www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T12:59:42+00:00 www.secnews.physaphae.fr Security Intelligence - Site de news Américain It et OT Cybersecurity: une approche holistique IT and OT cybersecurity: A holistic approach Dans le domaine de la cybersécurité, les technologies de l'information (TI) et les technologies opérationnelles (OT) présentent des défis distincts que les organisations doivent naviguer.Assurer la sécurité de ces domaines distincts est primordial pour renforcer votre cyber-résilience globale.En suivant les meilleures pratiques décrites dans cet article, vous pouvez minimiser les vulnérabilités potentielles et garder votre posture de sécurité forte.[& # 8230;]

>In the realm of cybersecurity, both information technology (IT) and operational technology (OT) present distinct challenges that organizations must navigate. Ensuring the security of these distinct domains is paramount to bolstering your overall cyber resilience. By following the best practices outlined in this article, you can minimize potential vulnerabilities and keep your security posture strong. […] ]]> 2024-01-04T15:00:00+00:00 https://securityintelligence.com/posts/it-and-ot-cybersecurity-integration/ www.secnews.physaphae.fr/article.php?IdArticle=8434489 False Vulnerability,Industrial None 3.0000000000000000 Security Intelligence - Site de news Américain Pentesting vs Pentest en tant que service: quel est le meilleur? Pentesting vs. Pentesting as a Service: Which is better? Dans le paysage de la cybersécurité en évolution rapidement en évolution rapide, les organisations recherchent constamment les moyens les plus efficaces de sécuriser leurs actifs numériques.Les tests de pénétration (pentisting) sont devenus une solution principale pour identifier les vulnérabilités potentielles du système tout en renforçant les lacunes de sécurité qui peuvent conduire à une attaque.Dans le même temps, un nouveau participant dans l'arène de sécurité est à la pente [& # 8230;]

>In today’s quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting […] ]]> 2023-11-15T14:00:00+00:00 https://securityintelligence.com/articles/pentesting-vs-pentesting-as-a-service/ www.secnews.physaphae.fr/article.php?IdArticle=8412397 False Vulnerability None 2.0000000000000000 Security Intelligence - Site de news Américain L'évolution des ransomwares: leçons pour l'avenir The evolution of ransomware: Lessons for the future Les ransomwares font partie de l'écosystème de la cybercriminalité depuis la fin des années 1980 et restent une menace majeure dans le cyber paysage aujourd'hui.Les attaques en évolution des ransomwares deviennent de plus en plus sophistiquées à mesure que les acteurs de la menace tirent parti des vulnérabilités, de l'ingénierie sociale et des menaces d'initiés.Bien que l'avenir des ransomwares regorge de menaces inconnues, nous pouvons nous tourner vers [& # 8230;]

>Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to […] ]]> 2023-11-14T14:00:00+00:00 https://securityintelligence.com/posts/the-evolution-of-ransomware-lessons/ www.secnews.physaphae.fr/article.php?IdArticle=8411869 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Security Intelligence - Site de news Américain Cruisant de manière critique de zéro (jour): exploiter le service de streaming du noyau Microsoft Critically Close to Zero(Day): Exploiting Microsoft Kernel Streaming Service Le mois dernier, Microsoft a corrigé une vulnérabilité dans le serveur de streaming Microsoft Kernel, un composant de noyau Windows utilisé dans la virtualisation et le partage des appareils de caméra.La vulnérabilité, CVE-2023-36802, permet à un attaquant local de dégénérer les privilèges du système.Ce billet de blog détaille mon processus d'exploration d'une nouvelle surface d'attaque dans le noyau Windows, en trouvant un [& # 8230;]

>Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a […] ]]> 2023-10-10T17:20:00+00:00 https://securityintelligence.com/posts/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/ www.secnews.physaphae.fr/article.php?IdArticle=8393871 False Vulnerability None 2.0000000000000000 Security Intelligence - Site de news Américain Aller au-delà du balayage de vulnérabilité pour renforcer votre surface d'attaque Moving beyond vulnerability scanning to strengthen your attack surface Garder une longueur d'avance sur les violations potentielles est une priorité absolue pour les équipes de sécurité au sein des organisations de toutes tailles.La numérisation de la vulnérabilité est depuis longtemps le fondement de ces efforts, permettant aux entreprises d'identifier les faiblesses de leur posture de sécurité.Cependant, à mesure que les cyberattaques se développent en sophistication et en échelle et avec un grand nombre de vulnérabilités communes et [& # 8230;]

>Staying one step ahead of potential breaches is a top priority for security teams within organizations of all sizes. Vulnerability scanning has long been a foundation of these efforts, allowing businesses to identify weaknesses in their security posture. However, as cyberattacks grow in sophistication and scale and with a large number of Common Vulnerabilities and […] ]]> 2023-10-09T13:00:00+00:00 https://securityintelligence.com/posts/moving-beyond-vulnerability-scanning-strengthen-attack-surface/ www.secnews.physaphae.fr/article.php?IdArticle=8393238 False Vulnerability None 2.0000000000000000 Security Intelligence - Site de news Américain X-Force découvre la campagne Global NetScaler Gateway Creasenal X-Force uncovers global NetScaler Gateway credential harvesting campaign Ce poste a été rendu possible grâce aux contributions de Bastien Lardy et Ruben Castillo.En septembre 2023, X-Force a découvert une campagne où les attaquants exploitaient la vulnérabilité identifiée dans CVE-2023-3519 pour attaquer les passerelles Netscaler non corrigées pour insérer un script malveillant dans le contenu HTML de la page Web d'authentification pour capturer des informations d'identification des utilisateurs.Le [& # 8230;]

>This post was made possible through the contributions of Bastien Lardy and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The […] ]]> 2023-10-06T11:00:00+00:00 https://securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8392191 False Vulnerability None 3.0000000000000000 Security Intelligence - Site de news Américain Comment stimuler la cybersécurité grâce à une meilleure communication How to Boost Cybersecurity Through Better Communication La sécurité serait facile sans les utilisateurs. & # 160;Cette déclaration est aussi absurde que vraie.Il est également vrai que les entreprises ne seraient pas possibles sans les utilisateurs.En plus de traiter tous les nouveaux risques, vulnérabilité et vecteur d'attaque qui arrivent, les pros de la cybersécurité ont besoin [& # 8230;]

>Security would be easy without users. That statement is as absurd as it is true. It’s also true that business wouldn’t be possible without users. It’s time to look at the big picture when it comes to cybersecurity. In addition to dealing with every new risk, vulnerability and attack vector that comes along, cybersecurity pros need […] ]]> 2023-06-05T13:00:00+00:00 https://securityintelligence.com/articles/how-to-boost-cybersecurity-through-better-communication/ www.secnews.physaphae.fr/article.php?IdArticle=8342155 False Vulnerability None 2.0000000000000000 Security Intelligence - Site de news Américain X-Force empêche zéro jour d'aller n'importe où [X-Force Prevents Zero Day from Going Anywhere] Ce blog a été rendu possible grâce aux contributions de Fred Chidsey et Joseph Lozowski.La base de données de vulnérabilité et d'exploitation X-Force montre que le nombre de jours zéro publiés chaque année est en augmentation, mais X-Force a observé que seuls quelques-uns de ces jours zéro sont rapidement adoptés par les cybercriminels chaque année.Tandis que [& # 8230;]

>This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While […] ]]> 2023-03-30T13:00:00+00:00 https://securityintelligence.com/posts/x-force-prevents-zero-day-from-going-anywhere/ www.secnews.physaphae.fr/article.php?IdArticle=8323473 False Vulnerability None 3.0000000000000000 Security Intelligence - Site de news Américain The Role of Customer Service in Cybersecurity The old adage “cybersecurity is everyone’s job” is more true than you might imagine. While not every department is tasked with threat hunting or reviewing detailed vulnerability disclosures, each has a role in protecting the organization from fraudsters and cyber criminals alike. Customer service is uniquely positioned as the face of the company. These departments […] ]]> 2023-03-13T13:00:00+00:00 https://securityintelligence.com/articles/customer-service-in-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8318624 False Vulnerability,Threat None 3.0000000000000000 Security Intelligence - Site de news Américain Log4j Forever Changed What (Some) Cyber Pros Think About OSS In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure […] ]]> 2023-01-23T14:00:00+00:00 https://securityintelligence.com/articles/log4j-vulnerability-changed-oss-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8303411 False Vulnerability None 2.0000000000000000 Security Intelligence - Site de news Américain Does Follina Mean It\'s Time to Abandon Microsoft Office? 2022-09-22T13:00:00+00:00 https://securityintelligence.com/articles/follina-vulnerability-abandon-microsoft-office/ www.secnews.physaphae.fr/article.php?IdArticle=7062521 False Malware,Vulnerability None None Security Intelligence - Site de news Américain X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 2022-05-05T15:35:00+00:00 https://securityintelligence.com/x-force-top-10-cybersecurity-vulnerabilities-2021/ www.secnews.physaphae.fr/article.php?IdArticle=4549636 False Vulnerability,Threat None None Security Intelligence - Site de news Américain Electron Application Attacks: No Vulnerability Required 2022-04-27T17:02:00+00:00 https://securityintelligence.com/posts/electron-application-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=4514154 False Vulnerability None None Security Intelligence - Site de news Américain Log4Shell Vulnerability Risks for OT Environments - and How You Can Better Protect Against Them 2021-12-18T05:40:00+00:00 https://securityintelligence.com/posts/log4shell-vulnerability-security-risks-ot-environments/ www.secnews.physaphae.fr/article.php?IdArticle=3819402 False Vulnerability None None Security Intelligence - Site de news Américain Update on Apache Log4j Zero-Day Vulnerability 2021-12-11T18:50:00+00:00 https://securityintelligence.com/posts/apache-log4j-zero-day-vulnerability-update/ www.secnews.physaphae.fr/article.php?IdArticle=3781328 False Vulnerability None None Security Intelligence - Site de news Américain Data Security: Defending Against the Cache Poisoning Vulnerability 2021-12-03T11:00:00+00:00 https://securityintelligence.com/posts/data-security-defend-against-cache-poisoning/ www.secnews.physaphae.fr/article.php?IdArticle=3741112 False Vulnerability None None Security Intelligence - Site de news Américain Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform 2021-11-16T17:00:00+00:00 https://securityintelligence.com/posts/zero-day-discovered-enterprise-help-desk/ www.secnews.physaphae.fr/article.php?IdArticle=3667019 False Vulnerability None None Security Intelligence - Site de news Américain The Weaponization of Operational Technology 2021-10-27T16:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/20lvKoIYQ34/ www.secnews.physaphae.fr/article.php?IdArticle=3573951 False Ransomware,Vulnerability None None Security Intelligence - Site de news Américain Facing Tech Burnout? Here\'s How Employers Can Help 2021-10-26T16:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/MOr4_RdGBsE/ www.secnews.physaphae.fr/article.php?IdArticle=3567623 False Vulnerability None None Security Intelligence - Site de news Américain What Happens to Information After a Data Breach? 2021-10-15T16:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/8YouXeVtxu8/ www.secnews.physaphae.fr/article.php?IdArticle=3519671 False Vulnerability None None Security Intelligence - Site de news Américain A New Directive for Pipeline Operators Puts Cybersecurity in the Spotlight 2021-08-11T19:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/t2t3tgm43Kc/ www.secnews.physaphae.fr/article.php?IdArticle=3213080 False Vulnerability None None Security Intelligence - Site de news Américain Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness 2021-07-15T21:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/6a8CpSohgK8/ www.secnews.physaphae.fr/article.php?IdArticle=3074005 False Vulnerability None None Security Intelligence - Site de news Américain How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool 2021-06-22T20:15:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/AnI1Cy9XetU/ www.secnews.physaphae.fr/article.php?IdArticle=2967791 False Tool,Vulnerability,Guideline None None Security Intelligence - Site de news Américain The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash 2021-04-28T20:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/raEgYo9mWbM/ www.secnews.physaphae.fr/article.php?IdArticle=2710833 False Ransomware,Malware,Vulnerability None None Security Intelligence - Site de news Américain How Vulnerability Management Can Stop a Data Breach 2021-04-08T16:30:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/GNmhQX7eV1s/ www.secnews.physaphae.fr/article.php?IdArticle=2606341 False Data Breach,Vulnerability None None Security Intelligence - Site de news Américain What\'s My Priority? The Key Pillars of Threat Intelligence 2020-10-29T16:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/cdpzdPSXKuo/ www.secnews.physaphae.fr/article.php?IdArticle=2002502 False Vulnerability,Threat None None Security Intelligence - Site de news Américain New Vulnerability Could Put IoT Devices at Risk 2020-08-19T10:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/Vj_xeAlBIeM/ www.secnews.physaphae.fr/article.php?IdArticle=1870231 False Vulnerability None None Security Intelligence - Site de news Américain New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud 2020-08-17T10:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/Rbt_EE2PKzY/ www.secnews.physaphae.fr/article.php?IdArticle=1866332 False Vulnerability None None Security Intelligence - Site de news Américain Shellshock In-Depth: Why This Old Vulnerability Won\'t Go Away 2020-08-06T11:35:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/V8em6MHrov8/ www.secnews.physaphae.fr/article.php?IdArticle=1844957 False Vulnerability,Threat None None Security Intelligence - Site de news Américain To Rank or Not to Rank Should Never Be a Question 2020-02-20T12:30:26+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/C-FzCiBLy8Y/ www.secnews.physaphae.fr/article.php?IdArticle=1554158 False Vulnerability,Patching None None Security Intelligence - Site de news Américain TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover 2019-12-16T11:00:37+00:00 https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/ www.secnews.physaphae.fr/article.php?IdArticle=1494031 False Vulnerability None None Security Intelligence - Site de news Américain The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015 Despite the rise in vulnerability reporting, cryptojacking attacks and attacks on critical infrastructure, one threat trend has been on the decline: hacktivism. Where have all the hacktivists gone? ]]> 2019-05-16T12:00:02+00:00 https://securityintelligence.com/the-decline-of-hacktivism-attacks-drop-95-percent-since-2015/ www.secnews.physaphae.fr/article.php?IdArticle=1110232 False Vulnerability,Threat None None Security Intelligence - Site de news Américain Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control IBM X-Force found a zero-day buffer overflow vulnerability in one of the most common routers on the market that could let malicious third parties take control of the device from a remote location. ]]> 2019-04-08T10:00:03+00:00 https://securityintelligence.com/buffer-overflow-vulnerability-in-tp-link-routers-can-allow-remote-attackers-to-take-control/ www.secnews.physaphae.fr/article.php?IdArticle=1091915 False Vulnerability None None Security Intelligence - Site de news Américain Why You Should Integrate IoT Security Into Your Vulnerability Management Program Many IT professionals and executives alike are not addressing IoT security at the same level at which it's creating tangible business risks. ]]> 2019-03-19T12:00:02+00:00 https://securityintelligence.com/why-you-should-integrate-iot-security-into-your-vulnerability-management-program/ www.secnews.physaphae.fr/article.php?IdArticle=1073498 False Vulnerability None None Security Intelligence - Site de news Américain How Patch Posture Reporting Improves Security Landscapes If your vulnerability management tools do not report on your company's patch posture, you may be missing crucial holes in your software that are ripe for exploitation. ]]> 2019-03-15T20:45:02+00:00 https://securityintelligence.com/how-patch-posture-reporting-improves-security-landscapes/ www.secnews.physaphae.fr/article.php?IdArticle=1071889 False Vulnerability None None Security Intelligence - Site de news Américain Comprehensive Vulnerability Management in Connected Security Solutions To stay ahead of attackers, organizations should consider vulnerability management solutions that integrate with SIEM tools, network and threat modeling capabilities, and patch management systems. ]]> 2019-03-07T13:05:02+00:00 https://securityintelligence.com/comprehensive-vulnerability-management-in-connected-security-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=1058079 False Vulnerability,Threat None None Security Intelligence - Site de news Américain Calling Into Question the CVSS X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score. ]]> 2019-02-20T11:00:02+00:00 https://securityintelligence.com/calling-into-question-the-cvss/ www.secnews.physaphae.fr/article.php?IdArticle=1033607 False Vulnerability None None Security Intelligence - Site de news Américain How Can Companies Move the Needle on Enterprise Cloud Security Risks and Compliance? Traditional vulnerability assessments don't always show the full picture of cloud security, compliance and risk. How can enterprises get ahead of the curve? ]]> 2018-11-09T12:50:02+00:00 https://securityintelligence.com/how-can-companies-move-the-needle-on-enterprise-cloud-security-risks-and-compliance/ www.secnews.physaphae.fr/article.php?IdArticle=888373 False Vulnerability None None Security Intelligence - Site de news Américain Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers X-Force observed attackers using known Drupal vulnerabilities, including Drupalgeddon, to target websites and the underlying infrastructure that hosts them, leveraging Shellbot to open backdoors. ]]> 2018-10-10T19:10:02+00:00 https://securityintelligence.com/threat-actors-prey-on-drupalgeddon-vulnerability-to-mass-compromise-websites-and-underlying-servers/ www.secnews.physaphae.fr/article.php?IdArticle=840955 False Vulnerability,Threat None None Security Intelligence - Site de news Américain New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value 2018-09-13T12:00:04+00:00 https://securityintelligence.com/new-gartner-report-recommends-a-vulnerability-management-process-based-on-weaponization-and-asset-value/ www.secnews.physaphae.fr/article.php?IdArticle=806020 False Vulnerability None None Security Intelligence - Site de news Américain A Black Hat Veteran Reflects on the Hot Topics at This Year\'s Conference 2018-08-14T10:16:01+00:00 https://securityintelligence.com/a-black-hat-veteran-reflects-on-the-hot-topics-at-this-years-conference/ www.secnews.physaphae.fr/article.php?IdArticle=779765 False Vulnerability None None Security Intelligence - Site de news Américain How to Get the Most Out of DEF CON and Black Hat 2018 The IBM X-Force Red team is well-represented at DEF CON and Black Hat 2018, hosting sessions and panels about smart city security, vulnerability management and more. ]]> 2018-07-30T10:31:00+00:00 https://securityintelligence.com/how-to-get-the-most-out-of-def-con-and-black-hat-2018/ www.secnews.physaphae.fr/article.php?IdArticle=758499 False Vulnerability None None Security Intelligence - Site de news Américain Why the Best Defense Is a Good Offensive Security Strategy Offensive security activities like cyberattack simulations, penetration testing and vulnerability assessments can help companies identify and remediate flaws before cybercriminals can exploit them. ]]> 2018-07-19T11:15:05+00:00 https://securityintelligence.com/why-the-best-defense-is-a-good-offensive-security-strategy/ www.secnews.physaphae.fr/article.php?IdArticle=747683 False Vulnerability None None Security Intelligence - Site de news Américain Why It\'s Time to Cross Out the Checklist Approach to Vendor Security 2018-07-12T12:15:04+00:00 https://securityintelligence.com/why-its-time-to-cross-out-the-checklist-approach-to-vendor-security/ www.secnews.physaphae.fr/article.php?IdArticle=741745 False Vulnerability None None