What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-13 13:36:33 | La boîte à outils du Cigref pour anticiper les cyberattaques (lien direct) | Le Cigref consacre un rapport à l'anticipation des cyberattaques. Il l'émaille de retex... et mentionne un certain nombre de fournisseurs. | Tool Studies | ★★★ | |
 |
2024-03-13 13:10:05 | Le nouveau rapport Mimecast trouve les cybercriminels capitalise sur les entreprises \\ 'le plus grand défaut: risque humain New Mimecast report finds cybercriminals capitalise on businesses\\' biggest flaw: Human risk (lien direct) |
Le nouveau rapport Mimecast trouve les cybercriminels capitalise sur les entreprises \\ 'le plus grand défaut: risque humain
Le rapport de recherche annuel explore l'état de la sécurité des e-mails et de la collaboration, constatant que 74% de toutes les cyber violations sont causées par des facteurs humains
-
rapports spéciaux
New Mimecast report finds cybercriminals capitalise on businesses\' biggest flaw: Human risk Annual research report explores the State of Email and Collaboration Security, finding that 74% of all cyber breaches are caused by human factors - Special Reports |
Studies | ★★★★ | |
|
2024-03-13 08:30:49 | 2024 Rapport de menace Sophos: Cybercrime on Main Street Détails Cyberstériques Face aux PME 2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs (lien direct) |
2024 Sophos Menace Rapport: Cybercrime on Main Street Détails Cyberstériques auxquels sont confrontés les PME
Les données et les logiciels malveillants du vol sont les deux principales menaces contre les PME en 2023, représentant près de 50% de tous les logiciels malveillants ont détecté le ciblage de ce segment de marché
Ransomware toujours la plus grande menace pour les PME;Compromis par courrier électronique d'entreprise en augmentation, ainsi que des tactiques d'ingénierie sociale plus sophistiquées
-
rapports spéciaux
2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs Data and Credential Theft Malware are Top Two Threats Against SMBs in 2023, Accounting for Nearly 50% of All Malware Sophos Detected Targeting this Market Segment Ransomware Still the Biggest Threat to SMBs; Business Email Compromise on the Rise, Along with More Sophisticated Social Engineering Tactics - Special Reports |
Malware Threat Studies | ★★★★ | |
 |
2024-03-13 08:00:40 | L'état de Stalkerware en 2023 & # 8211; 2024 The State of Stalkerware in 2023–2024 (lien direct) |
Dans ce rapport, Kaspersky partage des statistiques sur les détections de stalkerware, ainsi que des informations sur l'impact du harcèlement numérique en 2023 et le début de 2024, et des conseils pour les personnes touchées.
In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected. |
Studies | ★★★★ | |
 |
2024-03-12 17:45:00 | L'étude révèle les meilleures vulnérabilités dans les applications Web d'entreprise Study Reveals Top Vulnerabilities in Corporate Web Applications (lien direct) |
Kaspersky a déclaré que les faiblesses du contrôle d'accès et les échecs de la protection des données représentaient 70% de tous les défauts
Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws |
Vulnerability Studies | ★★ | |
|
2024-03-12 17:00:00 | L'intelligence américaine prédit les cyber-menaces à venir pour 2024 US Intelligence Predicts Upcoming Cyber Threats for 2024 (lien direct) |
Le Bureau du directeur du renseignement national (ODNI) a dévoilé une version non classifiée de son évaluation annuelle des menaces de la communauté du renseignement américain
The Office of the Director of National Intelligence (ODNI) has unveiled an unclassified version of its Annual Threat Assessment of the US Intelligence Community |
Threat Studies | ★★★★ | |
 |
2024-03-12 16:55:14 | 5 défis uniques pour l'IA en cybersécurité 5 Unique Challenges for AI in Cybersecurity (lien direct) |
> Il y a des défis pour l'IA en cybersécurité dans des environnements réels avec une haute précision, nécessitant une spécialisation dans le domaine d'étude spécifique.
>There are challenges for AI in cybersecurity in real-world environments with high precision, requiring specialization in the specific field of study. |
Studies | ★★ | |
 |
2024-03-12 15:13:49 | Tendances des campagnes de phishing : les pirates aiment le mardi ! (lien direct) | Dans le paysage évolutif de la cybersécurité, des chercheurs ont miss en évidence des tendances dans le comportement des cybercriminels, en particulier en ce qui concerne les campagnes de phishing par courrier électronique. | Studies | ★★★★ | |
 |
2024-03-12 12:47:00 | L'équipe de réponse à l'attaque de CISA \\ en sous-effectif: GAO CISA\\'s OT Attack Response Team Understaffed: GAO (lien direct) |
L'étude GAO constate que la CISA n'a pas suffisamment de personnel pour répondre à des attaques d'OT importantes à plusieurs endroits en même temps.
GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. |
Studies Industrial | ★★★ | |
|
2024-03-12 12:20:00 | Les trois quarts des victimes de cyber-incidents sont des petites entreprises Three-Quarters of Cyber Incident Victims Are Small Businesses (lien direct) |
Les trois quarts des cyber-incidents que Sophos a répondu aux petites entreprises impliqués en 2023, l'objectif principal des attaquants étant le vol de données
Three-quarters of cyber-incidents Sophos responded to involved small businesses in 2023, with attackers\' main goal being data theft |
Studies | ★★★ | |
 |
2024-03-12 12:00:00 | Google a payé 10 millions de dollars en récompenses de primes de bogue l'année dernière Google paid $10 million in bug bounty rewards last year (lien direct) |
Google a attribué 10 millions de dollars à 632 chercheurs de 68 pays en 2023 pour avoir trouvé et signalé de manière responsable des défauts de sécurité dans les produits et services de la société.[...]
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company\'s products and services. [...] |
Studies | ★★ | |
 |
2024-03-12 07:03:40 | Si vous utilisez l'archivage de Veritas, quelle est votre prochaine étape? If You\\'re Using Veritas Archiving, What\\'s Your Next Step? (lien direct) |
By now, much of the industry has seen the big news about Cohesity acquiring the enterprise data protection business of Veritas Technologies. The transaction will see the company\'s NetBackup technology-software, appliances and cloud (Alta Data Protection)-integrated into the Cohesity ecosystem. But what about other Veritas products? As stated in the Cohesity and Veritas press releases, the “remaining assets of Veritas\' businesses will form a separate company, \'DataCo.\' \'DataCo\' will comprise Veritas\' InfoScale, Data Compliance, and Backup Exec businesses.” Data Compliance includes Veritas Enterprise Vault (EV), which might raise concerns for EV customers. As a new, standalone entity, \'DataCo\' has no innovation track record. In this blog, I provide my opinion on the questionable future of Veritas archiving products, why EV customers should start looking at alternative archiving tools, and why you should trust Proofpoint as your next enterprise archiving solution. EV architecture isn\'t future-proof EV gained a following because it came onto the market just when it was needed. With its big, robust on-premises architecture, EV was ideal to solve the challenges of bloated file and email servers. Companies had on-premises file and email servers that were getting bogged down with too much data. They needed a tool to offload legacy data to keep working and so they could be backed up in a reasonable amount of time. However, with key applications having moved to the cloud over the last decade-plus, storage optimization is no longer a primary use case for archiving customers. While EV has adapted to e-discovery and compliance use cases, its underlying on-premises architecture has struggled to keep up. EV customers still have headaches with infrastructure (hardware and software) planning, budgeting and maintenance, and archive administration. What\'s more, upgrades often require assistance from professional services and support costs are rising. And the list goes on. Today, most cloud-native archives remove virtually all of these headaches. And just like you moved on from DVDs and Blu-ray discs to streaming video, it\'s time to migrate from legacy on-premises archiving architectures, like EV, to cloud-native solutions. Future investments are uncertain When you look back over EV\'s last 5-6 years, you might question what significant innovations Veritas has delivered for EV. Yes, Veritas finally released supervision in the cloud. But that was a direct response to the EOL of AdvisorMail for EV.cloud many years ago. Yes, Veritas added dozens of new data sources for EV. But that was achieved through the acquisition of Globanet-and their product Merge1-in 2020. (They still list Merge1 as an independent product on their website.) Yes, they highlight how EV can store to “Azure, AWS, Google Cloud Storage, and other public cloud repositories” via storage tiering. But that just means that EV extends the physical storage layer of a legacy on-prem archiving architecture to the cloud-it doesn\'t mean it runs a cloud-native archiving solution. Yes, Veritas has cloud-based Alta Archiving. But that\'s just a rebranding and repackaging of EV.cloud, which they retired more than two years ago. Plus, Alta Archiving and Enterprise Vault are separate products. With the Cohesity data protection acquisition, EV customers have a right to question future investments in their product. Will EV revenue alone be able to sustain meaningful, future innovation in the absence of the NetBackup revenue “cash cow”? Will you cling to hope, only to be issued an EOL notice like Dell EMC SourceOne customers? Now is the time to migrate from EV to a modern cloud-native archiving solution. How Proofpoint can help Here\'s why you should trust Proofpoint for your enterprise archiving. Commitment to product innovation and support Year after year, Proofpoint continues to invest a double-digit percentage of revenue into all of our businesses, including Proofpoint Int | Tool Studies Cloud Technical | ★★ | |
 |
2024-03-11 17:24:16 | ODNI publie une nouvelle stratégie de renseignement open source avec des détails limités ODNI releases new open-source intelligence strategy with limited details (lien direct) |
Avec la croissance croissante de l'intelligence disponible exclusivement à partir d'informations publiquement ou dans le commerce, les agences de renseignement ont été confrontées à la manière de mieux comprendre la collecte et le traitement des données.Dans un nouvelle stratégie publié vendredi par le bureau du directeur national (ODNI) et la CIA, les agences, les agencesdit le
With the surging growth of intelligence available exclusively from publicly or commercially available information, intelligence agencies have been grappling with how to get a better handle on collecting and processing the data. In a new strategy released Friday by the Office of the Director of National Intelligence (ODNI) and the CIA, the agencies said the |
Studies | ★★★★ | |
|
2024-03-11 14:07:15 | Open Trusted Cloud : que retenir du 1er Baromètre des éditeurs de logiciels européens d\'OVHcloud (lien direct) | Menée par OpinionWay pour OVHcloud en collaboration avec Silicon, la première édition du baromètre Open Trusted Cloud des éditeurs de logiciels (ISV) a recueilli les retours de 167 éditeurs en Europe. Résultat : une cartographie de leur activité et des défis à relever, en particulier dans les domaines de la souverianeté des données et de la cybersécurité. | Studies Cloud | ★★★★ | |
|
2024-03-11 10:25:07 | Trend Micro : Rapport 2023 sur l\'état de la cybersécurité (lien direct) | #Cybersécurité #ransomware Rapport 2023 sur l'état de la cybersécurité Trend Micro a bloqué plus de 160 milliards d'incidents sur l'année ! Une importante hausse des menaces qui traduit une évolution dans les stratégies d'attaque employées par les assaillants. - Investigations | Threat Studies Prediction | ★★★★ | |
 |
2024-03-08 21:42:16 | CORNE CISO: directives de la NSA;une étude de cas SBOM de services publics;Lampes de lave CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps (lien direct) |
Notre collection des perspectives de rapport et de l'industrie les plus pertinentes pour ceux qui guident les stratégies de cybersécurité et se sont concentrées sur SECOPS.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. |
Studies | ★★★ | |
 |
2024-03-08 12:06:58 | Une taxonomie d'attaques d'injection rapide A Taxonomy of Prompt Injection Attacks (lien direct) |
Les chercheurs ont organisé un concours mondial de piratage rapide et ont documenté Les résultats dans un article qui donne beaucoup de bien donne beaucoup de bienExemples et essaie d'organiser une taxonomie de stratégies d'injection rapide efficaces.Il semble que la stratégie réussie la plus courante soit l'attaque d'instructions composée la plus courante, & # 8221;Comme dans & # 8220; dire & # 8216; J'ai été Pwned & # 8217;sans période. & # 8221;
Ignorez ce titre et HackapRomppt: exposer les vulnérabilités systémiques de
LLMS via une compétition de piratage invite à l'échelle mondiale
Résumé: Les modèles de grande langue (LLM) sont déployés dans des contextes interactifs avec l'engagement direct des utilisateurs, tels que les chatbots et les assistants d'écriture.Ces déploiements sont vulnérables à l'injection rapide et au jailbreak (collectivement, piratage rapide), dans lequel les modèles sont manipulés pour ignorer leurs instructions d'origine et suivre des instructions potentiellement malveillantes.Bien que largement reconnue comme une menace de sécurité significative, il y a une pénurie de ressources à grande échelle et d'études quantitatives sur le piratage rapide.Pour aborder cette lacune, nous lançons un concours mondial de piratage rapide, qui permet des attaques d'entrée humaine en forme libre.Nous produisons 600k + invites adversaires contre trois LLM de pointe.Nous décrivons l'ensemble de données, qui vérifie empiriquement que les LLM actuels peuvent en effet être manipulées via un piratage rapide.Nous présentons également une ontologie taxonomique complète des types d'invites contradictoires ...
Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts... |
Vulnerability Threat Studies | ★★★ | |
|
2024-03-07 10:00:53 | Spam et phishing en 2023 Spam and phishing in 2023 (lien direct) |
Ce rapport contient des statistiques de spam et de phishing pour 2023, ainsi que des descriptions des principales tendances, parmi ces intelligences artificielles, le phishing instantané et les attaques de BEC multilingues.
This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks. |
Spam Studies | ★★★★ | |
|
2024-03-06 19:23:26 | Les Américains ont perdu un record de 12,5 milliards de dollars à la fraude en ligne l'année dernière Americans lost a record $12.5 billion to online fraud last year (lien direct) |
Plus de 12,5 milliards de dollars ont été perdus en 2023 à cause de la fraude en ligne dans les cas signalés par le public américain, selon le FBI \\’s annuel Rapport sur la criminalité sur Internet - Une augmentation de 22% par rapport à l'année précédente.Le rapport compile les informations du Centre des plaintes de criminalité sur Internet du FBI \\ et montre une augmentation constante de la fraude presque à travers
More than $12.5 billion was lost in 2023 to online fraud in cases reported by the American public, according to the FBI\'s annual Internet Crime Report - a 22% increase on the year before. The report compiles information from the FBI\'s Internet Crime Complaint Center (IC3) and shows a steady increase in fraud nearly across |
Studies | ★★★★ | |
|
2024-03-06 14:28:56 | 94 % des responsables informatiques s\'appuient sur un stockage immuable pour protéger leur organisation contre la hausse des attaques ransomwares (lien direct) | 94 % des responsables informatiques s'appuient sur un stockage immuable pour protéger leur organisation contre la hausse des attaques ransomwares Davantage d'organisations et d'entreprises devraient envisager une véritable immutabilité de leurs données dans le cadre de leur stratégie de cybersécurité. - Investigations | General Information Studies | ★★★ | |
 |
2024-03-05 19:03:47 | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI (lien direct) |
## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a | Ransomware Malware Tool Vulnerability Threat Studies Medical Technical | APT 28 ChatGPT APT 4 | ★★ |
|
2024-03-05 16:10:40 | Une nouvelle étude d'Ironscals & Osterman Research révèle que les organisations ont une grande confiance, faible sur les capacités contre les attaques basées sur l'image New Study From IRONSCALES & Osterman Research Reveals Organizations High on Confidence, Low on Capabilities Against Image-Based Attacks (lien direct) |
La nouvelle étude d'Ironles & Osterman Research révèle que les organisations ont une grande confiance, faible sur les capacités contre les attaques basées sur l'image
Alors que plus de 70% des organisations estiment que leurs piles de sécurité actuelles sont efficaces contre les attaques basées sur l'image et le code QR, près de 76% étaient toujours compromis au cours des 12 derniers mois
-
rapports spéciaux
New Study From IRONSCALES & Osterman Research Reveals Organizations High on Confidence, Low on Capabilities Against Image-Based Attacks While over 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, nearly 76% were still compromised in the last 12 months - Special Reports |
Studies | ★★★ | |
 |
2024-03-01 13:00:12 | Cisco Live Melbourne Soc Report (lien direct) | Cette année, l'équipe a été exploitée pour construire une équipe similaire pour soutenir la conférence Cisco Live Melbourne 2023.Ce rapport sert de résumé de la conception, du déploiement et de l'exploitation du réseau, ainsi que certaines des conclusions les plus intéressantes de trois jours de chasse aux menaces sur le réseau.
This year, the team was tapped to build a similar team to support the Cisco Live Melbourne 2023 conference. This report serves as a summary of the design, deployment, and operation of the network, as well some of the more interesting findings from three days of threat hunting on the network. |
Threat Studies Conference | ★★★★ | |
|
2024-02-29 15:58:39 | L\'association InterCERT France alerte les entreprises et les organisations sur l\'enjeu sécuritaire lié à leur dépendance aux solutions Microsoft (lien direct) | Microsoft est aujourd'hui omniprésent au sein des organisations publiques et privées, créant une forme d'addiction à ses solutions. L'association française des CERT, InterCERT France, interpelle les entreprises et organisations sur cette dangereuse dépendance. | Studies | ★★★★★ | |
|
2024-02-29 14:00:00 | Les revenus du marché du marché sombre rebondissent mais les fragments du secteur Dark Web Market Revenues Rebound but Sector Fragments (lien direct) |
L'étude de chaîne analyse des flux de crypto révèle que les marchés de DarkNet ont fait 1,7 milliard de dollars en 2023
Chainalysis study of crypto flows reveals darknet markets made $1.7bn in 2023 |
Studies | ★★★ | |
|
2024-02-29 12:58:04 | L'étude Global CheckMarx trouve que les vulnérabilités dans les applications développées en interne étaient la cause des violations de 92% des entreprises interrogées Global Checkmarx Study Finds Vulnerabilities in Applications Developed In-house Were the Cause of Breaches at 92% of Companies Surveyed (lien direct) |
L'étude Global CheckMarx trouve des vulnérabilités dans les applications développées
Les internes ont été la cause des violations de 92% des entreprises interrogées
L'étude mondiale des CISO, des chefs et développeurs d'AppSEC révèle que les pressions commerciales sont une raison principale de la publication d'applications vulnérables
-
rapports spéciaux
Global Checkmarx Study Finds Vulnerabilities in Applications Developed In-house Were the Cause of Breaches at 92% of Companies Surveyed Global study of CISOs, AppSec leaders and developers reveals that business pressures are a primary reason for the release of vulnerable applications - Special Reports |
Vulnerability Studies | ★★★★ | |
|
2024-02-29 11:56:55 | Assurance cyber : Stoïk publie son premier bilan annuel des sinistres de ses assurés (lien direct) | Assurance cyber : Stoïk publie son premier bilan annuel des sinistres de ses assurés - Investigations | Studies | ★★★★ | |
 |
2024-02-29 11:00:00 | Gouvernance de l'IA et préservation de la vie privée AI governance and preserving privacy (lien direct) |
AT&T Cybersecurity featured a dynamic cyber mashup panel with Akamai, Palo Alto Networks, SentinelOne, and the Cloud Security Alliance. We discussed some provocative topics around Artificial Intelligence (AI) and Machine Learning (ML) including responsible AI and securing AI. There were some good examples of best practices shared in an emerging AI world like implementing Zero Trust architecture and anonymization of sensitive data. Many thanks to our panelists for sharing their insights. Before diving into the hot topics around AI governance and protecting our privacy, let’s define ML and GenAI to provide some background on what they are and what they can do along with some real-world use case examples for better context on the impact and implications AI will have on our future. GenAI and ML Machine Learning (ML) is a subset of AI that relies on the development of algorithms to make decisions or predictions based on data without being explicitly programmed. It uses algorithms to automatically learn and improve from experience. GenAI is a subset of ML that focuses on creating new data samples that resemble real-world data. GenAI can produce new and original content through deep learning, a method in which data is processed like the human brain and is independent of direct human interaction. GenAI can produce new content based on text, images, 3D rendering, video, audio, music, and code and increasingly with multimodal capabilities can interpret different data prompts to generate different data types to describe an image, generate realistic images, create vibrant illustrations, predict contextually relevant content, answer questions in an informational way, and much more. Real world uses cases include summarizing reports, creating music in a specific style, develop and improve code faster, generate marketing content in different languages, detect and prevent fraud, optimize patient interactions, detect defects and quality issues, and predict and respond to cyber-attacks with automation capabilities at machine speed. Responsible AI Given the power to do good with AI - how do we balance the risk and reward for the good of society? What is an organization’s ethos and philosophy around AI governance? What is the organization’s philosophy around the reliability, transparency, accountability, safety, security, privacy, and fairness with AI, and one that is human-centered? It\'s important to build each of these pillarsn into an organization\'s AI innovation and business decision-making. Balancing the risk and reward of innovating AI/ML into an organization\'s ecosystem without compromising social responsibility and damaging the company\'s brand and reputation is crucial. At the center of AI where personal data is the DNA of our identity in a hyperconnected digital world, privacy is a top priority. Privacy concerns with AI In Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies. Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives 54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud | Studies Prediction Cloud Technical | ★★ | |
 |
2024-02-28 17:21:10 | Le vol d'identification est principalement dû au phishing Credential Theft Is Mostly Due To Phishing (lien direct) |
|
Studies | ★★★ | |
|
2024-02-28 15:11:22 | Le rapport SecurityScorecard sur les violations tierces révèle que la chaîne d\'approvisionnement logicielle est la principale cible des groupes de ransomwares (lien direct) | Le rapport SecurityScorecard sur les violations tierces révèle que la chaîne d'approvisionnement logicielle est la principale cible des groupes de ransomwares - Investigations | Studies | ★★★★ | |
|
2024-02-28 14:00:53 | Tendances d'attaque d'aujourd'hui - Rapport de réponse aux incidents de l'unité 42 Today\\'s Attack Trends - Unit 42 Incident Response Report (lien direct) |
> Le rapport de la réponse aux incidents de l'unité 42 de 2024 offre un aperçu des tactiques des attaquants et des recommandations exploitables pour vous aider à défendre votre organisation.
>The 2024 Unit 42 Incident Response Report offers insights into attacker tactics and actionable recommendations to help you defend your organization. |
Studies | ★★★★ | |
|
2024-02-28 13:00:00 | Obtenez le rapport AT & amp; Tybersecurity Insights Rapport: Focus sur l'énergie et les services publics Get the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities (lien direct) |
We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Energy and Utilities. The report examines the edge ecosystem, surveying energy and utilities IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on energy and utilities report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report). Get the complimentary 2023 report. The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Energy and Utilities-specific respondents equal 203. At the onset of our research, we established the following hypotheses. · Momentum edge computing has in the market. · Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. · Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED- delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the energy and utilities industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that energy and utilities leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common t | Ransomware Studies | ★★★★ | |
|
2024-02-27 18:34:03 | Le nouveau sondage de Viokoo trouve que moins de la moitié des leaders informatiques sont confiants dans leurs plans de sécurité IoT New Viakoo Survey Finds Less Than Half of IT Leaders are Confident in their IoT Security Plans (lien direct) |
La nouvelle enquête de Viokoo trouve que moins de la moitié des leaders informatiques sont confiants dans leurs plans de sécurité IoT
71% des dirigeants informatiques souhaitent qu'ils commencent leurs plans de sécurité IoT différemment afin qu'ils puissent corriger les vulnérabilités plus rapidement
-
rapports spéciaux
New Viakoo Survey Finds Less Than Half of IT Leaders are Confident in their IoT Security Plans 71% of IT leaders wish they started their IoT security plans differently so they could remediate vulnerabilities faster - Special Reports |
Vulnerability Studies Industrial | ★★ | |
 |
2024-02-27 14:00:00 | Fortiguard Labs Outbreak Alertes Rapport annuel 2023: Un aperçu du paysage des menaces en évolution FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving Threat Landscape (lien direct) |
Le rapport annuel Fortiguard Labs examine les alertes d'épidémie critiques ayant un impact sur les organisations du monde entier.Apprendre encore plus.
FortiGuard Labs annual report reviews critical Outbreak Alerts impacting organizations worldwide. Learn more. |
Threat Studies | ★★★★ | |
|
2024-02-27 14:00:00 | La moitié des leaders informatiques identifient l'IoT comme point faible de sécurité Half of IT Leaders Identify IoT as Security Weak Point (lien direct) |
L'étude de Viokoo a également déclaré que 50% des entreprises étaient confrontées à des cyber-incidents IoT au cours de l'année écoulée, dont 44%
The Viakoo study also said 50% firms faced IoT cyber incidents in past year, 44% of which were severe |
Studies | ★★ | |
|
2024-02-27 13:00:00 | La plupart du code commercial contient des bogues open source à haut risque Most Commercial Code Contains High-Risk Open Source Bugs (lien direct) |
Le rapport Synopsys révèle que 74% des bases de code contiennent désormais des composants open source risqués
Synopsys report reveals 74% of codebases now contain risky open source components |
Studies Commercial | ★★★ | |
 |
2024-02-27 12:32:30 | (Déjà vu) Etude Proofpoint : 75% des salariés français mettent sciemment leur entreprise à risque (lien direct) | >Les menaces cyber ciblant les individus représentent un risque croissant pour les entreprises ; les notifications de pénalités financières directes liées aux campagnes d'hameçonnage ont augmenté de 320 % en France, et celles liées aux dommages réputationnels de 166 %. Rapport State of the Phish 2024 de Proofpoint : 75 % des salariés français jouent sciemment avec la sécurité de leur entreprise Tribune – […] The post Etude Proofpoint : 75% des salariés français mettent sciemment leur entreprise à risque first appeared on UnderNews. | Threat Studies | ★ | |
|
2024-02-27 11:00:00 | 69% des organisations infectées par des ransomwares en 2023 69% of Organizations Infected by Ransomware in 2023 (lien direct) |
ProofPoint a constaté que 69% des organisations ont connu un incident de ransomware réussi au cours de la dernière année, avec 60% de quatre occasions ou plus
Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions |
Ransomware Studies | ★★★ | |
|
2024-02-27 08:58:07 | 68% des employés jouent volontiers avec la sécurité organisationnelle 68 Percent of Employees Willingly Gamble with Organizational Security (lien direct) |
ProofPoint a constaté que 69% des organisations ont connu un incident de ransomware réussi au cours de la dernière année, avec 60% de quatre occasions ou plus
Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions |
Studies | ★★★★ | |
|
2024-02-27 05:00:31 | Risque et ils le savent: 96% des utilisateurs de prise de risque sont conscients des dangers mais le font quand même, 2024 State of the Phish révèle Risky and They Know It: 96% of Risk-Taking Users Aware of the Dangers but Do It Anyway, 2024 State of the Phish Reveals (lien direct) |
We often-and justifiably-associate cyberattacks with technical exploits and ingenious hacks. But the truth is that many breaches occur due to the vulnerabilities of human behavior. That\'s why Proofpoint has gathered new data and expanded the scope of our 2024 State of the Phish report. Traditionally, our annual report covers the threat landscape and the impact of security education. But this time, we\'ve added data on risky user behavior and their attitudes about security. We believe that combining this information will help you to: Advance your cybersecurity strategy Implement a behavior change program Motivate your users to prioritize security This year\'s report compiles data derived from Proofpoint products and research, as well as from additional sources that include: A commissioned survey of 7,500 working adults and 1,050 IT professionals across 15 countries 183 million simulated phishing attacks sent by Proofpoint customers More than 24 million suspicious emails reported by our customers\' end users To get full access to our global findings, you can download your copy of the 2024 State of the Phish report now. Also, be sure to register now for our 2024 State of the Phish webinar on March 5, 2024. Our experts will provide more insights into the key findings and answer your questions in a live session. Meanwhile, let\'s take a sneak peek at some of the data in our new reports. Global findings Here\'s a closer look at a few of the key findings in our tenth annual State of the Phish report. Survey of working adults In our survey of working adults, about 71%, said they engaged in actions that they knew were risky. Worse, 96% were aware of the potential dangers. About 58% of these users acted in ways that exposed them to common social engineering tactics. The motivations behind these risky actions varied. Many users cited convenience, the desire to save time, and a sense of urgency as their main reasons. This suggests that while users are aware of the risks, they choose convenience. The survey also revealed that nearly all participants (94%) said they\'d pay more attention to security if controls were simplified and more user-friendly. This sentiment reveals a clear demand for security tools that are not only effective but that don\'t get in users\' way. Survey of IT and information security professionals The good news is that last year phishing attacks were down. In 2023, 71% of organizations experienced at least one successful phishing attack compared to 84% in 2022. The bad news is that the consequences of successful attacks were more severe. There was a 144% increase in reports of financial penalties. And there was a 50% increase in reports of damage to their reputation. Another major challenge was ransomware. The survey revealed that 69% of organizations were infected by ransomware (vs. 64% in 2022). However, the rate of ransom payments declined to 54% (vs. 64% in 2022). To address these issues, 46% of surveyed security pros are increasing user training to help change risky behaviors. This is their top strategy for improving cybersecurity. Threat landscape and security awareness data Business email compromise (BEC) is on the rise. And it is now spreading among non-English-speaking countries. On average, Proofpoint detected and blocked 66 million BEC attacks per month. Other threats are also increasing. Proofpoint observed over 1 million multifactor authentication (MFA) bypass attacks using EvilProxy per month. What\'s concerning is that 89% of surveyed security pros think MFA is a “silver bullet” that can protect them against account takeover. When it comes to telephone-oriented attack delivery (TOAD), Proofpoint saw 10 million incidents per month, on average. The peak was in August 2023, which saw 13 million incidents. When looking at industry failure rates for simulated phishing campaigns, the finance industry saw the most improvement. Last year the failure rate was only 9% (vs. 16% in 2022). “Resil | Ransomware Tool Vulnerability Threat Studies Technical | ★★★★ | |
|
2024-02-26 08:00:20 | Le paysage des menaces de logiciels malveillants mobiles en 2023 The mobile malware threat landscape in 2023 (lien direct) |
Ce rapport détaille les statistiques et les tendances clés associées aux logiciels malveillants mobiles: Google Play Trojans, Malicents Messaging App Mods et autres.
This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others. |
Malware Threat Studies Mobile | ★★★★ | |
|
2024-02-23 14:02:47 | Près d'une cyberattaque sur trois en 2023 a impliqué l'abus de comptes valides Nearly One in Three Cyber Attacks In 2023 Involved The Abuse of Valid Accounts (lien direct) |
Trente pour cent de tous les cyber-incidents en 2023 impliquaient des abus de références valides, selon le dernier indice de renseignement sur les menaces d'IBM X-Force.Cela représente une augmentation de soixante et onze pour cent par rapport à 2022.
Thirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force\'s latest Threat Intelligence Index. This represents a seventy-one percent increase compared to 2022. |
Threat Studies | ★★★ | |
 |
2024-02-23 10:50:54 | L'UE publie un rapport complet d'évaluation des risques sur la cybersécurité, la résilience des réseaux de communication EU releases comprehensive risk assessment report on cybersecurity, resilience of communication networks (lien direct) |
Les États membres de l'UE, soutenus par la Commission européenne et Enisa, l'agence de cybersécurité de l'UE, publiée cette semaine un ...
EU Member States, backed by the European Commission and ENISA, the EU’s Cybersecurity Agency, released this week a... |
Studies | ★★★★ | |
|
2024-02-23 10:41:59 | La recherche de la nouvelle recherche Cyolo et Ponemon Institute identifie des lacunes importantes pour obtenir l'accès aux environnements OT connectés New Cyolo and Ponemon Institute research identifies significant gaps in securing access to connected OT environments (lien direct) |
> Cyolo, en partenariat avec Ponemon Institute, a publié une étude mondiale explorant la façon dont les organisations qui opèrent une infrastructure critique, industrielle ...
>Cyolo, in partnership with Ponemon Institute, released a global study exploring how organizations that operate critical infrastructure, industrial... |
Studies Industrial | ★★★ | |
 |
2024-02-22 13:46:38 | Nouvelle cyberison \\ 'True Cost to Business Study 2024 \\' révèle qu'il ne paie toujours pas pour payer New Cybereason \\'True Cost to Business Study 2024\\' Reveals it Still Doesn\\'t Pay to Pay (lien direct) |
Cybearason a annoncé aujourd'hui les résultats de leur troisième étude annuelle des ransomwares, chargée de mieux comprendre le véritable impact du ransomware aux entreprises.Cette étude globale révèle que les attaques de ransomwares deviennent plus fréquentes, efficaces et sophistiquées: 56% des organisations interrogées ont subi plus d'une attaque de ransomware au cours des 24 derniers mois.Il ne fait toujours pas \\ 't [& # 8230;]
Le message Nouvelle cyberison \\ 'True Cost to Business Study 2024 \' révèle qu'il ne paie toujours pas pour payer d'abord apparu sur Guru de sécurité informatique .
Cybereason has today announced the results of their third annual ransomware study, commissioned to better understand the true impact of ransomware to businesses. This global study reveals ransomware attacks are becoming more frequent, effective, and sophisticated: 56 percent of organisations surveyed suffered more than one ransomware attack in the last 24 months. It still \'doesn\'t […] The post New Cybereason \'True Cost to Business Study 2024\' Reveals it Still Doesn\'t Pay to Pay first appeared on IT Security Guru. |
Ransomware Studies | ★★★★ | |
|
2024-02-22 09:05:35 | Le rapport E-ISAC 2023 met en évidence les triomphes et les défis de la cybersécurité dans le secteur de l'électricité E-ISAC 2023 report highlights cybersecurity triumphs and challenges in electricity sector (lien direct) |
> Le Centre de partage et d'analyse des informations sur l'électricité (E-ISAC) a dévoilé son rapport de fin d'année 2023 parallèlement à sa vidéo de 2023 annuelle ...
>The Electricity Information Sharing and Analysis Center (E-ISAC) unveiled its 2023 End-of-Year Report alongside its 2023 Year-in-Review video... |
Studies | ★★★★ | |
 |
2024-02-22 08:30:00 | Araignée dispersée ponte de nouveaux œufs Scattered Spider laying new eggs (lien direct) |
> Ce rapport donne un aperçu de l'évolution de l'araignée dispersée, de son modus operandi et de l'ensemble d'outils se sont exploités au cours des dernières années.De plus, il plonge dans le TTPS Spider Spisted Spider, ainsi que les dernières campagnes en cours, y compris leurs cibles actuelles.
la publication Suivante araignée dispersée pose de nouveaux œufs est un article de Blog Sekoia.io .
>This report provides an overview of the Scattered Spider evolution, its modus operandi and the toolset leveraged over the past years. Additionally, it delves into the Scattered Spider TTPs, as well as the latest ongoing campaigns, including their current targets. La publication suivante Scattered Spider laying new eggs est un article de Sekoia.io Blog. |
Studies | ★★★★ | |
|
2024-02-22 08:28:44 | Renforcement de la cyber-résilience ICS / OT: Apprentissage des incidents de cybersécurité de 2023 à partir de Dragos \\ 'Rapport Strengthening ICS/OT Cyber Resilience: Learning from 2023\\'s Cybersecurity Incidents from Dragos\\' Report (lien direct) |
> Introduction: Comprendre le paysage des menaces en évolution de la cybersécurité industrielle 2023 a été un moment de bassin versant pour la cybersécurité industrielle, ...
>Introduction: Understanding the Evolving Threat Landscape in Industrial Cybersecurity 2023 has been a watershed moment for industrial cybersecurity,... |
Threat Studies Industrial | ★★★★ | |
 |
2024-02-21 21:57:49 | Ransomware: véritable coût pour les entreprises 2024 Ransomware: True Cost to Business 2024 (lien direct) |
|
Ransomware Studies | ★★★★ | |
|
2024-02-21 15:58:44 | Rapport 2024 Incident Response - Unit 42/Palo Alto Networks (lien direct) | Rapport 2024 Incident Response - Unit 42/Palo Alto Networks Dans le paysage des menaces de cybersécurité en constante évolution, il est plus que jamais crucial de garder une longueur d'avance sur les acteurs malveillants. Pour cela, il faut comprendre leurs comportements, connaître leurs techniques et outils. - Investigations | Tool Threat Studies | ★★★ |
To see everything:
Our RSS (filtrered)
