This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T00:54:38+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Les chercheurs d'Aqua attirent une attention urgente sur l'exposition publique des secrets de configuration de Kubernetes, avertissant que des centaines d'organisations sont vulnérables à cette «bombe d'attaque de la chaîne d'approvisionnement».

---

>Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.” ]]> 2023-11-22T16:48:24+00:00 https://www.securityweek.com/researchers-discover-dangerous-exposure-of-sensitive-kubernetes-secrets/ www.secnews.physaphae.fr/article.php?IdArticle=8416018 False None Uber 2.0000000000000000 SecurityWeek - Security News In Other ]]> 2023-10-13T12:23:49+00:00 https://www.securityweek.com/in-other-news-ex-uber-security-chief-appeal-new-offerings-from-tech-giants-crypto-bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8395141 False None Uber 2.0000000000000000 SecurityWeek - Security News L'ancien chef de la sécurité d'Uber, Joe Sullivan, a été condamné à la probation et au service communautaire pour couvrir la violation des données subie par le géant du covoiturage en 2016.

---

>Former Uber security chief Joe Sullivan was sentenced to probation and community service for covering up the data breach suffered by the ride-sharing giant in 2016. ]]> 2023-05-05T00:35:45+00:00 https://www.securityweek.com/former-uber-cso-joe-sullivan-avoids-prison-time-over-data-breach-cover-up/ www.secnews.physaphae.fr/article.php?IdArticle=8333654 False Data Breach Uber,Uber 2.0000000000000000 SecurityWeek - Security News 2022-12-13T10:35:25+00:00 https://www.securityweek.com/uber-data-leaked-following-breach-third-party-vendor www.secnews.physaphae.fr/article.php?IdArticle=8290685 False None Uber,Uber 3.0000000000000000 SecurityWeek - Security News 2022-10-07T11:16:52+00:00 https://www.securityweek.com/industry-reactions-conviction-former-uber-cso-joe-sullivan-feedback-friday www.secnews.physaphae.fr/article.php?IdArticle=7333333 False Data Breach Uber,Uber None SecurityWeek - Security News A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement. ]]> 2022-10-05T21:49:24+00:00 https://www.securityweek.com/former-uber-ciso-joe-sullivan-found-guilty www.secnews.physaphae.fr/article.php?IdArticle=7321493 False Data Breach Uber,Uber None SecurityWeek - Security News 2022-09-19T19:02:09+00:00 https://www.securityweek.com/uber-confirms-hacker-accessed-bug-bounty-dashboard-internal-tools www.secnews.physaphae.fr/article.php?IdArticle=7006276 False None Uber,Uber None SecurityWeek - Security News 2022-09-19T10:24:11+00:00 https://www.securityweek.com/gta-6-videos-and-source-code-stolen-rockstar-games-hack www.secnews.physaphae.fr/article.php?IdArticle=7001779 False Hack Uber,Uber None SecurityWeek - Security News a major data breach, claiming there was no evidence the hacker got access to sensitive user data. ]]> 2022-09-17T16:14:00+00:00 https://www.securityweek.com/serious-breach-uber-spotlights-hacker-social-deception www.secnews.physaphae.fr/article.php?IdArticle=6958482 False None Uber,Uber None SecurityWeek - Security News Uber “responding to a cybersecurity incident” after hacker claims to have breached several systems ]]> 2022-09-16T09:22:19+00:00 https://www.securityweek.com/uber-investigating-data-breach-after-hacker-claims-extensive-compromise www.secnews.physaphae.fr/article.php?IdArticle=6927482 False Data Breach Uber None SecurityWeek - Security News 2022-08-15T11:48:00+00:00 https://www.securityweek.com/google-boosts-bug-bounty-rewards-linux-kernel-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=6341289 False Vulnerability Uber None SecurityWeek - Security News 2022-07-25T13:20:58+00:00 https://www.securityweek.com/uber-settles-federal-investigators-over-2016-data-breach-coverup www.secnews.physaphae.fr/article.php?IdArticle=5940182 False Data Breach Uber None SecurityWeek - Security News 2022-05-18T12:09:53+00:00 https://www.securityweek.com/over-380000-kubernetes-api-servers-exposed-internet-shadowserver www.secnews.physaphae.fr/article.php?IdArticle=4688155 False None Uber None SecurityWeek - Security News 2022-04-27T11:52:01+00:00 https://www.securityweek.com/armo-raises-30-million-open-source-kubernetes-security-platform www.secnews.physaphae.fr/article.php?IdArticle=4513175 False None Uber None SecurityWeek - Security News 2022-03-16T12:41:17+00:00 https://www.securityweek.com/severe-vulnerability-patched-cri-o-container-engine-kubernetes www.secnews.physaphae.fr/article.php?IdArticle=4291923 False Vulnerability Uber None SecurityWeek - Security News 2022-02-15T19:09:27+00:00 https://www.securityweek.com/google-offering-91000-rewards-linux-kernel-gke-zero-days www.secnews.physaphae.fr/article.php?IdArticle=4135163 False None Uber None SecurityWeek - Security News 2021-08-04T13:56:11+00:00 http://feedproxy.google.com/~r/securityweek/~3/hAfx9UJ2I14/new-cisa-and-nsa-guidance-details-steps-harden-kubernetes-systems www.secnews.physaphae.fr/article.php?IdArticle=3171842 False None Uber None SecurityWeek - Security News 2021-07-23T16:00:21+00:00 http://feedproxy.google.com/~r/securityweek/~3/8YQup4vEMfY/threat-actors-target-kubernetes-clusters-argo-workflows www.secnews.physaphae.fr/article.php?IdArticle=3121077 False None Uber None SecurityWeek - Security News 2021-06-07T17:06:15+00:00 http://feedproxy.google.com/~r/securityweek/~3/x72s6xdSk0c/siloscape-malware-targets-windows-server-containers www.secnews.physaphae.fr/article.php?IdArticle=2886499 False Malware Uber None SecurityWeek - Security News 2021-05-05T13:41:32+00:00 http://feedproxy.google.com/~r/Securityweek/~3/LqC-VFZ_EI4/red-hat-open-sourcing-stackrox-security-technology www.secnews.physaphae.fr/article.php?IdArticle=2742164 False None Uber None SecurityWeek - Security News 2021-03-03T19:21:06+00:00 http://feedproxy.google.com/~r/Securityweek/~3/waMqRyeIPQQ/new-ciso-hires-uber-square-sailpoint www.secnews.physaphae.fr/article.php?IdArticle=2429669 False Guideline Uber,Uber 5.0000000000000000 SecurityWeek - Security News 2021-02-04T16:07:37+00:00 http://feedproxy.google.com/~r/Securityweek/~3/n7AqOjz03-Q/new-hildegard-malware-targets-kubernetes-systems www.secnews.physaphae.fr/article.php?IdArticle=2294675 False Malware Uber None SecurityWeek - Security News 2021-01-07T23:37:05+00:00 http://feedproxy.google.com/~r/Securityweek/~3/uHmCn5nyM8w/red-hat-buys-container-security-firm-stackrox www.secnews.physaphae.fr/article.php?IdArticle=2155167 False None Uber None SecurityWeek - Security News HTTP/2 implementation vulnerabilities that were disclosed earlier this month.  ]]> 2019-08-23T17:48:05+00:00 https://www.securityweek.com/kubernetes-patches-recent-http2-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=1282000 False None Uber None SecurityWeek - Security News 2019-07-30T12:09:05+00:00 https://www.securityweek.com/security-top-concern-containerization-gathers-pace www.secnews.physaphae.fr/article.php?IdArticle=1235472 False None Uber None SecurityWeek - Security News MongoDB document-based database management product, has announced the latest version, 4.2. The primary new features are distributed transactions, an updated Kubernetes Operator, and client-side field level encryption. ]]> 2019-06-20T11:00:04+00:00 https://www.securityweek.com/mongodb-introduces-client-side-field-level-encryption-aid-compliance www.secnews.physaphae.fr/article.php?IdArticle=1166430 False None Uber None SecurityWeek - Security News 2016 data breach that exposed the personal data of some 57 million clients and drivers worldwide. ]]> 2018-12-21T14:51:01+00:00 https://www.securityweek.com/france-fines-uber-400000-euros-over-huge-data-breach www.secnews.physaphae.fr/article.php?IdArticle=960600 False Data Breach Uber None SecurityWeek - Security News 2018-12-13T17:00:02+00:00 https://www.securityweek.com/kubernetes-security-firm-tigera-raises-30-million www.secnews.physaphae.fr/article.php?IdArticle=945135 False None Uber 4.0000000000000000 SecurityWeek - Security News 2018-12-04T09:03:03+00:00 https://www.securityweek.com/critical-privilege-escalation-flaw-patched-kubernetes www.secnews.physaphae.fr/article.php?IdArticle=936371 False Vulnerability Uber None SecurityWeek - Security News cyberattack in 2016. ]]> 2018-11-27T13:01:02+00:00 https://www.securityweek.com/uber-fined-nearly-12-million-dutch-uk-over-data-breach www.secnews.physaphae.fr/article.php?IdArticle=922665 False Data Breach Uber None SecurityWeek - Security News 2018-11-05T02:20:03+00:00 https://www.securityweek.com/kemp-cites-voter-database-hacking-attempt-gives-no-evidence www.secnews.physaphae.fr/article.php?IdArticle=880912 False Hack Uber None SecurityWeek - Security News 2018-09-05T18:35:05+00:00 https://www.securityweek.com/uber-announces-ramped-passenger-security www.secnews.physaphae.fr/article.php?IdArticle=796418 False None Uber None SecurityWeek - Security News ]]> 2018-04-30T06:33:01+00:00 https://www.securityweek.com/uber-updates-bug-bounty-program www.secnews.physaphae.fr/article.php?IdArticle=619355 False None Uber None SecurityWeek - Security News 2018-04-13T13:09:00+00:00 https://www.securityweek.com/25-million-us-individuals-impacted-2016-uber-hack www.secnews.physaphae.fr/article.php?IdArticle=583616 False None Uber None SecurityWeek - Security News Security Teams Must Prioritize Risk Mitigation Against Android Malware Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users' computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android. Threat actors watch these trends too. They're opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.  As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android's official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.  Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data.  So, what's the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect t]]> 2018-04-05T13:32:05+00:00 https://www.securityweek.com/mitigating-digital-risk-android-pc-your-pocket www.secnews.physaphae.fr/article.php?IdArticle=567842 True None Uber None SecurityWeek - Security News four distinct ways.  The logic is to streamline the company's mitigation efforts and allow you to focus more time and investment where it matters most-on the unique risks inherent to the business. But there is a fifth element, and it is going to be in your future. While security-as-a-service for functions like WAF and DDoS protection are well-established, they are just the beginning of a new industry that is emerging around consumption-based security models.   To a certain extent, security in the future is going to be Uberized, and for some situations, you may be able to get rid of your car entirely. No insurance. No maintenance. No hassles with parking. And you won't even have to wash it or vacuum crumbs out of the seat cracks.  That is to say, you won't hire a company just for DDoS and WAF. You'll hire a company for IDaaS, IPS, encryption/decryption, SSL orchestration, governance, risk and compliance (GRC).  And over time, you'll dial in your use of these services. Spin them up when they're needed most. Ratchet them back when they're not in demand. Pay only for what you use. This is a strategic way to contain costs as you may only fully use your GRC service when it's time for an audit, enabling the company to increase its capacity without having a consulting service on site.  All of this will dramatically change how CISOs function and how their teams are structured. Instead of hiring dozens of people to build and maintain multiple systems, CISOs will shift to focus on the data that powers the business and how it flows through and interacts with these outsourced relationships.  And yes, I am going so far as to say this shift is inevitable, because it's being driven by some pretty clear economic pressures: Talent scarcity  It's well-known that there are a lot of open job reqs in cybersecurity. I mean a lot-more than a million today. And according to Center for Cyber Safety and Education's 2017 Global Information Security Workforce Study, there may be as many as 1.8 million open jobs in the field by 2022.   In this market, finding the right person can take months. You either have to poach them from another company or develop them yourself. Development means trial by fire. I don't know about you, but I don't want trial by fire. And if you do steal a great hire from another company, the cost-benefit analysis is such that you're basically being driven to a vendor anyway, simply because the salary pressure makes it more cost-effective.  There are also specific areas of ]]> 2018-03-28T15:31:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/034iqil1OgA/risky-business-fifth-element www.secnews.physaphae.fr/article.php?IdArticle=547896 False None Uber None SecurityWeek - Security News British political consulting firm linked to Donald Trump's presidential campaign. "Delete and forget. It's time to care about privacy," he said. The huge social network also faces investigations on both sides of the Atlantic over its data practices, and a handful of lawsuits which could turn into class actions that may prove a costly distraction for Facebook. It remains to be seen whether the uproar would lead to any significant departures, but the topic was active on social media, including on Facebook itself. Donella Cohen, a Weather Channel product manager, posted on her Facebook page that she would be off the network by midnight. "The latest revelations are showing just how corrupt and detrimental to society this particular platform is," she wrote.  "I hope that a new social network emerges. One that isn't so greedy as to corrupt the political process in the name of the almighty dollar." - Fabric of internet - Yet analysts noted Facebook is unlikely to fade quickly because of how it is woven into the fabric of the internet, with "like" buttons on websites, comments sections for news articles and an ad network that delivers messages to those who are not Facebook members. The #deleteFacebook movement "is a social media feedback loop from the public -- we saw the same thing with #deleteUber," said Jennifer Grygiel, a communications professor at Syracuse University. "Sure, some people will delete Facebook, but to truly delete Facebook would mean that users would need to delete Facebook, Instagram, WhatsApp, and Messenger. This is not realistic for most people given how social media has been integrated into everyday life." Sandra Proske, head of communications for the Finla]]> 2018-03-21T18:20:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/3NCEQ3nvRB0/growing-mistrust-threatens-facebook-after-data-mining-scandal www.secnews.physaphae.fr/article.php?IdArticle=533743 False Guideline Uber None SecurityWeek - Security News acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. The company said malicious actors gained access to Coverity Scan systems sometime in February. “We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys told users. “We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.” Synopsys says the service is now back online and it believes the point of access leveraged by the attackers has been closed. In order to regain access to Coverity Scan, users will need to reset their passwords. “Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk,” users were told. Cybercriminals have become increasingly interested in making a profit by hacking PCs and servers and abusing them to mine cryptocurrencies. Cryptocurrency mining malware can target a wide range of devices, including industrial systems. One recent high-profile victim was the carmaker Tesla, whose Kubernetes pods were compromised and used for cryptocurrency mining. According to RedLock, which discovered the breach, hackers gained access to Tesla's Kubernetes console due to the lack of password protection. Related: Avoid Becoming a Crypto-Mining Bot - Where to Look for Mining Malware and How to Respond Related: Linux Malware Targets Raspberry Pi for Cryptocurrency Mining ]]> 2018-03-20T07:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/pjXWT1DACL4/coverity-scan-hacked-abused-cryptocurrency-mining www.secnews.physaphae.fr/article.php?IdArticle=531122 False None Tesla,Uber None SecurityWeek - Security News ]]> 2018-02-07T10:22:11+00:00 http://feedproxy.google.com/~r/Securityweek/~3/LD3ctXnTeNo/hackers-florida-canada-behind-2016-uber-breach www.secnews.physaphae.fr/article.php?IdArticle=465407 False None Uber None SecurityWeek - Security News 2017-12-14T03:11:10+00:00 http://feedproxy.google.com/~r/Securityweek/~3/fXNhI62fONk/us-prosecutors-confirm-uber-target-criminal-probe www.secnews.physaphae.fr/article.php?IdArticle=449931 False None Uber None SecurityWeek - Security News 2017-12-01T18:42:44+00:00 http://feedproxy.google.com/~r/Securityweek/~3/rQwnzS7Q6D0/senators-propose-new-breach-notification-law www.secnews.physaphae.fr/article.php?IdArticle=443333 False None Uber,Equifax None SecurityWeek - Security News Uber, the ride-sharing giant hit with a number of scandals in recent months, is now suspected of operating a program to hide nefarious tactics. ]]> 2017-11-30T03:37:38+00:00 http://feedproxy.google.com/~r/Securityweek/~3/TTbCZ0aI6pQ/court-investigating-whether-uber-connived-cover-its-tracks www.secnews.physaphae.fr/article.php?IdArticle=441855 False None Uber None SecurityWeek - Security News 2017-11-28T15:34:46+00:00 http://feedproxy.google.com/~r/Securityweek/~3/dWheussRsKg/majority-android-apps-contain-embedded-user-tracking-report www.secnews.physaphae.fr/article.php?IdArticle=441149 False None Uber None SecurityWeek - Security News Uber's cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers. ]]> 2017-11-22T18:52:34+00:00 http://feedproxy.google.com/~r/Securityweek/~3/wOX9bvgUfcI/uber-legal-crosshairs-over-hack-cover www.secnews.physaphae.fr/article.php?IdArticle=438212 False None Uber None SecurityWeek - Security News ]]> 2017-11-22T15:52:08+00:00 http://feedproxy.google.com/~r/Securityweek/~3/EGECzNkkZrc/should-uber-users-be-worried-about-data-hack www.secnews.physaphae.fr/article.php?IdArticle=438214 False None Uber None SecurityWeek - Security News Uber Covered Up Massive Hack in 2016 for More Than a Year ]]> 2017-11-22T00:46:15+00:00 http://feedproxy.google.com/~r/Securityweek/~3/aMHgNLZnX1Y/uber-hacked-information-57-million-users-accessed-covered-breach www.secnews.physaphae.fr/article.php?IdArticle=437521 False None Uber None SecurityWeek - Security News 2017-08-15T15:11:28+00:00 http://feedproxy.google.com/~r/Securityweek/~3/3vYNllwvigo/uber-settles-complaint-over-data-protection-riders-drivers www.secnews.physaphae.fr/article.php?IdArticle=396804 False None Uber None SecurityWeek - Security News 2017 State of Digital Disruption study, the Global Center for Digital Business Transformation (DBT Center) says that in just two years digital disruption has gone from a peripheral concern to top-of-mind. ]]> 2017-08-10T14:22:31+00:00 http://feedproxy.google.com/~r/Securityweek/~3/d4NjYZDFHJ0/pragmatic-approach-your-digital-transformation-journey www.secnews.physaphae.fr/article.php?IdArticle=395249 False None Uber None SecurityWeek - Security News 2017-03-07T15:07:18+00:00 http://feedproxy.google.com/~r/Securityweek/~3/DmeDnv8b4TQ/bug-allowed-free-uber-rides www.secnews.physaphae.fr/article.php?IdArticle=330323 False None Uber None SecurityWeek - Security News 2016-11-25T17:48:07+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ljClqR1vQDs/flaws-ubers-ubercentral-tool-exposed-user-data www.secnews.physaphae.fr/article.php?IdArticle=260884 False None Uber None SecurityWeek - Security News 2016-09-19T12:58:45+00:00 http://feedproxy.google.com/~r/Securityweek/~3/6CdaepN0Zv4/tech-giants-team-improve-internet-security www.secnews.physaphae.fr/article.php?IdArticle=93177 False None Uber None