What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-26 17:29:00 | The Danger of Forgotten Pixels on Websites: A New Case Study (lien direct) | While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases.
Download the full case study here.
It\'s a scenario that could have affected any type of company, from healthcare to finance, e-commerce to
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases. Download the full case study here. It\'s a scenario that could have affected any type of company, from healthcare to finance, e-commerce to |
Studies | ★★ | |
 |
2023-10-26 15:01:30 | Android Adware Apps sur Google Play Amass deux millions d'installations Android adware apps on Google Play amass two million installs (lien direct) |
Plusieurs applications Android Google Play malveillantes ont installé plus de 2 millions de fois pour pousser des publicités intrusives aux utilisateurs tout en dissimulant leur présence sur les appareils infectés.[...]
Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices. [...] |
Studies | ★★ | |
 |
2023-10-26 14:18:20 | McAfee 2023 Hacker Celebrity Hot List & # 8211;Pourquoi les pirates aiment tellement Ryan Gosling McAfee 2023 Hacker Celebrity Hot List – Why Hackers Love Ryan Gosling so Much (lien direct) |
> 
Les pirates aiment Ryan Gosling.En fait, les pirates utilisent son nom comme appât plus que toute autre célébrité.Avec cela, le ...
> 
Hackers love Ryan Gosling. In fact, hackers use his name as bait more than any other celebrity. With that, the...
|
Studies | ★★★★ | |
 |
2023-10-26 08:43:17 | Etude Veracode : les enjeux majeurs en termes de sécurité logiciels (lien direct) | Etude Veracode : les enjeux majeurs en termes de sécurité logiciels Veracode, éditeur leader de solutions de sécurité logicielle intelligente, dévoile son rapport annuel "State of Software Security", offrant une vision nuancée du paysage actuel de la sécurité logicielle. - Investigations | Studies | ★★★ | |
|
2023-10-26 07:41:15 | Fortinet publie son dernier rapport sur l\'évolution des ransomwares : DoDo, Proton, Trash Panda, NoCry, Rhysida Retch, S.H.O. (lien direct) | Fortinet publie son dernier rapport sur l'évolution des ransomwares : DoDo, Proton, Trash Panda, NoCry, Rhysida Retch, S.H.O. - Malwares | Studies | ★★★ | |
 |
2023-10-24 20:56:00 | 2023 Ransomware attaque plus de 95% par rapport à 2022, selon le rapport Corvus Insurance Q3 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (lien direct) |
Fortinet publie son dernier rapport sur l'évolution des ransomwares : DoDo, Proton, Trash Panda, NoCry, Rhysida Retch, S.H.O. - Malwares | Ransomware Studies | ★★★ | |
 |
2023-10-24 13:00:00 | CyberheistNews Vol 13 # 43 Le phishing attaque de 173% au troisième trimestre, 2023;Les menaces de logiciels malveillants montent sur 110% CyberheistNews Vol 13 #43 Phishing Attacks Surge by 173% In Q3, 2023; Malware Threats Soar by 110% (lien direct) |
|
Malware Studies | ★★★ | |
 |
2023-10-24 11:00:00 | Genai peut sauver des phishers deux jours de travail GenAI Can Save Phishers Two Days of Work (lien direct) |
Mais l'étude IBM dit que les humains ont toujours l'avantage
But IBM study says humans still have the edge |
Studies | ★★ | |
 |
2023-10-23 18:51:18 | L'âge des données en tant que nouvel or: une étude de cas d'un empire cybercriminal aux Pays-Bas The Age of Data as the New Gold: A Case Study of a Cybercriminal Empire in the Netherlands (lien direct) |
La nouvelle ruée vers l'or: les données sont les données de la monnaie: il est la pierre angulaire de la société moderne.Le flux de ceux et
The New Gold Rush: Data Is The Currency Data: it’s the lifeblood of modern society. The flow of ones and |
Studies | ★★ | |
|
2023-10-23 15:34:41 | Employé de l'Université du Michigan, données sur les étudiants volés en cyberattaque University of Michigan employee, student data stolen in cyberattack (lien direct) |
L'Université du Michigan a déclaré aujourd'hui dans un communiqué qu'ils ont subi une violation de données après que les pirates ont fait irruption dans son réseau en août et ont accédé aux systèmes avec des informations appartenant aux étudiants, aux candidats, aux anciens, aux donateurs, aux employés, aux patients et aux participants à la recherche.[...]
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. [...] |
Data Breach Studies | ★★ | |
 |
2023-10-23 04:00:00 | La défense des réseaux fédéraux nécessite plus que de l'argent, l'étude du CSIS révèle Defending federal networks requires more than money, CSIS study finds (lien direct) |
> Une étude de six mois a plongé dans les services offerts par l'agence de sécurité de cybersécurité et d'infrastructure pour protéger les réseaux fédéraux.
>A six-month study dove into the services offered by the Cybersecurity and Infrastructure Security Agency to protect federal networks. |
Studies | ★★★ | |
 |
2023-10-22 07:09:24 | H1 2023 en cybersécurité H1 2023 in Cybersecurity (lien direct) |
> Une fois par an, Check Point Research publie un «rapport de mi-année»: un résumé du premier semestre de l'année civile en cybersécurité, y compris tous les principaux changements, tendances et événements qui ont défini de janvier à juin.De toute évidence, il se passe beaucoup de choses à cette époque, et donc les rapports se retrouvent assez longtemps.C'est pourquoi, parfois, [& # 8230;]
>Once a year, Check Point Research releases a “mid-year report”: a summary of the first half of the calendar year in cybersecurity, including all of the major changes, trends, and events that defined January through June. Obviously a lot happens in that time, and so the reports end up rather long. Which is why, sometimes, […] |
Studies | ★★★ | |
|
2023-10-20 09:52:31 | Bonne nouvelle, 82% des Français adoptent les bons réflexes en situation d\'escroquerie en ligne (lien direct) | La dernière enquête Kaspersky menée par Kantar à l'occasion du Cybermois révèle que la moitié des Français ont déjà été confrontés à des violences ou arnaques en ligne. Tandis que les CSP + sont davantage sujettes au phishing, cette technique de fraude sur internet visant à obtenir par tromperie des informations sur les destinataires, les jeunes (24-35 ans) sont quant à eux plus touchés par l'usurpation d'identité. - Investigations | Studies | ★★★ | |
|
2023-10-19 14:19:43 | Yubico a annoncé les résultats de l'enquête de la société \\ 2023 Yubico announced the results of the company\\'s 2023 survey (lien direct) |
Nouvelle enquête YuBico: les baby-boomers ont de meilleures habitudes de cybersécurité que les milléniaux et la génération Z
Les milléniaux sont deux fois plus susceptibles de réutiliser leurs mots de passe sur divers sites de magasinage, les laissant vulnérables aux violations de comptes pendant une saison de shopping de vacances chargée
-
rapports spéciaux
NEW YUBICO SURVEY: BOOMERS HAVE BETTER CYBERSECURITY HABITS THAN MILLENNIALS AND GEN Z Millennials are twice as likely to reuse their passwords on various shopping sites, leaving them vulnerable to account breaches during a busy holiday shopping season - Special Reports |
Studies | ★★★★ | |
|
2023-10-19 07:36:37 | Le rapport de menace par e-mail de VIPRE Security Group \\'s Q3 2023 révèle les PDF, le phishing de rappel et les logiciels malveillants via Google Drive en popularité parmi les criminels VIPRE Security Group\\'s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals (lien direct) |
VIPRE SECURITY GROUP \'s Q3 2023 Le rapport de menace par e-mail révèle les PDF, le phishing de rappel et les logiciels malveillants via Google Drive en popularité parmi les criminels
-
rapports spéciaux
/ /
affiche
VIPRE Security Group\'s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - Special Reports / affiche |
Malware Threat Studies | ★★★★ | |
 |
2023-10-19 04:16:28 | Ce que nous avons appris du rapport annuel des attitudes et comportements annuels de la cybersécurité 2023 What We Learned from the 2023 Annual Cybersecurity Attitudes and Behaviors Report (lien direct) |
Dans l'air rapide du début de l'automne, l'optimisme remplit nos cœurs alors que nous célébrons le 20e anniversaire du Mois de la sensibilisation à la cybersécurité, un événement annuel dédié à favoriser une compréhension plus profonde de la cybersécurité et du changement de comportement inspirant.Il y a deux décennies, la croyance dominante parmi les professionnels de la sécurité était que la sensibilisation à elle seule pourrait conduire à des comportements en ligne sécurisés.Mais en 2023, nous avons appris que l'espoir n'est pas une stratégie.Aujourd'hui, armés de preuves et guidés par les sciences du comportement, nous comprenons que la cybersécurité exige plus que la sensibilisation - cela nécessite un changement profond de comportement ...
In the brisk air of early autumn, optimism fills our hearts as we celebrate the 20th anniversary of Cybersecurity Awareness Month, an annual event dedicated to fostering a deeper understanding of cybersecurity and inspiring behavior change. Two decades ago, the prevailing belief among security professionals was that raising awareness alone could lead to secure online behaviors. But in 2023, we\'ve learned that hope is not a strategy. Today, armed with evidence and guided by behavioral science, we understand that cybersecurity demands more than awareness -it requires a profound shift in behavior... |
Studies | ★★★★ | |
|
2023-10-18 19:02:01 | Le mot de passe d'administration informatique le plus populaire est totalement déprimant The Most Popular IT Admin Password Is Totally Depressing (lien direct) |
L'analyse de plus de 1,8 million de portails d'administration révèle que les leaders informatiques, avec les privilèges les plus élevés, sont tout aussi paresseux sur les mots de passe que tout le monde.
Analysis of more than 1.8 million admin portals reveals IT leaders, with the highest privileges, are just as lazy about passwords as everyone else. |
Studies | ★★★ | |
|
2023-10-18 18:30:05 | Le phishing attaque de 173% au troisième trimestre, 2023;Les menaces de logiciels malveillants montent sur 110% Phishing Attacks Surge By 173% In Q3, 2023; Malware Threats Soar By 110% (lien direct) |
Malware Studies | ★★★ | ||
 |
2023-10-18 18:26:28 | Netskope Threat Labs Stats for September 2023 (lien direct) | > Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Le but de cet article est de fournir des renseignements stratégiques et exploitables sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Résumé Les téléchargements de logiciels malveillants de SharePoint ont doublé, causé par une campagne de logiciels malveillants de Darkgate qui attire les victimes de téléchargement [& # 8230;]
>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Malware downloads from SharePoint doubled, caused by a DarkGate malware campaign that lures victims into downloading […] |
Malware Threat Studies | ★★★★ | |
 |
2023-10-18 15:30:00 | Le Pentagone se rapproche de la sélection du leader pour le meilleur travail de cyber Pentagon moves closer to picking leader for top cyber job (lien direct) |
Le ministère américain de la Défense a reçu les conclusions d'un examen d'étranger d'un mois sur la meilleure façon de créer un nouveau chef de cyber-politique.Le dossier rapporté pour la première fois plus tôt cette année que le Pentagone avait exploité la Rand Corporation pour étudier la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création de la création deUn secrétaire adjoint à la défense pour la cyber politique.Le poste était
The U.S. Defense Department has received the findings of a months-long outsider examination about how to best create a new lead cyber policy chief. The Record first reported earlier this year that the Pentagon had tapped the RAND Corporation to study the creation of an assistant secretary of defense for cyber policy. The post was |
Studies | ★★ | |
|
2023-10-18 14:15:00 | Lloyd \\ 's de Londres trouve une cyberattaque hypothétique pourrait coûter à l'économie mondiale 3,5 billions de dollars Lloyd\\'s of London finds hypothetical cyberattack could cost world economy $3.5 trillion (lien direct) |
Le géant de l'assurance Lloyd \'s de Londres a averti que l'économie mondiale pourrait perdre 3,5 billions de dollars à la suite d'une cyberattaque importante ciblant les systèmes de paiement.Le scénario hypothétique - modélisé par le marché de l'assurance aux côtés du Cambridge Center for Risk Studies - n'est pas considéré comme probable.Les chercheurs ont suggéré qu'il avait environ 3,3% de chances
Insurance giant Lloyd\'s of London has warned that the global economy could lose $3.5 trillion as a result of a major cyberattack targeting payment systems. The hypothetical scenario - modeled by the insurance marketplace alongside the Cambridge Centre for Risk Studies - is not considered likely. The researchers suggested it had roughly a 3.3% chance |
Studies | ★★ | |
|
2023-10-18 12:31:07 | Digicert Global Study: Préparer un futur informatique post-quantal sûr DigiCert Global Study: Preparing for a Safe Post-Quantum Computing Future (lien direct) |
Digicert Global Study: Préparer un futur informatique post-quantum sûr
Les dirigeants informatiques sonnent l'alarme sur la nécessité d'investir maintenant dans la planification de la transition quantique;Le manque de propriété claire, le budget ou le soutien exécutif est les obstacles sur le chemin de la préparation.
Les informations sur les nouvelles
• L'étude globale révèle que 61% des personnes interrogées craignent que leur organisation ne soit pas prête à traiter les implications de sécurité de PQC.74% des organisations craignent que les mauvais acteurs puissent mener des attaques «récolter maintenant, plus tard», dans lesquelles ils collectent et stockent des données cryptées dans le but de la décrypter à l'avenir.
• Cela montre également que les dirigeants informatiques pensent que les cyberattaques deviennent de plus sophistiquées (60%), ciblées (56%) et sévères (54%).
• Les dirigeants informatiques ont également exprimé leur inquiétude quant aux délais dans lesquels préparer.41% disent que leurs organisations ont moins de cinq ans pour se préparer.Les plus grands défis ne sont pas suffisamment de temps, d'argent et d'expertise pour se préparer, avec près de la moitié des répondants disant que les organisations \\ 'Leadership n'est que quelque peu conscient ou pas au courant des implications de sécurité de l'informatique quantique.
• De nombreuses organisations sont dans l'ignorance des caractéristiques et des emplacements de leurs clés cryptographiques.Un peu plus de la moitié des répondants (52%) disent que leurs organisations font actuellement un inventaire de types de clés de cryptographie utilisées et de leurs caractéristiques.
-
rapports spéciaux
DigiCert Global Study: Preparing for a Safe Post-Quantum Computing Future IT leaders are sounding the alarm about the need to invest now in quantum-safe transition planning; lack of clear ownership, budget or executive support are obstacles in path to preparation. NEWS HIGHLIGHTS • The global study reveals that 61% of those surveyed are concerned that their organization will not be prepared to address the security implications of PQC. 74% of organizations are concerned that bad actors can conduct “harvest now, decrypt later” attacks now, in which they collect and store encrypted data with the goal of decrypting it in the future. • It also shows that IT leaders believe that cyberattacks are becoming more sophisticated (60%), targeted (56%) and severe (54%). • IT leaders also expressed concern about the timeframes in which to prepare. 41% say that their organizations have less than five years to get ready. The biggest challenges are not having enough time, money and expertise to prepare, with almost half of respondents saying that organizations\' leadership is only somewhat aware or not aware about the security implications of quantum computing. • Many organizations are in the dark about the characteristics and locations of their cryptographic keys. Slightly more than half of respondents (52%) say their organizations are currently taking an inventory of types of cryptography keys used and their characteristics. - Special Reports |
Studies | ★★ | |
 |
2023-10-18 12:00:00 | Obtenez le rapport AT & amp; T Cybersecurity Insights Rapport: Focus sur la vente au détail Get the AT&T Cybersecurity Insights Report: Focus on Retail (lien direct) |
We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Retail. The report examines the edge ecosystem, surveying retail IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on retail report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report). Get the complimentary 2023 report. The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Retail-specific respondents equal 201. At the onset of our research, we established the following hypotheses. Momentum edge computing has in the market. Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED- delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the retail industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that retail leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as retail continues exploring edge computing use cases. One area that’s examined is expense allocation, and what we found may | Ransomware Studies | ★★★ | |
|
2023-10-18 11:00:00 | L'économie mondiale pourrait perdre 3,5 milliards de dollars en cyber-attaque systémique Global Economy Could Lose $3.5trn in Systemic Cyber-Attack (lien direct) |
Une recherche de Lloyd \\ a révélé que les États-Unis seuls subiraient une perte de 1,1 $ dans le scénario de risque «hypothétique mais plausible»
A Lloyd\'s research found that the US alone would experience a $1.1trn loss in the “hypothetical but plausible” risk scenario |
Studies | ★★★ | |
|
2023-10-18 08:05:07 | Le cyber est maintenant la cause n ° 1 des temps d'arrêt et de la perte de données, la recherche DatabArracks montre Cyber is now the #1 cause of downtime and data loss, Databarracks research shows (lien direct) |
Cyber est désormais la cause n ° 1 de la perte de temps d'arrêt et de perte de données, la recherche de données montre.
2023 est la première fois que les cyberattaques sont la principale cause de temps d'arrêt
-
rapports spéciaux
Cyber is now the #1 cause of downtime and data loss, Databarracks research shows. 2023 is the first time that cyber-attacks are the leading cause of downtime - Special Reports |
Studies | ★★★★ | |
 |
2023-10-17 20:14:06 | Le nouveau rapport NetSkope expose une utilisation croissante des applications cloud pour répandre les logiciels malveillants New Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware (lien direct) |
Microsoft OneDrive représente 26% de l'utilisation globale des applications de stockage cloud pour héberger des logiciels malveillants, devant Microsoft PowerPoint et GitHub.
Microsoft OneDrive accounts for 26% of the overall usage of cloud storage apps to host malware, ahead of Microsoft PowerPoint and GitHub. |
Malware Studies Cloud | ★★★★ | |
|
2023-10-17 17:47:32 | Plus de 40 000 comptes de portail d'administration utilisent \\ 'admin \\' comme mot de passe Over 40,000 admin portal accounts use \\'admin\\' as a password (lien direct) |
Les chercheurs en sécurité ont découvert que les administrateurs informatiques utilisent des dizaines de milliers de mots de passe faibles pour protéger l'accès aux portails, laissant la porte ouverte aux cyberattaques sur les réseaux d'entreprise.[...]
Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks. [...] |
Studies | ★★★ | |
|
2023-10-17 14:17:02 | Etude Lemon.fr : Près de 2 Français sur 5 ne font pas confiance aux applications (lien direct) | Près de 2 Français sur 5 ne font pas confiance aux applications - Les chiffres étonnants de l'étude Lemon.fr - Investigations | Studies | ★★★★ | |
 |
2023-10-17 12:00:13 | Preuve sociale en ingénierie sociale Social Proof in Social Engineering (lien direct) |
Vous avez besoin d'une nouvelle chaise pour votre bureau.Vous recherchez des fonctionnalités telles que le repos des bras et le bon support de dos.[& # 8230;]
You need a new chair for your desk. You\'re looking for features such as arm rest and good back support. […] |
Studies Guideline | ★★★ | |
 |
2023-10-17 10:00:41 | APT Trends Report Yaz 2023 APT trends report Q3 2023 (lien direct) |
Tetrisphantom cible les entités gouvernementales de l'APAC, APT Badrory attaque plusieurs entités en Russie, une nouvelle campagne malveillante utilise OWOWA bien connu, IIS Backdoor et d'autres événements importants au cours du troisième trimestre 2023
TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023 |
Studies | ★★★★ | |
|
2023-10-17 09:42:17 | Etude Netskope Threat Labs : le plus haut pourcentage d\'activités cybercriminelles provient de Russie, tandis que la Chine affiche les motivations géopolitiques les plus fortes (lien direct) | Etude Netskope Threat Labs : le plus haut pourcentage d'activités cybercriminelles provient de Russie, tandis que la Chine affiche les motivations géopolitiques les plus fortes Cette étude révèle les techniques et les facteurs de motivation les plus couramment employés par les cybercriminels depuis le début de l'année 2023. - Investigations | Threat Studies | ★★★★ | |
|
2023-10-17 09:24:00 | Un tiers des organisations non prêtes à se conformer à NIS2 A Third of Organizations Not Ready to Comply with NIS2 (lien direct) |
Une nouvelle enquête a révélé que les trois quarts d'organisations au Royaume-Uni n'ont pas encore répondu aux cinq exigences clés pour la conformité
A new survey found that three-quarters of organizations in the UK are yet to address the five key requirements for compliance |
Studies | ★★★ | |
|
2023-10-17 09:00:00 | Les agences fédérales prennent en retard à la rencontre des principaux objectifs de confidentialité fixés il y a cinq ans Federal agencies are falling behind on meeting key privacy goal set five years ago (lien direct) |
> Plusieurs agences fédérales jouent un rattrapage sur la réunion des recommandations du NIST détaillées dans un cadre de 2018 sur la façon dont le gouvernement devrait intégrer la vie privée dans leurs stratégies de gestion des risques.
>Several federal agencies are playing catch-up on meeting recommendations from NIST detailed in a 2018 framework for how government should incorporate privacy into their risk management strategies. |
Studies | ★★ | |
 |
2023-10-17 07:00:00 | Une bonne grosse liste de formations et certifications gratuites (lien direct) | Oh là là ! Cloud Study Network propose une liste de cours et certifications gratuits en technologie et développement, incluant Alibaba Cloud, Linux Foundation, Google Analytics, AWS, et d'autres plateformes comme Coursera et Microsoft. Des formations en cybersécurité, gestion de projet et marketing numérique sont également disponibles. Pour accéder à ces ressources, consultez la page GitHub "Liste de certifications gratuites". C'est une opportunité unique pour améliorer vos compétences et booster votre carrière. | Studies Cloud | ★★★ | |
 |
2023-10-17 05:00:21 | Êtes-vous sûr que votre navigateur est à jour?Le paysage actuel des fausses mises à jour du navigateur Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (lien direct) |
Key Takeaways Proofpoint is tracking multiple different threat clusters that use similar themes related to fake browser updates. Fake browser updates abuse end user trust with compromised websites and a lure customized to the user\'s browser to legitimize the update and fool users into clicking. Threat actors do not send emails to share the compromised websites. The threat is only in the browser and can be initiated by a click from a legitimate and expected email, social media site, search engine query, or even just navigating to the compromised site. The different campaigns use similar lures, but different payloads. It is important to identify which campaign and malware cluster the threat belongs to help guide defender response. Overview Proofpoint is currently tracking at least four distinct threat clusters that use fake browser updates to distribute malware. Fake browser updates refer to compromised websites that display what appears to be a notification from the browser developer such as Chrome, Firefox, or Edge, informing them that their browser software needs to be updated. When a user clicks on the link, they do not download a legitimate browser update but rather harmful malware. Based on our research, TA569 has used fake browser updates for over five years to deliver SocGholish malware, but recently other threat actors have been copying the lure theme. Each threat actor uses their own methods to deliver the lure and payload, but the theme takes advantage of the same social engineering tactics. The use of fake browser updates is unique because it abuses the trust end users place in both their browser and the known sites that they visit. Threat actors that control the fake browser updates use JavaScript or HTML injected code that directs traffic to a domain they control, which can potentially overwrite the webpage with a browser update lure specific to the web browser that the potential victim uses. A malicious payload will then automatically download, or the user will receive a prompt to download a “browser update,” which will deliver the payload. Fake browser update lure and effectiveness The fake browser update lures are effective because threat actors are using an end-user\'s security training against them. In security awareness training, users are told to only accept updates or click on links from known and trusted sites, or individuals, and to verify sites are legitimate. The fake browser updates abuse this training because they compromise trusted sites and use JavaScript requests to quietly make checks in the background and overwrite the existing, website with a browser update lure. To an end user, it still appears to be the same website they were intending to visit and is now asking them to update their browser. Proofpoint has not identified threat actors directly sending emails containing malicious links, but, due to the nature of the threat, compromised URLs are observed in email traffic in a variety of ways. They are seen in normal email traffic by regular end users who are unaware of the compromised websites, in monitoring emails such as Google alerts, or in mass automated email campaigns like those distributing newsletters. This creates a situation where these emails are considered to be malicious during the time the site is compromised. Organizations should not treat the fake browser update threats as only an email problem, as end users could visit the site from another source, such as a search engine, social media site, or simply navigate to the site directly and receive the lure and potentially download the malicious payload. Each campaign uniquely filters traffic to hide from researchers and delay discovery, but all the methods are effective at filtering. While this may reduce the potential spread of malicious payloads, it enables actors to maintain their access to the compromised sites for longer periods of time. This can complicate the response, because with the multiple campaigns and changing payloads, responders must take time to | Malware Tool Threat Studies | ★★★★ | |
 |
2023-10-16 11:06:00 | Les flips de pièce sont biaisés Coin Flips Are Biased (lien direct) |
Expérimental Résultat :
Beaucoup de gens ont retourné des pièces, mais peu de gens se sont arrêtés pour réfléchir aux subtilités statistiques et physiques du processus.Dans une étude préinscrite, nous avons collecté 350 757 flips de pièces pour tester la prédiction contre-intuitive à partir d'un modèle physique de lancement de pièces humaines développé par Persi Diaconis.Le modèle affirme que lorsque les gens retournent une pièce ordinaire, il a tendance à atterrir du même côté, il a commencé & # 8212; Diaconis a estimé la probabilité qu'un résultat de même côté soit d'environ 51%.
et le paragraphe final:
Les futurs lanceurs de monnaie pourraient-ils utiliser le biais de même côté à leur avantage?L'ampleur du biais observé peut être illustrée à l'aide d'un scénario de paris.Si vous pariez un dollar sur le résultat d'un tirage au sort (c'est-à-dire payer 1 dollar pour entrer et gagner 0 ou 2 dollars en fonction du résultat) et répéter le pari 1000 fois, sachant que la position de départ du tirage au sort gagneraitvous 19 dollars en moyenne.C'est plus que l'avantage du casino pour le blackjack à 6 deck contre un joueur de stratégie optimale, où le casino gagnerait 5 dollars sur une pari comparable, mais moins que l'avantage du casino pour la roulette à zéro, où le casino gagnerait 27 dollars surmoyenne.Ces considérations nous amènent à suggérer que lorsque des flips de monnaie sont utilisés pour la prise de décision à enjeux élevés, la position de départ de la pièce est mieux dissimulée ...
Experimental result: Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Persi Diaconis. The model asserts that when people flip an ordinary coin, it tends to land on the same side it started—Diaconis estimated the probability of a same-side outcome to be about 51%. And the final paragraph: Could future coin tossers use the same-side bias to their advantage? The magnitude of the observed bias can be illustrated using a betting scenario. If you bet a dollar on the outcome of a coin toss (i.e., paying 1 dollar to enter, and winning either 0 or 2 dollars depending on the outcome) and repeat the bet 1,000 times, knowing the starting position of the coin toss would earn you 19 dollars on average. This is more than the casino advantage for 6 deck blackjack against an optimal-strategy player, where the casino would make 5 dollars on a comparable bet, but less than the casino advantage for single-zero roulette, where the casino would make 27 dollars on average. These considerations lead us to suggest that when coin flips are used for high-stakes decision-making, the starting position of the coin is best concealed... |
Studies | ★★ | |
|
2023-10-16 10:00:00 | Renforcement de la cybersécurité: multiplication de force et efficacité de sécurité Strengthening Cybersecurity: Force multiplication and security efficiency (lien direct) |
In the ever-evolving landscape of cybersecurity, the battle between defenders and attackers has historically been marked by an asymmetrical relationship. Within the cybersecurity realm, asymmetry has characterized the relationship between those safeguarding digital assets and those seeking to exploit vulnerabilities. Even within this context, where attackers are typically at a resource disadvantage, data breaches have continued to rise year after year as cyber threats adapt and evolve and utilize asymmetric tactics to their advantage. These include technologies and tactics such as artificial intelligence (AI), and advanced social engineering tools. To effectively combat these threats, companies must rethink their security strategies, concentrating their scarce resources more efficiently and effectively through the concept of force multiplication. Asymmetrical threats, in the world of cybersecurity, can be summed up as the inherent disparity between adversaries and the tactics employed by the weaker party to neutralize the strengths of the stronger one. The utilization of AI and similar tools further erodes the perceived advantages that organizations believe they gain through increased spending on sophisticated security measures. Recent data from InfoSecurity Magazine, referencing the 2023 Checkpoint study, reveals a disconcerting trend: global cyberattacks increased by 7% between Q1 2022 and Q1 2023. While not significant at first blush, a deeper analysis reveals a more disturbing trend specifically that of the use of AI. AI\'s malicious deployment is exemplified in the following quote from their research: "...we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains." Furthermore, the report highlights: "Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks." As threat actors continue to employ asymmetrical strategies to render organizations\' substantial and ever-increasing security investments less effective, organizations must adapt to address this evolving threat landscape. Arguably, one of the most effective methods to confront threat adaptation and asymmetric tactics is through the concept of force multiplication, which enhances relative effectiveness with fewer resources consumed thereby increasing the efficiency of the security dollar. Efficiency, in the context of cybersecurity, refers to achieving the greatest cumulative effect of cybersecurity efforts with the lowest possible expenditure of resources, including time, effort, and costs. While the concept of efficiency may seem straightforward, applying complex technological and human resources effectively and in an efficient manner in complex domains like security demands more than mere calculations. This subject has been studied, modeled, and debated within the military community for centuries. Military and combat efficiency, a domain with a long history of analysis, | Tool Vulnerability Threat Studies Prediction | ChatGPT | ★★★ |
|
2023-10-13 20:52:41 | 9 sur 10 CISOS rapportent au moins une cyberattaque perturbatrice au cours de la dernière année 9 in 10 CISOs Report at Least One Disruptive Cyberattack in the Last Year (lien direct) |
|
Studies | ★★★ | |
|
2023-10-13 20:52:30 | 53% des organisations ont connu des cyberattaques 53% of Organizations Experienced Cyber Attacks (lien direct) |
Étant donné que les pourcentages croissants d'entreprises connaissent des cyberattaques, les nouvelles données fournissent des détails sur l'endroit où se trouve le risque le plus organisationnel.
As increasing percentages of businesses experience cyberattacks, new data provides details on where the most organizational risk lies. |
Studies | ★★★ | |
 |
2023-10-13 12:16:48 | Les PME ont du mal à suivre le rythme des menaces de cybersécurité SMBs Struggle to Keep Pace with Cyber Security Threats (lien direct) |
Tenir au courant de nouvelles menaces est le plus grand défi de cybersécurité auquel sont confrontés les petites et moyennes entreprises du monde entier (PME) & # 8211;Et plus de la moitié appellent à une aide pour gérer les risques, révèlent aujourd'hui de nouvelles recherches mondiales de Sage.Les PME britanniques sont particulièrement aux prises avec la préparation à la cybersécurité avec 57% demandant plus de soutien avec [& # 8230;]
Keeping on top of new threats is the biggest cyber security challenge facing small and mid-sized businesses globally (SMBs) – and more than half are calling for help to manage the risks, new global research by Sage reveals today. UK SMBs are particularly struggling with cyber security preparedness with 57% asking for more support with […] |
Studies | ★★★ | |
|
2023-10-12 10:00:00 | Applications financières panafricaines cryptage de fuite, clés d'authentification Pan-African Financial Apps Leak Encryption, Authentication Keys (lien direct) |
Les applications de crypto-monnaie étaient le risque le plus élevé pour exposer des informations sensibles, selon une étude d'ingénierie inverse.
Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows. |
Studies | ★★ | |
 |
2023-10-11 16:22:40 | ALERTE NOUVELLE: L'étude révèle que les cabinets d'avocats ciblés - Cloud UK les exhorte également à consolider la cyber-hygiène News alert: Study finds law firms targeted - ALSO Cloud UK urges them to shore up cyber hygiene (lien direct) |
Emmen, Suisse, 11 octobre 2023 & # 8212;Des recherches récentes du National Cyber Security Center (NCSC) ont révélé Les cabinets d'avocats britanniques sont des objectifs de plus en plus attrayants Pour les cybercriminels intéressés à voler et à exploiter les données des clients.
 HybridLe travail a été cité comme a & # 8230; (plus…)
Emmen, Switzerland, Oct. 11, 2023 — Recent research by the National Cyber Security Centre (NCSC) has found UK law firms are increasingly appealing targets for cybercriminals interested in stealing and exploiting client data.  Hybrid working has been cited as a … (more…) |
Studies Cloud | ★★ | |
|
2023-10-11 10:00:00 | Le rôle de 5G \\ dans la télémédecine: l'avenir est maintenant 5G\\'s role in telemedicine: The future is now (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Healthcare and technology have always gone hand in hand. Telemedicine, which lets you talk to doctors without visiting them in person, is a great example. A few years back, it might have sounded like science fiction. But today, it\'s a regular part of many people\'s lives. In fact, data shows that 80% of people have used telemedical services at least once in their lives. And now 5G is making the process even more efficient. Most of us know 5G as just a faster way to use the internet on our phones. But for healthcare, it\'s a lifesaver. With 5G, doctors can diagnose patients in real-time, no matter how far apart they are. It could even make remote surgeries a reality. And the best part? 5G can help everyone, not just people in big cities. It has the power to bring top-notch healthcare to places that were left out before. As we move forward, it\'s exciting to think about how 5G will change healthcare for all of us. Continue reading to find out more. How 5G is changing telemedicine Before 5G, telemedicine was already useful, but it had its limits. Sometimes, the internet connection might be slow, making video calls blurry or delayed. This could be a problem, especially in critical situations where every second counts. But with 5G, things are changing. Here\'s how: Faster video calls. With 5G, video calls between patients and doctors can be crystal clear and smooth. This means better communication and understanding, which is vital in healthcare. Real-time data. Doctors can now get real-time data about a patient\'s health. For example, if a patient wears a heart monitor, the doctor can see the results instantly with 5G. This helps in making quick decisions. Remote surgeries. This might sound like it’s out of a Star Trek episode, but it\'s becoming a reality. With 5G\'s speed, a surgeon in one city could guide surgery in another city. This can be a game-changer, especially in places where there aren\'t many specialists. Reaching more people. With 5G, even people in remote areas can access telemedicine. This means they can get the medical help they need without traveling long distances. How 5G helps with remote patient monitoring Remote patient monitoring is like having a mini-doctor\'s office in your home. It\'s a way for doctors to keep an eye on your health without you having to visit them in person. Here\'s how it works and why it\'s making a big difference: Tools and devices These aren\'t just ordinary gadgets. Devices like heart rate monitors, blood pressure cuffs, and even glucose meters have been upgraded for the digital age. When you use them at home, they don\'t just give readings; they send this data over the internet straight to your doctor\'s system for remote patient monitoring. This means your doctor gets a clear, real-time picture of your health without you having to jot down or remember numbers. Less visits, same care The traditional model of healthcare often meant waiting in a clinic, even for minor check-ups. With remote monitoring, many of these visits are no longer necessary. You can go about your day, and the devices will do the work. The elderly stand to benefit the most from this, as well as those with mobili | Studies Medical | ★★★ | |
|
2023-10-11 05:00:00 | Le deuxième rapport annuel sur le Ponemon Institute révèle que les deux tiers des organisations de santé interrogées ont une perturbation des soins aux patients en raison des cyberattaques Second Annual Ponemon Institute Report Finds That Two-Thirds of Healthcare Organizations Surveyed Experienced Disruption to Patient Care Due to Cyber Attacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Healthcare and technology have always gone hand in hand. Telemedicine, which lets you talk to doctors without visiting them in person, is a great example. A few years back, it might have sounded like science fiction. But today, it\'s a regular part of many people\'s lives. In fact, data shows that 80% of people have used telemedical services at least once in their lives. And now 5G is making the process even more efficient. Most of us know 5G as just a faster way to use the internet on our phones. But for healthcare, it\'s a lifesaver. With 5G, doctors can diagnose patients in real-time, no matter how far apart they are. It could even make remote surgeries a reality. And the best part? 5G can help everyone, not just people in big cities. It has the power to bring top-notch healthcare to places that were left out before. As we move forward, it\'s exciting to think about how 5G will change healthcare for all of us. Continue reading to find out more. How 5G is changing telemedicine Before 5G, telemedicine was already useful, but it had its limits. Sometimes, the internet connection might be slow, making video calls blurry or delayed. This could be a problem, especially in critical situations where every second counts. But with 5G, things are changing. Here\'s how: Faster video calls. With 5G, video calls between patients and doctors can be crystal clear and smooth. This means better communication and understanding, which is vital in healthcare. Real-time data. Doctors can now get real-time data about a patient\'s health. For example, if a patient wears a heart monitor, the doctor can see the results instantly with 5G. This helps in making quick decisions. Remote surgeries. This might sound like it’s out of a Star Trek episode, but it\'s becoming a reality. With 5G\'s speed, a surgeon in one city could guide surgery in another city. This can be a game-changer, especially in places where there aren\'t many specialists. Reaching more people. With 5G, even people in remote areas can access telemedicine. This means they can get the medical help they need without traveling long distances. How 5G helps with remote patient monitoring Remote patient monitoring is like having a mini-doctor\'s office in your home. It\'s a way for doctors to keep an eye on your health without you having to visit them in person. Here\'s how it works and why it\'s making a big difference: Tools and devices These aren\'t just ordinary gadgets. Devices like heart rate monitors, blood pressure cuffs, and even glucose meters have been upgraded for the digital age. When you use them at home, they don\'t just give readings; they send this data over the internet straight to your doctor\'s system for remote patient monitoring. This means your doctor gets a clear, real-time picture of your health without you having to jot down or remember numbers. Less visits, same care The traditional model of healthcare often meant waiting in a clinic, even for minor check-ups. With remote monitoring, many of these visits are no longer necessary. You can go about your day, and the devices will do the work. The elderly stand to benefit the most from this, as well as those with mobili | Studies | ★★★★ | |
|
2023-10-10 16:02:37 | Cybersécurité : que faire contre la menace intérieure ? Almond publie la première édition de son rapport " Insider Threat " (lien direct) | Cybersécurité : que faire contre la menace intérieure ? Almond publie la première édition de son rapport " Insider Threat " - Investigations | Threat Studies | ★★★★ | |
|
2023-10-10 12:22:31 | 74% des PDG préoccupés par la capacité de leur organisation à se protéger contre les cyberattaques, malgré le fait que la cybersécurité 74% of CEOs Concerned About Their Organization\\'s Ability to Protect Against Cyber Attacks, Despite Seeing Cybersecurity as Critical (lien direct) |
Selon le récent Rapport du PDG cyber-résilient publié par les services et des services et des services etConsulting Agency Accenture , 74% des PDG ont exprimé leurs préoccupations concernant leurs organisations \\ 'à protéger leurs entreprises contre les cyberattaques.Ceci malgré le fait que 96% des PDG reconnaissent l'importance de la cybersécurité pour la croissance et la stabilité de leurs organisations.
According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations\' ability to protect their businesses from cyber attacks. This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations. |
Studies | ★★★★ | |
|
2023-10-10 07:21:29 | Rapport Hiscox sur la gestion des cyber-risques 2023 – 7e édition (lien direct) | Rapport Hiscox sur la gestion des cyber-risques 2023 – 7e édition 36 % des entreprises de moins de 10 salariés ont été touchées par une cyberattaque sur les 12 derniers mois Le risque cyber se maintient à un niveau élevé, même pour les petites structures, mais la réponse des entreprises montre des signes encourageants. - Investigations | Studies | ★★★★ | |
|
2023-10-10 07:16:32 | Au-delà du statu quo, partie 1: le rôle vital des menaces de renseignement dans la sensibilisation à la sécurité Beyond the Status Quo, Part 1: The Vital Role Threat Intelligence Plays in Security Awareness Education (lien direct) |
Welcome to the first installment of a three-part blog series that is focused on how to inspire engagement in security awareness for both users and practitioners. It will also explore creative techniques you can use to build a security culture that go beyond traditional security awareness training. Cybersecurity Awareness Month is an excellent time to rejuvenate your security awareness program. But how can you sustain the momentum of Cybersecurity Awareness Month beyond October? Try adding threat intelligence to your program. It can personalize and invigorate your curriculum for your users. Integrating threat intelligence into security awareness seems intuitive-and many practitioners claim to do it. But data suggests otherwise. Research Proofpoint conducted for our 2023 State of the Phish report found that while 75% of businesses faced business email compromise (BEC) attacks, a mere 31% trained their users about this threat. This indicates that while many businesses are aware of emerging threats, they struggle to weave this information into their training modules. This blog post delves into best practices for using threat intelligence to raise security awareness with users. It includes insights from a customer session we held during Proofpoint Wisdom 2023 entitled “Utilizing Threat Intel to Design a Program that Works.” During that session, I spoke with Andrew Munson, senior manager of information risk management and governance at McDonald\'s Corporation, and Shaun Holmberg, IT security analyst at Commercial Metals Corporation. Both provided insights into how they infuse threat intelligence into their global security awareness initiatives. Understanding threat intelligence Threat intelligence is the knowledge and analysis of cyber threats and vulnerabilities that can pose a risk to a business. This information includes details about the attack lifecycle, network architecture vulnerabilities and which users are being targeted. The intel should also provide details of the risk level or the consequential impact that a successful cyber attack may have on a business. This information can be gathered from various sources. According to Shaun and Andrew, examples of optimal sources for intelligence are: Research reports. These resources include, but are not limited to: State of the Phish from Proofpoint Verizon\'s Data Breach Investigations Report (DBIR) FBI Internet Crime Report (Internet Crime Complaint Center) Coalition\'s Cyber Claims Report Security feeds. Proofpoint threat intelligence services, Rapid7 and Cyber Reasons are examples of providers of these feeds. Incident reports from products. These reports include Proofpoint Targeted Attack Protection reports, Proofpoint Closed Loop Email Analysis (CLEAR) and other reports related to the penetration testing of a company\'s infrastructure. Why is threat intelligence crucial for a security awareness program? Let\'s dive deeper into this subject using insights from the recent discussion with Andrew and Shaun. Making threat intelligence actionable At McDonald\'s, Andrew works with departments across the globe. Each region has its own requirements and is targeted with threats specific to an office. This is where working with a resource like the Proofpoint threat intelligence service team can create significant benefits for security teams. Andrew described how working with our team gives him an advantage. He said the Proofpoint threat intelligence service team can analyze data across the globe to correlate attacks that may be affecting a single region. For example, they can recognize a targeted attack specific to Germany, which differs from an active attack they\'ve identified targeting Austria. Andrew said he uses this data to build separate simulations that mimic the active attack for each region and launches an auto-enrollment training session tuned to recognizing the attack indicators. He can also provide resources like notifications or informative newsletters, all within the region\'s native l | Ransomware Data Breach Vulnerability Threat Studies | ★★ | |
|
2023-10-09 12:19:59 | Les recherches Ivanti montrent que 1/3 des collaborateurs pense que leurs actions n\'impactent pas la sécurité de leur entreprise (lien direct) | Les recherches Ivanti montrent que 1/3 des collaborateurs pense que leurs actions n'impactent pas la sécurité de leur entreprise. Le rapport précise qu'une cybersécurité d'entreprise descendante de type " taille unique " ne tient pas compte des risques spécifiques liés à la situation géographique, à l'âge, au sexe et au rôle. - Investigations | Studies | ★★★ | |
|
2023-10-09 12:14:04 | Le secteur de l'énergie connaît trois fois plus d'incidents de cybersécurité en technologie opérationnelle que toute autre industrie Energy Sector Experiences Three Times More Operational Technology Cybersecurity Incidents Than Any Other Industry (lien direct) |
Alors que les industries comme les services financiers et les soins de santé ont tendance à dominer les attaques informatiques, les tables sont tournées lors de la recherche de cyberattaques de technologie opérationnelle (OT) & # 8211;Et le secteur de l'énergie est le «gagnant» clair.
While industries like financial services and healthcare tend to dominate in IT attacks, the tables are turned when looking at Operational Technology (OT) cyber attacks – and the energy sector is the clear “winner.” |
Studies Industrial | ★★★ |
To see everything:
Our RSS (filtrered)
