This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-19T02:32:40+00:00 www.secnews.physaphae.fr AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Nouvelles recherches de niveauBlue révèlent 2024 Tendances de la cyber-résilience & ndash;Theresa Lanowitz & ndash;RSA24 # 2 niveaublue &Groupe de stratégie d'entreprise: un regard sur la cyber-résilience pour l'accès aux Futures & Trade de niveau complet;RAPPORT, Téléchargez une copie complémentaire ici . ]]> 2024-05-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-rsa-recap-centering-on-cyber-resilience www.secnews.physaphae.fr/article.php?IdArticle=8500829 False Conference None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-05-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/expanding-horizons-levelblues-enhances-mssp-offerings-with-government-cloud-support www.secnews.physaphae.fr/article.php?IdArticle=8500225 False Threat,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Global unrest, emerging technologies, and economic downturn all contribute to persistently high cybercrime rates and a dire need for organizations of all types to improve their security posture. There are standard ways of achieving a solid security posture that most of us will already be aware of: awareness training, regular patch management, and robust authentication methods are some examples. But in the face of increasingly frequent and sophisticated attacks, many traditional security methods are fast becoming inadequate. But this fact is no reason to panic. Tools and technologies are available that stand as a bulwark against an onslaught of both internal and external threats. The most important of these is Data Detection and Response (DDR). Please keep reading to learn more about DDR, how it can bolster your security posture, and what threats it can mitigate. What is Data Detection and Response? Data Detection and Response (DDR) is a cybersecurity solution that identifies and responds to security incidents within an organization’s IT environment. These solutions monitor data and user activity around the clock to identify and mitigate potential threats that have already penetrated the network. How Can Data Detection and Response Bolster Your Security Posture? Preventing data exfiltration is DDR’s most important function and can go a long way to bolstering your security posture. By classifying data based on its content and lineage, DDR solutions build a picture of an organization’s enterprise environment, identify the data most at risk, and establish what constitutes normal behavior. The solution can identify and act on any anomalous behavior by doing so. For example, an employee attempting to download sensitive financial information to their personal account would be deemed anomalous behavior, and the solution would either notify the security team or act to prevent the exfiltration, depending on how sophisticated the solution is. But it’s worth looking a little deeper at what we mean by classifying data: Lineage - Data lineage refers to the historical record of data as it moves through various stages of its lifecycle, including its origins, transformations, and destinations. It tracks data flow from its source systems to its consumption points, providing insights into how data is created, manipulated, and used within an organization. Content - Data classification by content involves categorizing data based on its inherent characteristics, attributes, and meaning within a specific business context or domain. It considers data type, sensitivity, importance, and relevance to business processes or analytical requirements. This distinction is important because some DDR solutions only classify data by content, which can result in false positives. To expand upon the previous example, a DDR solution classifying data by content alone would only know that an employee was trying to download a spreadsheet full of numbers, not that the spreadsheet contained financial data; this means that even if the spreadsheet contained personal, non-sensitive data, the solution would flag this to security team]]> 2024-05-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-ddr-can-bolster-your-security-posture www.secnews.physaphae.fr/article.php?IdArticle=8499447 False Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC annoncé Le lancement de niveaublue , anciennement connu sous le nom de cybersécurité AT & T.En signifiant un nouveau départ passionnant pour l'entreprise, j'ai été rejoint par le PDG de niveauBlue, Bob McCullen pour rencontrer des clients clés, des analystes et des presseurs pendant la conférence. LevelBlue propose des services de sécurité gérés stratégiques, ainsi que des consultants par des experts de pointe, des renseignements et de la détection des menaces et un soutien continu du Centre des opérations de sécurité (SOC);servant de conseiller de confiance en cybersécurité aux entreprises du monde entier.Comme l'analyste de technologie renommée Steve McDowell l'a noté & ldquo; LevelBlue émerge dans le paysage de la cybersécurité avec des actifs et une expertise importants hérités de AT & t et enrichi par l'acquisition d'Alienvault. & Rdquo; Pour célébrer l'annonce de LevelBlue, nous avons également organisé un dîner de bienvenue pour les médias auxquels les participants avaient un accès exclusif pour en savoir plus sur la formation de niveauBlue et ce qui est le prochain pour l'entreprise.Nous avons reçu d'excellents commentaires et excitation à propos de notre lancement à partir de publications notables, de cybersécurité et de technologie, notamment forbes , l'enregistrement, et la nouvelle pile. Un merci spécial à RSAC, à toute l'équipe de niveau de niveau, aux médias et à nos partenaires pour leur collaboration dans un lancement réussi.Suivez le niveaublue sur x , LinkedIn , Facebook , et YouTube Pour rester à jour sur notre voyage!

---

The 2024 RSA Conference has officially wrapped, and this year’s event served as the perfect backdrop for us to make our re-introduction to the industry. Introducing LevelBlue, the Trusted Cybersecurity Advisors On day one of RSA, we officially ]]> 2024-05-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-rsa-recap-allow-us-to-reintroduce-ourselves www.secnews.physaphae.fr/article.php?IdArticle=8498816 False Threat,Conference None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC biomimetics. Nature’s inspiration for innovation in Spacesuits and Cyber Defense Not only is nature beautiful to look at, but it is also providing us with fantastic ideas for solving complex technological problems. The concept of biomimicry, which refers to drawing inspiration from natural systems to address human challenges, is now trending heavily in fields such as cybersecurity and space exploration. Biomimicry involves the creation and development of materials, structures, and systems that are inspired by biological entities and processes. For thousands of years, humans have turned to the natural world as a source of inspiration for innovations across various domains, including transportation and entertainment. This approach has led to significant advancements, such as the design of aircraft inspired by the aerodynamics of bird wings and the development of anti-glare screens modeled after the intricate nanostructures found in moth eyes. By observing and emulating the unique characteristics of wildlife, we have continuously found ways to enhance our technological capabilities and improve the quality of our daily lives. This field not only highlights the ingenuity inherent in nature but also underscores the potential for sustainable and efficient design solutions drawn from the biological world Nature’s Influence on Cybersecurity Data Masking Inspired by Moths The humble moth, with its ability to blend into its surroundings, provides a perfect metaphor for data masking in cybersecurity. This technique involves hiding real data among fake data, thereby protecting sensitive information from prying eyes. Steganography and the Chameleon Similarly, the chameleon\'s ability to change its color to match its environment mirrors the practice of steganography in cybersecurity. This method involves hiding information within non-secret data, much like concealing a secret message within an ordinary-looking image or audio file. Digital watermarking in multimedia is a practical application of this technique, helping to secure copyrights by embedding invisible codes within files. Consider some applications in different industry verticals: Sacrificial systems and deception Inspired by how some animals like lizards can shed their tails to protect vital organs, healthcare cybersecurity could utilize "sacrificial systems" - offering up less critical systems or data as decoys to distract and study cyber attackers, buying time to strengthen protection of the most sensitive medical information. Biomimicry in Space Suits: A Journey from Earth to Beyond Radiation Protection Inspired by Fungi Recent studies have explored the potential of fungi, particularly those thriving in the radioactive wasteland of Chernobyl, to protect astronauts from cosmic rays. These fungi utilize radiation as an energy source, suggesting their potential to develop into living, self-repairing shie]]> 2024-05-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/wild-wisdom-what-technology-learns-from-the-natural-world www.secnews.physaphae.fr/article.php?IdArticle=8497111 False Studies,Medical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Pendant ce temps, la technologie progresse à un rythme effréné, tout comme les risques posés par les cybermenaces.Le rapport FUTURESTM de niveau 2024 révèle cet acte d'équilibrage délicat entre l'innovation et la sécurité.Nous avons examiné l'ensemble des problèmes commerciaux impliqués dans la résilience cyber et de cybersécurité et découvert le leadership exécutif et le leadership technique ont des opportunités pour un alignement beaucoup plus profond. Obtenez votre copie gratuite du rapport. & nbsp; La quête insaisissable de la cyber-résilience. Imaginez un monde où les entreprises sont imperméables aux cybermenaces & mdash; un monde où chaque aspect d'une organisation est sauvegardé contre les perturbations potentielles.C'est l'idéal élevé de la cyber-résilience, mais pour de nombreuses entreprises, elle reste un objectif insaisissable.L'évolution rapide de l'informatique a transformé le paysage informatique, brouillant les lignes entre les logiciels propriétaires et open-source, les systèmes hérités, les initiatives de transformation numérique du cloud computing.Bien que ces progrès apportent des avantages indéniables, ils introduisent également des risques sans précédent. Selon nos recherches, 85% des leaders informatiques reconnaissent que l'innovation informatique a le prix d'un risque accru.Dans un monde où les cybercriminels deviennent de plus en plus sophistiqués, le besoin de cyber-résilience n'a jamais été aussi urgent.Des attaques de ransomwares massives aux incidents DDOS débilitants, les entreprises opèrent dans un climat où une seule cyber violation peut avoir des conséquences catastrophiques. Exploration de la relation entre le leadership exécutif et la cyber-résilience. Notre enquête auprès de 1 050 C-suite et cadres supérieurs comprenait 18 pays et sept industries: énergie et services publics, services financiers, soins de santé, fabrication, commerce de détail, transport et SLED américain (État, gouvernement local et enseignement supérieur).Dans les prochains mois, nous publierons un rapport vertical pour chaque marché.Ce rapport Landmark a été conçu pour aider les organisations à commencer à parler plus de manière réfléchie des vulnérabilités et des opportunités d'amélioration. Dans le rapport, vous & rsquo; ll: Découvrez pourquoi les chefs d'entreprise et les chefs de technologie ont besoin de hiérarchiser la cyber-résilience. découvrez les obstacles critiques à la cyber-résilience. Découvrez les défis concernant la résilience de la cybersécurité. ]]> 2024-05-07T12:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-cyber-resilience-research-reveals-a-complex-terrain www.secnews.physaphae.fr/article.php?IdArticle=8496672 False Ransomware,Vulnerability,Medical,Cloud,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ici . En 2022, j'ai fondé ma société de capital-investissement, Willjam Ventures, et depuis lors, nous avons tenu une expérience exceptionnelle à investir et à opérer les entreprises de cybersécurité de classe mondiale.Ce dernier investissement dans LevelBlue ne fait pas exception, ce qui témoigne de cet engagement.Nous sommes enthousiasmés par l'opportunité à venir pour LevelBlue.Ici & rsquo; s pourquoi: & # 9679; sa mission & ndash;pour simplifier la sécurité et faire de la cyber-résilience un résultat réalisable & ndash;est essentiel au succès des entreprises. Alors que les organisations continuent d'innover, des technologies telles que l'intelligence artificielle (IA) et le cloud computing créent un paysage de menace plus dynamique et élargi.Avec LevelBlue, les organisations n'ont plus besoin de sacrifier l'innovation avec la sécurité et le ndash;Ils réalisent les deux, avec confiance.Avec plus de 1 300 employés axés sur cette mission, LevelBlue propose des services de sécurité stratégiques, notamment des services de sécurité gérés primés, des conseils stratégiques expérimentés, des renseignements sur les menaces et des recherches révolutionnaires & ndash;Servir de conseiller de confiance pour les entreprises du monde entier. & # 9679; LevelBlue rassemble certains des esprits les plus talentueux et les plus brillants de la cybersécurité. Tout comme tout voyage, les organisations ne devraient pas se lancer dans leur voyage de cybersécurité seul.C'est là que LevelBlue entre en jeu. Chaque membre de notre équipe de conseil a en moyenne 15 ans d'expérience en cybersécurité, détenant les dernières certifications et connaissances en travaillant avec des organisations de différents types et tailles.Je suis également ravi d'être rejoint par Sundhar Annamalai, le président de LevelBlue, qui a plus de 20 ans d'expérience dans les services technologiques et l'exécution stratégique pour aider notre entreprise à de nouveaux sommets. & # 9679; La société a une histoire de longue date de la recherche de recherches à l'avenir et neutres. Les conseillers de confiance tiennent leurs clients informés sur les dernières tendances avant qu'elles ne se produisent, et c'est à cela que LevelBlue est le meilleur.Avec la plate-forme de renseignement sur les menaces de niveau Blue, ainsi que les rapports de recherche de l'industrie de l'entreprise (plus à venir sur ce blog), les clients peuvent rester en une étape avant les dernières cyber-menaces, tout en acquittent des informations précieuses sur la façon d'allouer correctement allouéRessources de cybersécurité. La cyber-résilience n'est pas facilement définie, et elle n'est pas facilement réalisable sans le soutien nécessaire.Les services de cybersécurité stratégiques de niveauBlue aideront à résoudre ce défi à une époque où il a le plus besoin.Nous avons la bonne équipe, la bonne technologie et au bon moment dans le temps & ndash;Je suis ravi pour le voyage à venir. Pour ceux de la conférence RSA, nous vous invitons à venir en savoir plus sur LevelBlue en visitant le stand # 6155 à Moscone North Expo.Nous sommes impatients de nous présenter à vous.

---

Today is a monumental day for the cybersecurity industry. Live from RSA Conference 2024, I’m excited to introduce LevelBlue – a joint venture with AT&T and WillJam Ventures, to form a new, standalone managed security services busines]]> 2024-05-06T14:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introducing-levelblue-elevating-business-confidence-by-simplifying-security www.secnews.physaphae.fr/article.php?IdArticle=8496673 False Threat,Cloud,Conference None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC phishing/scams is by end-user education and communication with the IT department. In a recent incident, a fake “Microsoft Security Alert” domain targeted one of our Managed Endpoint Security with SentinelOne customers, causing alarm for the end users and IT staff, but fortunately, the end user did not fall into the trap of calling the fraudulent number. The customer immediately contacted their assigned Threat Hunter for support and guidance, and the Threat Hunter was able to quickly utilize the security measures in place, locate multiple domains, and report them to the Alien Labs threat intelligence team. AT&T Cybersecurity was one of the first cybersecurity companies to alert on the domains and share the information via the Open Threat Exchange (OTX) threat intelligence sharing community, helping other organizations protect against it. Investigation Initial Alarm Review Indicators of Compromise (IOCs) The initial security layers failed to raise alarms for several reasons. First, the firewalls did not block the domain because it was newly registered and therefore not yet on any known block lists. Second, the platform did not create any alarms because the domain’s SSL certificates were properly configured. Finally, the EDR tool did not alert because no downloads were initiated from the website. The first indication of an issue came from an end user who feared a hack and reported it to the internal IT team. Utilizing the information provided by the end user, the Threat Hunter was able to locate the user\'s asset. Sniffing the URL data revealed a deceptive “Microsoft Security Alert” domain and a counterfeit McAfee website. These were detected largely because of improvements recommended during the customer\'s monthly meetings with the Threat Hunter, including a recommendation to activate the SentinelOne Deep Visibility browser extension, which is the tool that was instrumental in capturing URL information with greater accuracy after all the redirects. Figure I – Fake Microsoft Support page Figure 2 – Fake McAfee page Artifact (Indicator of Compromise) IOC Fake McAfee Page bavareafastrak[.]org Website Hosting Scam Pages Galaxytracke[.]com Zip file hash Tizer.zip - 43fb8fb69d5cbb8d8651af075059a8d96735a0d5 Figure 3 – Indicators of compromise Expanded Investigation Events Search With the understanding that the e]]> 2024-05-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-combating-security-alert-scams www.secnews.physaphae.fr/article.php?IdArticle=8491736 False Hack,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC date: Displays the current date and time. ]]> 2024-04-30T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/volatile-data-acquisition-from-live-linux-systems-part-i www.secnews.physaphae.fr/article.php?IdArticle=8491341 False Tool,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC millions of dollars due to fraud every year, according to the FTC. Online shopping is the number one avenue where this money is lost, with bad investments and illegitimate businesses falling close behind. There is an increasing amount of ways that scammers can have access to your information or social engineer you into spending money. Some examples include phishing emails, password attacks, and malware. Often, hackers will also target people whom they profile as gullible. Charity scams are unfortunately rampant, including scammers pretending to be charitable organizations like the Red Cross. These crop up when disaster strikes, and they masquerade as legitimate ways to donate. Other scammers will pretend to be individuals in need, family members, or even government organizations. Instead, the money goes to illegitimate scammers. To avoid this, you should always double-check links and, more importantly, log in to a reputable site when entering any credit card or banking information. Financial institutions are surprisingly not the most targeted, but they are still rife with sensitive info that can be vulnerable to hackers if not guarded correctly. Cybersecurity in online banking is extremely important. There can be data breaches, customer phishing scams, and even offshore banking transparency issues. Enhanced security must be in place to prevent these scams, including encryption, multi-factor authentication, threat detection, and biometrics. Why Stronger Biometrics Are Necessary Physical biometrics are the most common form of biometrics employed for financial security currently. However, bad actors have learned how to bypass these physical barriers. Printed-out photos can work for face identification, and fingerprints and palm prints can be stolen and imprinted onto soft surfaces and then used for sign-ins. Evolving threats demand cybersecurity measures that are as far advanced as possible. Behavioral biometrics takes things a step further by analyzing the behavior patterns of device users. Then, these patterns can be developed over time and set to be recognized by the device. These behaviors can be digital or in-person and include factors like: Gait; Posture; Signatures;]]> 2024-04-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/enhancing-financial-security-through-behavioral-biometrics www.secnews.physaphae.fr/article.php?IdArticle=8490698 False Malware,Threat Deloitte 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-04-24T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/understanding-how-rationality-deterrence-theory-and-indeterminism-influence-cybercrime www.secnews.physaphae.fr/article.php?IdArticle=8488070 False Tool,Vulnerability,Studies,Legislation,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC UNECE R155 regulation unfolds as a carefully crafted framework designed to preemptively address the burgeoning threat landscape in the automotive sector. Rooted in the principle of proactive defense, R155 isn\'t just about compliance; it represents a paradigm shift in how vehicle cybersecurity is perceived and integrated. At its core, the regulation mandates the establishment of a Cybersecurity Management System (CSMS), compelling manufacturers to weave a tapestry of cyber resilience that spans the entire lifecycle of a vehicle. The ambition of R155 is pretty clear at this point: to transform the automotive industry\'s approach to cybersecurity from reactive patchwork to a strategic, foundational pillar. This involves not only the adoption of \'security by design\' principles but also a commitment to continual vigilance and adaptation in the face of evolving cyber threats. The regulation, thus, sets the stage for a future where vehicles are not merely transport mechanisms but fortified nodes within an expansive network of connected mobility. The Journey to CSMS Certification The path to CSMS certification under R155 is a clear yet challenging journey that demands attention to detail and a commitment to security from vehicle manufacturers. This process starts with a considerable risk assessment, where manufacturers must identify any potential cybersecurity risks within their vehicles. This step is crucial for understanding where vulnerabilities might exist and how they can be addressed to ensure vehicles are secure. Following this, the principle of \'security by design\' becomes central to the certification process. This means that from the very beginning of designing a vehicle, cybersecurity needs to be a key consideration. It\'s about making sure that security measures are built into the vehicle from the start, rather than being added on later. This approach challenges manufacturers to think about cybersecurity as an integral part of the vehicle, just like its engine or wheels. Achieving certification is a team effort that involves not only the manufacturers but also suppliers and regulatory bodies. It\'s about working together to make sure that every part of the vehicle, from its software to its hardware, meets the high security standards set out by R155. Addressing R155 Implementation Challenges As manufacturers and suppliers are gearing up to align with the R155 regulation, however, they encounter a set of practical challenges that test their adaptability and foresight. One of the most sign]]> 2024-04-23T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-impact-of-unece-r155-on-automotive-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8487607 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC With the rise of remote and flexible work arrangements, Bring Your Own Device (BYOD) programs that allow employees to use their personal devices for work are becoming increasingly mainstream. In addition to slashing hardware costs, BYOD improves employee satisfaction by 56% and productivity by 55%, a survey by Crowd Research Partners finds. Yet, cybersecurity remains a concern for businesses. 72% are worried about data leakage or loss, while 52% fear the potential for malware on personal devices. But by implementing a strong BYOD policy and educating your employees on cybersecurity best practices, you can reap the benefits of BYOD without putting your company assets and data at risk. Put a Formal BYOD Policy in Place Just as your business has acceptable use policies in place for corporate devices, similar policies for personal devices are just as important. Your company’s BYOD policy should provide your employees with clear rules and guidelines on how they can use their devices safely at work without compromising cybersecurity. This policy should cover: Devices, software, and operating systems that can be used to access digital business resources Devices, software, and operating systems that can’t be used to access digital business resources Policies that outline the acceptable use of personal devices for corporate activities Essential security measures employees must follow on personal devices (such as, complex passwords and regular security updates) Steps employees must follow if their device is stolen or lost (like immediately report it to their manager or IT department) A statement that your business will erase company-related data from lost or stolen devices remotely What happens if an employee violates your BYOD policy (are you going to revoke certain access privileges? If you give employees an allowance to cover BYOD costs, will you freeze the funds? Provide additional corrective training?). Don’t forget to also include a signature field the employee must sign in to indicate their agreement with your BYOD policies. The best time to introduce employees to the policy is during onboarding or, for existing employees, during the network registration process for the BYOD device. Setting expectations and educating your employees is essential to protect both company data and employee privacy. Basic Cybersecurity Training When putting together your BYOD employee training program, don’t make the mistake of thinking basic device security is too…basic. It’s not. Since personal devices are usually less secure than corporate devices, they’re generally at a greater risk of data breaches, viruses, and loss or theft. Comprehensive user education that includes the basics is therefore all the more important to mitigate these risks. So as a basic rule, your employees should know not to allow their devices to auto-connect to public networks. If, on rare occasions, employees really do need to access company data on an open network, they should use a virtual private network (VPN). VPNs encrypt data and hide we]]> 2024-04-22T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/bring-your-own-device-how-to-educate-your-employees-on-cybersecurity-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8487608 False Malware,Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Apache Log4j library vulnerability, which posed serious security risks. And this is not an isolated incident. Using open-source software necessitates thorough Software Composition Analysis (SCA) to identify these security threats. Organizations must integrate SCA tools into their development workflows while also being mindful of their limitations. Why SCA Is Important Open-source components have become crucial to software development across various industries. They are fundamental to the construction of modern applications, with estimates suggesting that up to 96% of the total code bases contain open-source elements. Assembling applications from diverse open-source blocks presents a challenge, necessitating robust protection strategies to manage and mitigate risks effectively. Software Composition Analysis is the process of identifying and verifying the security of components within software, especially open-source ones. It enables development teams to efficiently track, analyze, and manage any open-source element integrated into their projects. SCA tools identify all related components, including libraries and their direct and indirect dependencies. They also detect software licenses, outdated dependencies, vulnerabilities, and potential exploits. Through scanning, SCA creates a comprehensive inventory of a project\'s software assets, offering a full view of the software composition for better security and compliance management. Although SCA tools have been available for quite some time, the recent open-source usage surge has cemented their importance in application security. Modern software development methodologies, such as DevSecOps, emphasize the need for SCA solutions for developers. The role of security officers is to guide and assist developers in maintaining security across the Software Development Life Cycle (SDLC), ensuring that SCA becomes an integral part of creating secure software. Objectives and Tasks of SCA Tools Software Composition Analysis broadly refers to security methodologies and tools designed to scan applications, typically during development, to identify vulnerabilities and software license issues. For effective management of open-source components and associated risks, SCA solutions help navigate several tasks: 1) Increasing Transparency A developer might incorporate various open-source packages into their code, which in turn may depend on additional open-source packages unknown to the developer. These indirect dependencies can extend several levels deep, complicating the understanding of exactly which open-source code the application uses. Reports indicate that 86% of vulnerabilities in node.js projects stem from transitive (indirect) dependencies, w]]> 2024-04-17T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introduction-to-software-composition-analysis-and-how-to-select-an-sca-tool www.secnews.physaphae.fr/article.php?IdArticle=8484209 False Tool,Vulnerability,Threat,Patching,Prediction,Cloud,Commercial None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC nuanced approach to cybersecurity—one that not only fortifies defenses but also resonates with and supports the people behind the screens. Integrating human-centric design with continuous threat management emerges as a forward-thinking strategy, promising a balanced blend of technical excellence and user empathy to navigate the complex cybersecurity challenges of today and tomorrow. Embracing the Human Element in Cybersecurity Diving into the realm of human-centric security design and culture, it\'s clear that the future of cybersecurity isn\'t just about the latest technology—it\'s equally about the human touch. This approach puts the spotlight firmly on enhancing the employee experience, ensuring that cybersecurity measures don\'t become an unbearable burden that drives people to take shortcuts. By designing systems that people can use easily and effectively, the friction often caused by stringent security protocols can be significantly reduced. Gartner\'s insights throw a compelling light on this shift, predicting that by 2027, half of all Chief Information Security Officers (CISOs) will have formally embraced human-centric security practices. This isn\'t just a hopeful guess but a recognition of the tangible benefits these practices bring to the table—reducing operational friction and bolstering the adoption of essential controls. This strategic pivot also acknowledges a fundamental truth. When security becomes a seamless part of the workflow, its effectiveness skyrockets. It\'s a win-win, improving both the user experience and the overall security posture. CTEM: Your Cybersecurity Compass in Stormy Seas Imagine that your organization\'s cybersecurity landscape isn\'t just a static battleground. Instead, it’s more like the open sea, with waves of threats coming and going, each with the potential to breach your defenses. That\'s where Continuous Threat Exposure Management (CTEM) sails in, serving as your trusted compass, guiding you through these treacherous waters. CTEM isn\'t your average, run-of-the-mill security tactic. It\'s about being proactive, scanning the horizon with a spyglass, looking for potential vulnerabilities before they even become a blip on a hacker\'s radar. Think of it as your cybersecurity early-warning system, constantly on the lookout for trou]]> 2024-04-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecuritys-human-factor-merging-tech-with-people-centric-strategies www.secnews.physaphae.fr/article.php?IdArticle=8483336 False Vulnerability,Threat,Studies,Prediction,Medical,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-04-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-lifecycle-of-a-digital-file www.secnews.physaphae.fr/article.php?IdArticle=8482607 False Tool None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-04-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/microsoft-bing-ai-chat-is-a-bigger-security-issue-than-it-seems www.secnews.physaphae.fr/article.php?IdArticle=8479215 False Ransomware,Tool,Vulnerability ChatGPT 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua]]> 2024-04-09T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-hidden-threat-in-plain-sight-analyzing-subtextual-attacks-in-digital-communications www.secnews.physaphae.fr/article.php?IdArticle=8478586 False Ransomware,Tool,Vulnerability,Threat,Medical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also ]]> 2024-04-08T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/10-strategies-to-fortify-scada-system-security www.secnews.physaphae.fr/article.php?IdArticle=8478096 False Vulnerability,Threat,Patching,Legislation,Industrial None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 98% of U.S. organizations report being slightly to extremely vulnerable to them. This figure reveals how many are unconfident in their existing deterrents, highlighting the importance of preventative efforts. Even if you don’t believe anyone at your workplace would intentionally cause damage, you should still be wary — insider threats aren’t always malicious. Negligent employees are responsible for 60% of data breaches, meaning carelessness is a more common driver. Unfortunately, the fact that negligence is the primary driver of insider threat attacks isn’t a good thing — it means a single misclick could put your entire organization at risk. Robust access controls are among the best solutions to this situation since they can prevent careless employees from leaking data or unintentionally escalating an attacker’s permissions. Access control mechanisms are crucial for threat mitigation The main way robust access control mechanisms are crucial for addressing insider threats is through unauthorized access mitigation. Employees, whether acting negligently or with ill intent, won’t be able to do any damage to your organization when their permissions limit them from retrieving or editing sensitive data storage systems. No matter how long you’ve spent in the IT department, you know how irresponsible some employees are when dealing with sensitive data, intellectual property or identifiable details. Access control mechanisms keep information assets out of reach of most of the people in your organization, safeguarding them from being tampered with or exfiltrated. If an attacker successfully enters your organization’s systems or network, robust access control mechanisms restrict their lateral movement. Since they aren’t authorized personnel, they aren’t granted meaningful permissions. This act minimizes the damage they can do and prevents them from compromising anything else. Even if an attacker has one of your colleague’s lost or stolen devices, access controls block them from being able to do anything meaningful. Authentication measures prevent them from accessing your organization’s systems and exfiltrating sensitive data. It also helps keep them from escalating their privileges, minimizing their impact. With robust access control mechanisms, you can quickly identify indicators of compromise (IOCs) to stop threats before they become an issue. For example, spotting concurrent logins on a single user account means an attacker is using legitimate credentials, indicating a brute force, phishing or keylogging attack. Which access control systems should you implement? Although insider threats pose an issue regardless of your industry or organization’s size, you can find ways to prevent them from doing any damage. You should consider implementing access control systems to detect and deter unauthorized action, mitigating data breaches and system compromises. A standard system to consid]]> 2024-04-03T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-role-of-access-controls-in-preventing-insider-threats www.secnews.physaphae.fr/article.php?IdArticle=8475125 False Tool,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC A Noida woman was duped out of over Rs 11 lakh (approximately $13,500 USD) in a digital arrest scam. The scammers, posing as police officers, convinced her that her identity was used in illicit activities and her involvement carried severe legal ramifications. Through prolonged interrogation on a video call, they led her to transfer the funds under the guise of protection. Case II: A 23-year-old woman was defrauded of Rs 2.5 lakh (approximately $3,000 USD) after fraudsters convinced her that her Aadhaar card details were linked to human trafficking activities. Facing threats of arrest and social humiliation, she was coerced into transferring money]]> 2024-04-02T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/digital-arrests-the-new-frontier-of-cybercrime www.secnews.physaphae.fr/article.php?IdArticle=8474670 False Vulnerability,Threat,Legislation,Prediction,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-04-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-the-good-bad-and-scary www.secnews.physaphae.fr/article.php?IdArticle=8473954 False Ransomware,Tool,Prediction,Medical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems. Let\'s take a look at these techniques: 1. Vulnerability Detection Syntax: nmap -sV --script=vulners Nmap\'s vulnerability detection feature, facilitated by the \'vulners\' script, enables users to identify outdated services susceptible to known security vulnerabilities. By querying a comprehensive vulnerability database, Nmap provides valuable insights into potential weaknesses within target systems. 2. Idle Scanning Syntax: nmap -sI Idle scanning represents a stealthy approach to port scanning, leveraging a "zombie" host to obfuscate the origin of scan requests. By monitoring changes in the zombie host\'s IP identification number (IP ID) in response to packets sent to the target, Nmap infers the state of the target\'s ports without direct interaction. 3. Firewall Testing (Source Port Spoofing) Syntax: nmap --source-port This technique involves testing firewall rules by sending packets with unusual source ports. By spoofing the source port, security professionals can evaluate the effectiveness of firewall configurations and identify potential weaknesses in network defenses. 4. Service-Specific Probes (SMB Example) Syntax: nmap -sV -p 139,445 --script=smb-vuln* Nmap\'s service-specific probes enable detailed examination of services, such as the Server Message Block (SMB) protocol commonly used in Windows environments. By leveraging specialized scripts, analysts can identify vulnerabilities and assess the security posture of target systems. 5. Web Application Scanning (HTTP title grab) Syntax: nmap -sV -p 80 --script=http-title Web application scanning with Nmap allows users to gather information about web servers, potentially aiding in vulnerability identification and exploitation. By analyzing HTTP response headers, Nmap extracts valuable insights about target web applications and server configurations. Nmap Scripting Engine: One of the standout features of Nmap is its robust scripting engine (NSE), which allows users to extend the tool\'s functionality through custom scripts and plugins. NSE scripts enable users to automate tasks, perform specialized scans, gather additional information, and even exploit vulnerabilities in target systems. nmap --script-help scriptname Shows help about scripts. For each script matching the given specification, Nmap prints the script name, its categories, and its description. The specifications are the same as those accepted by --script; so, for example if you want help about the ssl-enum-ciphers script, you would run nmap --script-help ssl-enum-ciphers Users can leverage existing NSE scripts or develop custom scripts tailored to their specific requirements. ]]> 2024-03-27T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/advanced-nmap-scanning-techniques www.secnews.physaphae.fr/article.php?IdArticle=8471442 False Tool,Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC expansion of the attack surface as a significant risk for corporate cyber environments in the upcoming years. The most vulnerable entities include IoT devices, cloud apps, open-source systems, and complex software supply chains. There is an increasing demand for concepts like Cyber Asset Attack Surface Management (CAASM), External Attack Surface Management (EASM), and Cloud Security Posture Management (CSPM) in corporate security frameworks. This trend is also documented in Gartner\'s "hype" chart. Let\'s discuss the concept of CAASM, which is centered on identifying and managing all digital assets within an organization, whether they are internal or external. This approach aims to provide a comprehensive view and control over the organization\'s cyber environment, enhancing security measures and management practices. What Is CAASM CAASM assists IT departments in achieving end-to-end visibility of a company\'s cyber assets. This strategy creates a fuller understanding of the actual state of the infrastructure, enabling the security team to respond promptly to existing threats and potential future ones. CAASM-based products and solutions integrate with a broad array of data sources and security tools. CAASM gathers and aggregates data and analyzes perimeter traffic, providing a continuous, multi-dimensional view of the entire attack surface. Having access to current asset data enables information security officers to visualize the infrastructure and address security gaps promptly. They can prioritize the protection of assets and develop a unified perspective on the organization\'s actual security posture. This sets the stage for proactive risk management strategies. Exploring CAASM\'s Core Functions The CAASM approach equips security professionals with a variety of tools necessary for effectively managing an organization\'s attack surface and addressing risks. Asset Discovery A lack of visibility into all of an organization\'s assets heightens the risk of cyberattacks. Cyber Asset Attack Surface Management products automatically detect and catalog every component of a company\'s digital infrastructure, encompassing local, cloud, and various remote systems, including shadow IT. A company employing CAASM gains a clear overview of all its deployed web applications, servers, network devices, and cloud services. CAASM facilitates a comprehensive inventory of the devices, applications, networks, and users constituting the company\'s attack surface. Vulnerability Detection It is important to understand the risks each asset poses, such as missing the latest security updates or opportunities to access sensitive data. CAASM systems integrate asset data, helping security teams identify misconfigurations, vulnerabilities, and oth]]> 2024-03-26T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-growing-importance-of-caasm-in-company-cybersecurity-strategy www.secnews.physaphae.fr/article.php?IdArticle=8470766 False Ransomware,Tool,Vulnerability,Threat,Prediction,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the]]> 2024-03-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/decoding-the-cybersecurity-implications-of-ais-rapid-advancement www.secnews.physaphae.fr/article.php?IdArticle=8470065 False Spam,Tool,Vulnerability,Threat,Prediction,Technical Deloitte 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC previous blog, we explored the significance of host discovery techniques using Nmap, Netdiscover, and Angry IP Scanner. Now, let\'s dive deeper into the network reconnaissance and focus specifically on the powerful features offered by Nmap. Renowned for its versatility and robust feature set, Nmap enables analysts to probe networked systems, map network topology, identify open ports, detect services, and even determine operating system details. Its command-line interface, coupled with a myriad of options and scripting capabilities, makes it an indispensable asset for security professionals, network administrators, and ethical hackers alike. I have used a virtual environment created mainly for demonstration purposes to see these scanning techniques in action, Target machine for this demonstration is metasploitable2 (192.168.25.130), Attacker Machine is Kali Linux (192.168.25.128). We already have seen how to discover hosts in a networked environment in our previous blog. Additionally, you can refer to nmap.org for better understanding of these techniques. Let\'s take a look at different techniques nmap offers: 1. TCP SYN scan (-sS): The TCP SYN scan, also known as a half-open scan, sends SYN pack]]> 2024-03-19T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/nmap-scanning-techniques www.secnews.physaphae.fr/article.php?IdArticle=8466770 False Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC biometric verification, it also raises privacy concerns.  This technology, though handy, could be exploited by cybercriminals. For instance, a recent paper by Rutgers University shows that hackers could use common virtual reality (AR/VR) headsets with motion sensors to capture facial movements linked to speech. This could lead to the theft of sensitive data communicated through voice commands, like credit card numbers and passwords.  ]]> 2024-03-18T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/exploring-the-risks-of-eye-tracking-technology-in-vr-security www.secnews.physaphae.fr/article.php?IdArticle=8466101 False Tool,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC https://www.scmagazine.com/news/spyware-behind-nearly-50-of-zeros-days-targeting-google-products). ]]> 2024-03-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/commercial-spyware-the-stealthy-threat www.secnews.physaphae.fr/article.php?IdArticle=8463833 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Mobile,Commercial None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1.    Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. ]]> 2024-03-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/25-essential-cybersecurity-tips-and-best-practices-for-your-business www.secnews.physaphae.fr/article.php?IdArticle=8463764 False Ransomware,Malware,Tool,Vulnerability,Mobile,Cloud LastPass 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC GoProxies have become indispensable allies in the quest to boost e-commerce success. What exactly are proxies? Imagine you want to send a gift without revealing your identity. You might ask a friend to deliver it for you. That\'s what a proxy does — it\'s your discreet friend in the world of the internet, passing along requests and responses so your online presence remains anonymous and secure. A cloak of invisibility for market research ]]> 2024-03-12T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-role-of-proxies-in-e-commerce-boosting-online-retail-success www.secnews.physaphae.fr/article.php?IdArticle=8462712 False Tool,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-03-11T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/incident-readiness-is-crucial-for-state-and-local-governments www.secnews.physaphae.fr/article.php?IdArticle=8462048 False Ransomware,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AI governance  framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from]]> 2024-03-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/securing-ai www.secnews.physaphae.fr/article.php?IdArticle=8460259 False Tool,Vulnerability,Threat,Mobile,Medical,Cloud,Technical ChatGPT 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC significantly impacting senior citizens, who often lose their entire bank, savings, retirement or investment accounts to such crime”, CNBC reports. Notably, as of August 2023, damages stemming from tech support scams surged by 40%, compared to the corresponding period in 2022, a recent FBI public advisory reveals (specifics on the total financial impact, however, weren’t disclosed). 50% of people targeted were over 60 years old, accounting for 66% of the total financial damages. Financial predation: exploiting seniors\' savings Ample financial resources, technological unfamiliarity, and a generally trusting nature collectively makes the elderly a prime target for phantom hacker scams. “Older adults have generally amassed a larger nest egg than younger age groups, and therefore pose a more lucrative target for criminals. Older adults are also particularly mindful of potential risks to their life savings,” Gregory Nelsen, FBI Cleveland special agent in charge, said in a statement. “These scammers are cold and calculated,” he added. “The criminals are using the victims’ own attentiveness against them”. Additionally, older adults may be less familiar with the intricacies of technology and cybersecurity, making them more susceptible to manipulation and deception. And, due to the generally polite and trusting nature of seniors, scammers can have an easier time establishing rapport and gaining the trust needed to pull off their scams.  ]]> 2024-03-06T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/phantom-hacker-scams-targeting-seniors-are-on-the-rise www.secnews.physaphae.fr/article.php?IdArticle=8459765 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-03-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/exploring-host-discovery-techniques-in-a-network www.secnews.physaphae.fr/article.php?IdArticle=8459248 False Tool None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-03-04T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/navigating-the-cybersecurity-landscape-a-deep-dive-into-effective-siem-strategies www.secnews.physaphae.fr/article.php?IdArticle=8458887 False Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies.  Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives  54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud]]> 2024-02-29T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-governance-and-preserving-privacy www.secnews.physaphae.fr/article.php?IdArticle=8456899 False Studies,Prediction,Cloud,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC get the 2022 report). Get the complimentary 2023 report.   The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Energy and Utilities-specific respondents equal 203. At the onset of our research, we established the following hypotheses. ·       Momentum edge computing has in the market. ·       Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. ·       Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED- delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the energy and utilities industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that energy and utilities leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common t]]> 2024-02-28T13:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/get-the-att-cybersecurity-insightsreport-focus-on-energy-and-utilities www.secnews.physaphae.fr/article.php?IdArticle=8456418 False Ransomware,Studies None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-02-28T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/att-cybersecurity-announces-2024-partner-of-the-year-award-winners www.secnews.physaphae.fr/article.php?IdArticle=8456363 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Virtualization is achieved using a hypervisor, which splits CPU, RAM, and storage resources between multiple virtual machines (VMs). Each VM behaves like a separate computer that gets a guest operating system and each VM is independent of each other. This allows organizations to run multiple OS instances on a single server. Containerization, on the other hand, runs a single host OS instance and uses a container engine to help package applications into container images that can be easily deployed and re-used. By splitting each individual application function or microservice into containers they can operate independently to improve enterprise resilience and scalability. Kubernetes then manages the orchestration of multiple containers. VMs and containers present very different security challenges so let’s look at the evolution of endpoint security and the solutions that meet the needs of complex customer environments. Securing endpoints For decades, organizations have heavily relied on antivirus (AV) software to secure endpoints. However, traditional antivirus worked by matching known malicious signatures in a database and can no longer protect against today’s sophisticated threats. Modern endpoint security solutions are less signature-based and much more behavior-based. Endpoint protection platforms (EPP) offer cloud native architectures that provide a layered defense against fileless attacks using machine learning and behavioral AI to protect against malicious activity. Endpoint detection and response (EDR) solutions went beyond protection by recording and storing endpoint-system level behaviors to detect malicious threats.  EDR solutions use data analytics combined with threat intelligence feeds to provide incident responders with the forensic data for completing investigations and threat hunting. In addi]]> 2024-02-27T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-endpoint-evolution www.secnews.physaphae.fr/article.php?IdArticle=8455968 False Malware,Tool,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC statistics: · Social engineering is implicated in 98% of all cyberattacks · Approximately 90% of malicious data breaches occur due to social engineering · The typical organization faces over 700 social engineering attacks each year · The average cost incurred from a social engineering attack is about $130,000 ]]> 2024-02-26T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/building-cyber-resilience-against-ai-powered-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8455446 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-02-23T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/detecting-anomalous-o365-logins-and-evasion-techniques www.secnews.physaphae.fr/article.php?IdArticle=8454066 False Tool,Threat,Mobile,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC critical role of cybersecurity in safeguarding your financial assets and personal information from the evolving risks associated with online banking. Risks associated with online banking Engaging in online banking exposes you to various risks that demand your vigilance. Financial data breaches, where cybercriminals exploit vulnerabilities to gain unauthorized access to sensitive information, pose a significant threat.  Phishing attacks, disguised as legitimate communications, aim to trick you into disclosing personal details. Additionally, identity theft, a direct consequence of these breaches, can lead to severe financial implications. Recognizing these risks is the first step in fortifying your online banking experience and ensuring the protection of your valuable information. Beyond individual concerns, these risks reverberate through financial institutions, impacting their reputation. Financial losses and unauthorized activities not only harm individuals but also erode the trust customers place in their banks and reputational damage becomes a looming threat for financial institutions, highlighting the critical need for comprehensive cybersecurity measures. Offshore banking risks Offshore banking, while offering financial privacy and potential tax advantages, poses certain risks that individuals should be aware of.  One significant concern is the potential for increased susceptibility to financial fraud and money laundering due to the less stringent regulations in some offshore jurisdictions. Additionally, the lack of transparency in offshore banking systems may create challenges in recovering funds in the event of disputes or legal issues. It\'s crucial for individuals engaging in offshore banking to carefully evaluate the regulatory environment, conduct thorough due diligence on financial institutions, and be aware of the potential risks associated with this financial strategy. The impact of cyber-attacks on individuals and financial institutions The fallout from cyber-attacks extends far beyond individual victims, leaving lasting effects on financial institutions. Instances of financial losses and unauthorized activities not only harm individuals but also erode the trust customers place in their banks. The repercussions of cyber-attacks reverberate through the broader financial landscape, extending well beyond the immediate impact on individual victims.  It is sobering to consider that when a financial institution falls victim to a cyber-attack, the consequences are felt on a systemic level. Instances of financial losses and unauthorized activities create a ripple effect, compromising the overall integrity of the affected institution. The fallout includes not only the immediate financial implications]]> 2024-02-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-importance-of-cybersecurity-in-online-banking www.secnews.physaphae.fr/article.php?IdArticle=8453618 False Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Security Operations Center (SOC) is SOC analysts are overwhelmed by the sheer number of alerts that come from Security Information Event Management (SIEM). Security teams are bombarded with low fidelity alerts and spend considerable time separating them from high fidelity alerts. The alerts come from almost any sources across the enterprise and is further compounded with too many point solutions and with multi-vendor environment. The numerous tools and lack of integration across multiple vendor product solutions often require a great deal of manual investigation and analysis. The pressure that comes with having to keep up with vendor training and correlate data and logs into meaningful insights becomes burdensome. While multi-vendor, multi-source, and multi-layered security solutions provides a lot of data, without ML and security analytics, it also creates a lot of noise and a disparate view of the threat landscape with insufficient context. SOAR Traditional Security Orchestration and Automation Response (SOAR) platforms used by mature security operations teams to develop run playbooks that automate action responses from a library of APIs for an ecosystem of security solution is complex and expensive to implement, manage, and maintain. Often SOCs are playing catch up on coding and funding development cost for run playbooks making it challenging to maintain and scale the operations to respond to new attacks quickly and efficiently. XDR Extended Detection and Response (XDR) solves a lot of these challenges with siloed security solutions by providing a unified view with more visibility and better context from a single holistic data lake across the entire ecosystem. XDR provides prevention as well as detection and response with integration and automation capabilities across endpoint, cloud, and network. Its automation capabilities can incorporate basic common SOAR like functions to API connected security tools. It collects enriched data from multiple sources and applies big data and ML based analysis to enable response of policy enforcement using security controls throughout the infrastructure. AI in the modern next gen SOC The use of AI and ML are increasingly essential to cyber operations to proactively identify anomalies and defend against cyber threats in a hyperconnected digital world. Canalys research estimates suggest that more than 7]]> 2024-02-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-modern-next-gen-soc-powered-byai www.secnews.physaphae.fr/article.php?IdArticle=8453135 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Anyone that utilizes technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so it is necessary that the methods of detecting and preventing these threats do so at an even more rapid pace. However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. The way in which we work has changed not just in where but also in how. Today employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations including on these devices, within corporate data centers, and in the cloud. This means that organizations likely need more than one technology to defend their endpoints against security breach or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine which are ideal for your particular environment. This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences, and explain how they can complement each other. This is not intended to be an exhaustive list and it should be noted that there are some technologies that may fall into more than one category, for example, endpoint and cloud security. Four key endpoint security technologies To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers. Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment.​ But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds. ​Although this may seem trivial, it is important to note because they all represent entry points into the network that can be exploited and opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter: Unified endpoint management (UEM) or mobile device management (MDM): There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once the devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located. A key feature of both UEM and MDM is that they allow an organization to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest O]]> 2024-02-20T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/a-fundamental-guide-to-endpoint-security www.secnews.physaphae.fr/article.php?IdArticle=8452746 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC SecureIQLab evaluated USM Anywhere across multiple attack scenarios that incorporated a wide range of real-world threats and attack stages. The unbiased results confirm what our customers already know: organizations can depend on our XDR platform to help identify and respond to advanced threats before they become a problem. USM Anywhere performed exceptionally well during testing to determine how accurate it is at detecting, correlating, and classifying threats—securing an overall score of 97.6%. In incident response testing, it received an overall score of 97.6%, indicating highly accurate incident management and response. SecureIQLab observed in its testing notes, “The AT&T Cybersecurity XDR solution demonstrated outstanding incident response capabilities, acting and/or successfully responding to almost all validated attack scenarios.” USM Anywhere shined during testing to understand how effective it is at filtering out noise and providing context to produce relevant, actionable alerts, achieving a near-perfect score of 99.8%. “A key factor in the AT&T Cybersecurity solution’s high Overall XDR Solution Score is its ability to rapidly identify and detect a threat and display relevant, correlated threat information.”  – SecureIQLab (AT&T Cybersecurity Extended Detection & Response (XDR) Validation Report) The negative impact of false positives in cybersecurity is well understood. They increase noise and can quickly overwhelm security teams, resulting in alert fatigue and the very real risk of true threats being missed. Our solution’s perfect score (100%) during false-positive testing affirms its capability to correctly identify and allow non-malicious traffic without sacrificing operational accuracy. Testing was performed during normal workflows and included more than 30 real-world scenarios for several t]]> 2024-02-16T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/strong-results-in-third-party-testing-confirm-att-cybersecurity-as-an-xdr-leader www.secnews.physaphae.fr/article.php?IdArticle=8450854 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today\'s rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers\' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation. What is top of mind for the CISO in 2024? How do we build a cyber security ecosystem that can manage the threats and opportunities of the future? How do we ensure future technologies are secure by design, not as an afterthought? How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop? Must haves for CISOs in 2024 Protecting privacy Protecting critical assets Mitigating risk Minimizing disruption Maintaining compliance Establishing and maintaining "CRUST" (credibility and trust) Ensuring secure productivity & efficiency At the top of the list of issues driving cybersecurity concerns include: Growing number of hackers/cybercriminals. Evolving threats & advanced skillset of criminals. Privacy concerns handling other\'s data. Generative AI Practical action plan: Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following: 1) Prevents breaches & minimizes the impact of a potential breach Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year. 2) Reduces cybersecurity risks Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allo]]> 2024-02-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-practical-cyber-action-plan-survive-and-thrive www.secnews.physaphae.fr/article.php?IdArticle=8450360 False Vulnerability,Threat,Cloud,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC automatically generate API documentation based on the code base. Code generation: Other tools can automatically create code snippets, using API documentation and specifications as inputs. Versioning: Automated processes can facilitate the management of multiple API versions, ensuring that new changes don’t break anything. Deployment: Introducing automation into the API deployment process can introduce more consistency and reduce the scope of potential errors. ]]> 2024-02-13T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/apis-and-automation-the-good-the-bad-and-the-better www.secnews.physaphae.fr/article.php?IdArticle=8449578 False Tool,Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Doubling down on the cloud We have come a long way from the initial cloud use case of test/dev. We’ve since moved to running production-grade applications in the cloud and are now entering the next phase of cloud application development – microservices and containerization. As the cloud becomes increasingly foundational to your organization, it is crucial to prioritize robust security for all cloud workloads. This includes ensuring top-performing endpoint security not only for VMs but a]]> 2024-02-12T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/secure-networking-starts-and-ends-at-the-endpoint www.secnews.physaphae.fr/article.php?IdArticle=8449355 False Mobile,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cyberattacks they can prevent. Moreover, we’ll review the benefits and drawbacks of built-in and third-party antivirus software. How does antivirus work? Scanning, removing, preventing – these are the 3 main stages of how an antivirus works. Once you install an AV, it scans every email, app, and file. During this process, it compares the results with its database. If something is off, the antivirus marks it as malware. Then, the AV either quarantines the malicious files or entirely obliterates them. And while all that is happening, a reliable antivirus runs smoothly in the background, preventing intruders from harming your devices and stealing your data. According to Datto’s global research, Windows device users should be the most concerned about their safety. Around 91% of gadgets that use this OS have been targeted by ransomware attacks. Nevertheless, none of the OS are entirely immune to various online perils. Whether using a Mac, Windows, or Android device, it’s better to be safe than sorry and use an AV. That way, you won’t put yourself, your devices, or your precious data at risk. What threats can a Windows antivirus prevent? As we briefly mentioned, a reliable antivirus can protect your device from online dangers. There are a few most common ones. Below, you’ll find them and what threat they pose: Viruses: These malicious programs multiply and spread from one computer to another. Viruses can attach themselves to programs and files, damage the system, and let other malware in. ]]> 2024-02-08T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/do-you-still-need-antivirus-protection-for-windows-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8448060 False Ransomware,Malware,Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-02-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-covert-art-of-steganography www.secnews.physaphae.fr/article.php?IdArticle=8447674 False Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC through web scraping API, surveys, as part of your day-to-day operations, etc., the data you collect needs powerful safeguards. AI can help by classifying and automatically encrypting it. Access control is another process you can automate, as is compliance with data protection laws like the GDPR.]]> 2024-02-06T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-in-cybersecurity-8-use-cases-that-you-need-to-know www.secnews.physaphae.fr/article.php?IdArticle=8447230 False Spam,Malware,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC vulnerability scans must be conducted via authenticated scanning, and that all applicable vulnerabilities must be managed. This eliminates organizations from overlooking vulnerabilities, and selective remediation. The PCI DSS requires penetration testing (pen testing) and vulnerability scanning as part of its requirements for compliance, to keep systems secure and to protect payment cardholder data. Pen testing must take place for any organizations or entities who store, process, or transmit cardholder data in any capacity. Payment card service providers must conduct PCI pen tests twice annually and vulnerability scans four times annually, in addition to performing additional assessments when any significant modifications to systems occur. Specifically, organizations that process cardholder information via web applications could need additional tests & scans whenever significant system modifications take place. PCI pen tests are security assessments that must be conducted at least twice annually and after any significant change to address vulnerabilities across all aspects of the cardholder data environment (CDE), from networks, infrastructure, and applications found inside and outside an organization\'s environment. By contrast, vulnerability scans perform high-level tests that automatically search for vulnerabilities with severe scores; external IP addresses exposed within CDE must also be scanned by an approved scanning vendor at least every three months and after any significant change for potential security threats and reported on accordingly. PCI DSS sets forth specific guidelines and requirements for companies required to run regular PCI pen tests and vulnerability scans in accordance with PCI DSS. System components, including custom software and processes, must be regularly evaluated to maintain cardholder data over time - particularly after changes are introduced into the system. Service providers must conduct PCI pen tests every six months or whenever significant modifications to their systems take place, or whenever any major upgrades or updates take place. Significant changes that would necessitate further pen tests include any addition or change to hardware, software, or networking equipment; upgrading or replacing of current equipment with any changes; storage flow changes which affect cardholder data flow or storage; chang]]> 2024-02-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/pci-dss-and-penetration-testing www.secnews.physaphae.fr/article.php?IdArticle=8446939 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC generative abilities of  AI, leaving people struggling with the concept of what reality is now. Can we trust what we see and hear on social media? Is the image of the person you are looking at a real person? Most importantly, after all those times you have logged into websites using a password and maybe even a phone-based multi-factor authentication (MFA) code, do you know if you are keeping yourself and your information safe? Self-sovereign identity was the topic for discussion with Paul Fisher, Lead Analyst at KuppingerCole, Ward Duchamps, Director of Strategy & Innovation at Thales, and myself, host Steve Prentice, on the Security Sessions Podcast, Self-Sovereign Identities: Whose Life is it Anyway? We explored the idea that personal identity is a crucial part of your existence, but more often than not, we give much of it away or at least use it as payment for access to some highly desired service like TikTok, LinkedIn, or Google. All these services, which appear free, are purely a trade: their engaging content for your data. We have commoditized ourselves through our fascination with everything the internet can deliver. Control over the movement and storage of data Some countries have worked hard to establish controls over the movement and storage of personal information. Perhaps the most famous of these remains Europe’s GDPR. There are others, of course, but they are frequently countered by divisive issues ranging from defending personal freedom through to political agendas. There is no global protection for personal identities. Added to this mess is the fact that consumers find password management tedious and tend to believe any data breach involving their identity will quickly blow over, and life will just go on. It might be time for people to take greater responsibility for their identities – owning and sharing, but in a manner that doesn’t give it all away, retaining control over it while also removing the need to have dozens or hundreds of passwords, basically, creating an identity system for this new century. When people first talk about moving beyond typed passwords, the first thing that often comes to mind is biometrics, like retinal scans, palm scans, and the type of facial recognition technology that allows us all to unlock our phones simply by looking at the camera. But these simple biometric techniques tend to work just like passwords in that they are presented as tokens that open a door somewhere. They are ideally better than text-based passwords since the owner of the face or fingerprint needs to be present to push through the transaction, but they are still static identifiers. There needs to be something more – something deeper, more complex, and most importantly, something that remains solely with its owner, from which selected parts may be produced as needed, without giving everything away to an organization that keeps it all forever. We never needed a wallet inspector to buy a coffee On our podcast, Ward Duchamps analogized this to a physical wallet or purse. A wallet is a physical holder into which you add credit cards, loyalty cards, a driver’s license, health card, paper money, and more. When you go to make a purch]]> 2024-02-01T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/self-sovereign-identities-whose-life-is-it-anyway www.secnews.physaphae.fr/article.php?IdArticle=8445587 False None None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability. Evolving cyber threats necessitate a dynamic approach to API security, making it a moving target that requires continuous attention and adaptation. Understanding the retail cloud environment API is a set of protocols and tools that allows different software applications to communicate with each other. In cloud environments, it facilitates the interaction between cloud services and applications, enabling features — like data synchronization, payment processing and inventory management — to work seamlessly together. It is also pivotal in the retail sector by connecting various services and applications to deliver a smooth shopping experience. If organizations neglect API security, cybercriminals can exploit APIs to access confidential information, leading to a loss of customer trust, which is critical in the highly competitive retail market. Regular API audits and assessments These audits help identify vulnerabilities before attackers can exploit them, ensuring organizations can promptly address security gaps. Regular assessments are also proactive measures to fix current issues and anticipate future threats. They enable IT teams to verify that security measures are current with the latest protection standards and to confirm APIs comply with internal policies and external regulations. By routinely evaluating API security, retailers can detect anomalies, manage access controls effectively and guarantee they consistently apply encryption standards. Robust authentication and authorization They verify the identity of users and systems, ensuring only legitimate parties can access sensitive retail data. Utilizing multi-factor authentication, which requires more than one verification method, significantly enhances security by adding layers that an unauthorized user must penetrate. With authorization, it’s crucial to implement protocols that dictate what authenticated users can do. Effective approval guarantees users have access only to the data and actions necessary for their role. For instance, role-based access control can help manage user permissions with greater granularity. Retailers can assign roles and permissions based on job functions, enabling tight control over who is authorized to view or alter data within the API ecosystem. Encryption and data protection Encryption is an essential barrier, obscuring data to make it indecipherable to unauthorized users who might intercept it during transmission or gain access to storage systems. It’s also critical for retailers to manage encryption keys with strict policies, ensuring only authorized personnel can decrypt the data. Beyond protection, comprehensive data encryption allows retailers, especially in the apparel industry, to collect and analyze extensive customer data safely. This data is invaluable for forecasting trends, customer pre]]> 2024-01-31T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/bulletproofing-the-retail-cloud-with-api-security www.secnews.physaphae.fr/article.php?IdArticle=8445261 False Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Expanded investigation Events search Performing a search of the external username in the customer’s environment led the MDR team to over 1,000 “MessageSent” Teams events that were generated by the user. Although these events did not include the IDs of the recipients, they did include the external user’s tenant ID, as displayed in Image 2 below. Image 2: Event log showing external user tenant ID A Microsoft 365 tenant ID is a globally unique identifier assigned to an organization. It is what allows members of different companies to communicate with one another via Teams. As long as both members of a chat have valid tenant IDs, and External Access is enabled, they can exchange messages. With this in mind, the MDR SOC team was able to query events that contained the external user’s tenant ID and found multiple “MemberAdded” events, which are generated when a user joins a chat in Teams. Image 3: “MemberAdded” event These events include the victim’s user ID, but not the external user ID. In addition to the external tenant ID, the MDR SOC team was able to positively link these “MemberAdded” events back to the attacker via the “ChatThreadId” field, which was also present in the original “MessageSent&rdq]]> 2024-01-30T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response www.secnews.physaphae.fr/article.php?IdArticle=8444739 False Malware,Threat,Technical None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC auto dealership in the northeast faced a number of cybersecurity challenges, including: Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC).  The lack of trained security experts resulted in slower responses times to security incidents. Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data. Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks. Solution The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek\'s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console.  The service easily integrates with the existing security stack and is implemented without interruption to existing operations. Benefits Since implementing Vertek\'s USM Anywhere MDR service the dealership has experienced a number of benefits, including: Improved security posture: Vertek\'s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights.  Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence. Reduced workload and more effective allocation of resources: Vertek\'s MDR service has reduced the workload on the dealership\'s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency.  Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership. Improved peace of mind: Vertek\'s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats. Specific example Vertek was actively monitoring a customer\'s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer\'s Active Directory server. Vertek\'s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users. Vertek\'s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network. Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs. Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek\'s security team quickly took steps to mitiga]]> 2024-01-29T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/case-study-verteks-usm-anywhere-mdr-helps-larger-auto-dealership-in-the-northeast-improve-their-cybersecurity-posture www.secnews.physaphae.fr/article.php?IdArticle=8444369 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay.  ICS cyberattacks on the rise  ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved. Segment networks By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency.  When it comes to ]]> 2024-01-26T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-for-industrial-control-systems-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8443348 False Ransomware,Malware,Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom]]> 2024-01-25T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/the-dark-side-of-2023-cybersecurity-malware-evolution-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8442915 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction Guam 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC get the 2022 report). Get the complimentary 2023 report.   The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Finance-specific respondents equal 204. At the onset of our research, we established the following hypotheses. Momentum edge computing has in the market. Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED - delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the finance industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that finance leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as finance continues exploring edge computing use cases. One area that’s examined is expense allocation]]> 2024-01-24T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/get-the-att-cybersecurity-insights-report-focus-on-finance www.secnews.physaphae.fr/article.php?IdArticle=8442488 False Ransomware None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ransomware attacks in recent times has become a critical concern for organizations across various industries. Ransomware, a malicious software that encrypts data and demands a ransom for its release, can wreak havoc on an organization\'s operations, finances, and reputation. This comprehensive guide delves into the intricate landscape of ransomware, exploring sophisticated attack vectors, common vulnerabilities, and providing detailed strategies for prevention. Ransomware is a type of malicious software designed to deny access to a computer system or data until a sum of money is paid. It often gains unauthorized access through exploiting vulnerabilities or employing social engineering tactics like phishing emails and malicious attachments. Over the years, ransomware attacks have evolved from indiscriminate campaigns to highly targeted and sophisticated operations. Notorious strains such as WannaCry, Ryuk, and Maze have demonstrated the devastating impact of these attacks on organizations worldwide. Common vulnerabilities exploited Outdated software and patch management: Ransomware often exploits vulnerabilities in outdated software. Robust patch management is crucial for closing these security gaps. Social engineering and phishing: Human error remains a significant factor in ransomware attacks. Employees need comprehensive training to recognize and avoid phishing attempts. Weak authentication practices: Inadequate password policies and the absence of multi-factor authentication create entry points for threat actors. Poorly configured remote desktop protocol (RDP): RDP misconfigurations can provide a direct path for ransomware to infiltrate a network. Comprehensive prevention strategies Regular software updates and patch management: Implement a proactive approach to software updates and patch vulnerabilities promptly. Employee training and awareness: Conduct regular cybersecurity training sessions to educate employees about the dangers of phishing and best practices for online security. Multi-factor authentication (MFA): Enforce MFA to add an additional layer of security, mitigating the risk of unauthorized access. Network segmentation: Divide networks into segments to contain the spread of ransomware in case of a breach. Data backup and recovery: Establish regular backups of critical data and ensure that recovery processes are tested and reliable. Post-infection recovery plans: The aftermath of a ransomware attack can be chaotic and detrimental to an organization\'s operations. Developing a robust post-infection recovery plan is essential to minimize damage, restore functionality, and ensure a swift return to normalcy. This detailed guide outlines the key components of an effective recovery plan tailored for organizations recovering from a ransomware incident. Key components of post-infection recovery plans: Incident response team activation: Swift action: Activate the incident response team immediately upo]]> 2024-01-23T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-rise-of-ransomware-strategies-for-prevention www.secnews.physaphae.fr/article.php?IdArticle=8442051 False Ransomware,Data Breach,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC VPNs, antivirus, password managers, etc, to ensure security. These tools help implement a zero-trust security module within an organization to ensure data privacy and security. In contrast to this traditional zero-trust security method, self-doxing is a strategic move to foster transparency, build trust, and engage with a broader audience. It\'s about taking control of the narrative surrounding your organization and providing the public with a clearer picture of who you are and what you stand for. By voluntarily sharing information, organizations aim to shape perceptions, demonstrate accountability, and minimize the potential for unauthorized leaks or misinformation. However, successful self-doxxing requires careful planning and a deep understanding of what to share and protect. Why should you implement self-doxxing in an organization? Self-doxing, when executed thoughtfully, offers many advantages for organizations looking to thrive in a digitally connected world.  Enhanced transparency: One of the primary benefits of self-doxxing is the promotion of transparency. By willingly sharing information about your organization\'s operations, practices, and ethical standards, you signal stakeholders and the public that you have nothing to hide. This transparency can foster trust and credibility, making your organization more attractive to customers, investors, and partners.  Reputation management: Self-doxxing allows you to control the narrative about your organization. By providing accurate and comprehensive information, you can preemptively address potential issues, correct misunderstandings, and mitigate reputational risks. This proactive approach to reputation management can be invaluable in an age where public perception can impact an organization\'s success.  Stakeholder engagement: Sharing information about your organization can also enhance stakeholder engagement, including customers, employees, and shareholders. When people feel that an organization is open and honest about its practices, they are more likely to engage positively with it.  Competitive advantage: Self-doxxing can also provide a competitive edge. By openly sharing your organization\'s strengths, innovations, and accomplishments, you can demonstrate industry leadership and attract talent, partners, and customers who align with your values and goals.  Regulatory compliance:  In many industries, regulatory compliance requ]]> 2024-01-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/best-practices-to-implement-self-doxxing-in-organizations www.secnews.physaphae.fr/article.php?IdArticle=8441609 False Tool,Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Unusual, thought-provoking predictions for cybersecurity in 2024 Part two: Cybersecurity operations in 2024: The SOC of the future While there are many big things to prepare for in 2024 (see first two posts), some important smaller things don’t get the same attention. Yet, these things are good to know and probably won’t come as a huge surprise. Because they, too, are evolving, it’s important not to take your eye off the ball. Compliance creates a new code of conduct and a new need for compliance logic. Compliance and governance are often overlooked when developing software because a different part of the business typically owns those responsibilities. That is all about to change. Cybersecurity policies (internal and external, including new regulations) need to move upstream in the software development lifecycle and need compliance logic built in to simplify the process. Software is designed to work globally; however, the world is becoming more segmented and parsed. Regulations are being created at country, regional, and municipal levels. To be realistic, the only way to handle compliance is via automation. To avoid the constant forking of software, compliance logic will need to be a part of modern applications. Compliance logic will allow software to function globally but adjust based on code sets that address geographic locations and corresponding regulations. In 2024, expect compliance logic to become a part of the larger conversation regarding compliance, governance, regulation, and policy. This will require cross-functional collaboration across IT, security, legal, line of business, finance, and other organizational stakeholders. MFA gets physical. Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy-to-implement step for good cyber hygiene. Our current way of thinking about MFA is generally based on three things: something you know, a passcode; something you have, a device; and something you are, a fingerprint, your face, etc. Now, let’s take this a step further and look at how the something you are part of MFA can improve safety. Today, MFA routinely accepts fingerprints, facial recognition, or retina scans. That’s just the beginning. MFA can go a step further in helping with business outcomes; here’s how. Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon can access the hospital, restricted areas, and the operating room through MFA verifications. But, once in the operating room, how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to ensure the surgeon is fit by adding another layer of something you are. Behavioral MFA will determine fitness for a task by identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis. The goal is to compare current behavior with past behavior to ensur]]> 2024-01-18T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/four-cybersecurity-trends-you-should-know-for-2024 www.secnews.physaphae.fr/article.php?IdArticle=8440225 False Tool,Threat,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part three: Four cybersecurity trends you should know for 2024 With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so. The more digital the world becomes the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation. The security operations center (SOC) must modernize to keep pace with the always-on and digital-first world delivered through innovations such as edge computing, AI, and IoT. The SOC of the future will need to expand to address: Edge computing Edge computing is happening all around us. Defined by three primary characteristics: software-defined, data-driven, and distributed, edge computing use cases are expanding to deliver business outcomes. Edge computing is a sea-change in the world of computing. As edge use cases deliver business value and competitive advantage, the technology changes – networks with lower latency, ephemeral applets, and a digital-first experience, are the requirements for all edge computing use cases. Edge computing needs to be embraced and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood. In 2024, expect to see SOC teams, with roles that include security engineer/architect, security analyst, SOC manager, forensics investigator, threat responder, security analyst, and compliance auditor, begin to determine how edge computing needs to be secured. SOCs will explore various management activities, including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints. Application security Without a doubt, we are living in a world built on software. Software is only as secure as the development requirements. Software controls our traditional applications that are still batch-based, sigh, and near-real-time edge interactions. Software is how the world works. With innovations in computing, software is changing; it is no longer about graphical user interface (GUI) applications that require some keyboard input to produce output. Edge computing is taking software to the next level of sophistication, with non-GUI or headless applets becoming the norm. While the software bill of materials (SBoM) requirements advance the cause of application security, edge computing and its reliance on functioning, performant, and secure software will make application security a necessity. In 2024, expect to see software engineering practices emphasizing security emerge. Simply being able to write code will no longer be enough; developers will increase their sophistication and require more security expertise to complement their already deep skill sets. Educational institutions at secondary and university levels are]]> 2024-01-17T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-operations-in-2024-the-soc-of-the-future www.secnews.physaphae.fr/article.php?IdArticle=8439906 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster. And just like that, off we went - to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago. With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead? Maturing the industry: It’s the business that matters. Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls. Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction. Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams. Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating. The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider. Cybersecurity budgets are changing, creating an approach to get funding differently. This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing - in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem. The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different. As computing moves closer to the data source, every deployment should contribute to the b]]> 2024-01-16T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/unusual-thought-provoking-predictions-for-cybersecurity-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8439503 False Tool,Mobile,Prediction,Cloud,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AI and privacy gives rise to a complex interplay where innovative technologies and individual privacy rights collide. In this exploration, we\'ll delve into the nuances of this intersection, dissecting the issues and challenges that accompany the integration of AI and privacy. The intersection of AI and privacy At the core of the AI and privacy nexus lie powerful technologies like machine learning (ML), natural language processing (NLP), and computer vision. ML algorithms, for instance, learn from vast datasets to make predictions or decisions without explicit programming. NLP enables machines to comprehend and respond to human language, while computer vision empowers systems to interpret and make decisions based on visual data. As AI seamlessly integrates into our daily lives, from virtual assistants to facial recognition systems to UX research tools, the collection and processing of personal data become inevitable. AI\'s hunger for data is insatiable, and this appetite raises concerns about how personal information is collected and utilized. From your search history influencing your online shopping recommendations to facial recognition systems tracking your movements, AI has become a silent observer of your digital life. The challenge lies not only in the sheer volume of data but in the potential for misuse and unintended consequences, raising critical questions about consent, security, and the implications of biased decision-making. Key issues and challenges The first issue is informed consent. Obtaining meaningful consent in the age of AI is challenging. Often, complex algorithms and data processing methods make it difficult for individuals to understand the extent of data usage. In automated decision-making scenarios, such as loan approvals or job recruitment, the lack of transparency in how AI reaches conclusions poses a significant hurdle in obtaining informed consent. Another is data security and breaches. The vulnerabilities in AI systems, especially when handling sensitive personal data for identity verification, make them potential targets for cyberattacks. A data breach in an AI-driven ecosystem not only jeopardizes personal privacy but also has far-reaching consequences, affecting individuals, businesses, and society at large. You also need to be watchful for bias and discrimination. Bias in AI algorithms can perpetuate and amplify existing societal prejudices, leading to discriminatory outcomes. The impact of biased AI goes beyond privacy concerns, raising ethical questions about fairness, equality, and the potential reinforcement of societal stereotypes. Regulations and frameworks In response to the escalating concerns surrounding AI and privacy, regulatory frameworks have emerged as beacons of guid]]> 2024-01-12T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-and-privacy-addressing-the-issues-and-challenges www.secnews.physaphae.fr/article.php?IdArticle=8438292 False Data Breach,Vulnerability None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used.  BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries. This blog will cover a recent incident impacting one of the AT&T Managed Detection and Response (MDR) Security Operations Center  SOC’s customers and discuss how in partnering with AT&T Alien Labs, the MDR SOC was able to detect and remediate the incident.  Building the investigation On September 14th, 2023, the AT&T MDR SOC received multiple alarms indicating that lateral movement was occurring for one of our clients. The alarm detections were generated after activity in SentinelOne for multiple users attempting to perform network traversing through the clients’ environment. ­­­­­­ Figure 1. Alarm Detection The AT&T SOC immediately generated an investigation that included a call to the client to notify them of the activity as well as escalate the detection to the AT&T MDR Incident Response (IR) Team and the client\'s dedicated Threat Hunter. The IR team and Threat Hunter began the engagement by creating a timeline and searching through SentinelOne Deep Visibility tool. Within its events, they found a user was successfully logged into the client’s internal network on multiple endpoints using lsass.exe..  Additionally, multiple files were logged as being encrypted, which resulted in the team designating the incident a ransomware attack.    Figure 2. Lsass Activity in SentinelOne During the review of the lsass.exe activity, a specific file was located with a suspicious process tree. A command line was recorded with the file execution that included an internal IP address and the user ADMIN$. The activity from the suspicious file prompted an immediate blocklist for the SHA 1 file hash to ensure that the file was unable to be executed within the client’s environment. Following the block of the file hash, multiple detections from SentinelOne populated, indicating that the file was successfully killed and quarantined and that the client’s devices were protected.  Figure 3. File execution command line After initiating the blocklist, the Threat Hunter utilized the SentinelOne “file fetch” feature, which enabled them to download the malicious file and save a copy locally. The AT&T SOC then worked with the AT&T Alien Labs team to perform a deeper analysis of the file in order to more understand  the true nature of the ransomware attack. Technical analyses As previously mentioned, BlackCat ransomware is developed in the Rust programming language, providing the attacker with the versatility to compile and run it on both Windows and Linux operating systems.The ransomware e]]> 2024-01-11T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-blackcat-on-the-prowl www.secnews.physaphae.fr/article.php?IdArticle=8437972 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-01-10T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/social-engineering-attacks-real-life-examples-and-how-to-avoid-them www.secnews.physaphae.fr/article.php?IdArticle=8437464 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Managed Detection and Response (MDR) Security Operations Center (SOC) initially received an alarm triggered by a potentially malicious URL that a user received in their inbox. Office 365\'s threat intelligence feed flagged this URL as potentially malicious. The initial steps in addressing this alarm involve two key actions. First, it is crucial to determine the scope of impact on the customer\'s environment by assessing how many other users received the same URL. Second, a thorough validation process is essential to confirm whether the URL is indeed malicious. These initial steps lay the foundation for a comprehensive response to safeguard the security of the environment. To determine how many users received the same URL, a comprehensive search within the customer\'s environment revealed that no other users received the same URL. As a result, only one user is affected, suggesting that this is an isolated incident and does not appear to be part of a targeted attack on the customer\'s environment. With this understanding, the focus can now shift to the second step: Validating the reputation of the URL. By employing the OSINT tool VirusTotal and inputting the URL received by the user, we aim to assess its potential threat level. VirusTotal aggregates results from various security vendors to provide a comprehensive analysis. In the current evaluation, 13 out of 90 security vendors classify this URL as malicious. It\'s important to note that while the number of vendors flagging the URL is a key factor, a conclusive determination of malicious intent typically considers a consensus among a significant portion of these vendors. A higher number of detections by diverse security platforms strengthens the confidence in labeling the URL as malicious. With a potentially malicious URL identified, it is imperative to delve deeper to ascertain the underlying reasons for its malicious reputation. Analysts will utilize a tool such as URLscan.io for this purpose. URLscan.io serves as a sandbox, providing a risk-free environment for visiting websites. This tool is instrumental in conducting a thorough examination to uncover the nuances contributing to the URL\'s malicious classification. After entering our identified malicious URL into URLscan.io, ]]> 2024-01-09T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-something-smells-phishy www.secnews.physaphae.fr/article.php?IdArticle=8437170 False Data Breach,Tool,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants. This insidious force operates in silence, escaping the notice of even the most vigilant users. A recent report by Nokia shows that criminals are now using these devices more to orchestrate their attacks. In fact, cyber attacks targeting IoT devices are expected to double by 2025, further muddying the already murky waters. Let us go to the battlements of this siege, and we’ll tackle the topic in more depth. What is a botnet? Derived from the words “robot” and "network.", a botnet refers to a group of devices that have been infected with malicious software. Once infected, these devices are controlled remotely by a central server and are often used to carry out malicious activities such as cyber attacks, espionage, financial fraud, spam email campaigns, stealing sensitive information, or simply the further propagation of malware. How does a botnet attack work? A botnet attack begins with the infection of individual devices. Cybercriminals use various tactics to compromise these devices, such as sending malicious emails, exploiting software vulnerabilities, or tricking users into downloading malware. Everyday tech is notoriously prone to intrusion. The initial stages of building a botnet are often achieved with deceptively simple yet elegant tactics. Recently, a major US energy company fell prey to one such attack, owing to hundreds of phishing emails. By using QR code generators, the attacks combined two seemingly benign elements into a campaign that hit manufacturing, insurance, technology, and financial services companies, apart from the aforementioned energy companies. This new attack vector is now being referred to as Quishing — and unfortunately, it’s only going to become more prevalent. Once a device has been compromised, it becomes part of the botnet. The cybercriminal gains control over these infected devices, which are then ready to follow the attacker\'s commands. The attacker is then able to operate the botnet from a central command-and-control server to launch various types of attacks. Common ones include: Distributed denial-of-service (DDoS). The botnet floods a target website or server with overwhelming traffic, causing it to become inaccessible to legitimate users. Spam emails. Bots can be used to send out massive volumes of spam emails, often containing phishing scams or malware. Data theft. Botnets can steal sensitive information, such as login credentials or personal data, from the infected devices. Propagation. S]]> 2024-01-08T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-botnet-siege-how-your-toaster-could-topple-a-corporation www.secnews.physaphae.fr/article.php?IdArticle=8436534 False Ransomware,Spam,Malware,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC DGA domains are recycled every week and decoy redirections when a VM is identified to avoid analysis by researchers. The ongoing registration of new and active domains indicates this campaign is still active. There is an OTX pulse with more information. Analysis AsyncRAT is an open-source remote access tool released in 2019 and is still available in Github. As with any remote access tool, it can be leveraged as a Remote Access Trojan (RAT), especially in this case where it is free to access and use. For that reason, it is one of the most commonly used RATs; its characteristic elements include: Keylogging, exfiltration techniques, and/or initial access staging for final payload delivery. Since it was initially released, this RAT has shown up in several campaigns with numerous alterations due to its open-sourced nature, even used by the APT Earth Berberoka as reported by TrendMicro. In early September, AT&T Alien Labs observed a spike in phishing emails, targeting specific individuals in certain companies. The gif attachment led to a svg file, which also led to a download of a highly obfuscated JavaScript file, followed by other obfuscated PowerShell scripts and a final execution of an AsyncRAT client. This peculiarity was also reported by some users in X (formerly Twitter), like reecDeep and Igal Lytzki. Certain patterns in the code allowed us to pivot and look for more samples in this campaign, resulting in samples going back to February 2023. The registration of domains and subsequent AsyncRAT samples is still being observed at the time of writing this blog. Figure1: Number of samples observed by Alien Labs in this campaign. The modus operandi of the loader involves several stages which are further obfuscated by a Command and Control (C&C) server checking if the victim could be a sandbox prior to deploying the main AsyncRAT payload. In particular, when the C&C server doesn’t rely on the parameters sent, usually after stage 2, or when it is not expecting requests on a particular domain at that time, the C&C redirects to a benign page. Figure 2. Execution flow. During the whole campaign, JavaScript files have been delivered to targete]]> 2024-01-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno www.secnews.physaphae.fr/article.php?IdArticle=8435043 False Malware,Tool,Threat,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC According to Statista, the global virtual reality and augmented reality market is worth $32.1 billion in 2023, and analysts predict it will exceed $58 billion by 2028. These appear to be conservative estimates, with another study forecasting growth up to a whopping $252 billion in the next four years. Whereas these technologies aren’t susceptible to major malicious exploitation at this point, their skyrocketing popularity might encourage threat actors to come up with viable attack vectors in the near future. This article highlights some of the current security and privacy concerns that stem from the rising adoption of VR and AR technologies. 1. Eye tracking Many people consider eye tracking in VR to be truly revolutionary. The logic of such a perspective is clear: this tech enhances the accuracy of virtual interaction and takes the user experience to a new level by helping interpret people’s emotions. It is also believed to give the security of VR systems a boost because eye scanning can refine biometric verification in the login workflows. As useful as it is, glance tracking could also expose users to hidden monitoring and other privacy risks. For example, VR game makers may be tempted to embed advertisements in their products, similar to how sponsored information is shown in mobile games. If this is the case, eye tracking would be a perfect instrument for advertisers to figure out which ads draw your attention and which ones you ignore. As per analysts’ findings, 95% of decisions to buy a product occur in the subconscious mind. By snooping on a user’s visual response, marketers may be able to derive conclusions regarding their preferences and dislikes. The flip side is that such a technology could potentially play into unscrupulous parties’ hands as a powerful surveillance instrument. 2. Blackmail and harassment Adult entertainment is one of the most popular areas of the virtual reality industry. According to a relevant study, the VR adult content market will see a staggering rise from $716 million in 2021 to $19 billion in 2026. Cybercriminals may try to cash in on this hype by engaging in what’s known as “sextortion”. The idea is to deceive users into thinking that the malefactors have some embarrassing evidence of their private pastimes and instruct them to send money in exchange for not disclosing this information. In some cases, the scammers may even include a valid password for one of the user’s web accounts so that the blackmail message appears true. Bear in mind that they obtained these authentication details from a large-scale data breach that occurred in the past. While these emails contain ]]> 2024-01-04T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/vr-and-ar-potential-security-risks-to-be-prepared-for www.secnews.physaphae.fr/article.php?IdArticle=8434556 False Data Breach,Hack,Tool,Threat,Mobile,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC regulatory compliance requirements, facilitating effective risk management. This ensures organizations adhere to industry standards and safeguard sensitive information. The crucial role of ethical hackers 1. Identifying vulnerabilities: Ethical hackers employ an array of techniques, including penetration testing, code review, and network analysis, to uncover vulnerabilities. By replicating the tactics of malicious hackers, they unveil potential entry points and weaknesses susceptible to exploitation. 2. Penetration testing: A cornerstone of ethical hacking, penetration testing involves simulating real-world cyber-attacks to evaluate the security posture of a system. This practice assesses how well an organization\'s defenses can withstand various threats. 3. Code Review: Analyzing source code for security flaws is fundamental. Ethical hackers scrutinize the codebase to identify vulnerabilities such as injection flaws, buffer overflows, and insecure dependencies. Navigating the ethical hacking process 1. Planning: Ethical hacking commences with meticulous planning. The ethical hacker collaborates with the organization to define the scope, goals, and methodologies of the assessment. 2. Reconnaissance: Gathering information about the target system is a critical phase. Ethical hackers employ both passive and active reconnaissance techniques to understand the environment they are assessing. 3. Scanning: The scanning phase involves identifying live hosts, open ports, and services on a network. Tools like Nmap and Nessus are commonly employed to assess the target\'s attack surface comprehensively. 4. Gaining access: Ethical hackers attempt to exploit identified vulnerabilities, gaining access to systems or sensitive data. This phase provides organizations insights into the potential impact of a suc]]> 2024-01-03T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/decoding-ethical-hacking-a-comprehensive-exploration-of-white-hat-practices www.secnews.physaphae.fr/article.php?IdArticle=8433716 False Tool,Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T along with AST-Science successfully made a call. Well, in the 21st century that’s not very “Mr. Watson, come here. I want to see you.”, but this call was on another level, or as one could say, out of this world! To back up a bit, telecommunications as we know it has been a terrestrial endeavor since those words were uttered by Dr. Alexander Graham Bell to Mr. Watson. While we are all too familiar with the telephone poles and cables outside our homes, alongside highways (at least as my mom remembers), and train lines (from my grandfather), there are in fact an additional 745,645 miles of cables in the ocean floor connecting various countries. Why are these bits of cable important, you may ask? Well, as much as we may love our movies and media and their portrayal of communication between 2 super villains using phones that bounce signals off various satellites and detour them to different countries to set off a countdown of a doomed nuclear missile countdown, the reality is that the longest distance your wireless signal travels from your mobile phone is to your closest cell phone tower. Let me repeat that again-when you call your friends to your house for “Thanksgiving leftover pizza” the longest distance the wireless signal travels from your mobile phone is to your closest cell phone tower. No bouncy-bouncy, no detours. Sorry Hollywood! Hello, practical physics! If that didn’t make you question reality, let me explain this (consider this my PSA for the day!) a little more. Each time you pick up your mobile phone to make a call, your analog voice is converted to digital (that Matrix style 0’s and 1’s) and sent via electromagnetic waves through your phone\'s antenna to the closest cell phone tower. From the tower, these waves are converted to light pulses (I know this is more fun than the bouncy-bouncy!!) which are then carried at the speed of light via underground optical fiber cables (see I told you those cables were important) to the destination cell tower where they are converted back to electromagnetic waves and sent to the mobile phone of the person you are calling and converted back to analog-all in a split second. Now there is other fun stuff happening, like locating the cell phone, knowing if the phone is busy, and worrying about frequency bandwidths, but hey, I am taking a little bit of Hollywood artistic license here. Not to mention, I have completely skipped voice-over internet/data. But we do have to get back to AT&T and AST. According to their website, AST SpaceMobile is building the first and only global cellular broadband network in space to operate directly with standard, unmodified mobile devices based on an over 2600 IP and patent portfolio. In 2022, AST launched “Bluewalker3” satellite to communicate directly with unmodified mobile phones, with a future goal of launching multiple commercial satellites aptly named “BlueBirds”-well, kudos to whoever came up with the names, competitively speaking that is, without naming names. While September 2023 was n]]> 2024-01-02T14:58:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cord-cutting-cables-that-you-didnt-know-about www.secnews.physaphae.fr/article.php?IdArticle=8432999 False Mobile,Medical,Commercial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-12-28T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/safeguarding-your-online-experience-a-guide-to-blocking-unsolicited-ads-with-adblockers www.secnews.physaphae.fr/article.php?IdArticle=8430227 False Malware,Tool None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC a whopping 50% increase in the amount of attempted breaches. The transition to remote work, outdated healthcare organization technology, the adoption of AI bots in the workplace, and the presence of general uncertainty and fear led to new opportunities for bad actors seeking to exploit and benefit from this global health crisis. In this article, we will take a look at how all of this impacts the state of cybersecurity in the current post-pandemic era, and what conclusions can be drawn. New world, new vulnerabilities Worldwide lockdowns led to a rise in remote work opportunities, which was a necessary adjustment to allow employees to continue to earn a living. However, the sudden shift to the work-from-home format also caused a number of challenges and confusion for businesses and remote employees alike. The average person didn’t have the IT department a couple of feet away, so they were forced to fend for themselves. Whether it was deciding whether to use a VPN or not, was that email really a phishing one, or even just plain software updates, everybody had their hands full. With employers busy with training programs, threat actors began intensifying their ransomware-related efforts, resulting in a plethora of high-profile incidents in the last couple of years. A double-edged digital sword If the pandemic did one thing, it’s making us more reliant on both software and digital currencies. You already know where we’re going with this—it’s fertile ground for cybercrime. Everyone from the Costa Rican government to Nvidia got hit. With the dominance of Bitcoin as a payment method in ransoming, tracking down perpetrators is infinitely more difficult than it used to be. The old adage holds more true than ever - an ounce of prevention is worth a pound of cure. To make matters worse, amongst all that chaos, organizations also had to pivot away from vulnerable, mainstream software solutions. Even if it’s just choosing a new image editor or integrating a PDF SDK, it’s an increasing burden for businesses that are already trying to modernize or simply maintain. Actors strike where we’re most vulnerable Healthcare organizations became more important than ever during the global coronavirus pandemic. But this time also saw unprecedented amounts of cybersecurity incidents take place as bad actors exploited outdated cybersecurity measures. The influx of sudden need caused many overburdened healthcare organizations to lose track of key cybersecurity protocols that could help shore up gaps in the existing protective measures. The United States healthcare industry saw a 25% spike in successful data breaches during the pandemic, which resulted in millions of dollars of damages and the loss of privacy for thousands of patients whose data was compromis]]> 2023-12-27T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/post-pandemic-cybersecurity-lessons-from-the-global-health-crisis www.secnews.physaphae.fr/article.php?IdArticle=8429741 False Data Breach,Vulnerability,Threat,Studies,Prediction ChatGPT 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC generative AI. Though their names might sound related, they are fundamentally different in their applications and underlying mechanisms. Let\'s dive into the realm of AI to elucidate the distinctions between these two intriguing domains. Exploring generative AI Definition and key characteristics: generative AI is all about creativity and content generation. It differs significantly from Conversational AI in that it is primarily focused on creating new, original content. The hallmark of generative AI is its ability to generate content autonomously by learning patterns from extensive datasets. Whether it\'s crafting textual content, synthesizing images, composing music, even creating entire apps, generative AI thrives in producing innovative material without direct human input. This technology operates on intricate deep learning architectures, often employing advanced techniques like generative adversarial networks (GANs) and autoregressive models to create content independently, showcasing its creative potential. Applications: generative AI finds its niche in a broad spectrum of creative endeavours. From art and design to data synthesis and content generation, its applications are diverse and ever-expanding. For instance, AI algorithms can produce unique artworks, deepfake videos, or even generate entire articles, demonstrating a wide range of creative possibilities. It\'s a boon for artists, designers, and content creators looking to harness the power of AI to augment their work or generate new, innovative content, enabling humans to explore new frontiers of creativity and content generation, making it an exciting domain within the AI landscape. Understanding conversational AI Definition and core features: conversational AI is a technology tailored for human-like interactions, aiming to facilitate conversations with users. It relies heavily on natural language processing (NLP) and dialogue systems. These systems excel at interpreting human language and responding appropriately. When you engage with chatbots, virtual assistants, or even customer service chat interfaces, you are essentially interacting with conversational AI. The magic behind conversational AI often revolves around predefined responses, rule-based algorithms, and occasionally, machine learning models to understand and generate contextually relevant replies. Applications: conversational AI primarily finds its applications in customer support, virtual assistants, and communication platforms. Its primary mission is to mimic human conversation, providing users with a seamless and efficient communication experience. For example, customer support chatbots can answer inquiries, guide users, and handle common issues, all while emulating a human-like interaction. This makes conversational AI indispensable in various industries where human interaction plays a crucial role. Key differences between conversational and generative AI Data input and output: The primary divergence between these two domains lies in data input and output. Conversational AI focuses on understanding and responding to human input, aiming to provide interactive dialogue. Generative AI, convers]]> 2023-12-26T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/conversational-ai-vs-generative-ai-whats-the-difference www.secnews.physaphae.fr/article.php?IdArticle=8429252 False Threat,General Information None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC insider threats contribute significantly to data breaches. Third-party incidents: Weaknesses in the security protocols of third-party vendors or service providers can expose organizations to the risk of data breaches. Learnings acquired Rapid detection and response: The criticality of swift detection and response cannot be overstated. Delayed identification prolongs the impact and complicates the recovery process. Comprehensive incident response: Organizations must establish a robust incident response plan, encompassing communication strategies, legal considerations, and meticulous technical remediation steps. Regulatory compliance: Adherence to regulatory requirements and industry standards is not only essential for legal compliance but is also a fundamental aspect of maintaining trust and credibility. Employee training: Ongoing training initiatives that elevate employees\' awareness of security threats and best practices play a pivotal role in preventing data breaches. Continuous security audits: Regular security audits and assessments serve as proactive measures, identifying vulnerabilities before they can be exploited. Best practices for recovery Detailed incident communication: Provide a comprehensive and transparent communication plan, detailing the incident\'s scope, impact, and the organization\'s proactive steps for resolution. Stakeholder engagement: Engage with stakeholders, including customers, employees, and regulatory bodies. Keep them informed about the incident\'s progress and the measures being taken for recovery. Comprehensive cyber insurance coverage: Cyber insurance can be a strategic asset, covering a range of costs related to the incident, including investigation, legal proceedings, and potential regulatory fines. Strengthen cybersecurity measures: Advanced threat detection: Implement advanced threat detection mechanisms that can identify anomalous behavior and potential threats in real-time. Encryption and access controls: Enhance data protection by implementing robust encryption protocols and access controls, limiting unauthorized access to sensitive information. Regular system updates: Maintain an agile cybersecurity posture by regularly updating and patching systems to address known vulnerabilities. Law enforcement partnership: Collaborate with law enforcement agencies and relevant authorities, leveraging their expertise to aid in the investigation and apprehension of cybercriminals. Legal counsel engagement: Engage legal counsel to navigate the legal intricacies associated with the breach, ensuring compliance with regulations and m]]> 2023-12-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/data-breaches-in-depth-analysis-recovery-strategies-and-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8426694 False Ransomware,Data Breach,Vulnerability,Threat,Patching,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC in losses to tech scams from social media alone. Further losses are being accrued through other sources, too, of course; but with that figure coming from one source, alone, the scale of the problem is laid out quite clearly. As more of the nation moves to a digital-first footing, these attacks are only likely to increase in volume, and scale, too. There is a strong argument that concerted and decisive action is needed, today, to halt their rise and make the internet safer for all. One way to make persuasive action is, potentially, through an assessment of the costs. Making a compelling case The government and internet service providers are, of course, keen to stop tech scams. It improves the reputation of businesses; and gives the government a better record when it comes to providing for the country. The role of government is in pushing regulation that can be enforced, monitored, and proper compliance put into place; and more needs to be done. Of course, governance speaks in money, and understanding the full cost of tech scams requires an assessment of the wider economic impact - not just from direct losses to consumers, but the knock on impact on businesses and regulators. After all, there is a significant risk of reputational damage; and the wider cost of tech fraud is estimated to be approaching $343 billion globally. There has been a focus from enforcement on stopping the tide; indeed, in July the FTC announced a huge push to bring greater enforcement of the regulations, resulting in up to $2 billion in fines. However, in the face of such a huge industry, there’s an argument that more needs to be done - starting with businesses. Applying business techniques A good way to protect consumers, from the business perspective, is to look at the advice and techniques. The US Chamber of Commerce has sought to do this through a series of advisories. A large focus has been placed on how cybercriminals use social engineering tactics to scam businesses; undermining the sense of trust and compassion that many rely on to take advantage. For businesses, the crucial factor is in keeping close control over your affairs in terms of that trust. Your livery and branding should be consistent and hard to replicate. On the phone, email, and in other communications, your business should have a method that makes it absolutely clear that your business, and only it, is communicating. Tech tools can help here, too, such as the use of personal information and the all-crucial two factor authentication. Essentially, you should make it as difficult as possible for any actor apart from the customer themselves to access their data - and stay on top of new developments. Human intelligence More often than not, however, the key to preventing tech scams is in the human resources you have at your disposal. As the Vermont Small Business Development Center notes, a lot of effective scam protection comes from the good senses of individuals. Employees who learn of]]> 2023-12-20T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/can-any-measures-stop-the-rise-of-tech-scams www.secnews.physaphae.fr/article.php?IdArticle=8426147 False Tool,Legislation None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC OWASP (the Open Worldwide Application Security Project) chapter. OWASP is a volunteer organization that is a treasure trove of application security information with things such as standards, discussion groups, documentation, and more. The organization tracks the annual OWASP Top 10 web application security risks and is the proverbial north star for developers seeking more secure coding practices. LASCON 2023 talks are recorded and available. As a conference, LASCON rolls up its metaphorical sleeves and puts on a fabulous show. The uniqueness of LASCON: Delivers exceptional content focused on application security Offers every attendee the opportunity to challenge themselves and gain new life skills Provides physical and cerebral entertainment Exceptional content LASCON is wholly committed to discussing, exploring, and showcasing application security. Check out the 2023 agenda here to see the extensive programming focused on application security. Why is application security so important? In the world of cybersecurity, the subset of application security is the last mile and the area the adversaries know may be less security-aware. Software is malleable and widely shared. In many cases software developers live in an environment of “just ship it” only to find that unintentional vulnerabilities crept into a production release. The push to “DevSecOps” or “SecDevOps” means security disciplines are being incorporated from the beginning to alleviate many of the problems that stem from a “just ship it” environment. LASCON tackles the what, why, and how of application security. In 2023, there was plenty of focus on the needs and benefits of automation, how development teams need to communicate to different audiences, and of course what generative-AI means for application security. In other words, something for everyone. Many of the LASCON sessions were recorded and the replays will be available in the next few months. I highly recommend viewing this topical content. New life skills Similar to other conferences, LASCON has an expo hall where sponsor-vendors showcase their technology and give away swag. But…LASCON goes a step further and brings in the Longhorn Lock Picking Club to set up Lock Pick Village in one end of the expo hall. Lock Pick Village focuses on locksport. This skill uses logical thinking, involves manual dexterity, and brings out the physical aspect of security. Lock Pick Village is a favorite among attendees and creates a bonding opportunity at LASCON. The mayor of Lock Pick Village runs various contests throughout the two days of the conference with winners walking away with bragging rights. Entertainment LASCON has something for everyone! Each year, the LASCON organizing team hosts “speed debates”. These debates are sarcastic, outlandish, and just plain funny. A moderator hosts two teams who take on cybersecurity topics of the day and present heartfelt pro or con arguments. Topics are far-ranging and incl]]> 2023-12-19T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-best-cybersecurity-conference-you-never-heard-of www.secnews.physaphae.fr/article.php?IdArticle=8425386 False Vulnerability,Conference None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC  . Figure 1. As captured by Alien Labs: Anti-virus detection for recent JaskaGO samples within VirusTotal. Analysis Upon initial execution, the malware cunningly presents a deceptive message box, displaying a fake error message, claiming a missing file. This is strategically designed to mislead the user into believing that the malicious code failed to run. (Figure 2) Figure 2. As captured by Alien Labs: Fake error message. Anti-VM The malware conducts thorough checks to determine if it is operating within a virtual machine (VM). This process begins with the examination of general machine information, where specific criteria such as the number of processors, system up-time, available system memory, and MAC addresses are checked. The presence of MAC addresses associated with well-known VM software, such as VMware or VirtualBox, is a key indicator. (Figure 3) Figure 3. As captured by Alien Labs: Looking for VM related MAC addresses. Additionally, the malware\'s Windows version searches for VM-related traces in both the registry and the file system. (Figure 4) ]]> 2023-12-18T22:51:00+00:00 https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows www.secnews.physaphae.fr/article.php?IdArticle=8425581 False Malware,Vulnerability,Threat,Prediction,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Tor. It\'s intentionally designed to conceal the identity of users and hosts. While it has a reputation for illegal markets, it also includes legitimate websites and forums. Ethical considerations Searching the dark web requires a strong commitment to ethical conduct. It\'s essential to respect both legal and moral boundaries. Here are some critical ethical considerations: Legal compliance: Ensure that your activities are within the bounds of the law. Engaging in any illegal activities, such as purchasing illicit goods, is strictly prohibited. Use encryption: When accessing the dark web, always use encryption tools like the Tor browser to protect your identity and maintain anonymity. Verification: Verify the legitimacy of the information you find. Misinformation and scams are prevalent on the dark web. Searching the Dark Web Get the right tools: Start by downloading the Tor browser, a free and open-source software that allows you to access the dark web while concealing your IP address. Consider using a virtual private network (VPN) in combination with the Tor browser for an additional layer of security. Deep web vs. dark web: Distinguish between the deep web and the dark web. Remember that the deep web consists of web pages not indexed by search engines but is not inherently hidden. The dark web, on the other hand, is intentionally concealed. Search engines: Dark web search engines like DuckDuckGo, Torch and notEvil can be used to find specific websites and content. These search engines access .onion domains, which are unique to the dark web. Directories: Dark web directories are like Yellow Pages for hidden services. They list websites and their categories, making it easier to find what you\'re looking for. Notable directories include The Hidden Wiki and TorLinks. Forums and communities: The dark web hosts numerous forums, discussion boards, and communities that cover a wide range of topics. Some of these can be valuable sources of information. However, exercise caution as many forums are associated with illegal activities. File sharing: File-sharing services on the dark web may contain a wealth of data, including documents, reports, and archives. Some of these files may be of intere]]> 2023-12-18T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/unveiling-the-dark-web-a-professionals-guide-to-ethical-exploration www.secnews.physaphae.fr/article.php?IdArticle=8424693 False Tool,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-12-14T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/protecting-the-enterprise-from-dark-web-password-leaks www.secnews.physaphae.fr/article.php?IdArticle=8422551 False Data Breach,Malware,Tool,Threat,Cloud,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC sprawled across these platforms, expanding the attack surface. Data vulnerabilities become increasingly common when network perimeters are hard to define in a hybrid work environment. Applying safeguards directly to data is needed to create more barriers that repel unauthorized data distribution. Data-centric security protects data from all kinds of threats, such as external attackers or negligent employees. 2. Apply granular access controls. Data-centric security is a vital approach to protect your data dynamically. It enables you to have more flexibility in managing your systems and networks by providing fine-grained access controls, which are more effective than traditional access controls. This framework is particularly critical in scenarios where not every user should have access to the entire data within their department. 3. Integrate with existing tech stack. Data-centric security is an effective way to protect a company\'s data from cyber threats. It can be added to existing infrastructure without disrupting normal operations or requiring drastic changes. This allows companies to gradually improve their security measures while freeing up resources for other purposes. Benefits of data-centric security As data becomes increasingly valuable as a competitive advantage, organizations have]]> 2023-12-13T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/what-is-data-centric-security www.secnews.physaphae.fr/article.php?IdArticle=8421999 False Data Breach,Tool,Vulnerability,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Similarly, threat intelligence sharing is a collaborative process that enables organizations to exchange information such as indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), and vulnerabilities between each other. It involves gathering threat intelligence from various sources, such as internal network logs, security tools, open-source intelligence (OSINT), commercial threat intelligence feeds, and industry-specific sharing communities like Information Sharing and Analysis Centers (ISACs). The collected data is then analyzed to identify patterns, trends, and actionable insights, which help organizations understand the threat landscape and make informed decisions about their security strategies. Addressing threat intelligence sharing legal, regulatory, and privacy concerns To maintain privacy and foster collaboration, organizations should establish clear guidelines and use standardized protocols like Structured Threat Information Expression (STIX) or Trusted Automated eXchange of Indicator Information (TAXII) when sharing threat intelligence outside the company. This collaborative approach will ultimately improve the security posture of all participating organizations. Also, participating organizations should work closely with legal and compliance teams to understand the requirements and establish guidelines for sharing threat intelligence while adhering to data privacy regulations and industry-specific compliance standards. Guidelines should include sanitization, anonymization, and encryption techniques to protect sensitive information from being publicly disclosed. How threat intelligence data is structured Standardized formats and languages, such as STIX or TAXII, are used to structure the data, ensuring consistency, readability, and easy processing by different tools and systems. Organizations share this threat intelligence through various channels, including email, file transfers, web platforms, or automated protocols like STIX and TAXII. Shared intelligence is then consumed, and appropriate countermeasures are implemented based on the insights gained. Organizations collaboratively and continuously monitor the effectiveness of their threat intelligence sharing efforts, providing feedback to each other and refining their processes to improve the quality and relevance of the shared data. Benefits of participating in threat intelligence sharing Just as neighborhood watch programs promote involvement through community building, shared responsibility, and mutual benefit, threat intelligence sharing programs encourage participation by doing the following: Raising aw]]> 2023-12-12T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/what-is-cybersecurity-threat-intelligence-sharing www.secnews.physaphae.fr/article.php?IdArticle=8421467 False Tool,Vulnerability,Threat,Commercial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-12-11T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/have-you-accounted-for-ai-risk-in-your-risk-management-framework www.secnews.physaphae.fr/article.php?IdArticle=8420984 False Tool,Vulnerability,Guideline None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-12-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/las-vegas-casinos-targeted-by-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8419832 False Ransomware,Vulnerability,Threat,Mobile,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC key concepts of data security and highlight the best practices across various sectors. Many of these safeguarding measures are also mandated by data security legislation and standards. Without any further ado, let\'s start discussing data security, its importance, benefits and steps to make your data more secure. What is data security? Data security refers to the practice of protecting digital data from unauthorized access, corruption, theft, or loss. It encompasses a wide range of techniques, tools, and measures that ensure data is safe from various threats. Data security is crucial for individuals, businesses, and governments, as it ensures the confidentiality, integrity, and availability of data. Benefits of data security Following are the key benefits of data security. Protect your data - Ensuring your information is safe from both inside and outside threats offers peace of mind. This means you can focus more on advancing your business plans and less on potential data breaches. Boost your credibility - Companies aiming for lasting collaborations often scrutinize the reputation of their prospective partners. Demonstrating solid data protection practices can also build trust with your clientele. Meet data security standards - Adopting stringent security protocols ensures you adhere to data protection standards, helping you steer clear of hefty non-compliance penalties. Minimize legal costs - Proactively securing data is far more cost-effective than addressing the aftermath of a breach. Investing in data security now can save significant expenses related to potential incidents later. Ensure operational consistency - Strong data security measures pave the way for smooth business operations, decreasing the chances of interruptions that could impact profitability. Top 29 data security best practices for your organization Data discovery: Begin by identifying the types and sensitivity of the data your organization holds. This helps determine which data is critical and which must adhere to specific security regulations. By doing this, you\'ll have a clear understanding of how to prioritize your data protection. Limit sensitive data access: All employees don\'t require access to all information. Broad access increases the risk of internal breaches and data theft. Embrace the principle of least privilege (PoLP): Minimize risks by ensuring new accounts start with minimal data access, which can be expanded based on roles, needs, and seniority. This way, sensitive data is less exposed, even if a cyber attacker breaches an account. Data encryption: With a surge in cyber threats, it\'s essential to shield personal data. Encrypting data transforms readable information into coded text, challenging unauthorized users. Equip with anti-malware: To guard against data breaches from malware, equip your devices with reliable anti-malware software. Regular vulnerability checks: Since data resides on computers, it\'s continuously exposed to potential threats. Keep data safe by routinely assessing and updating your software, mitigating risks of breaches. E]]> 2023-12-06T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/top-29-data-security-best-practices-for-your-enterprise www.secnews.physaphae.fr/article.php?IdArticle=8419516 False Malware,Tool,Vulnerability,Legislation,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC social engineering techniques through acts of intimidation. One prevalent scam involves fraudsters posing as bank security officials to deceive unsuspecting individuals. Another concerning trend is the rise of legitimate channels that drive people to scam schemes via mainstream advertising platforms like Google and Facebook. Furthermore, the economic hardships some people face have led them to seek alternative income sources, driving them to engage in various forms of online criminal activities. Some individuals become involved in schemes where they act as money mules or work in illegal call centers. It is challenging for financial institutions to guarantee absolute safety. Malicious individuals can present counterfeit identification to authorize transactions that were initially denied by the anti-fraud system. While financial institutions strive to know as much as possible about their clients and run transactions carefully, they are constrained by data retention limitations (typically several months) and the need to respond within seconds, as stipulated by Service Level Agreements. So, again, achieving complete certainty about every transaction remains a huge problem. Detecting suspicious activities becomes even more challenging when malicious employees request details about a specific client or transaction, as this falls within their routine work tasks. Some fraud detection systems use computer webcams or video surveillance cameras to monitor employee behavior. Modern surveillance systems have become more intelligent, leveraging artificial intelligence and historical data to perform comprehensive risk assessments and take action when unusual employee behavior is detected. However, these cameras may not always be effective in identifying deceitful behavior when employees remain almost motionless. Understanding fraud detection systems Fraud detection systems are designed to detect and prevent various forms of fraudulent activities, ranging from account hijacking and ]]> 2023-12-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/insights-into-modern-fraud-detection-systems www.secnews.physaphae.fr/article.php?IdArticle=8419246 False Tool,Threat,Mobile,Prediction,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC network security threats have the potential to disrupt operations and cause data breaches. These include: Malware. These malicious software or firmware programs usually enter a network when a person unintentionally downloads them after clicking a link or attachment. Depending on the type of malware, this can give hackers remote access to networks or capture data about network activity, alongside infecting other devices on the network. It’s important to ensure hybrid staff have malware detection software on both business and personal devices that they use to connect to company networks. In addition, you must give them training on how to avoid triggering malware downloads. Phishing. Social engineering attacks, like phishing, can be a challenging issue. These tactics are designed to skirt your security software by getting information or network access directly from your human workers. This may involve criminals posing as legitimate businesses or official entities and directing workers to cloned websites where they’ll be requested to enter sensitive information. You can mitigate this type of issue by monitoring network traffic to spot unusual activity, as well as educating staff on the details of these methods. Even if criminals gain passwords by these methods, setting up multi-factor authentication can limit how useful they are to hackers. That said, alongside the common threats, it’s important to get to know and address the issues with your specific hybrid business. Talk to your staff about their day-to-day working practices and the potential points of vulnerability. Discuss remote workers’ home network setups to establish whether there are end-to-end safeguards in place to prevent unauthorized access to networks. You can then collaborate on arranging additional equipment or protocols — such as access to an encrypted virtual private network (VPN) — that protect both the business and workers’ home equipment. Utilizing collaborative tools Effective collaboration is essential for all hybrid businesses. This isn’t just a matter of maintaining productivity. When employees have the right tools in place to wo]]> 2023-12-04T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-team-collaboration-tools-and-cybersecurity-can-safeguard-hybrid-workforces www.secnews.physaphae.fr/article.php?IdArticle=8419068 False Malware,Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-30T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/secure-browsing-a-guide-to-browsing-the-internet-safely www.secnews.physaphae.fr/article.php?IdArticle=8418027 False Malware,Tool,Vulnerability,Threat LastPass,LastPass 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC get the 2022 report). Get the complimentary 2023 report.  The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Transportation-specific respondents equal 202. At the onset of our research, we established the following hypotheses. Momentum edge computing has in the market. Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED- delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the transportation industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that transportation leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as transportation continues exploring edge computing use cases. One area that’s exam]]> 2023-11-29T12:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/get-the-att-cybersecurity-insightsreport-focus-on-transportation www.secnews.physaphae.fr/article.php?IdArticle=8417783 False Ransomware None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Richard’s Almanack in 1768, it was preceded by the cautionary words: “a little neglect may breed great mischief”. This simple proverb and added comment serve as emblematic examples of how seemingly inconsequential missteps or neglect can lead to sweeping, irreversible, catastrophic losses. The cascade of events resonates strongly within the increasingly complex domain of cybersecurity, in which the omission of even the most elementary precaution can result in a spiraling series of calamities. Indeed, the realm of cybersecurity is replete with elements that bear striking resemblance to the nail, shoe, horse, and rider in this proverb. Consider, for example, the ubiquitous and elementary software patch that may be considered the proverbial digital "nail." In isolation, this patch might seem trivial, but its role becomes crucial when viewed within the broader network of security measures. The 2017 WannaCry ransomware attack demonstrates the significance of such patches; an unpatched vulnerability in Microsoft Windows allowed the malware to infiltrate hundreds of thousands of computers across the globe. It wasn\'t just a single machine that was compromised due to this overlooked \'nail,\' but entire networks, echoing how a lost shoe leads to a lost horse in the proverb. This analogy further extends to the human elements of cybersecurity. Personnel tasked with maintaining an organization\'s cyber hygiene play the role of the "rider" in our metaphorical tale. However, the rider is only as effective as the horse they ride; likewise, even the most skilled IT professional cannot secure a network if the basic building blocks—the patches, firewalls, and antivirus software—resemble missing nails and shoes. Numerous reports and studies have indicated that human error constitutes one of the most common causes of data breaches, often acting as the \'rider\' who loses the \'battle\'. Once the \'battle\' of securing a particular network or system is lost, the ramifications can extend much further, jeopardizing the broader \'kingdom\' of an entire organization or, in more extreme cases, critical national infrastructure. One glaring example that serves as a cautionary tale is the Equifax data breach of 2017, wherein a failure to address a known vulnerability resulted in the personal data of 147 million Americans being compromised. Much like how the absence of a single rider can tip the scales of an entire battle, this singular oversight led to repercussions that went far beyond just the digital boundaries of Equifax, affecting millions of individuals and shaking trust in the security of financial systems. ]]> 2023-11-28T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/for-want-of-a-cyber-nail-the-kingdom-fell www.secnews.physaphae.fr/article.php?IdArticle=8417468 False Ransomware,Data Breach,Malware,Vulnerability Wannacry,Wannacry,Equifax,Equifax 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC basic cybersecurity hygiene when you’re rushing to score the best deals that you can online has always been a risk you’ve taken in the past, but it also may not be a risk you can afford to take this year. Read on to find out why and how you can prevent it.  Why do scammers like gift cards? Gift card fraud is a bigger problem than most people realize. In 2022, for example, FTC data revealed that nearly $230 million was lost to gift card fraud, affecting more than 48,000 people in total. Gift cards are popular with retailers because they present a very reliable stream of revenue. But at the same time, they prevent a viable opportunity for scammers to get away with easy money because of how difficult they are to track. Scammers like gift card cards because they are easy to break into and also because they do not have the same level of security authentication that credit or debit cards have. Most cybercriminals will steal gift card numbers online from stores offering them. They can accomplish this by using botnets that perform brute force attacks. The only thing a criminal has to do is to test thousands of different combinations of PIN and gift card numbers before hacking into a user’s account and depleting the card of its funds.  Furthermore, once the attack is completed, there’s usually no trace of the criminal’s identity and the funds cannot be traced. And even though most gift cards have limited amounts of money loaded on them (most gift cards run between $15 to $500 at the most), when cybercriminals are running their operations on a large scale they can turn a very sizable profit.  Cybercriminals can also monetize gift cards by illegally selling them on the dark web or other third-party websites. Some of these websites will offer the ability to convert gift cards to cash at 30%+ of the total card value, presenting an easy way to make quick money.  In the next section, we’ll dive into the specific types of gift card fraud that can affect you.  Types of gift card scams  Here are the most common types of gift card scams: Fictitious ads In this method, cybercriminals will post fake but realistic-looking advertisements for items ‘on sale’ on ecommerce websites where they will trick users to into sharing their gift card numbers to purchase the items. Once the money has been received, the ads will disappear, and the victim will be out of luck.  In other words, people can fall for this trick the same way they can fall for other common types of identity theft, with people being unassuming since the threa]]> 2023-11-27T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/gift-cards-or-data-theft-ensuring-safe-online-shopping-this-festive-season www.secnews.physaphae.fr/article.php?IdArticle=8417162 False None None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-24T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-you-need-a-secure-web-gateway www.secnews.physaphae.fr/article.php?IdArticle=8417469 False Malware,Threat,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ripe opportunity to scam.  According to the New Jersey Cybersecurity & Communications Integration Cell, recent reports had indicated. “spoofed emails were sent appearing to originate from legitimate organizations and contained [Thanksgiving-themed subject lines]’” noting how criminals and bad actors exploit the spirit of the season. Furthermore, they highlight that ”an Emotet banking trojan campaign was [also] observed using Thanksgiving lures.” Criminals know that with increased online transactions comes increased vulnerability, so they capitalize on the holiday spirit, designing scams that blend seamlessly with genuine promotional content, making it harder for individuals to distinguish between what\'s authentic and what\'s not. The risks of phishing One of the primary ways cybercriminals target individuals and businesses is through phishing attacks. Around Thanksgiving time, these types of scams might manifest as emails purporting to offer massive discounts, invitations to exclusive Thanksgiving events, or even charitable appeals meant to tug at the heartstrings to draw you in.  However, phishing isn’t restricted to just email—with their vast user bases, social media platforms are also prime targets for scams of all kinds.  Cybercriminals often create fake profiles or pages promoting too-good-to-be-true Thanksgiving deals, leading unsuspecting and unknowing victims to phishing websites or even tricking them into sharing personal information that can be further exploited. The hidden benefits of cybersecurity When businesses transform their robust cybersecurity processes into content, it becomes a powerful tool for brand awareness and elevation. Sharing with your audience the measures you\'ve implemented reassures them of the sanctity of their data. It\'s not just about telling them they\'re safe; it\'s about showing them. For potential customers, especially in niche markets, tangible information is a beacon of trust. So when they can actively see and better understand ]]> 2023-11-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/thanksgiving-cyber-feast-safeguarding-against-seasonal-scams www.secnews.physaphae.fr/article.php?IdArticle=8415844 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train]]> 2023-11-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/7-must-ask-questions-for-leaders-on-security-culture www.secnews.physaphae.fr/article.php?IdArticle=8415314 False Ransomware,Tool,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Wireshark: A powerful network protocol analyzer that allows you to capture and analyze network traffic. NetworkMiner: A tool for network forensics that can extract files, emails, and other artifacts from captured network traffic. We have covered FTK, ]]> 2023-11-20T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-to-perform-basic-digital-forensics-on-a-windows-computer www.secnews.physaphae.fr/article.php?IdArticle=8414800 False Tool,Cloud,Commercial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ici . Les entreprises de tous types et tailles souhaitent et doivent se concentrer sur l'innovation, la croissance et les stratégies de transformation.Pendant ce temps, la complexité de la gestion de l'évolution du paysage de la cybersécurité continue de se développer.Les adversaires sont déterminés, bien financés et en mission de perturber les entreprises de tous types et tailles. Alors que cette complexité continue de monter, la tâche d'exploitation des centres d'opérations de sécurité interne (SOC) devient souvent difficile à gérer pour une entreprise.Les organisations sont confrontées à des pénuries de dotation, à l'épuisement professionnel, à la hausse des coûts et à la lutte pour garder une longueur d'avance sur les cyber-risques implacables. Pour aider à apprivoiser la complexité, de nombreuses organisations s'engagent avec les services de sécurité gérés.Ceci est exactement la mission de l'entreprise & ndash;pour aider à simplifier la sécurité.Il aidera à gérer le risque pendant que nos clients récoltent les récompenses. Cette nouvelle entreprise aidera nos clients: sécuriser leur intelligence commerciale par le biais de conseillers expérimentés. Prédire leurs investissements de sécurité en stimulant l'efficacité dans les opérations de sécurité. Imagez les risques et se concentrez-vous sur l'innovation en tant que fournisseur de services de sécurité gérés expérimentés et vigilants. AT & amp; t et Willjam Ventures s'engagent à investir dans l'excellence et à répondre à vos besoins de sécurité en tant que nos précieux clients.J'ai hâte de partager plus d'informations sur ces changements passionnants dans les prochains mois. Sundhar Annamalai, président AT & amp; T Cybersecurity

---

On November 17, 2023 AT&T announced the creation of a new managed security services business backed by WillJam Ventures. Press release here. Businesses of all types and sizes want to, and need to focus on innovation, growth, and transformation strategies. Meanwhile, the complexity of managing the evolving cybersecurity landscape continues to expand. Adversaries are determined, well-funded, and on a mission to disrupt businesses of all types and sizes. As this complexity continues to mount, the task of operating internal security operations centers (SOCs) often becomes difficult for a business to manage. Organizations face staffing shortages, professional burnout, rising costs, and struggle to keep ahead of the unrelenting cyber risks. To help tame complexity, many organizations are engaging with managed security services. This is exactly the venture’s mission – to help simplify security. It will help manage the risk while our clients reap the rewards. This new venture will help our clients: Secure their business intelligence through experienced advisors. Predict their security investments by driving efficiency into security operations. Mitigate risk and focus on innovation as an experienced and vigilant managed security services provider. Both AT&T and WillJam Ventures are committed to investing in excellence and serving your security needs as our valued clients. I look forward to sharing more information about these exciting changes in the coming months. Sundhar Annamalai, President AT&T Cybersecurity]]> 2023-11-17T15:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/att-announces-formation-of-new-managed-security-services-company www.secnews.physaphae.fr/article.php?IdArticle=8413452 False None None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Smartproxy are better if security and privacy are your goals. Keep reading to discover how free proxies work and the dangers they pose. What is a proxy? A proxy is an intermediary server that accepts and forwards all your requests to the web server. This means that instead of connecting directly to the internet, you first connect to the proxy server. You might be wondering why using an intermediary server like a proxy is effective. Usually, it’s better to cut out the middleman, right? In this case, by connecting to the proxy first, your personal information, such as your IP and other associated data, is replaced by a new IP. This completely hides your information from the websites you visit. By changing your IP address through a proxy, websites or apps cannot track you, and your data is more secure. However, that’s not all a proxy does. What can you use a proxy for? By now, we know that proxies are great tools when it comes to online security and privacy. By hiding your real IP, the websites that you visit won’t be able to collect the data associated with your IP. This usually includes your name, location, ISP, devices, operating system, and more. Residential proxies, in particular, are great for anonymity because they use the IPs from real devices. As such, they don’t look like proxies and are much less likely to be detected as such. However, proxies can be used for many other ways aside from security and privacy. Another use is managing multiple social media accounts. Social media platforms are quick to issue IP bans if they find the same IP address creating multiple accounts. Account limits are usually only a handful per IP address, and the moment you create too many, you might receive an IP ban. This is frustrating if you’re a digital marketer who creates and manages accounts for clients. However, by using a proxy, you can change the IP that creates the accounts and avoid IP bans. Another use of proxies is related to automation. This can affect a wide range of automated tools, from sneaker bots to data scrapers and even social media automation. Many websites and social media platforms block automation tools as part of their anti-bot protection. However, by linking residential proxies to these tools, you can make them appear like natural users and bypass these limitations. However, to be successful, you’ll need to use residential proxies with a real IP. Finally, proxies can also help improve your connection speed and stabilize it. This is because you’re routing all your traffic through larger servers instead of your own device. These servers are much more capa]]> 2023-11-17T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/free-proxies-and-the-hidden-dangers www.secnews.physaphae.fr/article.php?IdArticle=8413331 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC aa22-074a & nbsp; décrire comment les configurations par défaut dans les applications MFA sont considérées comme une vulnérabilité.La tactique a été utilisée par les cyber-acteurs parrainés par l'État russe dès mai 2021 dans un compromis réussi d'une organisation américaine. Sur la base de ces directives de la CISA, les AT & amp; T cybersecurity a géré la détection gérée par la cybersecurity.et réponse (MDR) Centre d'opérations de sécurité (SOC) a analysé de manière proactive dans notre flotte de clients et a découvert un client qui utilisait la configuration par défaut, qui peut être exploitée.Les analystes de SOC ont contacté le client pour l'informer du risque et ont fourni des recommandations sur la façon de sécuriser leur réseau. Investigation Recherche d'événements Les analystes ont utilisé l'outil open-source, Elastic Stack, pour rechercher nos clients pour & ldquo; défaillance, & rdquo; qui est la configuration par défaut dans les applications MFA qui rend possible un accès non autorisé. & nbsp; & nbsp; Événement Deep-Dive La recherche a révélé un client avec son ensemble de candidatures MFA sur Rectendopen = 1, qui est le paramètre qui permet à un acteur malveillant de contourner l'authentification lorsqu'il est exploité.Le & ldquo; défaillance & rdquo;Le paramètre permet une tentative incorrecte de connexion, ce qui permettrait alors un accès sans entrave à un compte avec ce paramètre sur le réseau client. Revue pour des indicateurs supplémentaires De là, les analystes SOC ont pivoté pour rechercher l'environnement client pour toutes les informations qui identifieraient les actifs et les comptes des clients associés et qui indiqueraient une activité malveillante extérieure.Ils ont découvert que l'utilisateur responsable était répertorié comme administrateur dans l'environnement client. Réponse Construire l'enquête Les analystes ont ouvert une enquête pour traiter la mauvaise configuration de l'application mobile MFA ainsi que pour confirmer si l'activité associée à l'utilisateur identifié a été autorisée.L'enquête comprenait une explication de la vulnérabilité ainsi qu'un résumé de l'activité de l'utilisateur impliqué sur les actifs identifiés au cours des 30 derniers jours. Interaction client Les analystes ont créé une enquête à faible sévérité, ce qui, dans ce cas, signifiait qu'ils n'étaient pas tenus de contacter le client.(Nos clients MDR déterminent quand et comment le SOC communique avec eux.) Cependant, pour s'assurer que le problème a été résolu en temps opportun, les analystes ont également informé le groupe Hu]]> 2023-11-16T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-proactive-steps-to-protect-customers-from-misconfigured-mfa www.secnews.physaphae.fr/article.php?IdArticle=8412811 False Tool,Vulnerability,Threat None 3.0000000000000000