What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-03 22:41:51 | Thousands of Buggy BeyondTrust Systems Remain Exposed (lien direct) | Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say. |
Vulnerability | ★★★ | |
|
2025-01-03 21:14:42 | New HIPAA Cybersecurity Rules Pull No Punches (lien direct) | Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it. |
Medical | ★★★ | |
|
2025-01-03 20:41:57 | Treasury Dept. Sanctions Chinese Tech Vendor for Complicity (lien direct) | Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.
Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure. |
★★★ | ||
|
2025-01-03 17:39:51 | Apple Offers $95M to Settle Siri Privacy Lawsuit (lien direct) | The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff. |
★★★ | ||
|
2025-01-03 15:00:05 | Why Small Businesses Can\\'t Rely Solely on AI to Combat Threats (lien direct) | The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI\'s capabilities.
The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI\'s capabilities. |
★★★ | ||
|
2025-01-03 14:00:00 | Chrome Extension Compromises Highlight Software Supply Challenges (lien direct) | The Christmas Eve compromise of data-security firm Cyberhaven\'s Chrome extension spotlights the challenges in shoring up third-party software supply chains.
The Christmas Eve compromise of data-security firm Cyberhaven\'s Chrome extension spotlights the challenges in shoring up third-party software supply chains. |
★★ | ||
|
2025-01-02 21:30:43 | Proposed HIPAA Amendments Will Close Healthcare Security Gaps (lien direct) | The changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.
The changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities. |
Medical Technical | ★★ | |
|
2025-01-02 21:18:36 | CDAO Sponsors Crowdsourced AI Assurance Pilot in the Context of Military Medicine (lien direct) | Pas de details / No more details | ★★ | ||
|
2025-01-02 21:03:05 | UN General Assembly Adopts Cybercrime Treaty (lien direct) | Pas de details / No more details | ★★ | ||
|
2025-01-02 20:53:57 | VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive (lien direct) | Pas de details / No more details | Threat | ★★★ | |
|
2025-01-02 20:15:51 | US Soldier Arrested in Verizon, AT&T Hacks (lien direct) | Wagenius posted about hacking more than 15 telecom providers on the Telegram messaging service.
Wagenius posted about hacking more than 15 telecom providers on the Telegram messaging service. |
★★ | ||
|
2025-01-02 16:28:38 | Unpatched Active Directory Flaw Can Crash Any Microsoft Server (lien direct) | Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.
Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately. |
Vulnerability | ★★ | |
|
2025-01-02 16:21:56 | Volkswagen Breach Exposes Data of 800K EV Customers (lien direct) | Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company\'s VW, Audi, Seat, and Skoda brands.
Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company\'s VW, Audi, Seat, and Skoda brands. |
★★★ | ||
|
2025-01-02 14:00:00 | \\'Bad Likert Judge\\' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs (lien direct) | A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%. |
★★★ | ||
|
2024-12-31 20:19:30 | Managing Cloud Risks Gave Security Teams a Big Headache in 2024 (lien direct) | The results of Dark Reading\'s 2024 Strategic Security survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025.
The results of Dark Reading\'s 2024 Strategic Security survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025. |
Cloud | ★★ | |
|
2024-12-31 20:07:09 | Cybersecurity Lags in Middle East Business Development (lien direct) | The fast growing region has its own unique cyber issues - and it needs its own talent to fight them.
The fast growing region has its own unique cyber issues - and it needs its own talent to fight them. |
★★ | ||
|
2024-12-31 14:00:00 | 6 AI-Related Security Trends to Watch in 2025 (lien direct) | AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.
AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks. |
Tool | ★★ | |
|
2024-12-30 22:02:04 | Chinese State Hackers Breach US Treasury Department (lien direct) | In what\'s being called a \'major cybersecurity incident,\' Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
In what\'s being called a \'major cybersecurity incident,\' Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers. |
★★ | ||
|
2024-12-30 15:00:00 | How to Get the Most Out of Cyber Insurance (lien direct) | Cyber insurance should augment your cybersecurity strategy - not replace it.
Cyber insurance should augment your cybersecurity strategy - not replace it. |
★★ | ||
|
2024-12-30 14:00:00 | What Security Lessons Did We Learn in 2024? (lien direct) | Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.
Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats. |
★★ | ||
|
2024-12-30 01:00:00 | Deepfakes, Quantum Attacks Loom Over APAC in 2025 (lien direct) | Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.
Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases. |
Tool Threat | ★★ | |
|
2024-12-27 14:00:00 | Hackers Are Hot for Water Utilities (lien direct) | The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here\'s how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.
The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here\'s how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities. |
Industrial | ★★★ | |
|
2024-12-27 14:00:00 | Defining & Defying Cybersecurity Staff Burnout (lien direct) | Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.
Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy. |
★★ | ||
|
2024-12-27 13:37:08 | Quantum Computing Advances in 2024 Put Security In Spotlight (lien direct) | The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready? |
★★ | ||
|
2024-12-26 15:03:13 | SEC Disclosures Up, But Not Enough Details Provided (lien direct) | While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don\'t meet the SEC\'s "material" standard.
While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don\'t meet the SEC\'s "material" standard. |
★★ | ||
|
2024-12-26 14:00:00 | Emerging Threats & Vulnerabilities to Prepare for in 2025 (lien direct) | From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.
From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months. |
Vulnerability Threat Prediction | ★★★ | |
|
2024-12-26 08:00:00 | DDoS Attacks Surge as Africa Expands Its Digital Footprint (lien direct) | As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.
As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years. |
★★ | ||
|
2024-12-24 15:00:00 | Too Much \\'Trust,\\' Not Enough \\'Verify\\' (lien direct) | "Zero trust" doesn\'t mean "zero testing."
"Zero trust" doesn\'t mean "zero testing." |
★★ | ||
|
2024-12-24 14:00:00 | Trump 2.0 Portends Big Shift in Cybersecurity Policies (lien direct) | Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds\' role in cybersecurity.
Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds\' role in cybersecurity. |
★★★ | ||
|
2024-12-24 13:40:58 | DNSSEC Denial-of-Service Attacks Show Technology\\'s Fragility (lien direct) | The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.
The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another. |
★★ | ||
|
2024-12-23 19:48:08 | Non-Human Identities Gain Momentum, Requires Both Management, Security (lien direct) | The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.
The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored. |
★★ | ||
|
2024-12-23 15:00:00 | How CISOs Can Communicate With Their Boards Effectively (lien direct) | With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable.
With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable. |
★★★ | ||
|
2024-12-23 14:00:00 | Middle East Cyberwar Rages On, With No End in Sight (lien direct) | Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.
Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale. |
★★★ | ||
|
2024-12-23 13:52:53 | Name That Toon: Sneaking Around (lien direct) | Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. |
★★★ | ||
|
2024-12-20 19:25:41 | How to Protect Your Environment from the NTLM Vulnerability (lien direct) | This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.
This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability. |
Vulnerability | ★★★ | |
|
2024-12-20 17:23:44 | US Ban on TP-Link Routers More About Politics Than Exploitation Risk (lien direct) | While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company\'s popular routers is more about geopolitics than actual cybersecurity - and that may not be a bad thing.
While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company\'s popular routers is more about geopolitics than actual cybersecurity - and that may not be a bad thing. |
Threat | ★★ | |
|
2024-12-20 17:00:23 | LockBit Ransomware Developer Arrested in Israel (lien direct) | Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit\'s RaaS activities, dating back to the ransomware gang\'s origins.
Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit\'s RaaS activities, dating back to the ransomware gang\'s origins. |
Ransomware | ★★★ | |
|
2024-12-20 15:00:00 | How Nation-State Cybercriminals Are Targeting the Enterprise (lien direct) | Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment - it calls for a collaborative effort.
Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment - it calls for a collaborative effort. |
Threat | ★★★ | |
|
2024-12-20 14:38:07 | Managing Threats When Most of the Security Team Is Out of the Office (lien direct) | During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls.
During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls. |
★★★ | ||
|
2024-12-19 22:45:48 | OT/ICS Engineering Workstations Face Barrage of Fresh Malware (lien direct) | Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.
Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes. |
Malware Industrial | ★★★ | |
|
2024-12-19 22:29:13 | Fortinet Addresses Unpatched Critical RCE Vector (lien direct) | Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.
Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files. |
★★ | ||
|
2024-12-19 17:46:16 | Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2 (lien direct) | A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn\'t enough to fix it.
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn\'t enough to fix it. |
Vulnerability Patching | ★★ | |
|
2024-12-19 16:45:11 | Malvertisers Fool Google With AI-Generated Decoy Content (lien direct) | Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google\'s malvertising filters, showing up high in search results to lure users to second-stage phishing sites.
Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google\'s malvertising filters, showing up high in search results to lure users to second-stage phishing sites. |
★★ | ||
|
2024-12-19 15:56:27 | CISA Releases Draft of National Cyber Incident Response Plan (lien direct) | The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.
The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident. |
★★★ | ||
|
2024-12-19 15:00:00 | Supply Chain Risk Mitigation Must Be a Priority in 2025 (lien direct) | A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.
A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk. |
★★ | ||
|
2024-12-19 13:40:49 | Vendors, Attackers Chase Potential of Non-Human ID Mgmt (lien direct) | Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes - and integrate them with human identity info.
Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes - and integrate them with human identity info. |
★★★ | ||
|
2024-12-19 13:34:54 | Bridging the \\'Keyboard-to-Chair\\' Gap With Identity Verification (lien direct) | Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.
Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability. |
★★ | ||
|
2024-12-19 03:30:00 | India Sees Surge in API Attacks, Especially in Banking, Utilities (lien direct) | The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.
The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target. |
★★★ | ||
|
2024-12-18 20:44:33 | Interpol: Can We Drop the Term \\'Pig Butchering\\'? (lien direct) | The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.
The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language. |
★★ | ||
|
2024-12-18 20:23:22 | Recorded Future: Russia\\'s \\'Undesirable\\' Designation Is a Compliment (lien direct) | The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin\'s regime.
The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin\'s regime. |
Threat | ★★ |
To see everything:
Our RSS (filtrered)
