This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T18:40:16+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard 2018 Verizon Data Breach Investigations Report says most hacks still happen through breaches of web applications. For this reason, testing and securing applications has become a priority for many organizations. That job is made easier by a growing selection of application security tools. Below is a list of some of the best application security tools available, with descriptions of the situations where they can be most effective.]]> 2018-11-08T03:00:00+00:00 https://www.csoonline.com/article/3317523/application-security/top-application-security-tools-for-2019.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=886403 False Data Breach None None CSO - CSO Daily Dashboard ransomware or cryptominer variant had successfully compromised their environment through RDP. The rants are often followed by calls for everyone to dump Microsoft Windows and how “Microsoft security sucks!”It's not only boring and pedantic. It's a case of blaming the wrong culprit.]]> 2018-11-07T03:00:00+00:00 https://www.csoonline.com/article/3318123/windows-security/experience-an-rdp-attack-it-s-your-fault-not-microsoft-s.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=884655 False None None None CSO - CSO Daily Dashboard worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10.]]> 2018-11-06T08:56:00+00:00 https://www.csoonline.com/article/3319116/malware/worst-malware-and-threat-actors-of-2018-so-far.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=883049 False Malware,Threat,Medical APT 38 None CSO - CSO Daily Dashboard extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints. The OPM breach led to a Congressional investigation and the resignation of top OPM executives, and its full implications-for national security, and for the privacy of those whose records were stolen-are still not entirely clear.]]> 2018-11-06T02:54:00+00:00 https://www.csoonline.com/article/3318238/data-breach/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=882513 False Hack None None CSO - CSO Daily Dashboard 2018-11-05T12:59:00+00:00 https://www.csoonline.com/article/3318622/security/up-close-look-at-threat-response-in-2-industries.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=881607 False Threat None None CSO - CSO Daily Dashboard called it “a reckless and unethical ploy” to mislead voters.]]> 2018-11-05T08:42:00+00:00 https://www.csoonline.com/article/3318619/security/republican-kemp-accuses-georgia-democrats-of-hacking-but-provides-no-proof.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=881608 True Hack,Guideline None None CSO - CSO Daily Dashboard called it “a reckless and unethical ploy” to mislead voters.]]> 2018-11-05T08:42:00+00:00 https://www.csoonline.com/article/3318619/security/republican-kemp-accused-georgia-democrats-of-hacking-but-provided-no-proof.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=881090 True Hack,Guideline None None CSO - CSO Daily Dashboard Times of Israel, admitted that its “infrastructure and strategic networks” were hit by a meaner, leaner version of Stuxnet. A TV news report added that the Iranians are “not admitting, of course, how much damage has been caused.”The report came after Iranian Supreme Leader Ayatollah Ali Khamenei said Iran needed to step up efforts to fight enemy “infiltration.” Reuters also reported that Gholamreza Jalali, the head of Iran's civil defense agency, said, “Recently we discovered a new generation of Stuxnet which consisted of several parts ... and was trying to enter our systems.” Jalali didn't go into more detail.]]> 2018-11-04T09:19:00+00:00 https://www.csoonline.com/article/3318565/security/meaner-more-violent-stuxnet-variant-reportedly-hit-iran.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=879338 True Malware,Guideline None None CSO - CSO Daily Dashboard Times of Israel, admitted that its “infrastructure and strategic networks” were hit by a meaner, leaner version of Stuxnet. A TV news report added that the Iranians are “not admitting, of course, how much damage has been caused.”The report came after Iranian Supreme Leader Ayatollah Ali Khamenei said Iran needed to step up efforts to fight enemy “infiltration.” Reuters also reported that Gholamreza Jalali, the head of Iran's civil defense agency, said, “Recently we discovered a new generation of Stuxnet which consisted of several parts ... and was trying to enter our systems.” Jalali didn't go into more detail.]]> 2018-11-04T09:19:00+00:00 https://www.csoonline.com/article/3318565/security/meaner-more-violent-stuxnet-variant-reportedly-hits-iran.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=880797 True Malware,Guideline None None CSO - CSO Daily Dashboard 2018-10-31T14:54:00+00:00 https://www.csoonline.com/article/3318257/security/the-patching-paradox.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=873495 False Patching None None CSO - CSO Daily Dashboard Image by Getty/UberIn 2016 ride-hailing app Uber had 600,000 driver and 57 million user accounts were breached. Instead of reporting the incident the company paid the perpetrator $100,000 to keep the hack under wraps. Those actions, however, cost the company dearly. The company was fined $148 million -- the biggest data-breach payout in history – for violation of state data breach notification laws.]]> 2018-10-30T03:00:00+00:00 https://www.csoonline.com/article/3316569/data-breach/biggest-data-breach-penalties-for-2018.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=870239 False Data Breach,Hack Uber None CSO - CSO Daily Dashboard identified vulnerabilities currently in implanted devices used for deep brain stimulation. The devices, known as neurostimulators or implantable pulse generators, send electrical impulses to parts of the brain; they can be used to treat disorders such as Parkinson's disease, Obsessive–Compulsive Disorder, major depression and essential tremor.]]> 2018-10-29T08:50:00+00:00 https://www.csoonline.com/article/3316550/internet-of-things/flaws-in-brain-stimulation-tech-could-let-hackers-erase-or-hold-memories-for-ransom.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=869045 False None None None CSO - CSO Daily Dashboard zero-day exploits and ransomware, but it still has a place in the enterprise, experts say, as part of a multi-layer endpoint security protection strategy. The best antivirus products act as the first layer of defense, stopping the vast majority of malware attacks and leaving the broader endpoint protection software with a smaller workload to deal with.]]> 2018-10-29T03:00:00+00:00 https://www.csoonline.com/article/3316480/malware/why-the-best-antivirus-software-isnt-enough.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=868517 False Malware None None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Cyber mercenaries sell malware to oppressive regimes in the Middle East, which then use that malware to attack their own citizens, research from the Citizen Lab suggested earlier this year. The current regimes in Turkey and Egypt compel local ISPs to run Canadian-made Sandvine/Procera deep packet inspection middleboxes that inject the malware into unencrypted HTTP downloads of popular software like Avast, VLC Player and WinRAR. Large numbers of users in Egypt, Turkey and Syria (near the border with Turkey) are affected.]]> 2018-10-23T09:00:00+00:00 https://www.csoonline.com/article/3314834/hacking/burned-malware-returns-says-cylance-report-is-hacking-team-responsible.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=858852 False Malware None None CSO - CSO Daily Dashboard 2018-10-23T07:42:00+00:00 https://www.csoonline.com/article/3314835/security/high-tech-thieves-used-a-relay-attack-to-steal-a-tesla-model-s.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=860374 True None Tesla None CSO - CSO Daily Dashboard 2018-10-23T07:42:00+00:00 https://www.csoonline.com/article/3314835/security/surveillance-video-shows-high-tech-thieves-using-relay-attack-to-steal-tesla-model-s.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=858654 True None Tesla None CSO - CSO Daily Dashboard 2018-10-22T14:04:00+00:00 https://www.csoonline.com/article/3314981/security/the-answer-to-cyber-threats-people-or-technology.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=857157 False Threat,Guideline None None CSO - CSO Daily Dashboard 2018-10-22T14:00:00+00:00 https://www.csoonline.com/article/3315100/security/know-the-facts-today-s-cyberthreat-landscape.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=860970 False Data Breach None None CSO - CSO Daily Dashboard 2018-10-22T03:06:00+00:00 https://www.csoonline.com/article/3313110/cloud-security/3-top-multi-cloud-security-challenges-and-how-to-build-a-strategy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=856063 False Data Breach None None CSO - CSO Daily Dashboard admitted to a breach in which attackers made off with the sensitive and personal information of 75,000 people. The “anomalous activity” was detected on October 13; the breach in Federally Facilitated Exchanges that agents and brokers use to help people signup for healthcare plans was declared on October 16. What exact sensitive and private info the hackers made off with was not explained, although people hand over a great deal of both types of information when signing up for healthcare.]]> 2018-10-21T09:40:00+00:00 https://www.csoonline.com/article/3315162/security/another-government-system-breached-75-000-people-affected.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=855384 False None None None CSO - CSO Daily Dashboard Cysiv which offers several other advanced managed security services.  With these moves, Trend is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone. All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft.  Now that every other established vendor and VC-backed startup are all-in on the cloud, Trend is moving beyond basic cloud security support.  For example, Trend cloud security products are tightly-coupled with its connected threat defense for prevention/detection.  From a cloud perspective, Trend has gotten very familiar with application developers and DevOps to make sure that Trend cloud security products fit seamlessly into a CI/CD pipeline.  Trend has also expanded its purview to cover containers micro-services, and even cloud-based application security.  In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products. More business investment. Over the past 5 years, Trend Micro business has gone through some significant shifts.  For example, a larger percentage of the company's revenue comes from commercial sales rather than consumer sales, while Trend has seen rapid market growth in North America.  Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going.  In my humble opinion, Trend Micro remains a bit of a diamond in the rough – its security expertise and advanced techno]]> 2018-10-19T11:22:00+00:00 https://www.csoonline.com/article/3314745/security/cybersecurity-trends-with-trend-micro.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=855254 True Malware,Threat,Guideline None None CSO - CSO Daily Dashboard Cysiv, which offers several other advanced managed security services. With these moves, Trend Micro is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone. All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft. Now that every other established vendor and VC-backed startup is all in on the cloud, Trend Micro is moving beyond basic cloud security support. For example, Trend Micro cloud security products are tightly-coupled with its connected threat defense for prevention/detection. From a cloud perspective, Trend Micro has gotten very familiar with application developers and DevOps to make sure that Trend Micro cloud security products fit seamlessly into a CI/CD pipeline. Trend Micro has also expanded its purview to cover containers micro-services, and even cloud-based application security.  In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products. More business investment. Over the past five years, Trend Micro business has gone through some significant shifts. For example, a larger percentage of the company's revenue comes from commercial sales rather than consumer sales, while Trend Micro has seen rapid market growth in North America. Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going.  ]]> 2018-10-19T11:22:00+00:00 https://www.csoonline.com/article/3314745/security/trend-micro-shines-a-light-on-its-new-cybersecurity-solutions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=856502 True Malware,Threat,Guideline None None CSO - CSO Daily Dashboard DDoS) attack or General Data Protection Regulation (GDPR)-based extortion, criminals demanding money from organizations in exchange for the return of data or to continue business operations continues to be a common occurrence. The best advice, of course, is not to pay, but as a last resort some organizations might feel the need to negotiate with cybercriminals during a cyberattack.]]> 2018-10-18T03:00:00+00:00 https://www.csoonline.com/article/3313330/ransomware/7-best-practices-for-negotiating-ransomware-payments.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=853126 False Ransomware None None CSO - CSO Daily Dashboard Hurricane Florence, which ripped through in September, Onslow Water and Sewer Authority (ONWASA) said it has no intention of paying the ransom demanded. In the Jacksonville, North Carolina, utility's words, it “will not negotiate with criminals nor bow to their demands.”]]> 2018-10-17T08:22:00+00:00 https://www.csoonline.com/article/3314557/security/ransomware-attack-hit-north-carolina-water-utility-in-aftermath-of-hurricane.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=851998 True Ransomware None None CSO - CSO Daily Dashboard Hurricane Florence, which ripped through the state in September, Onslow Water and Sewer Authority (ONWASA) said it has no intention of paying the ransom demanded. In the Jacksonville, North Carolina, utility's words, it “will not negotiate with criminals nor bow to their demands.”]]> 2018-10-17T08:22:00+00:00 https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=852259 True Ransomware None None CSO - CSO Daily Dashboard how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Below is a summary of all the new security features and options in Windows 10 version 1809, which features Windows Defender Advanced Threat Protection (ATP) enhancements, more options for enterprises to update and patch Windows, and other security improvements. Bookmark this article, because we will be adding new security features as Microsoft releases future Windows updates.]]> 2018-10-16T11:47:00+00:00 https://www.csoonline.com/article/3253899/windows/the-best-new-windows-10-security-features.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=850471 False Malware,Threat None None CSO - CSO Daily Dashboard digital transformation strategies to better meet the needs of their consumers. Unfortunately, cybercriminals are also moving at an increasingly rapid pace by continually innovating and evolving to exploit new attack vectors.However, given the current cybersecurity skills shortage impacting businesses across industries, the need for rapid threat identification and security implementation is often tempered by human-caused security errors and misconfigurations. In order to maintain an effective security posture that can adapt and respond to the evolving threat landscape at pace-without hindering digital transformation efforts-network professionals need faster and more accurate threat intelligence gathering. With this in mind, Fortinet's threat intelligence services provides your customers with the type of information and analysis they need to secure their digital businesses against modern cyberthreats and facilitate success.]]> 2018-10-16T06:18:00+00:00 https://www.csoonline.com/article/3313106/security/addressing-the-modern-threat-landscape-with-threat-intelligence-services.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=850007 False Threat None None CSO - CSO Daily Dashboard 2018-10-15T08:43:00+00:00 https://www.csoonline.com/article/3313050/security/zeek-a-free-powerful-way-to-monitor-networks-detect-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=848313 False None None None CSO - CSO Daily Dashboard NotPetya, ransomware-malicious programs that encrypt your files and demand a ransom payment in bitcoin to restore them-became one of the most talked about forms of malware of 2017. Yet at the same time, the actual rates of malware infection began to plummet around the middle of the year, until by December 2017 it represented only about 10 percent of infections.   ]]> 2018-10-10T09:52:00+00:00 https://www.csoonline.com/article/3153707/security/top-cybersecurity-facts-figures-and-statistics.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=840823 False Malware,Studies NotPetya None CSO - CSO Daily Dashboard tablets come in two flavors, the $199 10-inch 720p Portal and the $349 15-inch 1080p Portal+. The company claimed it started working on a “privacy-first plan” for Portal two years ago. The devices were supposed to launch in May, but Facebook had decided by March to delay the launch as it was embroiled in the Cambridge Analytica data scandal. Not even two weeks ago, Facebook admitted to a breach that affected 50 million people. The timing of the launch is curious as now doesn't seem the best time to be asking people to rely on Facebook to protect their privacy and security, although it is just in time for the devices to start shipping in November before the holidays.]]> 2018-10-08T08:49:00+00:00 https://www.csoonline.com/article/3311826/security/facebook-wants-you-to-put-a-portal-camera-and-microphone-in-your-home.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=836895 False None None None CSO - CSO Daily Dashboard Bloomberg report stating that several American companies were compromised by spy chips inserted secretly by the Chinese on U.S.-used computer motherboards. The Bloomberg article should be used as a starting point for a very real, serious, and long overdue discussion of supply chain risks, but I'd rather start with the facts supported by evidence instead of anonymous claims that have been unsupported for over three decades.]]> 2018-10-08T03:00:00+00:00 https://www.csoonline.com/article/3311836/security/why-i-don-t-believe-bloomberg-s-chinese-spy-chip-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=836360 False None None None CSO - CSO Daily Dashboard 19 franchise restaurant brands, must think that claiming to be a victim of a “malware outbreak” sounds better than saying it was a victim of a ransomware attack; nevertheless, nine of its restaurant brands were impacted by the attack and some have even closed down shop as the bitcoin ransom demand total grows higher each day.Corporate said that after the attack (“malware outbreak”), which happened on Friday, Sept. 28, it tried to stop the spread of the ransomware by taking “a number of our systems offline and suspended internet access to affected locations as a precaution.”]]> 2018-10-03T08:49:00+00:00 https://www.csoonline.com/article/3310839/security/recipe-unlimited-denies-ransomware-attack-despite-alleged-ransom-note-demanding-bitcoin.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=830144 True Ransomware None None CSO - CSO Daily Dashboard 19 franchise restaurant brands, must think that claiming to be a victim of a “malware outbreak” sounds better than saying it was a victim of a ransomware attack. Nevertheless, nine of its restaurant brands were impacted by the attack, and some have even closed as the bitcoin ransom demand total grows higher each day.Corporate said that after the attack (“malware outbreak”), which happened on Friday, Sept. 28, it tried to stop the spread of the ransomware by taking several of its systems offline and suspending internet access to affected locations.]]> 2018-10-03T08:49:00+00:00 https://www.csoonline.com/article/3310839/security/recipe-unlimited-denies-ransomware-attack-despite-alleged-ransom-note.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=830611 True Ransomware None None CSO - CSO Daily Dashboard 2018-10-02T14:18:00+00:00 https://www.csoonline.com/article/3309953/security/gwinnett-medical-center-investigating-possible-data-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=829095 False Data Breach None None CSO - CSO Daily Dashboard XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Tenlists injection as the number one threat to web application security. [ Learn why you need an API security program, not a piecemeal approach. | Get the latest from CSO by signing up for our newsletters. ] The good news? SQL injection is the lowest of the low-hanging fruit for both attackers and defenders. SQLi isn't some cutting edge NSA Shadow Brokers kit, it's so simple a three-year old can do it. This is script kiddie stuff-and fixing your web application to mitigate the risk of SQLi is so easy that failure to do so looks more and more like gross negligence.]]> 2018-10-02T08:47:00+00:00 https://www.csoonline.com/article/3257429/application-security/what-is-sql-injection-this-oldie-but-goodie-can-make-your-web-applications-hurt.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=828627 False Threat None None CSO - CSO Daily Dashboard warned about Torii, which is certainly no spinoff of Mirai. Torii, they said, is an “example of the evolution of IoT malware” and “its sophistication is a level above anything we have seen before.”For starters, Torii can run on almost every modern computer, smartphone, and tablet. Target architectures include x86_64, x86, ARM, MIPS, Motorola 68k, SuperH, PPC and others. Avast security researcher Martin Hron told The Parallax that one server had over 100 versions of malware payloads and supported 15 to 20 architectures. This suggests a “team effort,” as what Torii can do “would be hard for any on person to accomplish.”]]> 2018-10-01T08:14:00+00:00 https://www.csoonline.com/article/3310222/security/new-vicious-torii-iot-botnet-discovered.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=827046 False Malware,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard surveyed organizations stated that they had already adopted a multi-cloud strategy. Tempering the advantages of such a strategy, however, are a number of related security concerns. For example, if migrating to one cloud environment expands the attack surface, multiple clouds magnify it even further. Organizations need to consider how to scale protection to accommodate issues like growth, as well as how to consistently track and secure workloads that span multiple cloud environments.]]> 2018-09-28T07:00:00+00:00 https://www.csoonline.com/article/3309427/security/securing-the-multi-cloud-3-steps-for-maintaining-control-and-visibility.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=825859 False None None None CSO - CSO Daily Dashboard two-factor authentication (2FA) phone numbers. The practice will discourage some users from enabling 2FA, a net loss for security that makes it easier for criminals and spies to breach user accounts.The gargantuan Facebook monster is determined to gobble up every little bit of data about you, including what phone number you register for 2FA - then using that phone number to manipulate you with targeted advertising, according to reporting by Kashmir Hill yesterday at Gizmodo.]]> 2018-09-27T08:40:00+00:00 https://www.csoonline.com/article/3309477/privacy/hey-facebook-quit-discouraging-people-from-using-2fa.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=825860 False None None None CSO - CSO Daily Dashboard 2018-09-25T13:42:00+00:00 https://www.csoonline.com/article/3308936/techology-business/malicious-tactics-have-evolved-your-dns-needs-to-too.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=824134 False Malware None None CSO - CSO Daily Dashboard 2018-09-25T10:40:00+00:00 https://www.csoonline.com/article/3308777/budget/the-potential-costs-of-cybercrime-that-cant-be-calculated.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=823957 False None None None CSO - CSO Daily Dashboard scoffed. The group the interviewee worked with had been putting out Kodi-related malware scare stories to promote anti-piracy. Despite the alarming claims made which were short on actual facts, as far as Torrent Freak knew, only one Kodi addon had ever been used for DDoS purposes and that was back in 2017. The XBMC Foundation president had not heard of malware in a video stream and a threat analyst at BitDefender had not seen any malware in a video stream in the wild since in 2005.]]> 2018-09-25T08:20:00+00:00 https://www.csoonline.com/article/3306773/security/first-known-malicious-cryptomining-campaign-targeting-kodi.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=823781 True Malware,Threat None None CSO - CSO Daily Dashboard learn their motives and their malware. | Sign up for CSO newsletters. ]]]> 2018-09-25T08:20:00+00:00 https://www.csoonline.com/article/3306773/security/first-known-malicious-cryptomining-campaign-targeting-kodi-discovered.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=823958 True Malware None None CSO - CSO Daily Dashboard unsealed the indictment of a North Korean spy, Park Jin Hyok, whom they claim was behind the hack against Sony and the creation and distribution of the WannaCry ransomware. The 170-plus-page document was written by Nathan Shields of the FBI's LA office and shows the careful sequence of forensic analysis they used to figure out how various attacks were conducted.]]> 2018-09-25T03:00:00+00:00 https://www.csoonline.com/article/3305144/hacking/the-sony-hacker-indictment-5-lessons-for-it-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=823333 False Hack Wannacry None CSO - CSO Daily Dashboard advertised job vacancies on its site; yet after the company filled the most current vacancy for a credit control and finance assistant, resumes from around the world started pouring in.The brewery's managing director Gerald Michaluk told the BBC, “Out of the blue we started getting applicants for the post from all over the country and the world. I assumed one of my colleagues had advertised the post. However, this was not the case.”]]> 2018-09-23T08:33:00+00:00 https://www.csoonline.com/article/3307193/security/brewery-became-victim-of-targeted-ransomware-attack-via-job-vacancy-ad.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=821217 False Ransomware None None CSO - CSO Daily Dashboard support document they urge you to be prepared by looking for alternatives.RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.]]> 2018-09-21T08:10:00+00:00 https://www.csoonline.com/article/3307866/remote-access/apples-dropping-back-to-my-mac-remote-access-heres-an-alternative-currently-discounted.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=819192 False None None None CSO - CSO Daily Dashboard 2018-09-19T07:00:00+00:00 https://www.csoonline.com/article/3305069/security/cybercriminals-shift-tactics-to-keep-a-low-profile.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=815604 False Ransomware,Guideline None None CSO - CSO Daily Dashboard “Sensitive but Unclassified” notice about the breach.After a State Department spokesperson confirmed the compromise of its email system, Politico was told, “This is an ongoing investigation, and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.”]]> 2018-09-19T06:14:00+00:00 https://www.csoonline.com/article/3305067/security/state-department-confirms-breach-of-unclassified-email-system.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=815605 True Data Breach None None CSO - CSO Daily Dashboard “Sensitive but Unclassified” notice about the breach.After a State Department spokesperson confirmed the compromise of its email system, Politico was told, “This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.”]]> 2018-09-19T06:14:00+00:00 https://www.csoonline.com/article/3305067/security/state-department-confirms-breach-of-unclassified-email-system-employee-data-exposed.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=815460 True Data Breach None None CSO - CSO Daily Dashboard new report, Citizen Lab researchers warned that sophisticated mobile spyware, dubbed Pegasus – made and sold by the Israeli company NSO Group – has been found not only on Androids and iPhones in countries with questionable human rights protections, but also in the US. The researchers believe this cross-border surveillance likely breaks the law in the US and other countries.To become an NSO Pegasus infection victim, the operator has to trick a person into clicking a link which then delivers a chain of zero-day exploits and secretly installs Pegasus on the phone. After the malware installs on the target's iPhone or Android phone without the user's knowledge, it is then capable of spying via the phone's camera and microphone; it can also steal text messages, passwords, photos, contact list, calendar events and much more.]]> 2018-09-18T07:44:00+00:00 https://www.csoonline.com/article/3307116/security/sophisticated-mobile-spyware-pegasus-found-in-us-and-44-other-countries.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=814101 True Malware None 5.0000000000000000 CSO - CSO Daily Dashboard new report, Citizen Lab researchers warned that sophisticated mobile spyware, dubbed Pegasus - made and sold by the Israeli company NSO Group - has been found not only on Androids and iPhones in countries with questionable human rights protections, but also in the U.S. The researchers believe this cross-border surveillance likely breaks the law in the U.S. and other countries. Citizen Lab via Twitter To become an NSO Pegasus infection victim, the operator has to trick a person into clicking a link that then delivers a chain of zero-day exploits and secretly installs Pegasus on the phone. After the malware installs on the target's iPhone or Android phone without the user's knowledge, it is then capable of spying via the phone's camera and microphone. It can also steal text messages, passwords, photos, contact list, calendar events, and much more.]]> 2018-09-18T07:44:00+00:00 https://www.csoonline.com/article/3307116/security/sophisticated-mobile-spyware-pegasus-found-in-the-us-and-44-other-countries.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=815160 True Malware None None CSO - CSO Daily Dashboard 2018-09-13T09:15:00+00:00 https://www.csoonline.com/article/3305593/network-security/can-you-hack-me-now.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=806486 False Hack None None CSO - CSO Daily Dashboard data breach by the Privacy Rights Clearinghouse, which has been the most thorough and stalwart public recorder of data breaches in the United States for over two decades. The data file contained just over 8,600 data breaches. I found a few dupes and some missing or erroneous information, but overall, it's the best public, non-profit, and free source you're going to find.]]> 2018-09-13T03:00:00+00:00 https://www.csoonline.com/article/3304286/data-breach/data-risk-ratings-because-not-all-data-breaches-are-equal.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=805932 False Data Breach None None CSO - CSO Daily Dashboard Raspberry Pi 3 Model B+, Proxmark3, Yard Stick One, and a USB battery pack, Belgium researchers needed less than two seconds to clone the key fob of a Tesla Model S. The reckless part comes into play if you were to actually steal the Tesla, but if you turn to a life of crime then the researchers believe McLaren, Karma and Triumph are vulnerable to the attack as well since, like Tesla, the keyless entry solutions for those vehicles are designed by Pektron. In case it's not clear that stealing a Model S was a joke, then don't try it cause Tesla would be able to track down the vehicle even if you disabled GPS.]]> 2018-09-12T07:31:00+00:00 https://www.csoonline.com/article/3305737/security/hackers-clone-tesla-model-s-key-fob-in-2-seconds-to-steal-car.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=804714 False None Tesla None CSO - CSO Daily Dashboard attributed the hack to the cybercriminal group dubbed Magecart – the same group of attackers responsible for the Ticketmaster UK breach.While apologizing for the customer data theft, British Airways' boss Alex Cruz told the BBC that hackers pulled off a “sophisticated, malicious criminal attack.” Despite technical details being all but nonexistent in British Airways' breach notification, experts say attackers used a “simple but highly targeted approach.”]]> 2018-09-11T07:32:00+00:00 https://www.csoonline.com/article/3305416/security/british-airways-hack-used-digital-skimmers-by-group-that-compromised-ticketmaster.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=803160 True Hack None None CSO - CSO Daily Dashboard attributed the hack to the cybercriminal group dubbed Magecart – the same group of attackers responsible for the Ticketmaster UK breach.While apologizing for the customer data theft, British Airways' boss Alex Cruz told the BBC that hackers pulled off a “sophisticated, malicious criminal attack.” Despite technical details being all but nonexistent in British Airways' breach notification, experts say attackers used a “simple but highly targeted approach.”]]> 2018-09-11T07:32:00+00:00 https://www.csoonline.com/article/3305416/security/british-airways-hack-was-by-same-group-that-compromised-ticketmaster.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=803299 True Hack None None CSO - CSO Daily Dashboard Global Threat Landscape Report shows that virtually no firm is immune, with 96% of firms experiencing at least one severe exploit.]]> 2018-09-11T07:00:00+00:00 https://www.csoonline.com/article/3304587/security/cybersecurity-skills-report-today-s-ciso-is-shifting-toward-strategic-business-enablement.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=803161 False Malware,Threat None None CSO - CSO Daily Dashboard time to containment.]]> 2018-09-10T09:00:00+00:00 https://www.csoonline.com/article/3304252/intrusion-detection/threat-detection-it-s-about-time.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=801810 False Threat None None CSO - CSO Daily Dashboard Image by Getty ImagesThe average cost of a data breach has risen to $3.86 million, according to a new report from IBM. The latest version of its annual report shows a 6.6 percent increase in costs; including direct losses, indirect costs related to time and effort in dealing with a breach, and lost opportunities such as customer churn as result of bad publicity.]]> 2018-09-10T03:00:00+00:00 https://www.csoonline.com/article/3304358/data-breach/what-is-the-cost-of-a-data-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=801279 False Data Breach None None CSO - CSO Daily Dashboard 2018-09-06T11:50:00+00:00 https://www.csoonline.com/article/3304240/loss-prevention/why-data-loss-prevention-is-a-throwback-technology.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=795787 False Hack,Threat None None CSO - CSO Daily Dashboard Augusta University Health Reports Major Data Breach Superdrug denies data breach Health Data Breach Victim Tally for 2018 Soars Judge approves Anthem's $115M data breach settlement Indeed, big data breach stories and other major security incidents that keep offering large doses of fear, uncertainty and doubt (FUD) to the world, just keep drawing me back.]]> 2018-09-06T03:00:00+00:00 https://www.csoonline.com/article/3302849/security/why-security-pros-are-addicted-to-fud-and-what-you-can-do-about-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=794976 False Data Breach None None CSO - CSO Daily Dashboard 2018-09-06T02:30:00+00:00 https://www.csoonline.com/article/3301893/endpoint-protection/edr-is-dead-long-live-xdr.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=794921 False Threat,Guideline None None CSO - CSO Daily Dashboard CVE-2018-14847 flaw which was patched in April.]]> 2018-09-04T08:04:00+00:00 https://www.csoonline.com/article/3302774/security/7-500-mikrotik-routers-being-eavesdropped-traffic-forwarded-to-attackers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=792163 True Malware None None CSO - CSO Daily Dashboard CVE-2018-14847 flaw that was patched in April.The critical vulnerability, involving Winbox for MikroTik, “allows remote attackers to bypass authentication and read arbitrary files.” Proof-of-concept exploits have been around for several months. That same vulnerability, the researchers pointed out, was exploited by the CIA's hacking tool Chimay Red, according to WikiLeaks Vault7.]]> 2018-09-04T08:04:00+00:00 https://www.csoonline.com/article/3302774/security/7500-mikrotik-routers-compromised-traffic-forwarded-to-attackers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=792574 True Malware,Tool None None CSO - CSO Daily Dashboard IoT devices-including industrial and medical IoT-are being deployed at an unprecedented rate. This rapid adoption of IoT is one of the primary reasons why networks are in constant flux. New devices, whether physical or virtual, are continually connecting and disconnecting from the network, and often then reconnecting somewhere else. And to do their job, they need immediate access to applications and networked resources.Internet of Things endpoints are growing at an unprecedented rate, reaching an installed base of several dozen billion units in just a few years. While most people imagine digital cameras, printers, and smart appliances when they think of IoT, it also includes medical IoT (MIoT) devices, such as infusion pumps and heart monitors, and industrial IoT (IIoT), including valve controllers, temperature and pressure monitors, and manufacturing devices. This trend hasn't gone unnoticed by the cybercriminal community. While there continue to be high-profile attacks targeting traditional IoT devices, MIoT and IIoT devices are also increasingly being targeted, such as the recent Triton and VPNFilter malware attacks.]]> 2018-09-04T07:00:00+00:00 https://www.csoonline.com/article/3302768/security/unidentified-devices-leave-networks-vulnerable.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=792112 False Malware VPNFilter None CSO - CSO Daily Dashboard Image by Getty ImagesEvery IT security professional is well aware that a thorough end-user education program is a necessary weapon in the battle to protect your perimeter. A good education program trains your vulnerable humans to understand how to help defend your system from attack. Education helps people develop healthy habits, hones their defense against social engineering, and makes them an ally in the fight – rather than a chink in your defenses.]]> 2018-09-03T02:59:00+00:00 https://www.csoonline.com/article/3298961/security/10-topics-every-security-training-program-should-cover.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=790461 False None None None CSO - CSO Daily Dashboard @cybergibbons He refused.]]> 2018-09-02T09:00:00+00:00 https://www.csoonline.com/article/3302363/security/bitfi-removes-unhackable-claim-from-crypto-wallet.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=791919 True Hack None None CSO - CSO Daily Dashboard @cybergibbons He refused.]]> 2018-09-02T09:00:00+00:00 https://www.csoonline.com/article/3302363/security/bitfi-removed-unhackable-claim-yet-mcafee-offers-hacker-20-million-for-wallet-hack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=789709 True Hack None None CSO - CSO Daily Dashboard how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] A properly designed password manager is an excellent first step in securing your online identity. It generates a unique strong password for every account and application, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables or brute-force attacks.]]> 2018-08-30T11:50:00+00:00 https://www.csoonline.com/article/3198507/security/the-6-best-password-managers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=786247 False Malware None None CSO - CSO Daily Dashboard FortiGuard 2018 Threat Landscape Predictions article published just before the beginning of the year. This mid-year update provides new details concerning recent advances in some of the techniques and malware tied to those predictions. In particular, the accelerated development of several precursors of Swarmbots and Hivenets are especially worth revisiting. Others include the increased targeting of critical infrastructure, the development of automation in malware exploits, and the use of blockchain technology to anonymize the command and control of botnets.]]> 2018-08-29T09:00:00+00:00 https://www.csoonline.com/article/3301148/security/the-evolving-threat-landscape-swarmbots-hivenets-automation-in-malware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=784730 False Malware,Threat None None CSO - CSO Daily Dashboard pdf), is that cyberthugs are relying less on ransomware since ransomware attacks are up only 3 percent from the second half of 2017.]]> 2018-08-29T07:45:00+00:00 https://www.csoonline.com/article/3301876/security/cryptojacking-attacks-spiked-in-first-half-of-2018.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=784648 True Ransomware,Malware None None CSO - CSO Daily Dashboard pdf), is that cyberthugs are relying less on ransomware since ransomware attacks are up only 3 percent from the second half of 2017.]]> 2018-08-29T07:45:00+00:00 https://www.csoonline.com/article/3301876/security/cryptojacking-attacks-spiked-in-first-half-of-2018-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=784561 True Ransomware,Malware None 5.0000000000000000 CSO - CSO Daily Dashboard Take a look at the numbers. | Get the latest from CSO by signing up for our newsletters. ]]]> 2018-08-29T05:17:00+00:00 https://www.csoonline.com/article/3253572/internet/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=784374 False None None None CSO - CSO Daily Dashboard zero-day malware detection, support for cloud and hybrid environments, and even endpoint protection. [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ]]]> 2018-08-27T03:00:00+00:00 https://www.csoonline.com/article/3300796/network-security/what-are-next-generation-firewalls-how-the-cloud-and-complexity-affect-them.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=782801 False Malware None 3.0000000000000000 CSO - CSO Daily Dashboard 2018-08-24T04:45:00+00:00 https://www.csoonline.com/article/3300478/cloud-security/what-your-enterprise-needs-to-know-about-cyber-threat-intelligence.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=782803 False Threat None 4.0000000000000000 CSO - CSO Daily Dashboard at the USENIX Security Symposium.This new class of attacks was dubbed MadIoT (Manipulation of demand via IoT) by researchers from Princeton's Department of Electrical Engineering. Instead of directly attacking the supply side of the power grid, attackers could enslave high-wattage IoT devices in a botnet to manipulate the demand side of the grid.]]> 2018-08-19T09:59:00+00:00 https://www.csoonline.com/article/3299016/internet-of-things/botnet-of-smart-air-conditioners-and-water-heaters-could-bring-down-the-power-grid.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=781106 False None None None CSO - CSO Daily Dashboard 2018-08-17T08:40:00+00:00 https://www.csoonline.com/article/3298523/critical-infrastructure/balancing-cybersecurity-and-regulatory-compliance.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779670 False Data Breach None 4.0000000000000000 CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Presenting at the Black Hat USA information security conference last week in Las Vegas, prominent U.K. security researchers showcased recent research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe. In what is believed to be the most comprehensive review of mPOS security to-date, security researchers from London-based Positive Technologies plumbed the inner workings of the mobile payment infrastructure of seven mPOS readers offered by Square, SumUp, PayPal and iZettle and found a host of potential ways to hack these systems.]]> 2018-08-16T02:56:00+00:00 https://www.csoonline.com/article/3297702/mobile/hack-a-mobile-point-of-sale-system-researchers-count-the-ways.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779672 False Hack None 2.0000000000000000 CSO - CSO Daily Dashboard penetration testing team. [ Find out how to do penetration testing on the cheap ... and not so cheap. | Get the latest from CSO by signing up for our newsletters. ]]]> 2018-08-15T03:00:00+00:00 https://www.csoonline.com/article/3297436/hacking/why-you-should-consider-crowdsourcing-it-security-services.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779674 False Hack None 2.0000000000000000 CSO - CSO Daily Dashboard @bx_lr, a consultant at the security firm Nuix, pointed out a plethora of critical security issues with police body cameras during his presentation at Def Con. After analyzing bodycams by Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc, Mitchell said some of the vulnerabilities that could be remotely exploited were appalling.]]> 2018-08-14T09:08:00+00:00 https://www.csoonline.com/article/3297960/security/security-flaws-in-police-body-cameras-open-the-devices-to-attack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779675 False Ransomware,Malware None 4.0000000000000000 CSO - CSO Daily Dashboard mental health facility that decided to pay the ransomware attackers instead of fighting them or relying on their own backup is not a unique case.]]> 2018-08-14T06:08:00+00:00 https://www.csoonline.com/article/3297937/data-protection/the-unintended-consequences-of-gdpr.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779676 False Ransomware None 4.0000000000000000 CSO - CSO Daily Dashboard 2018-08-13T04:00:00+00:00 https://www.csoonline.com/article/3297059/security/ways-to-improve-your-security-team-s-response-time.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779677 False None None None CSO - CSO Daily Dashboard 2018-08-13T03:00:00+00:00 https://www.csoonline.com/article/3296377/data-breach/3-reasons-companies-fail-to-assess-the-scope-of-a-data-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=779678 False Data Breach None None CSO - CSO Daily Dashboard sequence of events, we see that a trusted insider placed the company's data at risk when their employee credentials were used by a third-party to log into TimeHop's Cloud Computing Environment. How the intruder obtained the employee's log-in credentials is unknown.]]> 2018-08-10T06:40:00+00:00 https://www.csoonline.com/article/3296486/loss-prevention/how-did-the-timehop-data-breach-happen.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=775077 False Data Breach None None CSO - CSO Daily Dashboard LabCorp. The company, one of the largest medical testing companies in the world, confirmed that a known group of bad actors penetrated their network late on a Friday night via an exposed RDP port, and infected more than 30,000 systems with SamSam ransomware. LabCorp deserves some kudos, given reports that they had the attack contained in less than 50 minutes, which is quite amazing, if true. Kudos notwithstanding, however, why did they allow their network to be penetrated in the first place?]]> 2018-08-09T13:16:00+00:00 https://www.csoonline.com/article/3295941/data-protection/here-i-am-hack-me.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=773850 False Ransomware,Hack None None CSO - CSO Daily Dashboard 2018-08-09T07:31:00+00:00 https://www.csoonline.com/article/2117843/phishing/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=773293 False None None None CSO - CSO Daily Dashboard Microsoft puts it, "is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.]]> 2018-08-09T02:56:00+00:00 https://www.csoonline.com/article/3295877/malware/what-is-malware-viruses-worms-trojans-and-beyond.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=772833 False Malware None None CSO - CSO Daily Dashboard 2018-08-08T13:35:00+00:00 https://www.csoonline.com/article/3296011/identity-management/the-case-for-multi-factor-authentication-wherever-users-connect.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=771706 False None None None CSO - CSO Daily Dashboard Social Mapper uses facial recognition to automatically search for targets across eight social media sites: Facebook, Twitter, LinkedIn, Instagram, Google+, the Russian social networking service VKontakte and the Chinese social networking sites Weibo and Douban.]]> 2018-08-08T07:45:00+00:00 https://www.csoonline.com/article/3296098/security/ai-powered-deeplocker-malware-attacks-and-face-recognition-social-mapper-tracking-tool.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=771201 True Malware,Tool None None CSO - CSO Daily Dashboard Social Mapper uses facial recognition to automatically search for targets across eight social media sites: Facebook, Twitter, LinkedIn, Instagram, Google+, the Russian social networking service VKontakte, and the Chinese social networking sites Weibo and Douban.]]> 2018-08-08T07:45:00+00:00 https://www.csoonline.com/article/3296098/security/weaponized-ai-and-facial-recognition-enter-the-hacking-world.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=771707 True Malware,Tool None None CSO - CSO Daily Dashboard top brands spoofed by phishing attacks, and Microsoft topped the list. This is notable because PayPal is usually in the top spot. According to Vade Secure's list, Microsoft held the number one position by more than 40 percent. PayPal drops to second, followed by Facebook, Netflix, Wells Fargo, Bank of America, DocuSign, Dropbox, DHL, and Apple to round out the top ten.]]> 2018-08-08T02:55:00+00:00 https://www.csoonline.com/article/3290374/security/salted-hash-sc-03-dropbox-and-microsoft-office-phishing-attacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=770807 False None None None CSO - CSO Daily Dashboard DDoS attack on the FCC's public comment system that happened at the exact same time as John Oliver urged Last Week Tonight viewers to leave comments supporting net neutrality? Yep, it never really happened – not that you believed it was true. But now the FCC admitted lying about the DDoS attack on its public comment system.FCC Chairman Ajit Pai didn't come clean about it until the Office of Inspector General's report proving the DDoS claim was false was imminent. Unsurprisingly, Pai claims the DDoS lie from May 2017 wasn't his fault; instead, he pointed the finger of blame at the FCC's former CIO David Bray.]]> 2018-08-07T08:00:00+00:00 https://www.csoonline.com/article/3295838/security/fcc-lied-about-ddos-attack-during-net-neutrality-comment-process-blames-former-cio.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=769798 False None None None CSO - CSO Daily Dashboard social engineering. Commonly centered around email, criminals use phishing to obtain access or information. Phishing attacks can be basic or customized toward the victim and their organization.A phishing attack with a directed focus is called spear phishing. If, for example, the criminal were targeting a group or person within a company, they'd use spear phishing to make the email look and feel legitimate. Usually this is done by using the victim's correct name and title, referencing legitimate projects, known co-workers, or spoofing an email from a senior executive.]]> 2018-08-07T02:55:00+00:00 https://www.csoonline.com/article/3290417/security/csos-guide-to-phishing-and-phishing-kits.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=769303 False None None None CSO - CSO Daily Dashboard exploit and attack a particular eVoting machine. Undoubtedly other machines are also vulnerable to malicious alteration.]]> 2018-08-02T07:26:00+00:00 https://www.csoonline.com/article/3294976/cyberwarfare/political-hack-takes-on-new-meaning-in-the-age-of-cyberwarfare.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=763682 False Vulnerability,Studies None None CSO - CSO Daily Dashboard 2018-08-01T04:15:00+00:00 https://www.csoonline.com/article/3294297/regulation/is-californias-consumer-privacy-act-of-2018-going-to-be-gdpr-version-2.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=761644 False Data Breach None None CSO - CSO Daily Dashboard GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] So far, deepfakes have been limited to amateur hobbyists putting celebrities' faces on porn stars' bodies and making politicians say funny things. However, it would be just as easy to create a deepfake of an emergency alert warning an attack was imminent, or destroy someone's marriage with a fake sex video, or disrupt a close election by dropping a fake video or audio recording of one of the candidates days before voting starts.]]> 2018-07-31T02:55:00+00:00 https://www.csoonline.com/article/3293002/fraud/what-are-deepfakes-how-and-why-they-work.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=760158 False None None None CSO - CSO Daily Dashboard General Data Protection Regulation (GDPR) has been a time-consuming endeavor. Unfortunately, the work is not over. Now that GDPR is in effect, companies will need to do regular internal audits to assess their compliance levels. The ability to document these audits will be vital in the event of a breach or complaint, because showing that a good-faith effort was made could help avoid a big penalty.]]> 2018-07-25T03:00:00+00:00 https://www.csoonline.com/article/3290938/compliance/how-to-conduct-a-proper-gdpr-audit-4-key-steps.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=752696 False None None None CSO - CSO Daily Dashboard ready to replace antivirus. | Get the latest from CSO by signing up for our newsletters. ]]]> 2018-07-24T03:48:00+00:00 https://www.csoonline.com/article/2615925/security/security-your-quick-guide-to-malware-types.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=750887 False Malware None None CSO - CSO Daily Dashboard 2018-07-23T02:58:00+00:00 https://www.csoonline.com/article/3289706/security/review-zero-tolerance-malware-and-code-blocking-with-solebit.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=749104 False Malware None None CSO - CSO Daily Dashboard Google Home, Roku, Sonos, Chromecast, smart home Radio Thermostat CT50 & CT80 and all Blizzard games were vulnerable to DNS rebinding attacks. Now IoT security vendor Armis has warned that nearly half a billion “smart” devices are vulnerable to the decade-old DNS rebinding attack vector.]]> 2018-07-22T09:47:00+00:00 https://www.csoonline.com/article/3290372/security/half-a-billion-smart-devices-vulnerable-to-decade-old-dns-rebinding-attacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=748486 False None None None CSO - CSO Daily Dashboard when the company disclosed it via an 8-K filing with the SEC. Since then, as recovery efforts continue, the company said they're at about 90-percent operational capacity.]]> 2018-07-19T12:24:00+00:00 https://www.csoonline.com/article/3291617/security/samsam-infected-thousands-of-labcorp-systems-via-brute-force-rdp.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=747606 False Ransomware None None