What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-25 14:52:02 | Cybersecurity and Online Trading: An Overview (lien direct) | Take a look at how and why the risks of international trade are increasing, and the political response to this. | |||
|
2019-10-23 05:17:00 | Artificial Intelligence: The Next Frontier in Information Security (lien direct) | The hype can lead to confusion and skepticism over what AI actually is and what it really means for business and security. | Guideline | ||
|
2019-10-23 05:14:24 | Five Main Differences between SIEM and UEBA (lien direct) | Five ways in which SIEM and UEBA technology differs. | |||
|
2019-10-17 22:17:47 | For Cybersecurity, It\'s That Time of the Year Again (lien direct) | It's a race against time and a reactive security approach that waits for a vulnerability to be discovered and then issues patches is lacking, to put it lightly. | Vulnerability | ||
|
2019-10-17 22:06:47 | Myth Busters: How to Securely Migrate to the Cloud (lien direct) | Security must remain a top priority for IT professionals during the migration process, and there is a successful pathway to safely and securely migrate to the cloud. | |||
|
2019-10-01 08:42:56 | Microsoft Makes OneDrive Personal Vault Available Worldwide (lien direct) | Microsoft said that users all around the world can now keep their most important files protected in OneDrive Personal Vault. | |||
|
2019-09-24 13:57:15 | Human-Centered Security: What It Means for Your Organization (lien direct) | Human-centred security acknowledges that employees interact with technology, controls and data across a series of touchpoints throughout any given day. | |||
|
2019-09-11 09:41:00 | How Ethical Hackers Find Weaknesses and Secure Businesses (lien direct) | Approaching your currently implemented security as a target to beat or bypass is the strongest and fastest way to find any flaws that may already exist. | |||
|
2019-09-11 09:33:00 | New Passive RFID Tech Poses Threat to Enterprise IoT (lien direct) | The accelerating pace of RFID tech will make our lives more convenient. With greater convenience, however, comes a greater need for security solutions. | Threat | ||
|
2019-09-02 09:59:01 | Android RAT Exclusively Targets Brazil (lien direct) | A newly discovered Android remote access Trojan (RAT) is specifically targeting users in Brazil, Kaspersky reports. | |||
|
2019-08-29 10:53:01 | Three Strategies to Avoid Becoming the Next Capital One (lien direct) | Three strategies to preventing catastrophic cloud security issues. | |||
|
2019-08-29 08:14:04 | Why a Business-Focused Approach to Security Assurance Should Be an Ongoing Investment (lien direct) | Security assurance should provide relevant stakeholders with a clear, objective picture of the effectiveness of information security controls. | |||
|
2019-08-20 05:01:00 | If You Don\'t Have Visibility, You Don\'t Have Security (lien direct) | You can't protect what you can't see…or what you don't know about. Without comprehensive visibility, there will always be the chance that your false sense of security could be shattered at any time as attackers discover the vulnerable assets you aren't aware of and exploit them to gain access to your network and data. | |||
|
2019-08-19 07:09:01 | Ransomware: Why Hackers Have Taken Aim at City Governments (lien direct) | The only way to stop the trend of ransomware is for municipal organizations to build a reputation of having strong security defenses. | Ransomware | ||
|
2019-08-19 06:55:04 | 5 Limitations of Network-Centric Security in the Cloud (lien direct) | Traditional security solutions aim to identify threats at the perimeter of the enterprise, but threats targeting public clouds require a different level of insight and action. | |||
|
2019-08-08 04:54:01 | 1 Million South Korean Credit Card Records Found Online (lien direct) | Over 1 million South Korea-issued Card Present records have been posted for sale on the dark web since the end of May. | |||
|
2019-07-31 03:35:00 | Top Three Cross-Site Scripting Attacks You Need to Know Now (lien direct) | Cross-Site scripting or XSS is and will remain to be a major pain for anyone trying to create a secure web application for their end-users. | |||
|
2019-07-29 13:04:01 | Arkose Labs Launches Private Bug Bounty Program (lien direct) | Fraud prevention technology provider Arkose Labs announced the launch of a private bug bounty program on crowdsourced security platform Bugcrowd. | |||
|
2019-07-22 07:12:01 | Eight Steps to Migrate Your SIEM (lien direct) | The migration of a legacy SIEM entails changes to a wide array of people, process and technology within an organization. | |||
|
2019-07-22 07:08:02 | What Call Center Fraud Can Teach Us about Insider Threats (lien direct) | Detecting and preventing call center fraud embodies many of the same challenges associated with fighting insider threats. | |||
|
2019-07-22 07:04:01 | Best Practices for Remote Workers\' Endpoint Security (lien direct) | One of an IT admin's most important jobs is to secure that data while it's stored on and accessed by corporate and personal endpoints. | |||
|
2019-07-20 14:45:03 | Cisco Patches Critical Flaw in Vision Dynamic Signage Director (lien direct) | Cisco released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability (CVE-2019-1917) that could allow attackers to execute arbitrary actions on the local system. | Vulnerability | ||
|
2019-07-19 08:47:05 | Cybersecurity: Drones Will Soon Become Both Predator and Prey (lien direct) | Like other IoT devices, drones currently have very poor security controls, making them vulnerable to hijacking. | |||
|
2019-07-19 08:41:02 | The Automotive Industry: Stepping up on Defense (lien direct) | As the in-vehicle technology continues to innovate, hackers are continuing to learn and find vulnerabilities to exploit. | |||
|
2019-07-19 08:36:00 | Beyond the Endpoint: Fighting Advanced Threats with Network Traffic Analytics (lien direct) | Safeguarding enterprise assets is no longer just about protecting endpoints from malware, spam and phishing. | Spam | ||
|
2019-06-21 11:02:00 | Today\'s Top Public Cloud Security Threats …And How to Thwart Them (lien direct) | In order to thwart exposure, companies must have the capability to look at all cloud environments and perform assessments of how such resources are secured. | |||
|
2019-06-18 10:11:05 | Influence Operation Uses Old News of New Purposes (lien direct) | A recently uncovered influence campaign presents old terror news stories as if they were new, likely in an attempt to spread fear and uncertainty, Recorded Future reports. | |||
|
2019-06-14 12:03:00 | Spring Cleaning: Why Companies Must Spring Clean Out Their Social Media Accounts This Season (lien direct) | Tips for cleaning and securing your online data this spring. | |||
|
2019-06-14 11:02:04 | Building Modern Security Awareness with Experiences (lien direct) | Think about your own organization's culture and then find ways to create immersive, engaging experiences that will resonate with your people. | |||
|
2019-06-14 10:59:04 | The Promise and Perils of Artificial Intelligence (lien direct) | AI will help us to improve our lives. We, in turn, must ensure that the software doing so is secure. | |||
|
2019-06-05 01:36:04 | Utilising the Benefits of Industrial Robots Securely (lien direct) | The benefits of industrial robots won't be achieved for long if they are not deployed with cybersecurity at their core. | |||
|
2019-06-04 07:42:01 | On the Horizon: Parasitic Malware Will Feast on Critical Infrastructure (lien direct) | Unprepared organizations will have a wide (and often unmonitored) attack surface that can be targeted by parasitic malware. | Malware | ||
|
2019-06-04 07:37:05 | Thoughts on DoS Attack on US Electric Utility (lien direct) | The recent DoS incident affecting power grid control systems in Utah, Wyoming and California was interesting for several reasons. | |||
|
2019-05-29 07:53:00 | Network of Fake Social Accounts Serves Iranian Interests (lien direct) | FireEye security researchers have uncovered a network of fake social media accounts that engage in inauthentic behavior and misrepresentation, likely in support of Iranian political interests. | |||
|
2019-05-28 10:47:01 | Researchers Analyze the Linux Variant of Winnti Malware (lien direct) | Chronicle, the cybersecurity arm of Google's parent Alphabet, has identified and analyzed samples of the Winnti malware that have been designed specifically for the Linux platform. | Malware | ||
|
2019-05-21 14:48:00 | BlackWater Campaign Linked to MuddyWater Cyberspies (lien direct) | A recently discovered campaign shows that the cyber-espionage group MuddyWater has updated tactics, techniques and procedures (TTPs) to evade detection, Talos' security researchers report. | |||
|
2019-05-17 09:57:03 | Privilege Escalation Flaws Impact Wacom Update Helper (lien direct) | Talos' security researchers have discovered two security flaws in the Wacom update helper that could be exploited to elevate privileges on a vulnerable system. | |||
|
2019-05-08 14:53:04 | Answering Tough Questions About Network Metadata and Zeek (lien direct) | As security operations teams search for the best threat data to analyze in their data lakes, network metadata often lands in the category of being just right. | Threat | ||
|
2019-05-06 12:11:00 | Qakbot Trojan Updates Persistence, Evasion Mechanism (lien direct) | The Qakbot banking Trojan has updated its persistence mechanism in recent attacks and also received changes that potentially allow it to evade detection, Talos' security researchers say. Also known as Qbot and Quakbot, the Trojan has been around for nearly a decade, and has received a variety of changes over time to remain a persistent threat, although its functionality remained largely unaltered. Known for the targeting of businesses to steal login credentials and eventually drain their bank accounts, the malware has received updates to the scheduled task it uses to achieve persistence on the infected systems, which also allows it to evade detection. The Trojan typically uses a dropper to compromise a victim's machine. During the infection process, a scheduled task is created on the victim machine to execute a JavaScript downloader that makes a request to one of several hijacked domains. A spike in requests to these hijacked domains observed on April 2, 2019 (which follows DNS changes made to them on March 19) suggests that the threat actor has made updates to the persistence mechanism only recently, in preparation for a new campaign. The downloader requests the URI "/datacollectionservice[.]php3." from the hijacked domains, which are XOR encrypted at the beginning of the JavaScript. The response is also obfuscated, with the transmitted data saved as (randalpha)_1.zzz and (randalpha)_2.zzz and decrypted using a code contained in the JavaScript downloader. At the same time, a scheduled task is created to execute a batch file. The code reassembles the Qakbot executable from the two .zzz files, using the type command, after which the two .zzz files are deleted. The changes in the infection chain make it more difficult for traditional anti-virus software to detect attacks, and the malware may easily be downloaded onto target machine, given that it is now obfuscated and saved in two separate files. “Detection that is focused on seeing the full transfer of the malicious executable would likely miss this updated version of Qakbot. Because of this update to persistence mechanisms, the transfer of the malicious Qbot binary will be obfuscated to the point that some security products could miss it,” Talos concludes. Related: Qakbot, Emotet Increasingly Targeting Business Users: Microsoft Related: Qbot Infects Thousands in New Campaign | Malware Threat | ||
|
2019-05-06 12:09:00 | Flaws in D-Link Cloud Camera Expose Video Streams (lien direct) | Vulnerabilities in the D-Link DCS-2132L cloud camera can be exploited by attackers to tap into video or audio streams, but could also potentially provide full access to the device. | |||
|
2019-04-26 04:29:00 | SOAR: Doing More with Less (lien direct) | Implementing an SOAR model can provide the glue to make this security intelligence actionable using repeatable processes for faster incident response that does not require adding more resources. | |||
|
2019-04-24 05:50:02 | Gaining Control of Security and Privacy to Protect IoT Data (lien direct) | It's a matter of who is in control of our data. Today, IoT device manufacturers and businesses are in control. In the future, we must be in control of our own information. | |||
|
2019-04-24 05:03:05 | Growing Reliance on Digital Connectivity Amplifies Existing Risks, Creates New Ones (lien direct) | Major threats to information security emerging over the next two years could impact businesses operating in cyberspace at break-neck speeds. | |||
|
2019-04-24 04:57:04 | How Microsegmentation Helps to Keep Your Network Security Watertight (lien direct) | Building and implementing a micro-segmentation strategy requires careful planning and orchestration to ensure it is effective. | |||
|
2019-03-28 05:29:05 | Through the Executive Lens: Prioritizing Application Security Vulnerabilities (lien direct) | By focusing on specific AppSec initiatives and applying well-tested strategies and tools, you can prioritize the most important issues to focus on. | |||
|
2019-03-27 11:47:01 | Next Generation Firewalls are Old News in the Cloud (lien direct) | As users start to change the way they deploy infrastructure to the cloud, they will also need to find security solutions that are built by using the cloud in order to secure the cloud. | |||
|
2019-03-27 11:08:00 | Trojan Horses for the Mind, Part 2 of Building Impactful Security Awareness Messaging (lien direct) | Let's talk about another Trojan Horse for the Mind -- visuals. | |||
|
2019-03-21 04:50:05 | Internet-Exposed IBM BigFix Relays May Lead to Full Remote Compromise (lien direct) | Internet-facing relays in IBM BigFix deployments could lead to information disclosure and potential full remote compromise if not properly configured, Atredis Partners security researchers have discovered. | Guideline | ||
|
2019-03-01 06:28:02 | 1 Million Apps Patched in Android Security Improvement Program (lien direct) | Over its five-year lifetime, the Android Application Security Improvement Program helped over 300,000 developers to fix more than 1,000,000 apps on Google Play, Google says. | |||
|
2019-02-27 04:08:00 | The Role of Analytics in Protecting Healthcare Data Privacy and Security (lien direct) | Halthcare companies face their biggest threats from malicious insiders that abuse their access privileges to view or exfiltrate PII and PHI. |
To see everything:
Our RSS (filtrered)
