobile dans le nord-est à améliorer leur posture de cybersécurité Case study: Vertek\\'s USM Anywhere MDR helps larger auto dealership in the northeast improve their Cybersecurity posture (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Challenges A larger auto dealership in the northeast faced a number of cybersecurity challenges, including: Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC). The lack of trained security experts resulted in slower responses times to security incidents. Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data. Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks. Solution The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek\'s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console. The service easily integrates with the existing security stack and is implemented without interruption to existing operations. Benefits Since implementing Vertek\'s USM Anywhere MDR service the dealership has experienced a number of benefits, including: Improved security posture: Vertek\'s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights. Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence. Reduced workload and more effective allocation of resources: Vertek\'s MDR service has reduced the workload on the dealership\'s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency. Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership. Improved peace of mind: Vertek\'s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats. Specific example Vertek was actively monitoring a customer\'s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer\'s Active Directory server. Vertek\'s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users. Vertek\'s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network. Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs. Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek\'s security team quickly took steps to mitiga	Ransomware Malware Tool Vulnerability Threat Studies		★★★
	2024-01-26 11:00:00	Cybersécurité pour les systèmes de contrôle industriel: meilleures pratiques Cybersecurity for Industrial Control Systems: Best practices (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS). Although ICSs significantly improve health and safety by automating dangerous tasks, facilitating remote monitoring and control, and activating safety protocols in the case of emergency, they’re increasingly exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay. ICS cyberattacks on the rise ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved. Segment networks By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency. When it comes to	Ransomware Malware Vulnerability Threat Patching Industrial		★★★
	2024-01-25 11:00:00	Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct)	In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom	Ransomware Spam Malware Tool Vulnerability Threat Prediction	Guam	★★★
	2024-01-24 11:00:00	Obtenez le rapport AT & amp; T Cybersecurity Insights Rapport: Focus sur la finance Get the AT&T Cybersecurity Insights Report: Focus on Finance (lien direct)	We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Finance. The report examines the edge ecosystem, surveying finance IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on finance report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report). Get the complimentary 2023 report. The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Finance-specific respondents equal 204. At the onset of our research, we established the following hypotheses. Momentum edge computing has in the market. Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED - delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the finance industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that finance leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as finance continues exploring edge computing use cases. One area that’s examined is expense allocation	Ransomware		★★★
	2024-01-23 11:00:00	La montée des ransomwares: stratégies de prévention The rise of ransomware: Strategies for prevention (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The exponential rise of ransomware attacks in recent times has become a critical concern for organizations across various industries. Ransomware, a malicious software that encrypts data and demands a ransom for its release, can wreak havoc on an organization\'s operations, finances, and reputation. This comprehensive guide delves into the intricate landscape of ransomware, exploring sophisticated attack vectors, common vulnerabilities, and providing detailed strategies for prevention. Ransomware is a type of malicious software designed to deny access to a computer system or data until a sum of money is paid. It often gains unauthorized access through exploiting vulnerabilities or employing social engineering tactics like phishing emails and malicious attachments. Over the years, ransomware attacks have evolved from indiscriminate campaigns to highly targeted and sophisticated operations. Notorious strains such as WannaCry, Ryuk, and Maze have demonstrated the devastating impact of these attacks on organizations worldwide. Common vulnerabilities exploited Outdated software and patch management: Ransomware often exploits vulnerabilities in outdated software. Robust patch management is crucial for closing these security gaps. Social engineering and phishing: Human error remains a significant factor in ransomware attacks. Employees need comprehensive training to recognize and avoid phishing attempts. Weak authentication practices: Inadequate password policies and the absence of multi-factor authentication create entry points for threat actors. Poorly configured remote desktop protocol (RDP): RDP misconfigurations can provide a direct path for ransomware to infiltrate a network. Comprehensive prevention strategies Regular software updates and patch management: Implement a proactive approach to software updates and patch vulnerabilities promptly. Employee training and awareness: Conduct regular cybersecurity training sessions to educate employees about the dangers of phishing and best practices for online security. Multi-factor authentication (MFA): Enforce MFA to add an additional layer of security, mitigating the risk of unauthorized access. Network segmentation: Divide networks into segments to contain the spread of ransomware in case of a breach. Data backup and recovery: Establish regular backups of critical data and ensure that recovery processes are tested and reliable. Post-infection recovery plans: The aftermath of a ransomware attack can be chaotic and detrimental to an organization\'s operations. Developing a robust post-infection recovery plan is essential to minimize damage, restore functionality, and ensure a swift return to normalcy. This detailed guide outlines the key components of an effective recovery plan tailored for organizations recovering from a ransomware incident. Key components of post-infection recovery plans: Incident response team activation: Swift action: Activate the incident response team immediately upo	Ransomware Data Breach Vulnerability Threat		★★

Last update at: 2024-04-26 05:07:48
See our sources.

To see everything: Our RSS (filtrered)