What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-09 11:57:12 | L'augmentation préoccupante des attaques centrées sur l'identité: tendances et faits The Concerning Rise in Identity-Centric Attacks: Trends and Facts (lien direct) |
Identity threats are by no means a new type of crime. But in today\'s increasingly digitized world, there are more opportunities for bad actors to steal identities and engage in identity-centric attacks than ever before. Unfortunately, user identities are tough for businesses to protect. The fact that these types of attacks are skyrocketing is evidence of that-in the past year alone the Identity Defined Security Alliance reports that a whopping 84% of companies experienced an identity-related security breach. In this post, we\'ll take a look at identity attack statistics and trends and provide some recent case studies to illustrate how some attacks work. We\'ll also highlight one of the most important identity threat facts-that the human element plays a crucial role in the success of these attacks. Understanding identity-centric attacks There are many types of identity attacks. When most people think of these types of crimes, they often imagine traditional identity theft scenarios: Financial identity theft, where a criminal gains access to a victim\'s financial data, like their credit card details, bank account numbers or Social Security number, to make unauthorized purchases, withdraw funds or open new accounts. Tax identity theft, where a bad actor uses a victim\'s personal information to file false tax returns and claim refunds, diverting the money to their own accounts. Employment identity theft, where a fraudster uses a victim\'s identity to get a job, potentially causing issues for that person when discrepancies arise in their employment and tax records. But identity-based attacks also target enterprises and their online users. The cybercriminals behind these attacks might aim to steal sensitive data, siphon off funds, damage or disrupt systems, deploy ransomware or worse. Those are the types of identity attacks we\'re covering here. Identity threat trends and tactics In short, identity-centric attacks are a practical calculation by bad actors: Why would they invest their time and resources to build exploits to help them get in through a virtual back door when they can just walk through the front door? But before they reap the rewards, they still have some legwork to do. Here are a few techniques that cybercriminals use to progress identity-based attacks against businesses and their users: MFA bypass attacks. Many businesses today use multifactor authentication (MFA) to protect the account of their users. It\'s more secure than using passwords alone. But of course, bad actors have found new ways to bypass commonly used MFA methods. MFA fatigue attacks are one example. People-activated malware. People often give life to malware when they fall for a phishing scam or other social engineering tactics. Malware can appear in the form of a .zip file, QR code, .html link, MS Office file and more-there are at least 60 known techniques to plant people-activated malware on corporate networks. Active Directory (AD) attacks. Most enterprises today use AD as a primary method for directory services like user authentication and authorization. Cybercriminals are keen to target AD, which touches almost every place, person and device on a network. This approach works very well, too-more than half of identity-related breaches can be traced back to AD. Cached credentials harvesting. Cached credentials are commonly stored on endpoints, in memory, in the registry, in a browser or on disk. Attackers use various tools and techniques to collect these credentials and gain access to more privileged identities. Once they have harvested these credentials, they can use them to move laterally and log into different applications. Adversaries are likely to find a good “crop” when they are harvesting cached credentials. Recent research from Proofpoint found that more than one in 10 endpoints have exposed privileged account passwords, making it one of the most common identity risks. Keep in mind that cybercriminals are always innovating, and they are quick to build or adopt tools that | Ransomware Malware Tool Threat Studies | Uber | ★★ |
 |
2023-04-26 08:17:21 | Red Hat Publie Les R & eacute; Sultats de Son Rapport "L'état de la sécurité de Kubernetes en 2023" Red Hat publie les résultats de son rapport " The State of Kubernetes Security in 2023 " (lien direct) |
Red Hat Publie Les R & eacute; Sultats de Son Rapport "L'état de la sécurité de Kubernetes en 2023"
-
Investigations
Red Hat publie les résultats de son rapport " The State of Kubernetes Security in 2023 " - Investigations |
Studies | Uber | ★★★ |
 |
2020-07-06 19:18:53 | Seattle\'s Uber and Lyft Drivers Make $23.25 an Hour-or $9.73 (lien direct) | Two studies reach very different conclusions about ride-hail earnings, as city officials consider setting a minimum wage. | Studies | Uber | |
 |
2019-01-04 14:00:00 | Things I Hearted This Week, 4th Jan 2018 (lien direct) |
Welcome to 2019! I hope that you had a well-deserved break over the holidays, and a special shout out to all the people that carried on pulling shifts in the SOC, were on-call, and helped ensure stuff stayed as secure as possible while the rest of us were eating and sleeping too much! I’ve said it before, and I’ll say it again, that you are the real backbone of the security industry, and although you may never go to conferences, or be heard on a podcast, or put your name to a blog - you go about your job keeping things as secure as possible.
We’re only half a week into the new year and the security world hasn’t slowed down in the slightest, so let’s just get down to what’s been going on these last few days, and catch up with some of the excitement that I missed while I was busy consuming mince pies.
Victorian Government Employees Details Stolen
We didn’t even make it a day into the new year without news of a data breach where thousands of records were stolen. Sure, it’s small compared to the millions of records we’re getting accustomed to reading about, but it’s significant nonetheless. It’s like data breaches have become an olympic level sport with everyone racing to be first.
.png)
The work details of 30,000 Victorian public servants have been stolen in a data breach, after part of the Victorian Government directory was downloaded by an unknown party.
The list is available to government employees and contains work emails, job titles and work phone numbers.
Employees affected by the breach were told in an email their mobile phone numbers may have also been accessed if they had been entered into the directory.
Data breach sees Victorian Government employees' details stolen | ABC New
Town of Salem Breach Affects 7 Million Accounts
Getting up to the kind of breach numbers we’re all more used to, The Town of Salem (video game) was hit with a massive data breach last week that exposed the information on more than 7 million users.
The breach was discovered by the cybersecurity research Dehashed on December 28 when he received an anonymous email that indicated someone had gained access to the game’s database. Town of Salem is a role-playing game operated by BlankMediaGames.
.png)
Town of Salem breach affects 7 million accounts | SC Magazine
Promote Your Scams
In the battle for advertising revenue supremacy, social media giants have automated their whole process and seem to have forgotten to include any basic checks for, you know, looking for obvious scams. Like this little gem whereby an obvious PayPal phishing scam was sent as a promoted tweet.
And we think we’re going to clean up fake news.
.png)
Twitter let someone promote an obvious PayPal phishing scam |
Data Breach Vulnerability Studies | Uber | |
|
2018-11-20 12:00:00 | Airports Cracked Uber and Lyft-Time for Cities to Take Note (lien direct) | Airports serve as handy case studies for what happens when the cars show up, and how to beat them back again. | Studies | Uber |
1
We have: 5 articles.
We have: 5 articles.
To see everything:
Our RSS (filtrered)
