What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-26 06:03:27 | \\ 'Silver Fox \\' APT JURTS Windows Bloclist dans BYOVD Attaque \\'Silver Fox\\' APT Skirts Windows Blocklist in BYOVD Attack (lien direct) |
Il y a un univers inexploité de conducteurs exploitables dans la nature aujourd'hui. En exploitant un seul d'entre eux, les attaquants ont pu vaincre les outils de sécurité et infecter les citoyens asiatiques avec GH0Strat.
There\'s an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT. |
Tool | ★★★ | |
|
2025-02-25 22:36:06 | Comment freiner le risque de sécurité de session d'identité avec CAEP How to Rein in Identity Session Security Risk With CAEP (lien direct) |
Abordant les complexités de la gestion des sessions dans des environnements multi-IDP, CAEP offre une voie vers la sécurité en temps réel, l'atténuation des risques proactifs et la confiance des utilisateurs améliorés.
Addressing the complexities of session management in multi-IDP environments, CAEP offers a pathway to real-time security, proactive risk mitigation, and enhanced user trust. |
★★★ | ||
|
2025-02-25 22:30:58 | Ai Tricksters tourne de faux sites profonds pour voler la crypto AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto (lien direct) |
Les faux sites Web incitent les utilisateurs à télécharger et à exécuter des logiciels malveillants qui recherchent des informations personnelles, en particulier tout ce qui concerne la crypto-monnaie.
The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to crypto currency. |
Malware | ★★★ | |
|
2025-02-25 21:52:52 | Les comptes Microsoft 365 sont pulvérisés par Mega-Botnet Microsoft 365 Accounts Get Sprayed by Mega-Botnet (lien direct) |
Les acteurs de la menace exploitent des signes non interactifs, une fonction d'authentification que les équipes de sécurité ne surveillent généralement pas.
The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don\'t typically monitor. |
Threat | ★★★ | |
|
2025-02-25 21:42:48 | Gravité maximale rce vuln dans toutes les versions de mitre Caldera Max Severity RCE Vuln in All Versions of MITRE Caldera (lien direct) |
Entre de mauvaises mains, l'outil populaire d'équipe rouge peut être fait pour accéder aux réseaux, augmenter les privilèges, réaliser la reconnaissance et masquer l'activité malveillante comme un exercice simulé.
In the wrong hands, the popular red-teaming tool can be made to access networks, escalate privileges, conduct reconnaissance, and disguise malicious activity as a simulated exercise. |
Tool | ★★★ | |
|
2025-02-25 15:00:00 | Dispositifs non gérés: la menace négligée Cisos doit affronter Unmanaged Devices: The Overlooked Threat CISOs Must Confront (lien direct) |
Quelle que soit la stratégie, les entreprises doivent approcher d'obtenir des dispositifs non gérés avec sensibilité et respect de la vie privée des employés.
No matter the strategy, companies must approach securing unmanaged devices with sensitivity and respect for employee privacy. |
Threat | ★★★ | |
|
2025-02-25 14:01:00 | L'IA générative est prometteuse pour un triage de vulnérabilités plus rapide Generative AI Shows Promise for Faster Triage of Vulnerabilities (lien direct) |
Une multitude d'approches automatisées identifient et corrige les vulnes potentielles tout en conservant un rôle pour les analystes de sécurité pour filtrer le contexte et la criticité des entreprises.
A host of automated approaches identifies and remediates potential vulns while still retaining a role for security analysts to filter for context and business criticality. |
Vulnerability | ★★★ | |
|
2025-02-25 11:00:00 | Les cyberattaques du système industriel augmentent alors que l'OT reste vulnérable Industrial System Cyberattacks Surge as OT Stays Vulnerable (lien direct) |
Près d'un tiers des organisations ont un système opérationnel connecté à Internet avec une vulnérabilité exploitée connue, à mesure que les attaques par des acteurs étatiques et non étatiques augmentent.
Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase. |
Vulnerability Industrial | ★★★ | |
|
2025-02-25 10:16:39 | La Lazarus de la Corée du Nord réalise le plus grand braquage cryptographique de l'histoire North Korea\\'s Lazarus Pulls Off Biggest Crypto Heist in History (lien direct) |
Les cyberattaques qui seraient affiliés au groupe de menaces parrainé par l'État ont réussi le plus grand braquage cryptographique signalé à ce jour, volant 1,5 milliard de dollars de borbit de bourse. Il a été réalisé en interférant avec un transfert de routine entre les portefeuilles.
Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets. |
Threat | APT 38 | ★★★★ |
|
2025-02-24 23:07:35 | Parier (et perdre) la ferme sur la cybersécurité traditionnelle Betting (and Losing) the Farm on Traditional Cybersecurity (lien direct) |
La formation standard de SECOPS ne suffit plus pour relever les défis modernes de la cybersécurité. Les gens doivent développer des compétences non traditionnelles.
Standard SecOps training is no longer enough to tackle modern cybersecurity challenges. People need to develop non-traditional skills. |
★★★ | ||
|
2025-02-24 22:36:32 | Le bug zero-day apparaît dans le bureau parallèle pour mac Zero-Day Bug Pops Up in Parallels Desktop for Mac (lien direct) |
Un pontage de correctif pour un bug dans l'émulateur de bureau populaire permet une escalade de privilège au niveau de la racine et n'a aucun correctif en vue.
A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight. |
Vulnerability Threat | ★★★ | |
|
2025-02-24 21:53:28 | Australie Dernier Domino à tomber dans les interdictions de Gov \\ 't Kaspersky Australia Latest Domino to Fall in Gov\\'t Kaspersky Bans (lien direct) |
Cette décision intervient moins d'un an après que les États-Unis aient interdit les produits Kaspersky, par la même crainte que l'entreprise ne soit sous contrôle du gouvernement russe.
This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control. |
★★★ | ||
|
2025-02-24 21:49:29 | 25 ans plus tard, Active Directory est toujours une cible d'attaque principale 25 Years On, Active Directory Is Still a Prime Attack Target (lien direct) |
Les menaces évolutives et les défis de l'identité hybride maintiennent le répertoire actif de Microsoft.
Evolving threats and hybrid identity challenges keep Microsoft\'s Active Directory at risk. |
★★★ | ||
|
2025-02-24 20:42:33 | Deepseek \\'s Bytedance Le partage des données soulève de nouvelles problèmes de sécurité DeepSeek\\'s ByteDance Data-Sharing Raises Fresh Security Concerns (lien direct) |
Confirmation de l'agence de protection des données de la Corée du Sud que l'AI Chatbot a envoyé des données à la société mère chinoise de Tiktok \\ a stimulé une interdiction dans cette nation, et est à nouveau en question la sécurité de Deepseek \\.
Confirmation by South Korea\'s data protection agency that the AI chatbot sent data to TikTok\'s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek\'s safety. |
★★★ | ||
|
2025-02-24 20:02:34 | L'intrigue de Netflix \\ 's \\' zéro day \\ 'pourrait-elle se produire IRL? Could the Plot of Netflix\\'s \\'Zero Day\\' Occur IRL? (lien direct) |
Une nouvelle série de streaming sur une cyberattaque catastrophique à l'échelle nationale contre les infrastructures critiques est à peu près aussi crédible que son personnage principal: un politicien honnête, bipartite et universellement aimé.
A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician. |
★★★ | ||
|
2025-02-24 15:00:00 | Comment les conventions de dénomination appropriées nous rendent moins en sécurité How APT Naming Conventions Make Us Less Safe (lien direct) |
Ce n'est qu'en abordant les inefficacités des conventions de dénomination actuelles que nous pouvons créer un paysage plus sûr et plus résilient pour tous les défenseurs.
Only by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders. |
★★ | ||
|
2025-02-24 02:00:00 | La Thaïlande cible les cyber-ateliers pour libérer des 1 000 captifs Thailand Targets Cyber Sweatshops to Free 1,000s of Captives (lien direct) |
La police thaïlandaise a déclaré qu'elle s'attendait à accueillir bientôt 7 000 victimes de la traite des êtres humains, obligé de travailler sur des escroqueries de cybercriminalité dans les centres d'appels à Mynmar, dans une première vague de personnes libérées de la captivité.
Thai police said it was expecting to soon welcome 7,000 human trafficking victims, forced to work on cybercrime scams in call centers in Mynmar, in a first wave of people being freed from captivity. |
Legislation | ★★ | |
|
2025-02-21 21:58:33 | Black Basta devient sombre au milieu des luttes intestines, des fuites de chat show Black Basta Goes Dark Amid Infighting, Chat Leaks Show (lien direct) |
L'une des tenues de ransomware les plus actives de 2024 a été endormie jusqu'au début de 2025, grâce au drame de style réalité et en coulisses.
One of 2024\'s most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama. |
Ransomware | ★★ | |
|
2025-02-21 18:11:02 | Cisco confirme l'exploitation du typhon de sel dans les tubes de télécommunications Cisco Confirms Salt Typhoon Exploitation in Telecom Hits (lien direct) |
En plus d'utiliser le CVE-2018-0171 et d'autres bogues Cisco pour pénétrer dans les réseaux de télécommunications, l'APT parrainé par la Chine utilise également des informations d'identification de connexion volées pour un accès initial.
In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access. |
★★★ | ||
|
2025-02-21 16:49:36 | Les nations ouvrent \\ 'Data Embassies \\' pour protéger les informations critiques Nations Open \\'Data Embassies\\' to Protect Critical Info (lien direct) |
L'Estonie et Monaco soutiennent leurs citoyens \\ 'Information à un centre de données au Luxembourg, tandis que Singapour se tourne vers l'Inde comme son refuge pour les données. Mais des défis géopolitiques restent.
Estonia and Monaco back up their citizens\' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain. |
★★ | ||
|
2025-02-21 15:00:00 | 4 façons à faible coût de défendre votre organisation contre DeepFakes 4 Low-Cost Ways to Defend Your Organization Against Deepfakes (lien direct) |
Chaque organisation devrait explorer une approche en couches dans laquelle les intelligences artificielles et humaines se réunissent pour former une stratégie de défense profonde riche, dynamique et multiforme adaptée à ses besoins.
Every organization should be exploring a layered approach in which artificial and human intelligences come together to form a rich, dynamic, and multifaceted deepfake defense strategy tailored to its needs. |
★★★ | ||
|
2025-02-20 22:28:09 | Les données suggèrent qu'il est temps de repenser les autorisations de cloud Data Suggests It\\'s Time to Rethink Cloud Permissions (lien direct) |
Les privilèges excessifs et les lacunes de visibilité créent un terrain reproducteur pour les cyber-menaces.
Excessive privileges and visibility gaps create a breeding ground for cyber threats. |
Cloud | ★★★ | |
|
2025-02-20 19:26:50 | Ghost Ransomware Targets Orgs in 70+ Countries (lien direct) | The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups. |
Ransomware Threat | ★★★ | |
|
2025-02-20 17:00:22 | Google Adds Quantum-Resistant Digital Signatures to Cloud KMS (lien direct) | The new Cloud Key Management Service is part of Google\'s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.
The new Cloud Key Management Service is part of Google\'s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards. |
Cloud | ★★ | |
|
2025-02-20 16:14:06 | ZEST Security\\'s Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organization (lien direct) | Pas de details / No more details | Cloud | ★★★ | |
|
2025-02-20 15:00:00 | When Brand Loyalty Trumps Data Security (lien direct) | Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.
Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life. |
★★ | ||
|
2025-02-20 13:48:27 | Signs Your Organization\\'s Culture Is Hurting Your Cybersecurity (lien direct) | High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk.
High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk. |
★★★ | ||
|
2025-02-20 11:00:00 | \\'Darcula\\' Phishing Kit Can Now Impersonate Any Brand (lien direct) | With Version 3, would-be phishers can cut and paste a big brand\'s URL into a template and let automation do the rest.
With Version 3, would-be phishers can cut and paste a big brand\'s URL into a template and let automation do the rest. |
★★ | ||
|
2025-02-20 02:00:00 | Australian Critical Infrastructure Faces \\'Acute\\' Foreign Threats (lien direct) | The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.
The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director. |
★★★ | ||
|
2025-02-19 22:59:17 | Insight Partners, VC Giant, Falls to Social Engineering (lien direct) | The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.
The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects. |
Data Breach | ★★★ | |
|
2025-02-19 22:21:28 | Russian Groups Target Signal Messenger in Spy Campaign (lien direct) | These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.
These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says. |
★★ | ||
|
2025-02-19 20:06:43 | Content Credentials Show Promise, But Ecosystem Still Young (lien direct) | While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.
While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge. |
★★★ | ||
|
2025-02-19 16:39:14 | Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild (lien direct) | The authentication bypass vulnerability in the OS for the company\'s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
The authentication bypass vulnerability in the OS for the company\'s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP. |
Vulnerability | ★★ | |
|
2025-02-19 15:00:00 | What Is the Board\\'s Role in Cyber-Risk Management in OT Environments? (lien direct) | By taking several proactive steps, boards can improve their organization\'s resilience against cyberattacks and protect their critical OT assets.
By taking several proactive steps, boards can improve their organization\'s resilience against cyberattacks and protect their critical OT assets. |
Industrial | ★★ | |
|
2025-02-19 02:00:00 | North Korea\\'s Kimsuky Taps Trusted Platforms to Attack South Korea (lien direct) | The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.
The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around. |
★★★ | ||
|
2025-02-18 23:16:56 | Deepwatch Acquires Dassana to Boost Cyber Resilience With AI (lien direct) | Acquisition strengthens Deepwatch Platform capabilities with actionable insights and risk-based prioritization.
Acquisition strengthens Deepwatch Platform capabilities with actionable insights and risk-based prioritization. |
★★ | ||
|
2025-02-18 22:28:33 | Xerox Printer Vulnerabilities Enable Credential Capture (lien direct) | Attackers are using patched bugs to potentially gain unfettered access to an organization\'s Windows environment under certain conditions.
Attackers are using patched bugs to potentially gain unfettered access to an organization\'s Windows environment under certain conditions. |
Vulnerability | ★★★ | |
|
2025-02-18 22:17:55 | China-Linked Threat Group Targets Japanese Orgs\\' Servers (lien direct) | Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.
Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access. |
Malware Vulnerability Threat | ★★★ | |
|
2025-02-18 21:54:22 | Thrive Acquires Secured Network Services (lien direct) | Pas de details / No more details | ★★ | ||
|
2025-02-18 21:50:51 | SANS Institute Launches AI Cybersecurity Hackathon (lien direct) | Pas de details / No more details | ★★ | ||
|
2025-02-18 19:02:31 | Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild (lien direct) | Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack. |
Threat | ★★★ | |
|
2025-02-18 14:08:52 | Introducing enQase for Quantum-Safe Security (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-02-14 18:29:21 | This Security Firm\\'s \\'Bias\\' Is Also Its Superpower (lien direct) | Credible Security\'s founders bring their varied experiences to help growing companies turn trust into a strategic advantage.
Credible Security\'s founders bring their varied experiences to help growing companies turn trust into a strategic advantage. |
★★ | ||
|
2025-02-14 15:00:00 | Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities (lien direct) | Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. |
Vulnerability | ★★★ | |
|
2025-02-14 15:00:00 | How Banks Can Adapt to the Rising Threat of Financial Crime (lien direct) | Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.
Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients. |
Threat | ★★ | |
|
2025-02-14 14:30:00 | Salt Typhoon Exploits Cisco Devices in Telco Infrastructure (lien direct) | The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.
The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months. |
★★ | ||
|
2025-02-14 14:00:00 | Warning: Tunnel of Love Leads to Scams (lien direct) | Romance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild.
Romance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild. |
★★ | ||
|
2025-02-13 22:33:26 | CyberArk Makes Identity Security Play With Zilla Acquisition (lien direct) | CyberArk announced the Zilla deal on the same day leading identity and access governance provider SailPoint returned to the public markets.
CyberArk announced the Zilla deal on the same day leading identity and access governance provider SailPoint returned to the public markets. |
★★★ | ||
|
2025-02-13 22:23:38 | Roundtable: Is DOGE Flouting Cybersecurity for US Data? (lien direct) | Cybersecurity experts weigh in on the red flags flying around the new Department of Government Efficiency\'s handling of the mountains of US data it now has access to, potentially without basic information security protections in place.
Cybersecurity experts weigh in on the red flags flying around the new Department of Government Efficiency\'s handling of the mountains of US data it now has access to, potentially without basic information security protections in place. |
★★★ | ||
|
2025-02-13 21:57:47 | How Public & Private Sectors Can Better Align Cyber Defense (lien direct) | With investment in cybersecurity capabilities and proactive measures to address emerging challenges, we can work together to navigate the complexities of combating cybercrime.
With investment in cybersecurity capabilities and proactive measures to address emerging challenges, we can work together to navigate the complexities of combating cybercrime. |
★★★ |
To see everything:
Our RSS (filtrered)
