What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
NetworkWorld.webp 2023-10-19 02:00:00 Startup de sécurité AirGap Networks apporte des technologies de télécommunications au LAN
Security startup Airgap Networks brings telco technologies to the LAN
(lien direct)
Les logiciels malveillants générateurs de l'AI, l'usurpation de faux identité profonde et les ransomwares parrainés par l'État ne sont que quelques-unes des dernières méthodes que les attaquants utilisent pour contourner les outils de cybersécurité traditionnels.Ritesh Agrawal, PDG de Cybersecurity Startup AirGap Networks, a remarqué que de nombreuses attaques qui compromettent les réseaux d'entreprise ne parviennent pas à pénétrer les réseaux de télécommunications et de prestataires de services. «Même s'ils déploient les mêmes routeurs, les mêmes routeurs, les commutateurs, et des pare-feu, il y a quelque chose de fondamentalement différent dans les réseaux de télécommunications qui les protègent de nombreuses menaces pour les Lans d'entreprise », a déclaré Argawal.Agrawal a 20 ans d'expérience avec la cybersécurité, le réseautage d'entreprise et le cloud computing, la plupart du temps passé avec les réseaux de genévriers en se concentrant sur les télécommunications et les grands clients d'entreprise. Pour lire cet article en totalité, veuillez cliquer ici
AI-generating malware, deep fake identity spoofing, and state-sponsored ransomware are just a few of the latest methods that attackers are using to bypass traditional cybersecurity tools. Ritesh Agrawal, CEO of cybersecurity startup Airgap Networks, noticed that many of the attacks that compromise enterprise networks fail to penetrate telco and service provider networks.“Even though they\'re deploying the same routers, switches, and firewalls, there\'s something fundamentally different about telco networks that shields them from many threats to enterprise LANs,” Argawal said. Agrawal has 20 years of experience with cybersecurity, enterprise networking, and cloud computing, most of that time spent with Juniper Networks focusing on telco and large enterprise clients.To read this article in full, please click here
Ransomware Malware Tool Cloud ★★
NetworkWorld.webp 2023-10-10 08:07:00 Fortinet sécurise le réseautage du campus avec des commutateurs haut de gamme
Fortinet secures campus networking with high-end switches
(lien direct)
Fortinet a élargi son campus portefeuille de réseau avec deux nouveaux commutateurs qui comportent l'intégration avec les services de sécurité de Fortinet \\ et l'outil de gestion AIOPS. Le Fortiswitch 600 est un commutateur d'accès au campus sécurisé multi-gigabit qui prend en charge jusqu'à 5GE Access et 25GE UpLinks.Le Fortiswitch 2000 est un interrupteur de noyau de campus conçu pour prendre en charge les environnements de campus plus grands et plus complexes en agrégeant les commutateurs d'accès haute performance, y compris le Fortiswitch 600. Les nouveaux commutateurs sont intégrés avec Fortinet \'s Fortiguard AI-Les services de sécurité puissants et outil de gestion Fortiaiops, qui permet aux clients d'utiliser des fonctionnalités de sécurité et d'exploitation telles que la protection des logiciels malveillants, le profilage des appareils et le contrôle d'accès basé sur les rôles. Pour lire cet article entièrement, veuillez cliquer ici
Fortinet has expanded its campus network portfolio with two new switches that feature integration with Fortinet\'s security services and AIops management tool.The FortiSwitch 600 is a multi-gigabit secure campus access switch that supports up to 5GE access and 25GE uplinks. The FortiSwitch 2000 is a campus core switch designed to support larger, more complex campus environments by aggregating high-performance access switches, including the FortiSwitch 600.The new switches are integrated with Fortinet\'s FortiGuard AI-Powered Security Services and FortiAIOps management tool, which lets customers utilize security and operations features such as malware protection, device profiling and role-based access control.To read this article in full, please click here
Malware ★★
NetworkWorld.webp 2023-10-06 07:52:00 IBM s'appuie sur l'IA pour les services de sécurité gérés
IBM leans into AI for managed security services
(lien direct)
IBM déploie les services gérés basés sur l'IA qui promettent d'aider les équipes de réseau et d'opérations de sécurité plus rapidement et efficacement à répondre aux cyber-menaces d'entreprise. Géré par le groupe IBM Consulting, la détection et la réponse des menaces(TDR) Les services offrant des promesses promettent une surveillance, une enquête et une correction automatisées des alertes de sécurité des outils de sécurité existants ainsi que du cloud, des systèmes de technologie sur site et de la technologie opérationnelle en utilisant le réseau d'entreprise.Les Services peuvent intégrer des informations de plus de 15 outils de gestion de la sécurité et de gestion des incidents (SIEM) et plusieurs packages de détection et de réponse de la détection et de réponse de réseau tiers, par exemple. Pour lire cet article en entier, veuillez cliquer ici
IBM is rolling out AI-based managed services that promise to help network and security operations teams more quickly and effectively respond to enterprise cyber threats.Managed by the IBM Consulting group, the Threat Detection and Response (TDR) Services offering promises 24x7 monitoring, investigation, and automated remediation of security alerts from existing security tools as well as cloud, on-premises, and operational technology systems utilizing the enterprise network. The services can integrate information from more than 15 security event and incident management (SIEM) tools and multiple third-party endpoint and network detection and response packages, for example.To read this article in full, please click here
Tool Threat ★★
NetworkWorld.webp 2023-09-21 03:15:00 Comment la sécurité du réseau peut économiser des dollars de sécurité
How network security can save security dollars
(lien direct)
Au cours des douze dernières années, 100% des DSI ont déclaré qu'ils s'attendaient à dépenser plus pour la sécurité informatique, faisant de la sécurité la seule catégorie qui continue à absorber l'investissement.Chaque année au cours des trois dernières années, plus de 80% des entreprises ont déclaré que leur sécurité informatique avait encore besoin d'amélioration.Donc, comme la mort et les impôts, la croissance des dépenses de sécurité est-elle inévitable?Si nous restons sur le chemin que nous l'avons fait, il y a certainement l'air.Mais qu'est-ce qui pourrait changer? Laissez \\ commencer par ce qui est important pour les utilisateurs.Les menaces externes, ce qui signifie le piratage, sont un problème pour chaque CIO.Les menaces internes, des employés mal en train de se comporter, sont un problème pour trois sur quatre.Le vol de données est une peur universelle, et les logiciels malveillants qui interfèrent avec les applications et les opérations sont un problème important pour plus de 90% des DSI.En ce qui concerne les approches ou les cibles, selon 100%, la sécurité d'accès sur les applications et les données est essentielle, tout comme la numérisation régulière des logiciels malveillants.Si vous demandez aux DSI de choisir une seule chose qu'ils pensent être essentielle pour la sécurité informatique, la sécurité d'accès de \\. Pour lire cet article en entier, veuillez cliquer ici
For the last twelve years, 100% of CIOs have said that they expect to spend more on IT security, making security the only category that just keeps on absorbing investment. Every year in the last three years, over 80% of enterprises have said that their IT security still needed improvement. So, like death and taxes, is security spending growth inevitable? If we keep on the way we have, it sure seems like it. But what might change?Let\'s start with what\'s important to users. External threats, meaning hacking, are a problem for every CIO. Internal threats, from badly behaving employees, are a problem for three out of four. Data theft is a universal fear, and malware that interferes with applications and operations is an important problem for over 90% of CIOs. As far as approaches or targets are concerned, 100% say access security on applications and data is essential and so is regular malware scanning. If you ask CIOs to pick a single thing they think is essential for IT security, it\'s access security.To read this article in full, please click here
Malware ★★
NetworkWorld.webp 2023-09-15 08:36:00 IBM X-FORCE: L'utilisation des informations d'identification compromises assombrit l'image de sécurité du nuage
IBM X-Force: Use of compromised credentials darkens cloud security picture
(lien direct)
À mesure que la connectivité aux ressources basées sur le cloud augmente, les cybercriminels utilisent des informations d'identification valides et compromises pour accéder aux ressources d'entreprise à un rythme alarmant. = "https://www.ibm.com/downloads/cas/qwbxvapl" rel = "nofollow"> IBM X-Force Cloud Threat Landscape Report , qui a également trouvé une augmentation de 200% (environ 3 900 vulnérabilités) enLes vulnérabilités et les expositions communes axées sur le cloud (CVE) au cours de la dernière année. «Plus de 35% des incidents de sécurité du cloud se sont produits par les attaquants \\ 'Utilisation des références valides et compromises», a écrit Chris Caridi, cyber-cyber-cyberAnalyste de menace avec IBM X-Force, dans un blog À propos du rapport.«Comprenant près de 90% des actifs à vendre sur les marchés Web Dark, les informations d'identification \\ 'parmi les cybercriminels sont apparentes, une moyenne de 10 $ par inscription & # 8211;ou l'équivalent d'une douzaine de beignets. " Pour lire cet article en entier, veuillez cliquer ici
As connectivity to cloud-based resources grows, cybercriminals are using valid, compromised credentials to access enterprise resources at an alarming rate.That\'s one of the chief findings of the IBM X-Force Cloud Threat Landscape Report, which also found a 200% increase (about 3,900 vulnerabilities) in cloud-oriented Common Vulnerabilities and Exposures (CVE) in the last year.“Over 35% of cloud security incidents occurred from attackers\' use of valid, compromised credentials,” wrote Chris Caridi, strategic cyber threat analyst with IBM X-Force, in a blog about the report. “Making up nearly 90% of assets for sale on dark web marketplaces, credentials\' popularity among cybercriminals is apparent, averaging $10 per listing – or the equivalent of a dozen doughnuts.”To read this article in full, please click here
Vulnerability Threat Studies Cloud ★★★
NetworkWorld.webp 2023-08-24 07:13:00 Cisco, Kyndryl Step Up Partnership pour réduire les menaces de sécurité des entreprises
Cisco, Kyndryl step up partnership to cut enterprise security threats
(lien direct)
cisco et Kyndryl ont élargi leur partenariat pour offrir de nouveaux services qui visent à aider les clients d'entreprise à mieux détecter et répondre aux cyber-menaces. spécifiquement, Kyndryl intégrera sa propre offre de cyber-résilience avec Cisco \La plate-forme cloud de sécurité globale qui comprend des composants de sécurité tels que le contrôle d'accès duo de Cisco \\, les fonctionnalités de détection et de réponse prolongées, et la défense multicloud, qui orchestre la sécurité et la politique sur les nuages privés et publics. Security Cloud fonctionne comme une couche au-dessus de l'infrastructure à travers les services cloud d'un client \\ & # 8211;y compris Azure, AWS, GCP et Clouds de centre de données privés & # 8211;Pour protéger les applications de base, a déclaré Cisco.Il dispose d'un tableau de bord unifié, de la prise en charge des politiques de confiance flexibles et des API ouvertes pour encourager les intégrateurs tiers.En corrélant les données et en utilisant l'intelligence artificielle et l'apprentissage automatique, Cisco Security Cloud peut détecter et résoudre les menaces rapidement dans toute une organisation, dit Cisco. Pour lire cet article entièrement, veuillez cliquer ici
Cisco and Kyndryl have expanded their partnership to offer new services that are aimed at helping enterprise customers better detect and respond to cyber threats.Specifically, Kyndryl will be integrating its own cyber resiliency offering with Cisco\'s overarching Security Cloud platform that includes security components such as Cisco\'s Duo access control, extended detection and response features, and Multicloud Defense, which orchestrates security and policy across private and public clouds.Security Cloud operates as a layer on top of the infrastructure across a customer\'s cloud services – including Azure, AWS, GCP and private data-center clouds – to protect core applications, Cisco said. It features a unified dashboard, support for flexible trust policies, and open APIs to encourage third-party integrators. By correlating data and employing artificial intelligence and machine learning, Cisco Security Cloud can detect and remediate threats quickly throughout an organization, Cisco says.To read this article in full, please click here
Cloud ★★
NetworkWorld.webp 2023-08-23 10:00:00 Versa améliore le package SASE avec des outils de sécurité basés sur l'IA
Versa enhances SASE package with AI-based security tools
(lien direct)
Versa renforce les fonctionnalités de gestion de la sécurité de l'IA de son package intégré Secure Access Service Edge (SASE) pour inclure une amélioration de la détection de logiciels malveillants pour la protection avancée des menaces, la microsegmentation du réseau et la protection génératrice de l'IA pour aider les clients à mieux détecter et atténuer rapidement les menaces à leur réseauService et applications. Le fournisseur prend en charge AI dans son intégré Package Versa Sase qui inclut SD WAN, un pare-feu de nouvelle génération et d'application Web, la prévention des intrusions, le support zéro fiducie et la prévention de la perte de données. Pour lire cet article en entier, veuillez cliquer ici
Versa is bolstering the AI security management features of its integrated Secure Access Service Edge (SASE) package to include improved malware detection for Advanced Threat Protection, network microsegmention and generative AI protection to help customers better detect and quickly mitigate threats to their networked service and applications.The vendor supports AI in its integrated Versa SASE package that includes SD WAN, a next-generation and web application firewall, intrusion prevention, zero trust support and data loss prevention.To read this article in full, please click here
Malware Tool Threat ★★
NetworkWorld.webp 2023-08-01 06:35:00 Cisco apporte une protection des ransomwares au package saas XDR
Cisco brings ransomware protection to XDR SaaS package
(lien direct)
Cisco a ajouté le support de détection et de récupération des ransomwares à son système de détection et de réponse étendue (XDR) récemment dévoilé. Les nouvelles fonctionnalités ciblent la récupération des attaques de ransomwares et la gracieuseté de l'intégration avec Cohesity \'sDataProtect et Datahawk offres qui offrent une prise en charge de récupération et de sauvetage des ransomwares configurables pour les systèmes attribués à un plan de protection.La plate-forme de Cohesity \\ peut préserver les machines virtuelles potentiellement infectées pour une enquête médico-légale et protéger les charges de travail d'entreprise contre les attaques futures. Cisco a déclaré que la croissance exponentielle des ransomwares et de la cyber l'extorsion a rendu une approche de plate-forme cruciale pour contrer efficacement la lutteadversaires.Il a également noté qu'au cours du deuxième trimestre de 2023, l'équipe de réponse aux incidents de Cisco Talos a répondu au plus grand nombre d'engagements de ransomwares dans plus d'un an. Ransomware Cloud ★★
NetworkWorld.webp 2023-07-25 11:54:00 Les géants du réseau s'unissent pour lutter contre les risques de sécurité
Network giants unite to fight security risks
(lien direct)
Un groupe de piliers de l'industrie se regroupe pour aider les entreprises, les fournisseurs de services et les télécommunications de combattre les cyber-ennemis. La Coalition de résilience du réseau comprend AT & AMP; T, Broadcom, BT Group, Cisco Systems, Fortinet, Intel, Juniper Networks, Lumen Technologies, Palo Alto Networks, Verrizon et VMware.Son objectif est de fournir des techniques ouvertes et collaboratives pour aider à améliorer la sécurité du matériel et des logiciels du réseau à travers l'industrie. La coalition a été réunie sous le ★★
NetworkWorld.webp 2023-07-18 09:38:00 Fortinet dévoile les pare-feu du centre de données avec support de l'IA
Fortinet unveils data center firewalls with AI support
(lien direct)
Fortinet a publié deux nouveaux pare-feu à haute vitesse et de prochaine génération conçus pour protéger les actifs du centre de données. La série de 387 Gbps 3200F et la prise en charge des fonctionnalités de la série de 164 Gbps 900G pour la sécurité de la fournisseur \\ AI du fournisseur AI du fournisseurServices, qui mélangent les technologies d'IA et d'apprentissage automatique pour sensibiliser les clients aux cybermenaces et agir sur la protection des ressources beaucoup plus rapidement, selon Nirav Shah, vice-président des produits et solutions de Fortinet. Fortiguard AI-Les services de sécurité alimentés utilisent des données en temps réel des chercheurs de menace de Fortinet à Fortiguard Lab pour surveiller les nouveaux dangers.«Nous regardons chaque jour des terrabilits de données, et c'est là que nous exécutons notre IA et notre apprentissage automatique pour voir différentes choses & # 8211;Que nous ayons besoin d'activer les services alimentés par l'IA avec des IPS ou d'utiliser des technologies de bac à sable pour les atténuer », a déclaré Shah.«Si vous regardez l'industrie de la cybersécurité et la quantité de données que nous voyons, et les modèles et autres choses que nous devons reconnaître pour trouver les menaces & # 8211;[It] est extrêmement difficile si vous le faites manuellement. » Pour lire cet article en entier, veuillez cliquer ici
Fortinet has released two new high-speed, next generation firewalls designed to protect data center assets.The 387Gbps 3200F series and 164Gbps 900G series feature support for the vendor\'s AI-Powered Security Services, which blend AI and machine-learning technologies to make customers aware of cyber threats and act on protecting resources much more quickly, according to Nirav Shah, vice president of products and solutions at Fortinet.FortiGuard AI-Powered Security Services use real-time data from Fortinet\'s threat researchers at FortiGuard Lab to monitor for new dangers. “We look at terabytes of data every day, and that\'s where we run our AI and machine learning to see different things – whether we need to enable AI-powered services with IPS, or utilize sandbox technologies to mitigate them,” Shah said. “If you look at the cybersecurity industry, and the amount of data that we see, and the patterns and other things that we need to recognize to find the threats – [it] is extremely tough if you do it manually.”To read this article in full, please click here
Threat ★★
NetworkWorld.webp 2023-07-17 11:43:00 Cisco héberge un pare-feu conteneurisé sur les commutateurs de catalyseur pour protéger les réseaux IT / OT mixés
Cisco hosts containerized firewall on Catalyst switches to protect mixed IT/OT networks
(lien direct)
Cisco a annoncé un package de pare-feu conteneurisé pour sa vénérable famille de commutateurs de catalyseur qui a conçu pour aider les clients d'entreprise avec des systèmes IT et OT mixtes segmenter plus facilement les ressources du réseau et économiser de l'argent en consolidant les déploiements de réseau et de sécurité. . Plus précisément, Cisco a construit un conteneur basé sur Docker pour son appareil de sécurité adaptatif (ASA) sécurisé (ASA) qui peut être hébergé sur ses commutateurs d'accès Catalyst 9300.Cisco Secure Firewall ASA combine le pare-feu, l'antivirus, la prévention des intrusions, le chiffrement et le soutien du réseau privé virtuel (VPN). Le pare-feu prend en charge jusqu'à 10 interfaces logiques, qui peuvent être utilisées pour la segmentation.Cette segmentation permet de limiter la capacité d'un attaquant à se déplacer latéralement dans le réseau en contenant toute violation dans une zone spécifique, a écrit Pal Lakatos-Toth, un chef de produit d'ingénierie du groupe d'entreprise de sécurité de Cisco \\, dans un blog sur les nouvelles. Pour lire cet article en entier, veuillez cliquer ici
Cisco announced a containerized firewall package for its venerable Catalyst switch family that\'s designed to help enterprise customers with mixed IT and OT systems more easily segment network resources and save money by consolidating network and security deployments.Specifically, Cisco built a Docker-based container for its Secure Firewall Adaptive Security Appliance (ASA) that can be hosted on its Catalyst 9300 access switches. Cisco Secure Firewall ASA combines firewall, antivirus, intrusion prevention, encryption and virtual private network (VPN) support.The firewall supports up to 10 logical interfaces, which can be used for segmentation. This segmentation helps limit the ability of an attacker to move laterally within the network by containing any breach to a specific zone, wrote Pal Lakatos-Toth, an engineering product manager with Cisco\'s security business group, in a blog about the news.To read this article in full, please click here
★★
NetworkWorld.webp 2023-06-27 05:31:00 Cato Networks lance un tracker alimenté par AI pour la commande et le contrôle des logiciels malveillants
Cato Networks launches AI-powered tracker for malware command and control
(lien direct)
Cato Networks \\ 'new Les algorithmes de l'apprentissage en profondeur sont conçus pour identifier Micware Domaines de commandement et de contrôle et les bloquer plus rapidement que les systèmes traditionnels en fonction de la réputation du domaine, grâce à une formation approfondie sur les ensembles de données de la société. Cato, a Malware ★★
NetworkWorld.webp 2023-06-06 02:30:00 La mauvaise configuration des nuages provoque une violation massive de données chez Toyota Motor
Cloud misconfiguration causes massive data breach at Toyota Motor
(lien direct)
Les données sur les véhicules et les informations sur les clients ont été exposées pendant plus de huit ans en raison d'une erreur de configuration du cloud chez Toyota Motor qui a eu un impact sur 260 000 clients.
Vehicle data and customer information were exposed for over eight years due to a cloud misconfiguration at Toyota Motor that impacted over 260,000 customers.
Data Breach Cloud ★★★★
NetworkWorld.webp 2023-05-31 16:34:00 Cisco vise la sécurité de l'IA-First avec Armorblox Acheter
Cisco aims for AI-first security with Armorblox buy
(lien direct)
Cisco prévoit d'acheter Armorblox, un fournisseur d'IA de six ans, pour aider à créer «un cloud de sécurité Ai-First».Dans notre portefeuille, nous changerons la façon dont nos clients comprennent et interagissent avec leurs points de contrôle de la sécurité », a écrit Raj Chopra vice-président principal et chef de produit pour Cisco Security dans un blog annonçant l'acquérir en pente . Bien que la sécurisation des e-mails était la première application par Armorblox \\ de ses techniques d'IA, ils pourraient également être appliqués à la prédiction d'attaque, à une détection rapide des menaces et à l'application efficace des politiques, a écrit Chopra."Grâce à cette acquisition, nous voyons de nombreux cas d'utilisation et possibilités d'utilisation de sécurité passionnants à déverrouiller." Pour lire cet article en entier, veuillez cliquer ici
Cisco plans to buy Armorblox, a six-year-old AI vendor, to help create “an AI-first Security Cloud.”“Leveraging Armorblox\'s use of predictive and Generative AI across our portfolio, we will change the way our customers understand and interact with their security control points,” wrote Raj Chopra senior vice president and chief product officer for Cisco Security in a blog announcing the pending acquistion.While securing email was Armorblox\'s first application of its AI techniques, they might also be applied to attack prediction, rapid threat detection, and efficient policy enforcement, Chopra wrote. “Through this acquisition though, we see many exciting broad security use cases and possibilities to unlock.”To read this article in full, please click here
Threat ★★
NetworkWorld.webp 2023-04-24 08:38:00 Cisco pour lancer un package de détection et de réponse prolongée
Cisco to launch an extended detection and response SaaS package
(lien direct)
Cisco passe sa première étape majeure dans la détection et la réponse prolongées (XDR) avec un système intégré de point de terminaison, de réseau de feu, de messagerie électronique et d'identité livré par le SaaS visant à protéger les ressources d'entreprise. CiscoLe service XDR de \\, qui sera disponible en juillet, rassemble une myriade de produits de sécurité Cisco et tiers pour contrôler l'accès au réseau, analyser les incidents, remédier aux menaces et automatiser la réponse à partir d'une seule interface basée sur le cloud.L'offre rassemble six sources de télémétrie qui, selon les opérateurs du Centre d'opérations de sécurité (SOC), sont essentielles pour une solution XDR: point de terminaison, réseau, pare-feu, e-mail, identité et DNS, a déclaré Cisco. Lire cet article en complet, veuillez cliquer ici
Cisco is taking its first major step into Extended Detection and Response (XDR) with a SaaS-delivered integrated system of endpoint, network, firewall, email and identity software aimed at protecting enterprise resources.Cisco\'s XDR service, which will be available July, brings together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that Security Operations Center (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated.To read this article in full, please click here
Cloud ★★
NetworkWorld.webp 2023-04-18 16:26:00 Cisco met en garde contre les attaques contre les routeurs de réseau, les pare-feu
Cisco warns of attacks on network routers, firewalls
(lien direct)
Le groupe de renseignement de la sécurité de Cisco \\ de Cisco \\ a publié aujourd'hui un avertissement d'une augmentation des attaques très sophistiquées contre les infrastructures de réseau, y compris des routeurs et des pare-feu. Le Cisco Avertissement Piggybacks Un avertissement conjoint similaire émis aujourd'hui à partir de Le National Cyber Security Center du Royaume-Uni (NCSC), l'Agence américaine de sécurité nationale (NSA), l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) et le Federal Bureau of Investigation (FBI) qui a noté une augmentation des menaces dansen partie utilisant un exploit qui a été révélé pour la première fois en 2017. Cet exploit a ciblé une vulnérabilité SNMP dans les routeurs Cisco qui Le fournisseur patché en 2017 . Pour lire cet article en entier, veuillez cliquer ici
Cisco\'s Talos security intelligence group issued a warning today about an uptick in highly sophisticated attacks on network infrastructure including routers and firewalls.The Cisco warning piggybacks a similar joint warning issued today from The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) that noted an uptick in threats in part utilizing an exploit that first came to light in 2017.  That exploit targeted an SNMP vulnerability in Cisco routers that the vendor patched in 2017To read this article in full, please click here
Vulnerability APT 28 ★★
NetworkWorld.webp 2023-03-14 14:50:00 Les données DNS montrent qu'une organisation sur 10 a un trafic de logiciels malveillants sur leurs réseaux [DNS data shows one in 10 organizations have malware traffic on their networks] (lien direct) Le rapport Akamai souligne à quel point les menaces de logiciels malveillants restent généralisées, notant les dangers des menaces spécifiques à l'infrastructure DNS.
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.
Malware ★★★
NetworkWorld.webp 2023-03-10 04:16:00 AT&T informs 9M customers about data breach (lien direct) The company's marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses. Data Breach ★★★
NetworkWorld.webp 2023-03-10 01:30:00 Attacks on SonicWall appliances linked to Chinese campaign: Mandiant (lien direct) The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign. ★★★
NetworkWorld.webp 2023-02-27 02:30:00 War tests Ukrainian telecom, internet resilience (lien direct) One year after Russia's invasion of Ukraine, the country's overall resilience and defiance has been inspiring, but telecommunications and internet connectivity has grown much more difficult.Initially the country's internet network mostly withstood with some outages and slowdowns, but that has changed over time as the aggressors devote more effort in destroying physical locations and deploying malware and other cybersecurity weapons.For example, researchers at Top10VPN recently reported some distressing analysis including:To read this article in full, please click here Malware ★★
NetworkWorld.webp 2023-02-09 09:00:00 VMware ESXi server ransomware evolves, after recovery script released (lien direct) After the FBI and CISA on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective.The attacks, aimed at VMware's ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions of the software, or those that have not been patched to current standards. Some 3,800 servers have been affected globally, CISA and the FBI said.To read this article in full, please click here Ransomware Malware ★★★
NetworkWorld.webp 2023-02-06 10:44:00 Massive ransomware attack targets VMware ESXi servers worldwide (lien direct) Cybersecurity agencies globally, including in Italy, France, the US and Singapore have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.Aourva Ransomware ★★
NetworkWorld.webp 2023-01-13 03:00:00 What to expect from SASE certifications (lien direct) Secure access service edge (SASE) is a network architecture that rolls SD-WAN and security into a single, centrally-managed cloud service that promises simplified WAN deployment, improved security, and better performance.According to Gartner, SASE's benefits are transformational because it can speed deployment time for new users, locations, applications, and devices, as well as reduce attack surfaces and shorten remediation times by as much as 95%.With the pandemic, adoption of SASE has been on an upward swing. Gartner predicts in its most recent SASE roadmap that 80% of enterprises will have adopted a SASE or SSE architecture by 2025, up from 20% in 2021. (Security service edge, or SSE, is a security-focused subset of SASE that's basically SASE without SD-WAN.)To read this article in full, please click here ★★
NetworkWorld.webp 2022-12-12 04:00:00 Top 10 Best Residential Proxy Service Providers (lien direct) The need to surf the internet freely without restrictions or being noticed created the necessity for proxies. So, what is a proxy? To put it in simple terms, a proxy is a device that provides a gateway between users and the web. Therefore, it helps prevent cyber attackers from gaining access to a private network.A proxy is a computer, referred to as an intermediary because it channels traffic between end-users and the web content they visit online. In data gathering, proxies enable you to access data from websites without being detected, increasing the success rate of extracting valuable information.Top 10 Best Residential Proxy Service Providers Several residential proxy providers claim to provide the ultimate security for your web activities and enable you to browse anonymously. However, some providers' services don't come close to what they claim to provide. Having stated that, the following providers will give you value for your money. If you need a reliable residential proxy, they will come to the rescue.To read this article in full, please click here ★★★
NetworkWorld.webp 2022-12-06 13:59:00 Ransomware attack knocks Rackspace\'s Exchange servers offline (lien direct) Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday.It was not initially clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company's infrastructure was apparently unaffected.Rackspace offers migration to Microsoft 365 Rackspace said today that there is “no timeline” for restoration of Exchange service, but it is offering Exchange users technical assistance and free access to Microsoft 365 as a substitute, though it acknowledged that migration is unlikely to be a simple process for every user. Rackspace said that, while the migration is in progress, customers can forward emails sent to their Hosted Exchange inboxes to an external server, as a temporary workaround.To read this article in full, please click here Ransomware
NetworkWorld.webp 2022-12-01 06:01:00 Researchers found security pitfalls in IBM\'s cloud infrastructure (lien direct) A demonstrated attack by cybersecurity researchers in IBM's cloud infrastructure allowed them access to the internal server used to build database images for customer deployments. ★★★
NetworkWorld.webp 2022-11-29 15:43:00 5 DNS services to provide a layer of internet security (lien direct) Having thorough IT security usually means having a layered approach. Basic antivirus, for instance, might catch PC-based malware once a user downloads it, but you could try to block it before it ever reaches the user device, or at least have another security mechanism in place that might catch it if the basic antivirus doesn't. DNS-based filtering can do this! It can help stop users from browsing to malware and phishing sites, block intrusive advertising to them, and serve as adult content filters.First, a quick primer for those who are unfamiliar with DNS: You utilize the Domain Name System (DNS) every time you surf the Web. Each time you type a site name into the browser, DNS is queried for the IP address corresponding to that particular domain, so the browser can contact the Web server to get the content. The process of converting the domain name to its IP address is called domain-name resolution.To read this article in full, please click here Malware ★★
NetworkWorld.webp 2022-11-16 08:52:00 Palo Alto targets zero-day threats with new firewall software (lien direct) Palo Alto Networks has released next-generation firewall (NGFW) software that includes some 50 new features aimed at helping enterprise organizations battle zero-day threats and advanced malware attacks.The new features are built into the latest version of Palo Alto's firewall operating system – PAN 11.0 Nova – and include upgraded malware sandboxing for the company's WildFire malware-analysis service, advanced threat prevention (ATP), and a new cloud access security broker (CASB).WildFire is Palo Alto's on-prem or cloud-based malware sandbox that is closely integrated with Palo Alto's firewalls. When a firewall detects anomalies, it sends data to WildFire for analysis. WildFire uses machine learning, static analysis, and other analytics to discover threats, malware and zero-day threats, according to the vendor.To read this article in full, please click here Malware Threat
NetworkWorld.webp 2022-11-09 10:53:00 Researchers show techniques for malware persistence on F5 and Citrix load balancers (lien direct) Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers. Malware
NetworkWorld.webp 2022-05-31 14:25:00 U.S. government proposals spell out 5G security advancements (lien direct) A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.
NetworkWorld.webp 2022-05-25 12:45:00 Microsoft security vulnerabilities drop after five-year rise (lien direct) While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.
NetworkWorld.webp 2022-05-19 06:10:00 CISA issues emergency warning over two new VMware vulnerabilities (lien direct) The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit. Threat
NetworkWorld.webp 2022-05-10 03:00:00 Cohesity launches FortKnox to protect data from ransomware attacks (lien direct) Data management specialist Cohesity is launching a new data isolation and recovery tool called FortKnox, in a bid to help customers protect their data from ransomware attacks.FortKnox provides an additional layer of off-site protection for customers by keeping data in a secure 'vault,' with physical separation, network and management isolation to keep threat actors from accessing sensitive data.An object lock requires a minimum of two or more people to approve critical actions, such as changes of vault policy, and access can be managed using granular role-based access control, multi-factor authentication, and encryption both in-flight and at rest.To read this article in full, please click here Ransomware Tool Threat
NetworkWorld.webp 2022-05-05 11:06:00 Cisco warns of critical vulnerability in virtualized network software (lien direct) Multiple vulnerabilities have been discovered in Cisco's Enterprise NFV Infrastructure Software (NFVIS). The worst of the vulnerabilities could let an attacker escape from the guest virtual machine (VM) to the host machine, Cisco disclosed. The other two problems involve letting a bad actor inject commands that execute at the root level and allowing a remote attacker to leak system data from the host to the VM.NFVIS is Linux-based infrastructure software designed to help enterprises and service providers to deploy virtualized network functions, such as a virtual router, firewall and WAN acceleration, Cisco stated.To read this article in full, please click here Vulnerability
NetworkWorld.webp 2022-05-03 03:42:00 TLS implementation flaws open Aruba and Avaya network switches to RCE attacks (lien direct) The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
NetworkWorld.webp 2022-04-14 07:13:00 US security agencies warn of threats to industrial, utility control networks (lien direct) Key US government security organizations are warning that industrial control system (ICS)/supervisory control and data acquisition (SCADA)-based networks are being threatened by bad actors armed with custom software tools.The Department of Energy (DOE), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI) issued a joint warning that certain advanced persistent threat (APT) actors have shown the ability to gain full system access to compromised ICS/SCADA systems.The alert did not identify which groups were making the threats, but it did recognize Dragos, Mandiant, Microsoft, Palo Alto Networks and Schneider Electric for helping put together the warning. Dragos has posted a paper about part of the threat.To read this article in full, please click here Threat
NetworkWorld.webp 2022-03-30 08:55:00 CISA warns of attacks against internet-connected UPS devices (lien direct) Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately. Threat
NetworkWorld.webp 2020-12-23 05:13:00 (Déjà vu) SolarWinds roundup: Fixes, new bad actors, and what the company knew (lien direct) The SolarWinds Orion security breach is unfolding at a rapid pace, and the number of vendors and victims continues to grow. Each day brings new revelations as to its reach and depth. Of particular concern are the rate of infection and impact on government systems.In case you missed it, a backdoor was found in the SolarWinds Orion IT monitoring and management software. A dynamic link library called SolarWinds.Orion.Core.BusinessLayer.dll, a SolarWinds digitally-signed component of the Orion software framework, was found to contain a backdoor that communicates via HTTP to third-party servers.[Get regularly scheduled insights by signing up for Network World newsletters.] After an initial dormant period of up to two weeks, the Trojan retrieves and executes commands, called jobs, that include the ability to transfer files, execute files, profile the system, reboot, and disable system services. In short, a total takeover of the machine.
NetworkWorld.webp 2020-12-23 05:13:00 (Déjà vu) SolarWinds roundup: Fixes, new bad actors, and the company knew (lien direct) The SolarWinds Orion security breach is unfolding at a rapid pace and the number of vendors and victims continues to grow. Each day brings new revelations as to its reach and depth. Of particular concern is the rate of infection and impact on government systems.In case you missed it, a backdoor was found in the SolarWinds Orion IT monitoring and management software. A dynamic link library called SolarWinds.Orion.Core.BusinessLayer.dll, a SolarWinds digitally-signed component of the Orion software framework was found to contain a backdoor that communicates via HTTP to third-party servers.[Get regularly scheduled insights by signing up for Network World newsletters.] After an initial dormant period of up to two weeks, the Trojan retrieves and executes commands, called jobs, that include the ability to transfer files, execute files, profile the system, reboot, and disable system services. In short, a total takeover of the machine.
NetworkWorld.webp 2020-12-15 12:21:00 SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear (lien direct) Hot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of the serious Trojan unleashed on the platform.The supply-chain attack, reported early this week by Reuters and detailed by security researchers at FireEye and Microsoft involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind's Orion network monitoring and management software. This campaign may have begun as early as spring 2020 and is ongoing, according to FireEye and others. Patching Solardwinds
NetworkWorld.webp 2020-12-15 08:41:00 Trojan in SolarWinds security has far-reaching impact (lien direct) SolarWinds says a compromise of its widely used Orion network-monitoring platform endangers the networks of public and private organizations that use it and that the problem should be remediated right away.In a security advisory, SolarWinds said customers should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure their environment is safe. An additional hotfix release that both replaces the compromised component and provides several additional security enhancements is expected in the next day or two.The company's managed services tools appear to be uncompromised, and the company said it isn't aware of any similar issues with its non-Orion products, like RMM, N-Central, and SolarWinds MSP products.
NetworkWorld.webp 2020-12-15 03:44:00 SolarWinds attack explained: And why it was so hard to detect (lien direct) A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack. APT 29
NetworkWorld.webp 2020-10-29 07:53:00 \'Credible threat\': How to protect networks from ransomware (lien direct) (Editor's note, Oct. 29, 2020: With the FBI and US Department of Homeland Security recently warning of credible cyberthreats to healthcare facilities including ransomware, it's a good time to review the steps outlined in this article that enterprises can take to guard against such attacks.)Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time.Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission. Ransomware
NetworkWorld.webp 2020-03-25 10:36:00 (Déjà vu) How enterprise networking is changing with a work-at-home workforce (lien direct) As the coronavirus spreads, public and private companies as well as government entities are requiring employees to work from home, putting unforeseen strain on all manner of networking technologies and causing bandwidth and security concerns.  What follows is a round-up of news and traffic updates that Network World will update as needed to help keep up with the ever-changing situation.  Check back frequently!UPDATE 3.27Broadband watchers at BroadbandNow say users in most of the cities it analyzed are experiencing normal network conditions, suggesting that ISP's (and their networks) are holding up to the shifting demand. In a March 25 post the firm wrote: “Encouragingly, many of the areas hit hardest by the spread of the coronavirus are holding up to increased network demand. Cities like Los Angeles, Chicago, Brooklyn, and San Francisco have all experienced little or no disruption. New York City,  now the epicenter of the virus in the U.S., has seen a 24% dip out of its previous ten-week range. However, with a new median speed of nearly 52 Mbps, home connections still appear to be holding up overall.”
NetworkWorld.webp 2020-03-25 10:36:00 ROLLING UPDATE: The impact of COVID-19 on public networks and security (lien direct) As the coronavirus spreads, public and private companies as well as government entities are requiring employees to work from home, putting unforeseen strain on all manner of networking technologies and causing bandwidth and security concerns.  What follows is a round-up of news and traffic updates that Network World will update as needed to help keep up with the ever-changing situation.  Check back frequently!UPDATE 3.27 Broadband watchers at BroadbandNow say users in most of the cities it analyzed are experiencing normal network conditions, suggesting that ISP's (and their networks) are holding up to the shifting demand. In a March 25 post the firm wrote: “Encouragingly, many of the areas hit hardest by the spread of the coronavirus are holding up to increased network demand. Cities like Los Angeles, Chicago, Brooklyn, and San Francisco have all experienced little or no disruption. New York City,  now the epicenter of the virus in the U.S., has seen a 24% dip out of its previous ten-week range. However, with a new median speed of nearly 52 Mbps, home connections still appear to be holding up overall.” Other BroadbandNow findings included:
NetworkWorld.webp 2020-03-16 13:02:00 Coronavirus challenges remote networking (lien direct) As the coronavirus spreads, many companies are requiring employees to work from home, putting unanticipated stress on remote networking technologies and causing bandwidth and security concerns.Businesses have facilitated brisk growth of teleworkers over the past decades to an estimated 4 million-plus. The meteoric rise in new remote users expected to come online as a result of the novel coronavirus calls for stepped-up capacity.Research by VPN vendor Atlas shows that VPN usage in the U.S. grew by 53% between March 9 and 15, and it could grow faster. VPN usage in Italy, where the virus outbreak is about two weeks ahead of the U.S., increased by 112% during the last week. "We estimate that VPN usage in the U.S. could increase over 150% by the end of the month," said Rachel Welch, chief operating officer of Atlas VPN, in a statement.
NetworkWorld.webp 2020-02-12 03:00:00 How cyber attackers hide malware on your network (lien direct) Knowing where to look for malware lurking on your network gives you a better chance to prevent damage from it. Malware
NetworkWorld.webp 2020-02-04 09:24:00 The problem with mobile and app voting (lien direct) It's the day after the 2020 Iowa caucuses, and the Iowa Democratic Party has yet to announce the winner. The app that precinct leaders were supposed to use to report final tallies recorded inconsistent results. Party leaders blamed a "coding issue" within the app, not a hack or attack. Computerworld's Lucas Mearian joins Juliet to discuss the problem with mobile voting and how this snafu may affect the reputation of app voting in the future. Hack Guideline
NetworkWorld.webp 2020-01-15 03:00:00 3 easy ways to make your Windows network harder to hack (lien direct) Start the new year off by eliminating common paths for attackers to breach your network. Hack
NetworkWorld.webp 2019-11-13 12:07:00 Red Hat Responds to Zombieload v2 (lien direct) Three Common Vulnerabilities and Exposures (CVEs) opened yesterday track three flaws in certain Intel processors, which, if exploited, can put sensitive data at risk.Of the flaws reported, the newly discovered Intel processor flaw is a variant of the Zombieload attack discovered earlier this year and is only known to affect Intel's Cascade Lake chips.[Get regularly scheduled insights by signing up for Network World newsletters.] Red Hat strongly suggests that all Red Hat systems be updated even if they do not believe their configuration poses a direct threat, and it is providing resources to their customers and to the enterprise IT community.
Last update at: 2024-03-29 15:09:43
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter