This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T14:47:52+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history.]]> 2019-11-22T08:07:00+00:00 https://www.csoonline.com/article/3455172/russias-sandworm-hacking-group-heralds-new-era-of-cyber-warfare.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1490340 True Threat None None CSO - CSO Daily Dashboard advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history.]]> 2019-11-22T08:07:00+00:00 https://www.csoonline.com/article/3455172/a-new-era-of-cyber-warfare-russias-sandworm-shows-we-are-all-ukraine-on-the-internet.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1481776 False Threat None None CSO - CSO Daily Dashboard cybercriminals. Every holiday season, security researchers document spikes in online criminal activity, ranging from phishing scams, fake shopping sites, and credit card skimming software, to malicious and compromised applications being posted in online app stores. At the same time, because people will be getting out their credit cards to make sometimes large numbers of purchases, attackers assume that a few fraudulent transactions may be easily missed.]]> 2019-11-21T07:06:00+00:00 https://www.csoonline.com/article/3454918/your-holiday-guide-to-safe-cybershopping.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1479924 False None None None CSO - CSO Daily Dashboard 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] Dubbed Ginp, the Trojan was first spotted in October 2019, but has been in the wild since at least June, according to researchers from Dutch cybersecurity company ThreatFabric. During the past five months, the malware has received numerous improvements, including some features borrowed from an older commercial banking Trojan called Anubis.]]> 2019-11-21T03:11:00+00:00 https://www.csoonline.com/article/3455136/emergent-android-banking-trojan-shows-app-overlay-attacks-are-still-effective.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1479525 False Malware None None CSO - CSO Daily Dashboard how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Windows 10 1909 Microsoft's 1909 version of Windows 10 will have the fewest changes from prior versions. Several feature releases haven't been as uneventful as they could have been, so 1909 is making a drastic change in how it rolls out.]]> 2019-11-20T10:07:00+00:00 https://www.csoonline.com/article/3253899/the-best-new-windows-10-security-features.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1478215 False Malware None None CSO - CSO Daily Dashboard Recent data from Centrify and the Ponemon Institute suggest that customers are becoming increasingly sensitive to the impact of a data breach and how a company manages the response, with 65% saying a data breach had caused them to lose trust in the organization, and 27% discontinuing their relationship with that company. The 2019 Cost of Data Breach Report from IBM Security and the Ponemon Institute found that 36% of the cost of an average data breach was due to business disruption, a category that includes lost customers. The report also found that the average cost of a data breach was nearly $1 million lower when a company lost less than 1 percent of their customers. For those losing over 4 percent of their customers, the cost was roughly $1.8 million more. The report concluded that “the loss of customer trust had serious financial consequences,” on businesses experiencing a data breach.  ]]> 2019-11-19T07:21:00+00:00 https://www.csoonline.com/article/3454597/3-keys-to-preserving-customer-relationships-in-the-wake-of-a-data-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1476007 False Data Breach None None CSO - CSO Daily Dashboard 2019-11-19T07:09:00+00:00 https://www.csoonline.com/article/3454357/five-reasons-you-need-a-global-view-of-your-attack-surface.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1477883 False Guideline None None CSO - CSO Daily Dashboard 2019-11-19T03:00:00+00:00 https://www.csoonline.com/article/3453849/why-you-should-consider-your-managed-service-provider-an-insider-threat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1475571 False Threat None None CSO - CSO Daily Dashboard 2019-11-18T03:00:00+00:00 https://www.csoonline.com/article/3453677/10-ways-to-kill-your-security-career.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1473748 False None None None CSO - CSO Daily Dashboard Cost of a Data Breach Report, the average total cost of a data breach is now $3.92 million, with an average of 25,575 records being stolen or compromised. But recovering lost data is only part of the equation. Extended downtime can quickly compound costs on an hour-by-hour basis. And more difficult to quantify is regaining lost consumer confidence and damage to an organization's brand, which can take months or years to repair.]]> 2019-11-15T07:48:00+00:00 https://www.csoonline.com/article/3453731/5-recommendations-for-preparing-for-and-responding-to-a-network-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1469254 False Data Breach None None CSO - CSO Daily Dashboard over 90% of all malware is still delivered using compromised email attachments. As a result, organizations are aggressively training users on how to identify malicious email, report them to the Help Desk team, and never click on unexpected email attachments. They are also reviewing and updating their secure email gateway solutions to more effectively filter out unwanted and malicious email. But over-rotating on a single attack vector can leave an organization exposed to threats that target other, potentially neglected systems.]]> 2019-11-13T07:58:00+00:00 https://www.csoonline.com/article/3453597/addressing-new-challenges-starts-with-resilience.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1465086 False Malware None None CSO - CSO Daily Dashboard 2019-11-12T08:11:00+00:00 https://www.csoonline.com/article/3452845/worried-about-your-internet-presence-focus-on-your-attack-surface.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1463505 False None None None CSO - CSO Daily Dashboard $9 million per year. On top of that, data breaches cost companies millions of dollars. Yet, cheap, relatively easy-to-use off-the-shelf hacking tools make the barrier to entry for cybercriminals incredibly low.  [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-11-12T07:14:00+00:00 https://www.csoonline.com/article/3340049/how-much-does-it-cost-to-launch-a-cyberattack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1462860 False None None None CSO - CSO Daily Dashboard What is access control? 5 things security professionals need to know | Sign up for CSO newsletters! ]]]> 2019-11-12T03:24:00+00:00 https://www.csoonline.com/article/3452606/twitter-spy-scandal-a-wake-up-call-for-companies-to-clean-up-their-data-access-acts.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1462459 False None None None CSO - CSO Daily Dashboard how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Just last week, Google came out with patches to fix zero-day vulnerabilities with Chrome. As Kaspersky noted in its blog, “The attack leverages a waterhole-style injection on a Korean-language news portal. A malicious JavaScript code was inserted in the main page, which in turn loads a profiling script from a remote site.” The attack determined what browser version and operating system the victim is running. Like many attacks, the goal was to gain persistence on the computer. In this case the malware installs tasks in Windows Task Scheduler.]]> 2019-11-12T03:00:00+00:00 https://www.csoonline.com/article/3452100/how-to-lock-down-enterprise-web-browsers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1462460 False Malware None None CSO - CSO Daily Dashboard September 2019 evaluations of 19 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)AV-TEST rates each tool for three areas: protection (six points max), performance (six points max), and usability (six points max). The products listed here all had perfect scores of 18.[ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-11-07T03:07:00+00:00 https://www.csoonline.com/article/3234769/best-android-antivirus-the-top-13-tools.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1451542 False Tool None None CSO - CSO Daily Dashboard 11 phishing prevention tips for best technology practices, employee education and social media smarts. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-11-06T06:00:00+00:00 https://www.csoonline.com/article/3451987/defenders-can-discover-phishing-sites-through-web-analytics-ids.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1449412 False None None None CSO - CSO Daily Dashboard 2019-11-04T12:31:00+00:00 https://www.csoonline.com/article/3451506/how-to-implement-policies-to-secure-your-network.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1450414 False None None None CSO - CSO Daily Dashboard this $39 bundle will show you how.]]> 2019-11-04T07:05:00+00:00 https://www.csoonline.com/article/3448405/this-12-course-bundle-will-teach-you-how-to-be-an-ethical-hacker-for-39.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1444545 False Data Breach None None CSO - CSO Daily Dashboard Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-10-31T03:00:00+00:00 https://www.csoonline.com/article/3449417/dial-211-for-cyberattacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1436331 False None None None CSO - CSO Daily Dashboard Asset management is a well-understood and mature practice among IT and security teams. In the past, you could periodically review internal hardware and software assets to understand what belonged to your company and the attack surface you needed to protect. But digital transformation and the increased velocity and consequence of Internet-originated attacks requires that organizations rethink asset management processes.]]> 2019-10-30T11:06:00+00:00 https://www.csoonline.com/article/3449799/your-attack-surface-problem-is-really-an-asset-management-problem.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1435590 False None None None CSO - CSO Daily Dashboard rely on their employees to access critical business apps using their personal devices, according to a recent Fortinet Threat Landscape Report, Android-based malware now represents 14% of all cyberthreats. And in addition to direct attacks, the number of compromised web sites, email phishing campaigns, and malicious access points continue to grow exponentially, infecting unsuspecting users – regardless of their devices –with spyware, malware, compromised applications, and even ransomware.]]> 2019-10-29T10:19:00+00:00 https://www.csoonline.com/article/3449439/five-critical-elements-for-any-cyber-security-awareness-program.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1433450 False Malware,Threat None None CSO - CSO Daily Dashboard Capital One breach is the most prominent recent example. The breach resulted from a misconfigured open-source web application firewall (WAF), which the financial services company used in its operations that are hosted on Amazon Web Services (AWS). [ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-10-21T03:00:00+00:00 https://www.csoonline.com/article/3208905/top-cloud-security-controls-you-should-be-using.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1417375 False Data Breach None None CSO - CSO Daily Dashboard 2019-10-17T05:36:00+00:00 https://www.csoonline.com/article/3446521/privacy-legislation-the-road-ahead.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1409022 False Data Breach None None CSO - CSO Daily Dashboard attackers from Iran reportedly attempted to break into user accounts associated with the Republican party. While Microsoft didn't say which campaign was attacked, later news reports indicated that it was President Trump's re-election campaign.]]> 2019-10-16T03:00:00+00:00 https://www.csoonline.com/article/3445444/how-to-secure-microsoft-based-election-campaign-systems.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1406840 False None None None CSO - CSO Daily Dashboard malware that targets Linux. Some estimates suggest that Linux malware account for more than a third of the known attacks. In 2019, for example, new Linux-specific attacks included the Silex worm, GoLang malware, the Zombieload side-channel attack, the Hiddenwasp Trojan, the EvilGnome spyware and Lilocked ransomware. The volume and severity of attacks against Linux are clearly on the rise.]]> 2019-10-16T03:00:00+00:00 https://www.csoonline.com/article/3445219/top-linux-antivirus-software.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1406841 False Malware None None CSO - CSO Daily Dashboard 2019-10-14T03:00:00+00:00 https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1402160 False Data Breach Equifax None CSO - CSO Daily Dashboard NotPetya attack in 2017. The attack crippled a number of companies, none more publicly than shipping giant Maersk, which temporarily lost its entire global operations.]]> 2019-10-09T03:00:00+00:00 https://www.csoonline.com/article/3444620/rebuilding-after-notpetya-how-maersk-moved-forward.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1392190 False None NotPetya None CSO - CSO Daily Dashboard spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and Xiaomi.The vulnerability is a use-after-free memory condition in the Android Binder component that can result in privilege escalation. The flaw was patched without a CVE identifier in Dec. 2017 in the Linux 4.14 LTS kernel, the Android Open Source Project's (AOSP) 3.18 kernel, the AOSP 4.4 kernel and AOSP 4.9 kernel.]]> 2019-10-04T11:04:00+00:00 https://www.csoonline.com/article/3444379/zero-day-vulnerability-gives-attackers-full-control-of-android-phones.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1380743 False Vulnerability None None CSO - CSO Daily Dashboard 2019-10-03T06:00:00+00:00 https://www.csoonline.com/article/3442960/chinese-cyberespionage-group-pkplug-uses-custom-and-off-the-shelf-tools.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1377839 False Threat None None CSO - CSO Daily Dashboard Here's how to do them better.. | Sign up for CSO newsletters. ]]]> 2019-10-03T03:00:00+00:00 https://www.csoonline.com/article/3025807/why-patching-is-still-a-problem-and-how-to-fix-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1377492 False Patching None 2.0000000000000000 CSO - CSO Daily Dashboard network edge waiting for some previously identified threat to trigger a response was the primary mode of security for over a decade. And though that approach has undergone some updating in the interim, it is still the primary mode of protection relied upon by far too many organizations.Today's threats are far more sophisticated. They are designed to evade detection, hijack approved software, disguise themselves as legitimate traffic, and even disable network and security devices. Prevention, as well as detection and response, require active security solutions that can identify attack patterns, detect unusual behaviors, and uncover threats before they can cause harm. And to do that, they need effective and reliable threat intelligence.]]> 2019-09-30T09:05:00+00:00 https://www.csoonline.com/article/3442097/the-critical-need-for-threat-intelligence.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1371349 False Threat None None CSO - CSO Daily Dashboard one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later.]]> 2019-09-30T03:00:00+00:00 https://www.csoonline.com/article/3441220/marriott-data-breach-faq-how-did-it-happen-and-what-was-the-impact.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1370596 False Data Breach,Tool,Threat None None CSO - CSO Daily Dashboard penetration testing. ]]> 2019-09-27T03:00:00+00:00 https://www.csoonline.com/article/3441358/cyber-risk-management-is-about-to-get-easier.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1364817 False None None None CSO - CSO Daily Dashboard learn their motives and their malware. | Sign up for CSO newsletters! ] Security researchers from IBM's X-Force Incident Response and Intelligence Services team have found what appear to be test skimming scripts developed earlier this year by one of the most prolific of the dozen or so groups tracked by the security industry as Magecart. These groups have compromised thousands of websites to date and have injected malicious code designed to steal payment details into their checkout pages.]]> 2019-09-25T04:10:00+00:00 https://www.csoonline.com/article/3440580/magecart-web-skimming-group-targets-public-hotspots-and-mobile-users.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1360417 False None None None CSO - CSO Daily Dashboard 2019-09-24T07:39:00+00:00 https://www.csoonline.com/article/3440577/how-telnet-works-and-why-it-s-a-problem.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1358711 False None None None CSO - CSO Daily Dashboard what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] Even so, CISA Director Christopher Krebs kicked off the summit by cautioning against the kind of fearful language and overwrought concerns currently surrounding the topic of election security. “We've got to be more straightforward, more measured, more reasonable in how we talk about things. Election security is a great example. Are there true, absolute, fundamental risks in the infrastructure? Yes, but we have to take the hysteria out of the conversation because ultimately what we do is we drive broader voter confidence down,” he said.]]> 2019-09-23T04:03:00+00:00 https://www.csoonline.com/article/3440457/cisa-s-krebs-seeks-more-measured-approach-to-election-security-heading-into-2020.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1355880 False Hack None None CSO - CSO Daily Dashboard phishing and social engineering are by far the number one root-cause attack vector, and they have been around nearly since computers themselves were invented.]]> 2019-09-19T03:00:00+00:00 https://www.csoonline.com/article/3439103/10-signs-youre-being-socially-engineered.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1346031 False None None None CSO - CSO Daily Dashboard learn their motives and their malware. | Sign up for CSO newsletters! ] Smominru is a botnet that dates back to 2017 and its variants have also been known under other names, including Hexmen and Mykings. It is known for the large number of payloads that it delivers, including credential theft scripts, backdoors, Trojans and a cryptocurrency miner.]]> 2019-09-18T06:00:00+00:00 https://www.csoonline.com/article/3439400/secrets-of-latest-smominru-botnet-variant-revealed-in-new-attack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1343523 False None None None CSO - CSO Daily Dashboard 2019-09-12T09:07:00+00:00 https://www.csoonline.com/article/3438323/challenges-abound-in-securing-complex-networks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1337319 False None None None CSO - CSO Daily Dashboard 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ] The culprit is Intel's Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor's internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck.]]> 2019-09-10T14:15:00+00:00 https://www.csoonline.com/article/3438076/new-netcat-cpu-side-channel-vulnerability-exploitable-over-the-network.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1318356 False Vulnerability None None CSO - CSO Daily Dashboard 2019-09-10T05:53:00+00:00 https://www.csoonline.com/article/3437777/how-a-small-business-should-respond-to-a-hack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1317534 False Hack,Threat None None CSO - CSO Daily Dashboard exploit a configuration vulnerability in the servers of one of its cloud partners. The other two breaches were traced to the same third party – the American Medical Collection Agency's (AMCA) system.]]> 2019-09-06T03:00:00+00:00 https://www.csoonline.com/article/3434604/are-you-taking-third-party-risk-seriously-enough.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1309740 False None None None CSO - CSO Daily Dashboard SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-09-04T12:49:00+00:00 https://www.csoonline.com/article/3435729/sms-based-provisioning-messages-enable-advanced-phishing-on-android-phones.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1305825 False None None None CSO - CSO Daily Dashboard 2019-09-03T14:12:00+00:00 https://www.csoonline.com/article/3435900/insecure-virtual-usb-feature-in-supermicro-bmcs-exposes-servers-to-attack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1303927 False None None None CSO - CSO Daily Dashboard 2019-09-03T03:00:00+00:00 https://www.csoonline.com/article/3434532/ics-as-a-service-icsaas-is-coming-will-the-benefits-outweigh-the-risks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1302719 False None None None CSO - CSO Daily Dashboard ransomware attack impacted 22 Texas local governments and left them unable to process tax payments or perform normal business processes. It's another reminder that both public and private organizations need to review their ability to recover from such attacks. That starts with having a proper backup strategy.]]> 2019-08-28T03:00:00+00:00 https://www.csoonline.com/article/3433863/7-steps-to-ensure-your-azure-backup-works-when-you-need-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1290335 False None None None CSO - CSO Daily Dashboard 2019-08-27T05:47:00+00:00 https://www.csoonline.com/article/3434081/why-im-not-sold-on-machine-learning-in-autonomous-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1288050 False None None None CSO - CSO Daily Dashboard 2019-08-26T10:38:00+00:00 https://www.csoonline.com/article/3433244/capital-one-hack-shows-difficulty-of-defending-against-irrational-cybercriminals.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1286745 False Hack,Vulnerability,Guideline None None CSO - CSO Daily Dashboard 2019-08-21T11:29:00+00:00 https://www.csoonline.com/article/3433217/how-to-become-a-cybersecurity-rso.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1276792 False None None None CSO - CSO Daily Dashboard Baltimore and Albany, school districts in Louisiana and 23 cities in Texas. And this is only going to get worse.]]> 2019-08-20T06:23:00+00:00 https://www.csoonline.com/article/3432987/have-you-been-ransomwared-yet.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1273744 False Ransomware None None CSO - CSO Daily Dashboard 2019-08-15T03:00:00+00:00 https://www.csoonline.com/article/3432163/black-hat-2019-3-cybersecurity-concerns-and-3-things-that-give-hope.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1263923 False Threat None None CSO - CSO Daily Dashboard 2019-08-13T06:35:00+00:00 https://www.csoonline.com/article/3431737/cybersecurity-is-a-team-sport.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1259857 False None None None CSO - CSO Daily Dashboard Threat Landscape Report, not only are cybercriminals using new attack methods (even for older attacks), but they are also using new strategies to obscure their presence and evade detection. This includes expending resources on reconnaissance to deliver targeted attacks better, and new evasion techniques to ensure their objectives aren't interrupted.]]> 2019-08-08T09:30:00+00:00 https://www.csoonline.com/article/3431082/preparation-requires-prioritizing-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1251014 False None None None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The vulnerability was discovered by researchers from security firm Bitdefender and was reported to Intel almost a year ago. Since then, it has followed a lengthy coordination process that also involved Microsoft, which released mitigations during last month's Patch Tuesday.]]> 2019-08-07T03:13:00+00:00 https://www.csoonline.com/article/3430322/new-spectre-like-cpu-vulnerability-bypasses-existing-defenses.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1248092 False Vulnerability None None CSO - CSO Daily Dashboard more sharks than usual, but that they are swimming closer to shore.  Thanks to the increasing number of drones and cellphone videos, it seems like Cape Cod is experiencing a Shark Summer. And it's having an impact on summer activities, as many beaches are closed and swimmers are warned to stay close to the shore. No one wants to slip-up and take the risk of inviting the next shark attack, particularly after a fatal attack last summer.]]> 2019-08-06T06:13:00+00:00 https://www.csoonline.com/article/3429591/sharks-and-phishers-are-circling-looking-to-snag-a-bite.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1246298 False None None None CSO - CSO Daily Dashboard malware. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ]]]> 2019-08-06T03:00:00+00:00 https://www.csoonline.com/article/3429569/what-is-a-computer-worm-how-this-self-spreading-malware-wreaks-havoc.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1246013 False Malware None None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] I'll be there along with an assortment of my ESG colleagues. Here are some of the things we'll be looking for:]]> 2019-08-05T03:00:00+00:00 https://www.csoonline.com/article/3429363/looking-for-answers-at-black-hat-2019-5-important-cybersecurity-issues.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1243949 False Threat Equifax None CSO - CSO Daily Dashboard CapitalOne breach has certainly made lots of headlines in less than a day since the story broke out. And sadly, it has already thrust the $700M settlement that was reached from the largest ever data breach – the Equifax one – onto the sidelines just days after the news of that settlement broke out.But going back to CapitalOne, there are lots of lessons to be learned there certainly. I want to focus on where CapitalOne's data centers were and what that means for the rest of the planet from a security perspective. CapitalOne has been one of the most vocal AWS customers. They have appeared at numerous AWS events and touted how they have completely shuttered all their data centers and run exclusively on Amazon. And to be fair, they have also shared their best practices and use of AWS services.]]> 2019-07-31T05:55:00+00:00 https://www.csoonline.com/article/3412006/is-the-cloud-lulling-us-into-security-complacency.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1235036 False Data Breach Equifax None CSO - CSO Daily Dashboard Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-07-30T03:00:00+00:00 https://www.csoonline.com/article/3284084/what-is-a-zero-day-a-powerful-but-fragile-weapon.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1232999 True None None None CSO - CSO Daily Dashboard 2019-07-30T03:00:00+00:00 https://www.csoonline.com/article/3410044/6-api-security-lessons-from-the-venmo-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1232998 True None None None CSO - CSO Daily Dashboard 2019-07-30T03:00:00+00:00 https://www.csoonline.com/article/3410044/6-api-security-lessons-from-venmos-data-leak.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1235037 True None None None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-07-26T03:00:00+00:00 https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1224662 False Data Breach Equifax None CSO - CSO Daily Dashboard can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable. All you have to do is drop off any suspected malware file at Google's VirusTotal, which has over 60 different antimalware scanners, to see that detection rates aren't all as advertised.]]> 2019-07-25T03:00:00+00:00 https://www.csoonline.com/article/2457873/signs-youve-been-hacked-and-how-to-fight-back.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1222557 False Malware None None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-07-24T04:38:00+00:00 https://www.csoonline.com/article/3411139/equifax-s-billion-dollar-data-breach-disaster-will-it-change-executive-attitudes-toward-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1221143 False Data Breach Equifax None CSO - CSO Daily Dashboard 2019-07-23T07:48:00+00:00 https://www.csoonline.com/article/3410606/how-build-kits-speed-implementation-of-cyber-best-practices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1219890 False Guideline None None CSO - CSO Daily Dashboard Must-have features in a modern network security architecture | Get the latest from CSO: Sign up for our newsletters ]]]> 2019-07-18T08:57:00+00:00 https://www.csoonline.com/article/3410277/network-traffic-analysis-tools-must-include-these-6-capabilities.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1212821 False Malware,Threat None None CSO - CSO Daily Dashboard 2019-07-18T06:02:00+00:00 https://www.csoonline.com/article/3410236/modernized-maritime-industry-transports-cyberthreats-to-sea.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1212505 False None None None CSO - CSO Daily Dashboard 2019-07-17T03:00:00+00:00 https://www.csoonline.com/article/3408657/review-how-barac-etv-analyzes-encrypted-data-streams.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1210405 False None None None CSO - CSO Daily Dashboard malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn't itself a standalone program. It's a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous.]]> 2019-07-16T03:00:00+00:00 https://www.csoonline.com/article/3406446/what-is-a-computer-virus-how-they-spread-and-5-signs-youve-been-infected.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1207829 False None None None CSO - CSO Daily Dashboard resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government systems have experienced a ransomware attack since 2013” with 22 of those occurring in 2019 so far. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-07-15T03:00:00+00:00 https://www.csoonline.com/article/3409016/to-pay-or-not-pay-a-hacker-s-ransomware-demand-it-comes-down-to-cyber-hygiene.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1205696 False Ransomware None None CSO - CSO Daily Dashboard ISSA), 73% of organizations have been impacted by the cybersecurity skills shortage, and these firms are already competing for talent. My advice to CISOs is to assume they won't have the right skills or an adequate staff size in every area – including bridging the cyber-risk management gap. 31% want to increase security awareness training for employees. Also a great idea, but too many firms treat security awareness training as a “check-box” exercise. To really make an impact, CEOs must become cybersecurity cheerleaders and establish a cybersecurity culture throughout the organizations.  29% will conduct more penetration testing and red teaming exercises. ESG data demonstrates that penetration testing and red teaming are extremely beneficial, but few organizations have the internal skills to do those things well and it can be costly to hire third-party services. I'm bullish on an emerging category I call synthetic cyber-risk assessment (SCRA) from vendors such as AttackIQ, Randori, SafeBreach, and Verodin.  It's important to remember that cyber-risk management is job #1 for every CISO. Yes, business executives are willing to spend more money on cybersecurity, but they increasingly want to target this spending on protecting their most critical digital assets and need help measuring ROI on these investments. Therefore, it's no exaggeration to say that bridging the cyber-risk management gap may be the most important task for CISOs in 2019 and beyond. ]]> 2019-07-12T08:03:00+00:00 https://www.csoonline.com/article/3409017/how-organizations-are-bridging-the-cyber-risk-management-gap.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1201953 False Guideline None None CSO - CSO Daily Dashboard blind men come across an elephant for the first time. Each man tries to conceptualize and describe this animal, while feeling only one specific part of the elephant's body. Based on this limited experience, each explanation of what the elephant is like is completely different from the others. There are many interpretations of the meaning or moral of this parable, but I found it to be relevant in a slightly different area of my life.]]> 2019-07-03T11:56:00+00:00 https://www.csoonline.com/article/3406425/of-mice-and-malware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1185559 False Malware None None CSO - CSO Daily Dashboard 2019-06-28T13:12:00+00:00 https://www.csoonline.com/article/3405885/sharing-infrastructure-insights-and-strategies-from-the-latest-global-threat-landscape-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1178544 False Malware,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ]]]> 2019-06-27T03:00:00+00:00 https://www.csoonline.com/article/3240364/what-is-a-botnet.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1176135 False None None None CSO - CSO Daily Dashboard Operation Soft Cell by security firm Cybereason, saw hundreds of gigabytes of information exfiltrated. The company claims the attackers had total control of compromised networks and could have easily brought down entire cellular networks if they so wished.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] “Cellular service is a critical infrastructure nowadays,” says Amit Serper, principal security researcher at Cybereason and author of the report. “What really worries me is the amount of access they have--the complete access they have to the network. The worst thing they can do is sabotage it and one day just shut down the whole network.”]]> 2019-06-25T13:25:00+00:00 https://www.csoonline.com/article/3405163/telcos-around-the-world-hit-by-large-scale-long-term-intelligence-gathering-cyberattack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1173514 False None None None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The patch comes after a team of researchers recently presented an attack dubbed RAMBleed that exploits the design of modern memory modules in to extract information from memory regions allocated to privileged processes and the kernel.]]> 2019-06-21T11:47:00+00:00 https://www.csoonline.com/article/3404479/openssh-to-protect-keys-in-memory-against-side-channel-attacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1167373 False None None None CSO - CSO Daily Dashboard malware that disguises itself as something you want in order to trick you into letting it through your defenses.Like other types of malware, a Trojan is deployed by attackers to damage or take control of your computer. Its name comes from the method by which it infects your computer: it disguises itself as something you want in order to trick you into letting it through your defenses. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ]]]> 2019-06-20T03:00:00+00:00 https://www.csoonline.com/article/3403381/what-is-a-trojan-horse-how-this-tricky-malware-works.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1165069 False Malware None None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-06-20T03:00:00+00:00 https://www.csoonline.com/article/3402985/a-new-website-explains-data-breach-risk.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1165070 False Data Breach None None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Dubbed RAMBleed, the new attack is the work of researchers Andrew Kwong and Daniel Genkin from the University of Michigan, Daniel Gruss from the Graz University of Technology and Yuval Yarom from University of Adelaide and Data61. Using the new technique, the researchers were able to extract an RSA 2048-bit signing key from an OpenSSH server using code running with user-level privileges.]]> 2019-06-13T04:04:00+00:00 https://www.csoonline.com/article/3402556/rowhammer-variant-rambleed-allows-attackers-to-steal-secrets-from-ram.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1152416 False None None None CSO - CSO Daily Dashboard Financial Times.That ban was imposed as part of a Commerce Department effort announced in mid-May which placed the Chinese telecom and tech giant on a U.S. export blacklist, the “entity list,” for its purported efforts to spy on behalf of the Chinese government. Two other companies - the telecom giant ZTE and a memory chip maker, Fujian Jinhua Integrated Circuit - were also placed on the list and the administration is now reportedly considering adding video surveillance company HikVision to it.]]> 2019-06-13T03:00:00+00:00 https://www.csoonline.com/article/3402038/why-the-huawei-ban-is-bad-for-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1152342 False None None None CSO - CSO Daily Dashboard 2018 State of Endpoint Security Risk report - and 52% of respondents say all attacks cannot be realistically stopped. Their antivirus solutions are blocking only 43% of attacks. Sixty-four percent of respondents said that their organizations had experienced one or more endpoint attacks that resulted in a data breach.]]> 2019-06-10T03:00:00+00:00 https://www.csoonline.com/article/3400860/6-ways-malware-can-bypass-endpoint-protection.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1147298 False Malware None None CSO - CSO Daily Dashboard cybercriminal groups that use manual hacking and stealthy techniques to remain hidden. Now, researchers from Bitdefender have released a report on an intrusion they investigated at an unnamed bank that documents in detail how these attackers operate and shows how fast they can gain control over a network. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-06-06T08:40:00+00:00 https://www.csoonline.com/article/3400861/from-phish-to-network-compromise-in-two-hours-how-carbanak-operates.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1142892 False Data Breach None None CSO - CSO Daily Dashboard Sneakers, where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It's a simulated cyber attack where the pentester uses the tools and techniques available to malicious hackers.Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before.]]> 2019-06-04T03:00:00+00:00 https://www.csoonline.com/article/2943524/17-penetration-testing-tools-the-pros-use.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1138881 False None None None CSO - CSO Daily Dashboard 2019-06-03T09:04:00+00:00 https://www.csoonline.com/article/3399868/protecting-today-s-evolving-digital-landscape.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1137597 False Spam,Threat None None CSO - CSO Daily Dashboard how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Below is a summary of all the new security features and options in Windows 10 version 1903, which features Windows Defender Advanced Threat Protection (ATP) enhancements, more options for enterprises to defer updates, and Windows Sandbox, which provides a safe area to run untrusted software. Bookmark this article, because we will be adding new security features as Microsoft releases future Windows updates.]]> 2019-05-30T11:36:00+00:00 https://www.csoonline.com/article/3253899/the-best-new-windows-10-security-features.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1132835 True Malware,Threat None None CSO - CSO Daily Dashboard GDPR to inform the Information Commissioner's Office (ICO) if they suffer a breach involving personal information of customers or employees. Similar obligations exist under the likes of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the U.S. or the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.]]> 2019-05-30T03:00:00+00:00 https://www.csoonline.com/article/3398700/why-businesses-don-t-report-cybercrimes-to-law-enforcement.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1132128 False None None None CSO - CSO Daily Dashboard Spectre and Meltdown vulnerabilities discovered in January 2018 showed that weaknesses in CPUs were a potential attack vector. They allow a rogue process to read memory without authorization. Patches were rolled out along with bios updates from the manufacturer, but they came with a costly side effect: They degraded performance, especially on systems with older CPUs. Microsoft enabled the protections by default on workstations, but not on server platforms.]]> 2019-05-29T03:00:00+00:00 https://www.csoonline.com/article/3397090/how-to-update-your-spectre-meltdown-mitigations-for-the-retpoline-mitigation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1130720 False None None None CSO - CSO Daily Dashboard data breach at a major company, it can affect millions of people.]]> 2019-05-28T05:00:00+00:00 https://www.csoonline.com/article/3397843/federal-cybersecurity-agency-on-the-way.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1129075 False None None None CSO - CSO Daily Dashboard 2019-05-23T07:25:00+00:00 https://www.csoonline.com/article/3396666/threat-intelligence-and-the-evolving-threat-landscape.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1121416 False Threat None None CSO - CSO Daily Dashboard Identity Theft Resource Center (ITRC), 1,244 data breaches were reported in 2018 that compromised over 446 million records containing consumers' personally identifiable information (PII). The key word in the last sentence is "reported." Assuming every hacked business reports a breach, like they are supposed to do, we can look at 1,244 breaches as the number of times a hacker got caught…. and believe me, hackers don't like to get caught.]]> 2019-05-22T03:00:00+00:00 https://www.csoonline.com/article/3396160/why-reported-breaches-are-the-tip-of-the-iceberg.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1119329 False None None None CSO - CSO Daily Dashboard 4 open-source Mitre ATT&CK test tools compared. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-05-21T03:00:00+00:00 https://www.csoonline.com/article/3396139/how-to-implement-and-use-the-mitre-attandck-framework.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1117740 False Vulnerability None 5.0000000000000000 CSO - CSO Daily Dashboard malware. In fact, many of the most devastating attacks made against enterprises may not involve malware at all, instead relying on social engineering, insider threats, and tools and processes already approved for use within a network that are hijacked for a malicious purpose.]]> 2019-05-20T03:00:00+00:00 https://www.csoonline.com/article/3396040/review-how-awake-security-uncovers-malicious-intent.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1116235 False Malware None None CSO - CSO Daily Dashboard Microsoft puts it, "[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it. [ Get inside the mind of a hacker, learn their motives and their malware.. | Sign up for CSO newsletters! ]]]> 2019-05-17T03:00:00+00:00 https://www.csoonline.com/article/3295877/what-is-malware-viruses-worms-trojans-and-beyond.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1112022 False Malware None None CSO - CSO Daily Dashboard how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] The vulnerability, tracked as CVE-2019-0708, is located in Remote Desktop Services, formerly known as Terminal Services. This component handles connections over the Remote Desktop Protocol (RDP), a widely used protocol for remotely managing Windows systems on corporate networks.]]> 2019-05-15T09:46:00+00:00 https://www.csoonline.com/article/3395444/microsoft-urges-windows-customers-to-patch-wormable-rdp-flaw.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1108729 False Malware,Vulnerability,Threat None None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Over a year ago, the Meltdown and Spectre attacks took the computer industry by storm and showed that the memory isolation between the operating system kernel and unprivileged applications or between different virtual machines running on the same server were not as impervious as previously thought. Those attacks took advantage of a performance enhancing feature of modern CPUs called speculative execution to steal secrets by analyzing how data was being accessed inside CPU caches.]]> 2019-05-14T11:57:00+00:00 https://www.csoonline.com/article/3395458/the-second-meltdown-new-intel-cpu-attacks-leak-secrets.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1107227 False None None None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-05-14T03:00:00+00:00 https://www.csoonline.com/article/3394048/200-million-record-breach-why-collecting-too-much-data-raises-risk.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1106456 False Data Breach None None CSO - CSO Daily Dashboard a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Intel's reference Unified Extensible Firmware Interface (UEFI) implementation at the Hack in the Box conference in Amsterdam this week.]]> 2019-05-10T11:04:00+00:00 https://www.csoonline.com/article/3393255/new-intel-firmware-boot-verification-bypass-enables-low-level-backdoors.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1102528 False Hack None None CSO - CSO Daily Dashboard multi-cloud environments- branch off from that central network in a hub and spoke design.]]> 2019-05-07T11:46:00+00:00 https://www.csoonline.com/article/3393453/the-problem-with-too-many-security-options.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1097982 False Threat None None CSO - CSO Daily Dashboard Stuxnet, has now released Ghidra, an open-source reverse engineering framework, to grow the number of reverse engineers studying malware. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license, which can be prohibitively expensive for most newcomers to the field.]]> 2019-05-07T03:00:00+00:00 https://www.csoonline.com/article/3393246/how-to-get-started-using-ghidra-the-free-reverse-engineering-tool.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1097983 False Malware,Tool None None