This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-07T03:05:24+00:00 www.secnews.physaphae.fr The State of Security - Magazine Américain From more broad laws like GDPR to industry-specific regulations like HIPAA , most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) is one such data protection framework-albeit a particularly specific one. We\'ll go into this in a bit more detail later, but NIST SP 800-171 applies only to non-federal...]]> 2024-05-06T02:31:37+00:00 https://www.tripwire.com/state-of-security/impact-nist-sp-800-171-smbs www.secnews.physaphae.fr/article.php?IdArticle=8494462 False Guideline None None The State of Security - Magazine Américain With the widespread use of AI technology, numerous AI models gather and process vast amounts of data, much of which comprises personal information utilized to offer personalized experiences. However, this abundance of data poses inherent risks, particularly in terms of privacy and security. As AI systems become more sophisticated, the potential for unauthorized access or misuse of sensitive data escalates, emphasizing the need to implement robust safeguards within AI systems to ensure the protection of user privacy and prevent unauthorized access and exploitation. Artificial intelligence...]]> 2024-05-06T02:31:28+00:00 https://www.tripwire.com/state-of-security/ensuring-privacy-age-ai-exploring-solutions-data-security-and-anonymity-ai www.secnews.physaphae.fr/article.php?IdArticle=8494463 False None None None The State of Security - Magazine Américain In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing takes a more targeted approach, exploiting vulnerabilities to understand the real-world effectiveness of existing security measures. Both practices are cornerstone elements of a comprehensive security framework , ensuring that defenses exist and are effective against...]]> 2024-05-03T03:39:50+00:00 https://www.tripwire.com/state-of-security/difference-vulnerability-scanning-penetration-testing www.secnews.physaphae.fr/article.php?IdArticle=8492865 False Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain Tripwire\'s April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities. Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves spoofing and remote code execution vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of...]]> 2024-05-02T03:20:40+00:00 https://www.tripwire.com/state-of-security/tripwire-patch-priority-index-april-2024 www.secnews.physaphae.fr/article.php?IdArticle=8492266 False Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies\' assets at all costs. One fundamental truth rings clear: it\'s an ongoing and relentless battle of wits. Much like modern-day mercenaries, bad actors are armed with an arsenal of sophisticated tools and threats , continually looking for any chinks in the security armor to exploit. Their objectives range from financial gain and fraud...]]> 2024-05-02T03:20:36+00:00 https://www.tripwire.com/state-of-security/cybersecurity-battle-wits www.secnews.physaphae.fr/article.php?IdArticle=8492267 False Tool,Threat None 2.0000000000000000 The State of Security - Magazine Américain Supply chain attacks are a serious and growing threat to businesses across all industries. However, these attacks pose an even greater risk for manufacturers in critical infrastructure sectors. One pernicious form of supply chain attack is spoofing, where attackers impersonate legitimate suppliers to sneak malicious code or components into products. Research shows that 2023 had the highest number (2769 in the US alone) of entities affected by supply chain spoofing. This figure is nearly twice as high as the number recorded in 2017. Organizations in different industries must urgently implement...]]> 2024-04-30T03:02:43+00:00 https://www.tripwire.com/state-of-security/defending-against-supply-chain-spoofing-critical-manufacturing www.secnews.physaphae.fr/article.php?IdArticle=8491101 False Threat None 2.0000000000000000 The State of Security - Magazine Américain In 1971, Ray Tomlison developed the first email service while working at The Defense Advanced Research Projects Agency (DARPA) . This development changed how we communicated. However, even though this was an exceptional tool, it was not very user-friendly, requiring users to have specific software installed on their computers. In 1996, Sabeer Bhatia founded Hotmail, making it the first web-based email messaging service. Exactly one year after Microsoft acquired Hotmail, I opened my first email account. I still remember the feeling of euphoria that came from receiving a virtual response to the...]]> 2024-04-30T03:02:40+00:00 https://www.tripwire.com/state-of-security/dmarc-next-step-email-hygiene-and-security www.secnews.physaphae.fr/article.php?IdArticle=8491102 False Tool None 3.0000000000000000 The State of Security - Magazine Américain Most people remember the iconic movie Terminator, in which the cyborg T-800 was dispatched back in time from the year 2029 with the mission to eliminate Sarah Connor. She was destined to give birth to the future leader of the human resistance against machines, thus threatening their dominance. If Sarah were killed, humanity\'s fate would be sealed, and the earth would succumb to the rule of machines. Kyle Reese, a soldier of the resistance, was tasked with safeguarding her. Yet, their journey was fraught with danger as the relentless Terminator embarked on a ruthless spree, targeting every...]]> 2024-04-29T05:08:13+00:00 https://www.tripwire.com/state-of-security/machines-vs-minds-power-human-ingenuity-against-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8490590 False None None 2.0000000000000000 The State of Security - Magazine Américain What\'s going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious threat to organizations. What\'s "junk gun" ransomware? It\'s a name coined by Sophos researchers for unsophisticated ransomware that is often sold cheaply as a one-time purchase. "Junk gun" ransomware is appealing to a criminal who wants to operate independently but lacks technical skills. Can you give some examples? Sure. The Kryptina ransomware was made available for sale in December...]]> 2024-04-25T10:03:58+00:00 https://www.tripwire.com/state-of-security/junk-gun-ransomware-cheap-new-threat-small-businesses www.secnews.physaphae.fr/article.php?IdArticle=8488572 False Ransomware,Threat,Technical None 2.0000000000000000 The State of Security - Magazine Américain Tech leaders taking cybersecurity seriously is something of a double-edged sword. While it\'s undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, it\'s depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation. A recent survey of UK technology leaders, run by UK IT Leaders and the Horizon CIO Network, revealed that over half of those surveyed said cybersecurity was their top priority for 2024. Again, this is both a good and bad thing. The cyber threat landscape is about as dangerous as ever...]]> 2024-04-24T02:35:13+00:00 https://www.tripwire.com/state-of-security/uk-it-leaders-are-prioritizing-cybersecurity-good-thing www.secnews.physaphae.fr/article.php?IdArticle=8487841 False Threat None 3.0000000000000000 The State of Security - Magazine Américain Alexandre Dumas\'s timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense is the cornerstone of cybersecurity – in a world where a cyberattack on one nation can have ripple effects across borders, a unified response is no longer an option but a necessity. The stakes are high. Cyberattacks on businesses, government...]]> 2024-04-24T02:35:11+00:00 https://www.tripwire.com/state-of-security/all-one-and-one-all-eu-cyber-solidarity-act-strengthens-digital-defenses www.secnews.physaphae.fr/article.php?IdArticle=8487842 False Legislation None 3.0000000000000000 The State of Security - Magazine Américain In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies and tackles nefarious behaviors that are often overlooked by conventional defenses. The Significance of Advanced HIDS in Endpoint Security An advanced HIDS plays a crucial part in strengthening endpoint security. It is capable of identifying and...]]> 2024-04-23T03:03:59+00:00 https://www.tripwire.com/state-of-security/enhancing-endpoint-security-advanced-host-based-intrusion-detection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8487265 False None None 3.0000000000000000 The State of Security - Magazine Américain Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don\'t have the funds to invest in cybersecurity. To make matters worse, cybercriminals see these organizations as easy prey. Although they may not be able to shell out for extortionate ransom demands as big business can, at the end of the day, data is data and is always worth something on the dark web. In many cases, smaller...]]> 2024-04-23T03:03:45+00:00 https://www.tripwire.com/state-of-security/university-cybersecurity-clinics-can-now-use-new-cisa-resource-guide www.secnews.physaphae.fr/article.php?IdArticle=8487266 False None None 3.0000000000000000 The State of Security - Magazine Américain The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the importance of adopting stringent security measures to protect the sanctity of this vital service. Advanced Cybersecurity Threats to Telemedicine The stakes are high as the healthcare sector grapples with the dual challenge of expanding digital...]]> 2024-04-22T02:35:34+00:00 https://www.tripwire.com/state-of-security/exploring-cybersecurity-risks-telemedicine-new-healthcare-paradigm www.secnews.physaphae.fr/article.php?IdArticle=8486676 False Medical None 3.0000000000000000 The State of Security - Magazine Américain As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let \' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model...]]> 2024-04-22T02:35:32+00:00 https://www.tripwire.com/state-of-security/nsa-debuts-cloud-security-mitigation-strategies www.secnews.physaphae.fr/article.php?IdArticle=8486677 False Vulnerability,Cloud None 3.0000000000000000 The State of Security - Magazine Américain Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK\'s Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information like passwords, email addresses, and bank details. LabHost has helped criminals create over 40,000 fraudulent websites and steal data from over 70,000 victims in the UK alone. Scammers used the service to steal vast amounts of information, including...]]> 2024-04-18T08:59:54+00:00 https://www.tripwire.com/state-of-security/37-arrested-police-smash-labhost-international-fraud-network www.secnews.physaphae.fr/article.php?IdArticle=8484748 False Legislation None 2.0000000000000000 The State of Security - Magazine Américain Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Economic Forum (WEF) published an article entitled " AI and cybersecurity: How to navigate the risks and opportunities ," highlighting AI\'s existing and potential impacts on cybersecurity. The bottom line? AI benefits both the good and bad guys, so it\'s...]]> 2024-04-17T02:55:50+00:00 https://www.tripwire.com/state-of-security/navigating-ai-and-cybersecurity-insights-world-economic-forum-wef www.secnews.physaphae.fr/article.php?IdArticle=8483956 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Security configurations are an often ignored but essential factor in any organization\'s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or IT teams to focus on, which is where security configuration management (SCM) comes in. While SCM can be a valuable tool for organizations across all sectors, it is particularly helpful for critical organizations required to comply with certain...]]> 2024-04-16T02:59:03+00:00 https://www.tripwire.com/state-of-security/scm-and-nerc-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8483268 False Tool None 2.0000000000000000 The State of Security - Magazine Américain Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use of generative AI in manufacturing poses particular challenges. Over one-third of manufacturers plan to invest in this technology, making it the industry\'s fourth most common strategic business change. As that trend continues, manufacturers - often prime cybercrime targets - must ensure generative AI is secure enough before its risks outweigh...]]> 2024-04-16T02:58:57+00:00 https://www.tripwire.com/state-of-security/casting-cybersecurity-net-secure-generative-ai-manufacturing www.secnews.physaphae.fr/article.php?IdArticle=8483269 False Tool,Prediction None 2.0000000000000000 The State of Security - Magazine Américain The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines these security efforts is the misconception about data volume versus the necessity for comprehensive data collection. Endpoint security does not need to be an insurmountable task. Fortra\'s Tripwire Axon agent revolutionizes endpoint security by ensuring...]]> 2024-04-15T03:11:38+00:00 https://www.tripwire.com/state-of-security/what-axon-agent-and-why-do-you-need-one www.secnews.physaphae.fr/article.php?IdArticle=8482576 False None None 2.0000000000000000 The State of Security - Magazine Américain The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines these security efforts is the misconception about data volume versus the necessity for comprehensive data collection. Endpoint security does not need to be an insurmountable task. Fortra\'s Tripwire Axon agent revolutionizes endpoint security by ensuring...]]> 2024-04-15T03:11:38+00:00 https://www.tripwire.com/state-of-security/what-is-fim-agent www.secnews.physaphae.fr/article.php?IdArticle=8483270 False None None 2.0000000000000000 The State of Security - Magazine Américain In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it? Compromises Up, Victims Down However, the Identity Theft Resource Center\'s (ITRC) Data Breach Report 2023 tells a somewhat more complicated story. The total number of compromises in 2023 rose by 72% since the previous record high in 2021, but the total number of victims fell 16% year-on-year. In the report\'s executive...]]> 2024-04-15T03:11:35+00:00 https://www.tripwire.com/state-of-security/itrc-data-breach-report www.secnews.physaphae.fr/article.php?IdArticle=8482577 False Data Breach None 2.0000000000000000 The State of Security - Magazine Américain What\'s going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web. So far, so normal. How did DragonForce come to prominence? DragonForce\'s earliest known ransomware attack was against the Ohio Lottery . In that case, DragonForce boasted it had...]]> 2024-04-11T10:00:55+00:00 https://www.tripwire.com/state-of-security/dragonforce-ransomware-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8480054 False Ransomware,Threat None 2.0000000000000000 The State of Security - Magazine Américain As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D\'Addamio , for example, a former nurse turned threat analyst. I spoke with Gina about her career transition. Her responses show how she leveraged her previous experience to succeed in an exciting new role in the cybersecurity space. Check out our conversation below...]]> 2024-04-10T02:58:51+00:00 https://www.tripwire.com/state-of-security/life-cybersecurity-nursing-threat-analyst www.secnews.physaphae.fr/article.php?IdArticle=8479163 False Threat,Technical None 2.0000000000000000 The State of Security - Magazine Américain Let\'s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. The first factor you provide is a password (often referred to as something you know.) In addition to the password, you must provide another form of identification that is not memory dependent (often referred to as something you have, such as a smartphone or a physical token.)...]]> 2024-04-10T02:58:49+00:00 https://www.tripwire.com/state-of-security/embracing-two-factor-authentication-enhanced-account-protection www.secnews.physaphae.fr/article.php?IdArticle=8479164 False None None 2.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft\'s new CWE listings , we know is tied to Improper Access Control. From a published Sophos write-up , we know that this is tied to a threat actor that has been working with a valid Microsoft Windows hardware Compatibility Program (WHCP) Certificate that has now been revoked...]]> 2024-04-09T15:20:51+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-april-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8478905 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain In an era where data breaches and privacy concerns are increasingly shaping global discourse, India\'s proactive stance on data protection is noteworthy. Introducing the Digital Personal Data Protection (DPDP) Act 2023 marks a significant milestone in India\'s legislative landscape. This groundbreaking Act fortifies individual data privacy rights and aligns India with global cybersecurity and data protection standards, setting a new benchmark for regulatory compliance. Background and Development of the DPDP Act The genesis of India\'s Digital Personal Data Protection (DPDP) Act of 2023 traces...]]> 2024-04-09T02:40:10+00:00 https://www.tripwire.com/state-of-security/cybersecurity-compliance-around-globe-indias-dpdp www.secnews.physaphae.fr/article.php?IdArticle=8478540 False None None 2.0000000000000000 The State of Security - Magazine Américain Phishing is one of the most pertinent cybersecurity dangers for organizations to be concerned about in today\'s digital landscape. Threat trends come and go, but phishing is a tried-and-true method that cybercriminals can adjust and adapt to all different manners of communication and evolving technology. Fortra\'s Gone Phishing Tournament (GPT) is a yearly training event, available for free all around the world. The goal is to provide users with a phishing simulation and measure their responses to gain an understanding of how prepared participants are to prevent attacks via a range of metrics...]]> 2024-04-08T03:04:22+00:00 https://www.tripwire.com/state-of-security/gone-phishing-results www.secnews.physaphae.fr/article.php?IdArticle=8477973 False Threat None 4.0000000000000000 The State of Security - Magazine Américain Summit Fever Syndrome, a cause of many extreme altitude climbers\' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors. Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks with (sometimes too much ) determination and succumb to "Summit Fever." This obsession, much like climbers ignoring the perilous signs on Everest, can doom AI initiatives through mission blindness, poor planning, and rushing forward, ignoring risks...]]> 2024-04-08T03:04:20+00:00 https://www.tripwire.com/state-of-security/aiml-digital-everest-dodging-system-failure-summit-fever www.secnews.physaphae.fr/article.php?IdArticle=8477974 False None None 2.0000000000000000 The State of Security - Magazine Américain In today\'s digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don\'t use them to their full potential. With any security tool or platform, it is important to understand its features beyond the most basic functions. Solutions can have advanced capabilities that are less commonly used but that can greatly benefit an...]]> 2024-04-05T03:03:49+00:00 https://www.tripwire.com/state-of-security/exploring-advanced-tripwire-enterprise-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8476350 False Tool None 3.0000000000000000 The State of Security - Magazine Américain Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping. That\'s the opinion of researchers at GrapheneOS, who tweeted a thread about their findings on the vulnerabilities known as CVE-2024-29745 and CVE-2024-29748. The team at GrapheneOS...]]> 2024-04-04T09:49:51+00:00 https://www.tripwire.com/state-of-security/google-patches-pixel-phone-zero-days-after-exploitation-forensic-companies www.secnews.physaphae.fr/article.php?IdArticle=8475934 False Vulnerability,Mobile None 2.0000000000000000 The State of Security - Magazine Américain Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese\'s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and chocolate sit alone on their own separate shelves. We reviewed a SaaS service with an eye toward compliance. The developers operate according to DevOps principles, which often bump into some of the...]]> 2024-04-04T03:28:53+00:00 https://www.tripwire.com/state-of-security/security-compliance-difference www.secnews.physaphae.fr/article.php?IdArticle=8475748 False Cloud None 2.0000000000000000 The State of Security - Magazine Américain Tripwire\'s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA\'s Known Exploited Vulnerabilities (KEV) catalog. Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free, out of bounds memory access, and inappropriate implementation vulnerabilities. Next on the patch priority list this month is a patch for Microsoft...]]> 2024-04-03T02:57:10+00:00 https://www.tripwire.com/state-of-security/tripwire-patch-priority-index-march-2024 www.secnews.physaphae.fr/article.php?IdArticle=8475072 False Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account, often preceded by a phishing technique. To protect against unauthorized access, it\'s essential to establish rules and policies for authenticating and authorizing users. Access control serves as the mechanism for imposing these protections, determining who or what is permitted to perform actions or access resources...]]> 2024-04-03T02:57:08+00:00 https://www.tripwire.com/state-of-security/exploring-access-control-models-building-secure-systems-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8475073 False None None 2.0000000000000000 The State of Security - Magazine Américain On an ordinary day, you\'re casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and even accessing the task manager becomes impossible. Unknown pop-ups invade your screen, telltale signs of malware execution. Regret washes over you as you realize the consequences of your unintentional actions. Now, the question looms: What should be...]]> 2024-04-02T02:56:58+00:00 https://www.tripwire.com/state-of-security/oops-malware-now-what-dealing-accidental-malware-execution www.secnews.physaphae.fr/article.php?IdArticle=8474468 False Malware None 3.0000000000000000 The State of Security - Magazine Américain The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds of technology that organizations use, and the ways that operational technology (OT) and information technology (IT) work and interact. In an effort to update NIST CSF for a broader and more current audience, the agency has finalized and released CSF 2.0 , the first major change to the CSF. There are extensive...]]> 2024-04-02T02:56:47+00:00 https://www.tripwire.com/state-of-security/whats-new-nists-cybersecurity-framework-20 www.secnews.physaphae.fr/article.php?IdArticle=8474469 False Threat None 2.0000000000000000 The State of Security - Magazine Américain In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical world, the aftermath of a crime scene always yields vital clues that can unravel the mystery behind a perpetrator\'s actions. Similarly, in the digital realm, DFIR specialists comb through vast floods of data, analyzing log files, network traffic, and system artifacts to reconstruct the sequence of events...]]> 2024-03-27T04:53:09+00:00 https://www.tripwire.com/state-of-security/incident-response-dfir www.secnews.physaphae.fr/article.php?IdArticle=8471276 False None None 4.0000000000000000 The State of Security - Magazine Américain I\'ll start this one with an apology – I\'ve been watching a lot of the TV show The Bear (which I\'d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his deceased brother\'s sandwich shop. When I see different chefs interacting in a busy environment I can\'t help but think of the same activities happening in the data center and IT offices that I\'ve visited. But whilst the best businesses in the world...]]> 2024-03-27T04:06:11+00:00 https://www.tripwire.com/state-of-security/bake-ensuring-security-cyber-kitchen www.secnews.physaphae.fr/article.php?IdArticle=8471247 False None None 3.0000000000000000 The State of Security - Magazine Américain With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming – and it\'s not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an increase in cyberattacks. Of these, the research found that an even greater proportion (an overwhelming 85%) blamed AI. What is AI\'s role in cybersecurity, then? Is it enabling our online freedoms and safety or undermining them? It\'s a question Techopedia wanted to explore . But, unlike speaking to human experts, these inquiries focused instead on a different...]]> 2024-03-26T03:49:21+00:00 https://www.tripwire.com/state-of-security/ai-platforms-name-cybersecurity-threats-and-advice-2024 www.secnews.physaphae.fr/article.php?IdArticle=8470636 False None None 3.0000000000000000 The State of Security - Magazine Américain What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats , and ways to protect the privacy of online activities. Essential components of browser security include secure communication protocols like HTTPS, which encrypts data in transit; features within the browser that detect and block malicious websites, phishing attempts, and malware; and technical measures for isolating the...]]> 2024-03-26T03:49:14+00:00 https://www.tripwire.com/state-of-security/browser-security-2024-technologies-and-trends www.secnews.physaphae.fr/article.php?IdArticle=8470637 False Malware,Technical None 2.0000000000000000 The State of Security - Magazine Américain Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Germany\'s Federal Criminal Police (known as the BKA) has announced that it has seized the infrastructure of Nemesis and taken down its website. At the same time, cryptocurrency worth 94,000 Euros was seized by police. Since its inception in 2021, Nemesis Market has grown rapidly - with more than 150,000 user accounts and over 1,100 sellers registered worldwide - dealing in a wide range of products including, narcotics...]]> 2024-03-25T10:57:50+00:00 https://www.tripwire.com/state-of-security/notorious-nemesis-market-zapped-video-game-loving-german-police www.secnews.physaphae.fr/article.php?IdArticle=8470234 False Legislation None 2.0000000000000000 The State of Security - Magazine Américain In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored hackers and opportunistic threat actors, our adversaries are as diverse as they are determined. As technology advances and society increasingly relies on digital infrastructure, the attack surface expands, providing bad actors with many entry points...]]> 2024-03-25T03:55:55+00:00 https://www.tripwire.com/state-of-security/managed-cybersecurity-services-secure-modern-environments www.secnews.physaphae.fr/article.php?IdArticle=8470041 False Threat None 2.0000000000000000 The State of Security - Magazine Américain In our interconnected world, the real estate industry has embraced technology to revolutionize its operations, enhance customer experiences, and streamline business processes. Yet, while this technological evolution has brought immense benefits to the property sector, it has also attracted the attention of nefarious actors keen on exploiting vulnerabilities. With high-value transactions occurring daily, the real estate sector has become a compelling target for attackers hoping to cash in on these opportunities. In addition, the pandemic fueled an almost overnight transition to remote work and...]]> 2024-03-25T02:32:03+00:00 https://www.tripwire.com/state-of-security/looming-cyber-threat-real-estate www.secnews.physaphae.fr/article.php?IdArticle=8470015 False Vulnerability,Threat None 2.0000000000000000 The State of Security - Magazine Américain Modern cybersecurity has reached an exceptional level, particularly with the integration of AI technology . The complexity of cyberattacks and their methodologies has also increased significantly, even surpassing human comprehension . This poses a considerable challenge for cybersecurity professionals who struggle to keep pace with the scale and complexity of AI-generated attacks. The widespread use of ML models often overlooks the importance of ensuring accuracy, reliability, and fairness in decision-making. As AI-generated attacks continue to rise, security professionals must prioritize...]]> 2024-03-21T01:34:09+00:00 https://www.tripwire.com/state-of-security/ai-transparency-why-explainable-ai-essential-modern-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8467737 False None None 3.0000000000000000 The State of Security - Magazine Américain The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be... FTC staff. In a warning published on its website , the FTC said that scammers were using its employees\' real names to steal money from consumers. A typical ruse will see the bogus FTC staffer advising someone to wire or transfer money to "protect" it, send a victim to a Bitcoin ATM, or even demand that they buy gold bars and take it to someone for "safe-keeping." The bogus FTC worker sometimes uses threats to encourage people to move funds recklessly . The FTC\'s advice...]]> 2024-03-20T10:03:18+00:00 https://www.tripwire.com/state-of-security/fraudsters-are-posing-ftc-scam-consumers www.secnews.physaphae.fr/article.php?IdArticle=8467369 False None None 3.0000000000000000 The State of Security - Magazine Américain Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a hidden vulnerability. With each unfound weakness, attackers gain one more opportunity to gain a foothold in the organization and compromise sensitive assets. In order to stop this, companies can leverage security configuration management (SCM) and file integrity monitoring (FIM) tools, but to truly create a preventative approach, they need full...]]> 2024-03-20T04:56:57+00:00 https://www.tripwire.com/state-of-security/what-is-log-management www.secnews.physaphae.fr/article.php?IdArticle=8467217 False Tool,Vulnerability,Cloud None 3.0000000000000000 The State of Security - Magazine Américain Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies. From July to December 2023, 483 data breaches were reported to the Australian Information Commissioner (OAIC), up 19% from 407 between January and June of the same year. Moreover, there were 121 secondary notifications, a notable increase from 29 notifications in the same period. The...]]> 2024-03-19T04:51:08+00:00 https://www.tripwire.com/state-of-security/critical-insights-australias-supply-chain-risk-landscape www.secnews.physaphae.fr/article.php?IdArticle=8466579 False Vulnerability,Cloud None 3.0000000000000000 The State of Security - Magazine Américain Security and compliance are often tightly intertwined. The main difference is that sometimes security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to deduce the state of a system; the evidence needs to be clear. There are many factors that can cause compliance shifts. Configurations are constantly changing because there are updates happening to the infrastructure, there are patches being applied, there are applications that are being updated, and these cause changes to the system that...]]> 2024-03-19T04:51:01+00:00 https://www.tripwire.com/state-of-security/achieving-continuous-compliance-tripwires-security-configuration-manager www.secnews.physaphae.fr/article.php?IdArticle=8466580 False None None 2.0000000000000000 The State of Security - Magazine Américain Any time the television news presents a story about cybersecurity, there is always a video of a large data center with thousands of blinking lights. Even most cybersecurity blogs will include an image of many lights on the front panels of servers, routers, and other hardware. However, most people don\'t notice that the lights are usually green or some shade of blue. Rarely are those lights yellow or red, signaling a problem. Firmware problems Just as a red traffic light is the signal to stop, few things raise the blood pressure of a sysadmin faster than a hardware, or worse, a firmware problem...]]> 2024-03-18T04:21:06+00:00 https://www.tripwire.com/state-of-security/firmware-monitoring-just-snapshot-away www.secnews.physaphae.fr/article.php?IdArticle=8465937 False None None 3.0000000000000000 The State of Security - Magazine Américain The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A report by Apple suggests that the number of data breaches nearly tripled between 2013 and 2022, compromising 2.6 billion records over the course of just two years, a trend that is only getting worse. A Review of Basic Concepts Organizations have rapidly...]]> 2024-03-18T04:20:51+00:00 https://www.tripwire.com/state-of-security/federated-learning-cybersecurity-collaborative-intelligence-threat-detection www.secnews.physaphae.fr/article.php?IdArticle=8465938 False Threat,Prediction None 3.0000000000000000 The State of Security - Magazine Américain An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested in 2022 as part of a multinational law enforcement investigation into LockBit that started in March 2020. According to media reports , Vasiliev admitted targeting organisations, encrypting their data, and demanding over $100 million for the LockBit gang. Canadian police raided Vasiliev\'s home in Bradford, Ontario, in August 2022...]]> 2024-03-14T08:51:10+00:00 https://www.tripwire.com/state-of-security/lockbit-affiliate-jailed-almost-four-years-after-guilty-plea www.secnews.physaphae.fr/article.php?IdArticle=8463795 False Ransomware,Legislation None 2.0000000000000000 The State of Security - Magazine Américain What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS\' job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the team\'s attention, the HIDS enables in-house staff to investigate and block nefarious activity before serious consequences occur. “Host-based” refers to the fact that HIDS only monitors and detects across host machines – not the network, which it only uses as a data...]]> 2024-03-13T04:11:53+00:00 https://www.tripwire.com/state-of-security/importance-host-based-intrusion-detection-systems www.secnews.physaphae.fr/article.php?IdArticle=8463086 False None None 2.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis. Vulnerabilities are also color-coded to aid in identifying key issues...]]> 2024-03-12T14:26:33+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-march-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8462801 False Vulnerability,Threat None 2.0000000000000000 The State of Security - Magazine Américain Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organization\'s control, it can be extremely difficult to manage all of the risks and vulnerabilities that are likely to arise. Security configuration management (SCM) is one way to take control of many of the facets of cybersecurity that are often overlooked or difficult to handle. Ensuring that all systems are configured properly is an essential part of security and compliance, and investing...]]> 2024-03-12T04:28:48+00:00 https://www.tripwire.com/state-of-security/reducing-cyber-risks-security-configuration-management www.secnews.physaphae.fr/article.php?IdArticle=8462552 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more sophisticated, harder-to-detect attacks at scale. They can also manipulate machine learning algorithms to disrupt operations or compromise sensitive data, amplifying the impact of their criminal activities. Malicious actors have increasingly turned to AI to analyze and refine their attack...]]> 2024-03-11T03:47:41+00:00 https://www.tripwire.com/state-of-security/cybersecurity-age-ai-exploring-ai-generated-cyber-attacks www.secnews.physaphae.fr/article.php?IdArticle=8462025 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Using security tools to monitor activities on IP based endpoints and the resulting changes that occur pose one of the most formidable challenges to security and regulatory compliance efforts, thanks to its potential to disrupt established security measures and protocols. Compliance frameworks, such as PCI DSS and NIST 800-53/SI-7, require organizations in every sector to maintain a consistent and secure environment to meet regulatory standards. Integrity is a foundational piece of this puzzle. It takes only one accidental, unintentional, or malicious system change to completely undermine the...]]> 2024-03-11T03:47:17+00:00 https://www.tripwire.com/state-of-security/file-integrity-monitoring-vs-integrity-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8462026 False Tool None 2.0000000000000000 The State of Security - Magazine Américain If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it\'s time to wake up. The FBI\'s latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for some grim reading. According to the IC3 report, online fraud hit record losses in 2023, with the American public reporting US $12.5 billion, a 22% increase from the year before. However, this only counts reported crimes to the FBI. The true figure is likely to be much, much higher. So, what are some of the main takeaways from the report? Ransomware I...]]> 2024-03-07T08:13:37+00:00 https://www.tripwire.com/state-of-security/125-billion-lost-cybercrime-amid-tidal-wave-crypto-investment-fraud www.secnews.physaphae.fr/article.php?IdArticle=8460351 False Ransomware None 2.0000000000000000 The State of Security - Magazine Américain Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation\'s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the availability and reliability of the grid is crucial. The introduction of NERC CIP-013-1 standards marks a significant step forward in fortifying our defenses against external threats to the Bulk Electric System, underscoring the high stakes of...]]> 2024-03-06T06:24:14+00:00 https://www.tripwire.com/state-of-security/achieve-nerc-cip-013-1-compliance www.secnews.physaphae.fr/article.php?IdArticle=8459818 False None None 3.0000000000000000 The State of Security - Magazine Américain In 2024, transformation is reshaping industries, and the financial sector stands at a crucial juncture. The Softcat Business Tech Priorities Report , a comprehensive survey encompassing over 4,000 customers across various sectors, sheds light on this transformation. Significantly, cybersecurity has emerged as the paramount concern for financial institutions for the second consecutive year. This prioritization underscores a growing recognition of the intricate challenges and opportunities that cyber threats present in our increasingly digitalized economic landscape. Cybersecurity as the Top...]]> 2024-03-06T01:34:18+00:00 https://www.tripwire.com/state-of-security/financial-sector-refocusing-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8459702 False None None 3.0000000000000000 The State of Security - Magazine Américain Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target\'s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly. However, people can strengthen utilities\' cybersecurity with some best practices. 1. Protect From DDoS Attacks With Historical Awareness Recent news coverage has focused on physical attacks against...]]> 2024-03-05T06:11:34+00:00 https://www.tripwire.com/state-of-security/what-are-top-ddos-mitigation-tactics-energy-grids www.secnews.physaphae.fr/article.php?IdArticle=8459299 False None None 2.0000000000000000 The State of Security - Magazine Américain In today\'s expanding cyber threat landscape, infiltrating a system goes beyond unauthorized access or malware installation. To achieve their ultimate objectives, cybercriminals need to maintain an undetected presence in the system or network to control or extract data according to their needs. Command and Control attacks, also known as C&C or C2 attacks, create a covert link between the compromised system and a C2 server. This backdoor connection allows prolonged access, enabling data theft, Distributed Denial of Service (DDoS) attacks, crypto-mining, or even total network compromise by threat...]]> 2024-03-05T06:11:30+00:00 https://www.tripwire.com/state-of-security/what-are-command-and-control-attacks www.secnews.physaphae.fr/article.php?IdArticle=8459300 False Malware,Threat None 3.0000000000000000 The State of Security - Magazine Américain In the intricate realm of cybersecurity, the relentless surge of cyber threats demands a constant reassessment of defensive strategies. Amidst this dynamic landscape, a subtle yet indispensable player takes center stage - Security Configuration Management (SCM) . This blog embarks on an insightful journey into the critical role played by SCM in the ongoing battle against cyberattacks, shedding light on its ability to pinpoint and rectify system misconfigurations. The Security Configuration Management (SCM) process assumes a crucial role within any organization, serving as a pivotal element in...]]> 2024-03-05T03:04:57+00:00 https://www.tripwire.com/state-of-security/role-security-configuration-management-scm-preventing-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8459196 False None None 2.0000000000000000 The State of Security - Magazine Américain Agriculture, a fundamental aspect of human civilization, plays an important role in global economic stability, contributing 4% to the global GDP . This sector not only provides food, but also supplies vital raw materials for various industries and drives economic development through job creation and trade facilitation. As we observe a technological revolution impacting every sector, agriculture is also experiencing remarkable digital transformations. The integration of technology in agriculture, such as in precision farming and automated agriculture, is transforming agricultural practices and...]]> 2024-03-05T03:04:50+00:00 https://www.tripwire.com/state-of-security/need-cybersecurity-agriculture www.secnews.physaphae.fr/article.php?IdArticle=8459197 False None None 3.0000000000000000 The State of Security - Magazine Américain The most recent book that we\'ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks . The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.” As someone who works primarily with REST APIs , I was more interested in the introduction that it offered to core concepts. A lot of the time, with books like this, you find yourself bored with the first few chapters and eager to get into the real subject matter, but my lack of familiarity with GraphQL and...]]> 2024-03-04T03:42:23+00:00 https://www.tripwire.com/state-of-security/tripwirebookclub-black-hat-graphql www.secnews.physaphae.fr/article.php?IdArticle=8458762 False None None 2.0000000000000000 The State of Security - Magazine Américain Tripwire\'s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been added to CISA\'s Known Exploited Vulnerabilities (KEV) catalog. For ConnectWise ScreenConnect, note that exploits are available in the Metasploit Framework. Up next are patches for Microsoft Edge...]]> 2024-03-04T03:42:19+00:00 https://www.tripwire.com/state-of-security/tripwire-patch-priority-index-february-2024 www.secnews.physaphae.fr/article.php?IdArticle=8458763 False Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain What\'s happened? The US government warned healthcare organizations about the risk of being targeted by the ALPHV BlackCat ransomware after a surge in attacks. I thought ALPHV BlackCat had been taken down by the cops? Well remembered. Shortly before Christmas, the US Department of Justice (DOJ) announced that it had disrupted the gang\'s operations and seized decryption keys to help hundreds of victims unlock their files without paying a ransom. So what\'s gone wrong? I\'m afraid ALPHV BlackCat came back. In fact, within hours of the DOJ\'s announcement, the ransomware gang said it had "unseized"...]]> 2024-02-29T08:26:20+00:00 https://www.tripwire.com/state-of-security/healthcare-sector-warned-alphv-blackcat-ransomware-after-surge-targeted-attacks www.secnews.physaphae.fr/article.php?IdArticle=8457000 False Ransomware None 2.0000000000000000 The State of Security - Magazine Américain The financial services sector faces unprecedented cybersecurity challenges in today\'s digital age. With the industry being a prime target for cybercriminals , understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services, underscoring their significance in safeguarding sensitive data and maintaining robust cyber defenses. We aim to demystify these complex regulations and highlight the path to compliance. The Significance of Cybersecurity in Financial Services The financial...]]> 2024-02-29T01:54:04+00:00 https://www.tripwire.com/state-of-security/making-sense-financial-services-cybersecurity-regulations www.secnews.physaphae.fr/article.php?IdArticle=8456831 False None None 3.0000000000000000 The State of Security - Magazine Américain What is the greatest cyber risk in the world right now? Ransomware? Business Email Compromise? Maybe AI? Well, the last one is pretty close. According to the World Economic Forum, misinformation and disinformation are the most severe global risks of the next two years. In their Global Risks Report 2024 , the WEF posited that the post-pandemic world is at a "turning point," with the two key problems possessing the power to do everything, from challenging mental health to eroding human rights. Also of concern is the coalescing of AI power and technology, which is lowering the bar to entry for...]]> 2024-02-28T07:06:13+00:00 https://www.tripwire.com/state-of-security/wef-waging-war-misinformation-and-cyber-insecurity www.secnews.physaphae.fr/article.php?IdArticle=8456417 False None None 2.0000000000000000 The State of Security - Magazine Américain Cybersecurity is a pressing topic of concern for most organizations today, as any amount of sensitive data or digital assets can present a security risk. Understanding the digital landscape, threat trends, and the way they change over time is an essential step in defending against cyberattacks. It can be daunting for any organization to stay in the loop and maintain perspective on cyberthreats and security practices. Fortra\'s 2024 State of Cybersecurity Survey polled over 400 cybersecurity professionals across a wide range of industries and locations in order to obtain a clear-sighted view of...]]> 2024-02-28T02:45:51+00:00 https://www.tripwire.com/state-of-security/what-we-learned-state-cybersecurity-survey www.secnews.physaphae.fr/article.php?IdArticle=8456316 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam relies on proven scam techniques once the narrative is stripped away. These scam techniques often exploit our characteristics and heuristics, or things that make us human and fallible. In this blog post, I will cover some of the most common scam techniques and explain how they work. Evoking visceral influence Visceral influences such as...]]> 2024-02-27T04:52:59+00:00 https://www.tripwire.com/state-of-security/top-scam-techniques-what-you-need-to-know www.secnews.physaphae.fr/article.php?IdArticle=8455810 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy, manufacturing, food and agriculture, waste, transportation, and financial sectors. Depending on other factors, your morning routine may go so far as to rely on the health, dams, and chemical sectors. An interruption to any one of those sectors...]]> 2024-02-27T02:55:42+00:00 https://www.tripwire.com/state-of-security/improving-ot-security-industrial-processes www.secnews.physaphae.fr/article.php?IdArticle=8455771 False Industrial None 2.0000000000000000 The State of Security - Magazine Américain Navigating the information superhighway is like threading your car through traffic on a dangerous rush hour freeway. The journey is full of perils that can prevent you from getting where you need to go and turn the trip into a bumpy ride. In the same way we plan for wrecks and try to avoid hazards on the road, businesses can minimize the impact of an incident and cruise confidently through the chaos by thinking with a resilience-first mindset. Cyber resilience is both a mentality and a skill set that sharpens with continuous use and practice. Most organizations evaluate their cyber resilience...]]> 2024-02-26T02:45:42+00:00 https://www.tripwire.com/state-of-security/cyber-resilience-planned-and-practiced www.secnews.physaphae.fr/article.php?IdArticle=8455288 False None None 2.0000000000000000 The State of Security - Magazine Américain Although attacks on small and medium-sized businesses (SMBs) rarely hit the headlines, they remain a serious threat. Unlike their corporate counterparts, many SMBs lack the tools, skills, and mitigation services they need to combat modern threats. Understanding that forewarned is forearmed, the National Cyber Security Centre (NCSC) recently debuted a guide aimed at smaller companies that lack dedicated IT or support staff called “ Using Online Services Safely ”. Its purpose is to help smaller players bolster their cybersecurity defenses and mitigate the potential impact of attacks on companies...]]> 2024-02-26T02:45:39+00:00 https://www.tripwire.com/state-of-security/delving-ncscs-new-smb-cybersecurity-guide www.secnews.physaphae.fr/article.php?IdArticle=8455289 False Tool,Threat None 2.0000000000000000 The State of Security - Magazine Américain A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. The bounty offer comes from the US State Department, following this week\'s disruption of the criminal organisation\'s activities. LockBit, which has been operating since 2020, has targeted thousands of victims around the globe, causing the loss of billions of dollars in both ransom payments and recovery. The UK\'s National Crime Agency (NCA), the FBI, and others have collaborated on "Operation Cronos", which has taken over LockBit\'s backend infrastructure...]]> 2024-02-22T10:13:41+00:00 https://www.tripwire.com/state-of-security/bring-us-head-lockbit-15-million-bounty-offered-information-leaders-notorious www.secnews.physaphae.fr/article.php?IdArticle=8453751 False Ransomware None 2.0000000000000000 The State of Security - Magazine Américain Many of the breaches of the past ten years have taken advantage of weak or nonexistent security settings. Conversely, for example, companies that configured their Docker application to the CIS recommended security settings for container users and privileges were not as vulnerable to container escape exploits. Arguably, a configuration change prevented many breaches. Security configuration management can make a huge difference in reducing an organization\'s vulnerability. As stated in a previous post : “As a multi-faceted topic, hardening may overwhelm organizations when designing or amending...]]> 2024-02-22T03:03:14+00:00 https://www.tripwire.com/state-of-security/customizing-security-security-configuration-management-scm www.secnews.physaphae.fr/article.php?IdArticle=8453575 False Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain As we are well into 2024 now, we at Fortra want to continue our commitment to empowering you all with the knowledge and tools needed to protect you, your organization, and even your family. This year, we will be looking more and more at the human element, and provide you with methods to practice repeatable, real-world techniques to ingrain positive habits and security behaviors to keep you as safe as possible. Society\'s Pendulum Like any industry, cybersecurity is influenced by the latest gravitational pull of society. While there are many positive developments, cybercriminals are often...]]> 2024-02-21T02:43:59+00:00 https://www.tripwire.com/state-of-security/cybersecurity-trends-key-areas-follow www.secnews.physaphae.fr/article.php?IdArticle=8453090 False Tool,Studies None 3.0000000000000000 The State of Security - Magazine Américain Last year, the Securities and Exchange Commission adopted rules on cybersecurity risk management that focused on transparency. Much of the adopted rules were focused on investors, but the rules also underscored the importance of the impact to customers when cybersecurity incidents occur. The data security landscape has recently shifted to prioritize the user or the customer, and that was just one of the steps in furthering the approach. In many commercial relationships, customers have endured a fractious relationship with organizations, especially the so-called big tech firms, concerning data...]]> 2024-02-21T02:43:54+00:00 https://www.tripwire.com/state-of-security/building-customer-trust-through-transparent-safety-and-security-practices www.secnews.physaphae.fr/article.php?IdArticle=8453091 False Commercial None 2.0000000000000000 The State of Security - Magazine Américain Over the years, PayPal has earned a reputation for being a secure and easy way to send and receive money. However, no payment system is entirely immune to scams , and cybercriminals often exploit these platforms due to their widespread popularity and trust among users. PayPal is the most widely used online payment system in the US, making it a compelling target for scammers looking to capitalize on its extensive user base. Moreover, its ubiquity provides a sense of legitimacy that bad actors leverage to trick unsuspecting users. Additionally, PayPal transactions are often perceived as secure...]]> 2024-02-20T03:30:38+00:00 https://www.tripwire.com/state-of-security/top-paypal-scams-protection-tips www.secnews.physaphae.fr/article.php?IdArticle=8452641 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few. Though third-party vendors are a necessary cog in the wheel for streamlining operations, they may pose a significant risk as potential gateways for cyber incidents. To put things into perspective, according to one study, 15% of system intrusion incidents...]]> 2024-02-20T02:30:22+00:00 https://www.tripwire.com/state-of-security/pci-dss-compliance-meeting-third-party-vendor-requirements www.secnews.physaphae.fr/article.php?IdArticle=8452617 False Studies None 2.0000000000000000 The State of Security - Magazine Américain A recent report from Duke University\'s Sanford School of Public Policy has shed light on a concerning issue - data brokers are selling vast amounts of highly sensitive information about American military service members. This includes private data about active-duty personnel, veterans, and their families, encompassing sensitive health and financial details. Shockingly, these brokers even offer bulk data for individuals within geofenced military facilities like Fort Bragg and Quantico. The implications are alarming, as a Duke University member said the data "could theoretically be used to...]]> 2024-02-19T02:22:22+00:00 https://www.tripwire.com/state-of-security/data-brokering-thousand-things-about-yourself www.secnews.physaphae.fr/article.php?IdArticle=8452269 False None None 2.0000000000000000 The State of Security - Magazine Américain The digital landscape is ever-changing, causing cybersecurity to often feel like a moving target. Thankfully, the NSA 2023 Cybersecurity Report arrives to provide critical information and context to help organizations keep their peace of mind. This comprehensive report, drawing insights from a wide range of industries, delves into the pressing technological trends, emerging challenges, and the growing importance of sustainability in the tech sector. It serves as an essential guide for understanding how these dynamics are shaping the future of cybersecurity and technology. Technology Trends for...]]> 2024-02-19T02:02:02+00:00 https://www.tripwire.com/state-of-security/insights-nsa-cybersecurity-report www.secnews.physaphae.fr/article.php?IdArticle=8452270 False None None 4.0000000000000000 The State of Security - Magazine Américain Good news for organisations who have fallen victim to the notorious Rhysida ransomware . A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled. Researchers from Kookmin University describe how they exploited an implementation flaw in Rhysida\'s code to regenerate its encryption key in a technical paper about their findings. "Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data. However, an...]]> 2024-02-15T09:18:45+00:00 https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released www.secnews.physaphae.fr/article.php?IdArticle=8450462 False Ransomware,Tool,Vulnerability,Technical None 3.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses have become relatively common and are frequently featured within the Patch Tuesday updates. SmartScreen prompts you when running certain files downloaded from the Internet to warn you that you should exercise caution before proceeding. SmartScreen does...]]> 2024-02-13T14:31:26+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-february-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8449712 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of cybercrime persists, with costs escalating annually . Among the myriad of cyber threats, social engineering attacks, notably phishing and business email compromise (BEC) , stand out for their prevalence and the multifaceted impact they wield on businesses. These attacks exploit human psychology...]]> 2024-02-12T01:50:22+00:00 https://www.tripwire.com/state-of-security/leveraging-ai-llms-counter-social-engineering-psychological-hack-back-strategy www.secnews.physaphae.fr/article.php?IdArticle=8449175 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Today\'s BEC attacks are more nuanced, more accessible, less technically demanding, and consequently, more dangerous than ever before. In our report, 2023 BEC Trends, Targets, and Changes in Techniques , we take a hard look at the anatomy of Business Email Compromise (BEC) attacks today and the lures that are drawing users to the bait in record numbers. The Popularity of BEC Attacks Nefarious email impersonations like BEC now account for nearly 99% of all reported threats, per our recent findings. According to the most recent FBI Internet Crime (IC3) Report , BEC accounted for $2.7 billion...]]> 2024-02-12T01:50:22+00:00 https://www.tripwire.com/state-of-security/key-findings-business-email-compromise-bec-trends-report www.secnews.physaphae.fr/article.php?IdArticle=8449176 False None None 2.0000000000000000 The State of Security - Magazine Américain New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023. A report from biometric firm iProov warns that "face-swapping" fraudsters are increasingly using off-the-shelf tools to create manipulated images and videos. iProov\'s analysts are tracking over 100 face swap apps and repositories, meaning that there is a wide selection of low-cost, easily accessible generative AI tools that can create highly convincing deepfakes to trick humans and some remote identity verification solutions that do a "liveness" test. A "liveness" test will typically...]]> 2024-02-08T08:06:33+00:00 https://www.tripwire.com/state-of-security/surge-deepfake-face-swap-attacks-puts-remote-identity-verification-risk www.secnews.physaphae.fr/article.php?IdArticle=8448014 False Tool None 2.0000000000000000 The State of Security - Magazine Américain Last year, text scammers prowling around on messaging platforms like WhatsApp sent a staggering 19 million messages in December alone. When ploys like these can rake up over $10 million in a matter of months, it\'s easy to see why. Which WhatsApp messages are real this year, and which are not? With social engineering attacks , it\'s increasingly harder to tell. Here\'s a look at the most probable WhatsApp scams in 2024 and what you can do to avoid them. Family Member Impersonation Scam “Are you my mother?” The first kind of scam that has kept its popularity this year is known as the “ Mum and Dad...]]> 2024-02-07T02:33:55+00:00 https://www.tripwire.com/state-of-security/whatsapp-scams-what-to-look-out-for www.secnews.physaphae.fr/article.php?IdArticle=8447579 False None None 2.0000000000000000 The State of Security - Magazine Américain In recent times, the remarkable advancement of AI has revolutionized our technological landscape. Its profound benefits have not only enhanced the efficiency of our daily operations but also induced transformative shifts across industries. The impact of AI has made our lives more convenient, creating new opportunities in the digital world. Looking ahead, AI\'s influence promises a future full of innovation and potential. However, where there\'s a positive development, a negative counterpart often emerges. Cybercriminals have adeptly exploited AI for malicious intent. The significant benefits of...]]> 2024-02-07T02:30:35+00:00 https://www.tripwire.com/state-of-security/vital-role-defensive-ai-safeguarding-future www.secnews.physaphae.fr/article.php?IdArticle=8447580 False None None 2.0000000000000000 The State of Security - Magazine Américain Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to understand the security measures individuals and organisations implement to safeguard themselves against such threats. But a threat overlooked by many is the threat posed by "default." Well, what is this? It is the process of accepting the...]]> 2024-02-06T02:22:22+00:00 https://www.tripwire.com/state-of-security/dangers-default-cybersecurity-age-intent-based-configuration www.secnews.physaphae.fr/article.php?IdArticle=8447208 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security risks. This article explores the risks associated with Kubernetes Helm charts and provides actionable strategies to mitigate potential vulnerabilities. Understanding and addressing these security...]]> 2024-02-06T01:52:22+00:00 https://www.tripwire.com/state-of-security/security-risks-kubernetes-helm-charts-and-what-do-about-them www.secnews.physaphae.fr/article.php?IdArticle=8447190 False Tool,Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain The 49ers and Kansas City Chiefs aren\'t the only ones with a big game to play on February 11th; this year, cybercriminals and cyber defenders will be facing off behind the scenes in a Super Bowl-sized bout of their own. While the game will be in Vegas, attacks could be pouring in from all over the world; jamming the airwaves, taking advantage of ticket hopefuls, and grabbing every opportunity to use the event\'s name and fame to cheat fans out of sensitive information. Let\'s analyze some game film and see what hackers could be cooking up for Super Bowl LVIII. As legendary college football coach...]]> 2024-02-05T03:15:15+00:00 https://www.tripwire.com/state-of-security/preparing-cybersecurity-super-bowl www.secnews.physaphae.fr/article.php?IdArticle=8446852 False None None 3.0000000000000000 The State of Security - Magazine Américain Tripwire\'s January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA\'s Known Exploited Vulnerabilities (KEV) catalog. For Apple, note that CVE-2024-02322 impacts Apple iOS, iPadOS, macOS, tvOS, and watchOS. Up next are patches for Microsoft Edge (Chromium-based) that resolve use-after-free and buffer overflow vulnerabilities. Next on the patch priority list this month...]]> 2024-02-05T02:30:00+00:00 https://www.tripwire.com/state-of-security/tripwire-patch-priority-index-january-2024 www.secnews.physaphae.fr/article.php?IdArticle=8446853 False Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171 , which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what constitutes CUI, the simple way to think of it is to apply the broadest terms of privacy to any information that relates to any government relationship with a company. For example, any information related to general privacy, contract details, and law enforcement all fall under the definition of CUI. Each government agency has...]]> 2024-02-01T02:30:02+00:00 https://www.tripwire.com/state-of-security/streamlining-cybersecurity-maturity-model-certification-cmmc www.secnews.physaphae.fr/article.php?IdArticle=8445490 False None None 3.0000000000000000 The State of Security - Magazine Américain The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion , with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital transformation of payments has brought consumers and businesses. With the help of mechanisms like digital wallets, bankless cards, and secure real-time transactions, Payment Service Providers (PSPs) have become huge players in a fast-evolving global...]]> 2024-02-01T02:10:22+00:00 https://www.tripwire.com/state-of-security/managing-financial-crime-risks-digital-payments www.secnews.physaphae.fr/article.php?IdArticle=8445491 False None None 3.0000000000000000 The State of Security - Magazine Américain One of the most important concerns for organizations of all sizes is protection against cyberattacks and other digital threats to security. These dangers can prove a major setback for a company, and many even pose an existential threat. In order to effectively prevent cybersecurity incidents and protect sensitive data and other vital assets, organizations must be prepared for the possibility of an attack. This requires knowledge of threat trends and the digital landscape, things that are constantly in flux, so staying up to date on the latest developments is of the utmost importance. Insurance...]]> 2024-01-30T02:10:10+00:00 https://www.tripwire.com/state-of-security/hiscox-cyber-readiness-report-shines-light-commercial-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8444705 False Threat,Commercial None 2.0000000000000000 The State of Security - Magazine Américain In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open new avenues for innovation. However, with great power comes great responsibility, especially in terms of security. OWASP API Security Top 10 offers a roadmap to safeguard these essential tools against evolving cyber threats. For business executives and security professionals alike, understanding and implementing the principles...]]> 2024-01-29T01:51:11+00:00 https://www.tripwire.com/state-of-security/owasp-api-security-top-10-business-guide www.secnews.physaphae.fr/article.php?IdArticle=8444335 False Tool,Technical None 2.0000000000000000 The State of Security - Magazine Américain The IBM i is a midrange server that is used across many industries and businesses varying in sizes. Backed by its long history and support by IBM, a world-class innovator, the IBM i platform stands alone in the midrange server offerings. Some of the largest companies in the world use IBM i running on the IBM Power server as their strategic platform for manufacturing planning, retail, distribution, logistics, banking, healthcare, insurance, hospitality management, government management, and legal case management. Tripwire Enterprise and the IBM i platform With the growing threats against...]]> 2024-01-29T01:20:20+00:00 https://www.tripwire.com/state-of-security/ibm-i-and-tripwire-enterprise-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8444336 False None None 2.0000000000000000 The State of Security - Magazine Américain In a newly published report , the UK\'s National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats - including ransomware - will increase in the next two years. The NCSC , which is part of GCHQ - the UK\'s intelligence, security and cyber agency, assesses that AI has enabled relatively unskilled hackers to "carry out more effective access and information gathering operations... by lowering the barrier of entry to novice cybercriminals, hacker-for-hire and hacktivists." We\'ve seen...]]> 2024-01-25T09:50:55+00:00 https://www.tripwire.com/state-of-security/ncsc-warns-ai-already-being-used-ransomware-gangs www.secnews.physaphae.fr/article.php?IdArticle=8443038 False Ransomware None 3.0000000000000000 The State of Security - Magazine Américain Artificial intelligence (AI) has been a hot topic of discussion this year among tech and cybersecurity professionals and the wider public. With the recent advent and rapid advancement of a number of publicly available generative AI tools-ChatGPT, Dall-E, and others-the subject of AI is at the top of many minds. Organizations and individuals alike have adopted these tools for a wide range of business and personal functions. The latest global survey from McKinsey Global Publishing polled thousands of executives and managers on the current state of AI. The results of the survey provide valuable...]]> 2024-01-24T02:32:22+00:00 https://www.tripwire.com/state-of-security/four-takeaways-mckinsey-ai-report www.secnews.physaphae.fr/article.php?IdArticle=8442487 False Tool None 3.0000000000000000 The State of Security - Magazine Américain The dynamism of Artificial Intelligence (AI) is transforming not only the tech landscape but also various sectors of human activity at breakneck speeds. Unfortunately, with any progress in technology, these advances aren\'t only being applied in beneficial ways. The sad fact is that some of the most tech-savvy people have chosen a criminal path, combining the technological potential of AI with an attack method that\'s aimed at what is usually the weakest link in a cybersecurity system - the human element. The result is AI-powered phishing attacks tailored toward specific personnel and capable of...]]> 2024-01-23T02:50:10+00:00 https://www.tripwire.com/state-of-security/navigating-new-waters-ai-powered-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8442031 False None None 3.0000000000000000