What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-09 19:42:16 | Attackers Can Use QR Codes to Bypass Browser Isolation (lien direct) | Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.
Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server. |
★★★★ | ||
|
2024-12-09 18:00:33 | Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption (lien direct) | More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent.
More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent. |
Cloud | ★★ | |
|
2024-12-09 17:54:07 | How Art Appreciation Supplements Cybersecurity Skills (lien direct) | Using different parts of our brains gives us different perspectives on the world around us and approaches to the problems we face in security.
Using different parts of our brains gives us different perspectives on the world around us and approaches to the problems we face in security. |
★★★ | ||
|
2024-12-09 17:49:35 | Google Launches Open-Source Patch Validation Tool (lien direct) | Vanir automates the process of scanning source code to identify what security patches are missing.
Vanir automates the process of scanning source code to identify what security patches are missing. |
Tool | ★★★ | |
|
2024-12-09 15:00:00 | Large-Scale Incidents & the Art of Vulnerability Prioritization (lien direct) | We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.
We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy. |
Vulnerability | ★★★ | |
|
2024-12-06 21:10:04 | Texas Teen Arrested for Scattered Spider Telecom Hacks (lien direct) | An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on \'key Scattered Spider members\' and their tactics.
An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on \'key Scattered Spider members\' and their tactics. |
★★ | ||
|
2024-12-06 20:56:38 | Microsoft Expands Access to Windows Recall AI Feature (lien direct) | The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.
The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode. |
★★★ | ||
|
2024-12-06 15:00:00 | Why SOC Roles Need to Evolve to Attract a New Generation (lien direct) | The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts.
The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts. |
★★ | ||
|
2024-12-06 14:59:11 | Open Source Security Priorities Get a Reshuffle (lien direct) | The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.
The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components. |
Cloud | ★★★ | |
|
2024-12-05 22:18:03 | Library of Congress Offers AI Legal Guidance to Researchers (lien direct) | Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.
Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law. |
★★ | ||
|
2024-12-05 22:04:39 | Russia\\'s \\'BlueAlpha\\' APT Hides in Cloudflare Tunnels (lien direct) | Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.
Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. |
Threat Cloud | ★★ | |
|
2024-12-05 21:13:03 | Bypass Bug Revives Critical N-Day in Mitel MiCollab (lien direct) | A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there\'s a workaround.
A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there\'s a workaround. |
Vulnerability | ★★ | |
|
2024-12-05 20:49:12 | Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges (lien direct) | At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.
At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn. |
Mobile | ★★ | |
|
2024-12-05 19:59:11 | LLMs Raise Efficiency, Productivity of Cybersecurity Teams (lien direct) | AI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle.
AI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle. |
Tool | ★★ | |
|
2024-12-05 15:58:36 | \\'Earth Minotaur\\' Exploits WeChat Bugs, Sends Spyware to Uyghurs (lien direct) | The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans.
The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans. |
Threat | ★★★ | |
|
2024-12-05 15:00:00 | Vulnerability Management Challenges in IoT & OT Environments (lien direct) | By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.
By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats. |
Vulnerability Industrial | ★★ | |
|
2024-12-05 07:00:00 | African Law Enforcement Nabs 1,000+ Cybercrime Suspects (lien direct) | Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.
Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms. |
Legislation | ★★★ | |
|
2024-12-04 22:52:40 | Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure (lien direct) | New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China.
New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China. |
★★★ | ||
|
2024-12-04 22:52:40 | Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-12-04 22:44:54 | Wyden and Schmitt Call for Investigation of Pentagon\\'s Phone Systems (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-12-04 22:06:31 | CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat (lien direct) | Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.
Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say. |
Threat | ★★★ | |
|
2024-12-04 20:47:46 | Russian FSB Hackers Breach Pakistan\\'s APT Storm-0156 (lien direct) | Parasitic advanced persistent threat Secret Blizzard accesses another APT\'s infrastructure and steals what it has stolen from South Asian government and military targets.
Parasitic advanced persistent threat Secret Blizzard accesses another APT\'s infrastructure and steals what it has stolen from South Asian government and military targets. |
Threat | ★★★ | |
|
2024-12-04 20:47:06 | Veeam Urges Updates After Discovering Critical Vulnerability (lien direct) | The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.
The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch. |
Vulnerability | ★★★ | |
|
2024-12-04 20:06:00 | Pegasus Spyware Infections Proliferate Across iOS, Android Devices (lien direct) | The notorious spyware from Israel\'s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.
The notorious spyware from Israel\'s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones. |
Threat Mobile | ★★ | |
|
2024-12-04 15:00:00 | Navigating the Changing Landscape of Cybersecurity Regulations (lien direct) | The evolving regulatory environment presents both challenges and opportunities for businesses.
The evolving regulatory environment presents both challenges and opportunities for businesses. |
★★ | ||
|
2024-12-04 14:01:11 | Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities (lien direct) | Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight - and hopefully better control.
Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight - and hopefully better control. |
Vulnerability | ★★ | |
|
2024-12-03 23:25:24 | SecureG, CTIA Project Secures Business Phone Calls (lien direct) | BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.
BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers. |
★★ | ||
|
2024-12-03 22:34:37 | Misconfigured WAFs Heighten DoS, Breach Risks (lien direct) | Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.
Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. |
★★ | ||
|
2024-12-03 22:31:42 | BigID Releases Data Activity Monitoring to Extend DDR, Detect Malicious Actors, and Strengthen Data Security Posture (lien direct) | Pas de details / No more details | ★★ | ||
|
2024-12-03 22:20:52 | KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-12-03 20:25:34 | Decade-Old Cisco Vulnerability Under Active Exploit (lien direct) | Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.
Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability. |
Vulnerability Threat | ★★ | |
|
2024-12-03 17:50:47 | Cyber-Unsafe Employees Increasingly Put Orgs at Risk (lien direct) | Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.
Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse. |
Tool | ★★ | |
|
2024-12-03 16:19:13 | Venom Spider Spins Web of New Malware for MaaS Platform (lien direct) | A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group\'s cybercriminal tool set.
A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group\'s cybercriminal tool set. |
Malware Tool Threat | ★★ | |
|
2024-12-03 15:00:00 | Ransomware\\'s Grip on Healthcare (lien direct) | Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.
Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption. |
Ransomware Medical | ★★ | |
|
2024-12-03 14:00:00 | Note From the Editor-in-Chief (lien direct) | A change in ownership and what it means for our readers.
A change in ownership and what it means for our readers. |
★ | ||
|
2024-12-03 13:30:00 | \\'White FAANG\\' Data Export Attack: A Gold Mine for PII Threats (lien direct) | Websites these days know everything about you - even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe\'s GDPR-mandated data portability rules.
Websites these days know everything about you - even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe\'s GDPR-mandated data portability rules. |
★★ | ||
|
2024-12-02 21:52:54 | \\'Bootkitty\\' First Bootloader to Take Aim at Linux (lien direct) | Though it\'s still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.
Though it\'s still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors. |
Malware | ★ | |
|
2024-12-02 20:58:33 | Interpol Cyber-Fraud Action Nets More Than 5K Arrests (lien direct) | Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.
Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise. |
Legislation | ★★★ | |
|
2024-12-02 20:57:29 | AWS Launches New Incident Response Service (lien direct) | AWS Security Incident Response will help security teams defend organizations from security threats such as account takeovers, breaches, and ransomware attacks.
AWS Security Incident Response will help security teams defend organizations from security threats such as account takeovers, breaches, and ransomware attacks. |
Ransomware | ★★ | |
|
2024-12-02 19:03:08 | Name That Edge Toon: Shackled! (lien direct) | Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. |
★ | ||
|
2024-12-02 17:42:32 | Does Your Company Need a Virtual CISO? (lien direct) | With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense.
With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense. |
★★ | ||
|
2024-12-02 16:33:20 | 2 UK Hospitals Targeted in Separate Cyberattacks (lien direct) | Alder Hey Children\'s Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed.
Alder Hey Children\'s Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed. |
Ransomware | ★★ | |
|
2024-12-02 15:00:00 | Incident Response Playbooks: Are You Prepared? (lien direct) | The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.
The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization. |
★ | ||
|
2024-12-02 13:37:48 | Microsoft Boosts Device Security With Windows Resiliency Initiative (lien direct) | Microsoft is readying a new release of Windows in 2025 that will have significant security controls such as more resilient drivers and "self-defending" operating system kernel.
Microsoft is readying a new release of Windows in 2025 that will have significant security controls such as more resilient drivers and "self-defending" operating system kernel. |
★★ | ||
|
2024-11-29 17:00:00 | How AI Is Enhancing Security in Ridesharing (lien direct) | Whether it\'s detecting fraudulent activity, preventing phishing, or protecting sensitive data, AI is transforming cybersecurity in ridesharing.
Whether it\'s detecting fraudulent activity, preventing phishing, or protecting sensitive data, AI is transforming cybersecurity in ridesharing. |
★★ | ||
|
2024-11-29 14:00:00 | Ransomware Gangs Seek Pen Testers to Boost Quality (lien direct) | Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware.
Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware. |
Ransomware Malware | ★★★ | |
|
2024-11-27 18:36:56 | \\'Operation Undercut\\' Adds to Russia Malign Influence Campaigns (lien direct) | Just like Russia\'s Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia.
Just like Russia\'s Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia. |
★★ | ||
|
2024-11-27 17:19:41 | Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday (lien direct) | A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields. |
Malware | ★★ | |
|
2024-11-27 15:00:00 | How Learning to Fly Made Me a Better Cybersecurity CEO (lien direct) | The lessons I\'ve learned soaring through the skies have extended far beyond the runway.
The lessons I\'ve learned soaring through the skies have extended far beyond the runway. |
★★ | ||
|
2024-11-27 14:00:00 | Russian Script Kiddie Assembles Massive DDoS Botnet (lien direct) | Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices - and enterprise servers.
Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices - and enterprise servers. |
Malware Tool Threat | ★★ |
To see everything:
Our RSS (filtrered)
