What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-09-03 10:00:00 | Le facteur humain dans la cybersécurité: informations comportementales et stratégies d'atténuation The Human Factor in Cybersecurity: Behavioral Insights and Mitigation Strategies (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Whether it\'s clicking on a malicious link or being duped by social engineering tactics, people can unintentionally open the door to significant security breaches for organizations of all sizes. These mistakes aren’t inevitable or limited to any one role—they can happen to anyone, from top executives to customer service reps—but they are preventable with the right knowledge and constant vigilance in place. With this in mind, today’s article will examine some real-world examples and some of the most common human errors in cybersecurity to help your organization stay safe and secure. With better awareness and training, organizations can turn their weakest link into a robust first line of defense against cyber threats. The Role of Human Error in Cybersecurity Human error tends to play a fundamental role in many cybersecurity breaches, often being the weakest link in the chain—it\'s not just about hackers exploiting software vulnerabilities; it\'s also about people making mistakes. According to a 2023 Verizon study, a worrying 68% of security breaches have some form of human error involved in them. This staggering statistic directly highlights how essential it is to address the human element in cybersecurity strategies head-on. Studies have shown that employees, regardless of their position, frequently fall victim to phishing scams, use weak passwords, or fail to follow basic security protocols. These common mistakes create entry points for cybercriminals to cause breaches and other security events. To get a better idea of what’s being discussed here, try to consider the everyday actions that can compromise security: ● Clicking on a suspicious link ● Reusing passwords across multiple sites ● Neglecting software updates ● Not being vigilant about security threats. Although each of these errors might seem minor in isolation, together, they contribute significantly to your organization\'s overall risk. Common Psychological and Behavioral Pitfalls When it comes to cybersecurity, it isn’t just technical vulnerabilities that pose a threat—human psychology also plays a significant role here, too. Common cognitive biases, such as overconfidence and the desire for convenience, can often lead to security lapses. For instance, someone might feel overconfident in their ability to spot a phishing email, leading them to lower their guard and inadvertently click on a malicious link. Keep in mind, however, that malicious links are yesterday’s news—but | Tool Vulnerability Threat Studies Mobile Technical | Equifax | ★★ |
|
2024-06-03 10:00:00 | Test de sécurité dans le développement de logiciels: évaluer les vulnérabilités et les faiblesses Security Testing in Software Development: Assessing Vulnerabilities and Weaknesses (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. The critical role of security testing within software development cannot be overstated. From protecting personal information to ensuring that critical infrastructure remains unbreachable, security testing serves as the sentry against a multitude of cyber threats. Vulnerabilities and design weaknesses within software are like hidden fault lines; they may remain unnoticed until they cause significant damage. These flaws can compromise sensitive data, allow unauthorized access, and disrupt service operations. The repercussions extend beyond the digital world. They can lead to tarnished reputations, legal penalties, and, in extreme cases, endangerment of lives. Understanding these potential impacts underscores the crucial role of security testing as a protective measure. Security testing functions like a health check-up for software, identifying vulnerabilities in much the same way a doctor\'s examination would. Being proactive rather than reactive is essential here. It is always better to prevent than to cure. Security testing transcends the mere act of box-ticking; it is a vital, multi-layered process that protects both the integrity of the software and the privacy of its users. And it is not only about finding faults but also about instilling a culture of security within the development lifecycle. Understanding Security Testing Once more, the primary role of security testing is to identify and help fix security flaws within a system before they can be exploited. Consider it a comprehensive evaluation process that simulates real-world attacks, designed to ensure that the software can withstand and counter a variety of cybersecurity threats. By conducting security testing, developers can provide assurance to investors and users that their software is not only functional but also secure against different attacks. There is a diverse arsenal of methodologies available for security testing: 1) Penetration Testing Penetration testing, also known as ethical hacking, entails conducting simulated cyber-attacks on computer systems, networks, or web applications to uncover vulnerabilities that could be exploited. Security experts use pentest platforms and act as attackers and try to breach the system\'s defenses using various techniques. This method helps uncover real-world weaknesses as well as the potential impact of an attack on the system\'s resources and data. 2) Code Review A code review is a systematic examination of the application source code to detect security flaws, bugs, and other errors that might have been overlooked during the initial development phases. It involves manually reading through the code or using automated tools to ensure compliance with coding standards and to check for security vulnerabilities. This process helps in maintaining a high level of security by ensuring that the code is clean, efficient, and robust against cyber threats. 3) Vulnerability Assessment Unlike penetration testing, which attempts to exploit vulnerabilities, vulnerability assessment focuses on listing potential vulnerabilities without simulating attacks. Tools and software are used to | Tool Vulnerability Threat | Equifax | ★★★ |
 |
2023-12-15 20:55:00 | Patch maintenant: exploiter les supports d'activité pour dangereux Apache Struts 2 Bogue Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug (lien direct) |
Le CVE-2023-50164 est plus difficile à exploiter que le bug de Struts 2017 derrière la violation massive à Equifax, mais ne sous-estime pas le potentiel pour les attaquants de l'utiliser dans des attaques ciblées.
CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don\'t underestimate the potential for attackers to use it in targeted attacks. |
Threat | Equifax | ★★★ |
|
2023-10-19 10:00:00 | Pourquoi les organisations ne détectent-elles pas les menaces de cybersécurité? Why are organizations failing to detect cybersecurity threats? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization. A survey finds that, on average, it takes more than five months to detect and remediate cyber threats. This is a significant amount of time, as a delayed response to cyber threats can result in a possible cyber-attack. One can never forget the devastating impacts of the Equifax breach in 2017 and the Target breach in 2013 due to delayed detection and response. This is concerning and highlights the need for proactive cybersecurity measures to detect and mitigate rising cyber threats. Amidst this, it\'s also crucial to look into why it is challenging to detect cyber threats. Why do organizations fail to detect cyber threats? Security teams are dealing with more cyber threats than before. A report also confirmed that global cyber attacks increased by 38% in 2022 compared to the previous year. The increasing number and complexity of cyber-attacks make it challenging for organizations to detect them. Hackers use sophisticated techniques to bypass security systems and solutions - like zero-day vulnerabilities, phishing attacks, business email compromises (BEC), supply chain attacks, and Internet of Things (IoT) attacks. Some organizations are unaware of the latest cyber threat trends and lack the skills and resources to detect them. For instance, hackers offer professional services like ransomware-as-a-service (RaaS) to launch ransomware attacks. Surprisingly, two out of three ransomware attacks are facilitated by the RaaS setup, but still, companies fail to have a defensive strategy against them. Enterprises relying on legacy devices and outdated software programs are no longer effective at recognizing certain malicious activities, leaving the network vulnerable to potential threats. Additionally, the lack of trained staff, insider threats, and human errors are other reasons why many organizations suffer at the hands of threat actors. Besides this, much of the company\'s data is hidden as dark data. As the defensive teams and employees may be unaware of it, the hackers take complete advantage of dark data and either replicate it or use it to fulfill their malicious intentions. Moreover, cloud migration has rapidly increased in recent years, putting cybersecurity at significant risk. The complexity of the cloud environments, poorly secured remote and hybrid work environments, and sharing security responsibilities between cloud service providers and clients have complicated the situation. In addition, cloud vulnerabilities, which have risen to 194% from the previous year, have highlighted the need for organizations to look out for ways to strengthen their security infrastructure. Security measures to consider to prevent cyber threats Since businesses face complex cyber threats, mitigating them require | Ransomware Data Breach Tool Vulnerability Threat Cloud | Equifax | ★★ |
 |
2019-08-05 03:00:00 | Looking for answers at Black Hat 2019: 5 important cybersecurity issues (lien direct) | Judging by last week's Capital One breach and Equifax settlement, cybersecurity remains a topical, if not ugly, subject. The timing couldn't be better for these unfortunate events. Why? Because the cybersecurity community gets together this week in Las Vegas for Black Hat and DEF CON to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. [ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] I'll be there along with an assortment of my ESG colleagues. Here are some of the things we'll be looking for: | Threat | Equifax |
1
We have: 5 articles.
We have: 5 articles.
To see everything:
Our RSS (filtrered)
