This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T09:22:30+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard SaaS-based service, including support for the Okta user identification platform and Docker containers, and what it's describing as “programmatic deployment" of zero trust networks.Essentially, the company said, the idea is to provide automated provisioning and deployment of network access to managed assetts - using a small, 80KB daemon designed to run on almost any hardware to hook into the TCP/IP stack and create a connection with Remote.it's systems. The company's own cloud then automatically configures the connection, without any requirement of input from IT staff.To read this article in full, please click here]]> 2023-01-17T14:51:00+00:00 https://www.csoonline.com/article/3685573/remoteit-takes-steps-toward-zero-trust-with-single-line-of-code-provisioning.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301994 False None None 2.0000000000000000 CSO - CSO Daily Dashboard a new report. "However, if ports are shared with the public (that is, without authentication or authentication context), attackers can abuse this feature to host malicious content such as scripts and malware samples."To read this article in full, please click here]]> 2023-01-17T13:53:00+00:00 https://www.csoonline.com/article/3685419/how-attackers-might-use-github-codespaces-to-hide-malware-delivery.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301964 False Malware,Prediction None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-17T10:14:00+00:00 https://www.csoonline.com/article/3685674/optimize-your-security-investments-with-the-right-mdr-provider.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301929 False Tool None 1.00000000000000000000 CSO - CSO Daily Dashboard multifactor authentication (MFA) fatigue. This occurs when the attacker “sends a user multiple push notifications in the hopes that they will click and approve a request - either out of muscle memory, thinking they must have logged into an application, or simply out of hope that they will stop getting these notifications,” says Goerlich.To read this article in full, please click here]]> 2023-01-17T07:58:00+00:00 https://www.csoonline.com/article/3685570/key-considerations-for-alleviating-mfa-push-fatigue.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301901 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-17T07:03:00+00:00 https://www.csoonline.com/article/3685417/truly-unified-security-includes-distributed-and-remote-operations.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301872 False None None 2.0000000000000000 CSO - CSO Daily Dashboard press release, DigiCert stated that Trust Lifecycle Manager tightly integrates with its “best-in-class” public trust issuance for a full-stack solution governing seamless management of corporate digital trust infrastructure. Brian Trzupek, SVP of product at DigiCert, tells CSO that the solution has been built to address three key digital security certificate management challenges posing risks to organizations amid expanding networks. “These are year-on-year certificate growth, frequent rogue certificate encounters, and disparate certificate oversight across business departments,” he says.To read this article in full, please click here]]> 2023-01-17T05:00:00+00:00 https://www.csoonline.com/article/3685072/digicert-releases-trust-lifecycle-manager-to-unify-certificate-management-pki-services.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301855 False None None 3.0000000000000000 CSO - CSO Daily Dashboard GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year's biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children's personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.To read this article in full, please click here]]> 2023-01-17T04:47:00+00:00 https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301836 False Data Breach None 3.0000000000000000 CSO - CSO Daily Dashboard National Defense Authorization Act (NDAA) passed by Congress and signed by President Biden in late December 2022 was filled with a host of military-related cybersecurity provisions. One little-noticed provision in the bill called for a study of cybersecurity and national security threats posed by foreign-manufactured cranes at United States ports.Under this provision, the Maritime Administrator, working with Homeland Security, the Pentagon, and the Cybersecurity and Infrastructure Security Agency (CISA), is required to conduct a study to assess whether foreign manufactured cranes at United States ports pose cybersecurity or national security threats. It must be completed by late December 2023 and submitted to the Senate Commerce and Armed Services committees and House Transportation and Armed Services committees.To read this article in full, please click here]]> 2023-01-17T04:21:00+00:00 https://www.csoonline.com/article/3685378/us-maritime-administrator-to-study-port-crane-cybersecurity-concerns.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301837 False None None 2.0000000000000000 CSO - CSO Daily Dashboard GPT-3.5, was released on 30 November 2022 and racked up a million users in five days. It is capable of writing emails, essays, code and phishing emails, if the user knows how to ask.By comparison, it took Twitter two years to reach a million users. Facebook took ten months, Dropbox seven months, Spotify five months, Instagram six weeks. Pokemon Go took ten hours, so don't break out the champagne bottles, but still, five days is pretty impressive for a web-based tool that didn't have any built-in name recognition.To read this article in full, please click here]]> 2023-01-16T02:00:00+00:00 https://www.csoonline.com/article/3685488/how-ai-chatbot-chatgpt-changes-the-phishing-game.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301456 False Tool ChatGPT 2.0000000000000000 CSO - CSO Daily Dashboard CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.To read this article in full, please click here]]> 2023-01-13T12:01:00+00:00 https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300961 False Malware,Vulnerability None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-13T10:39:00+00:00 https://www.csoonline.com/article/3685376/looking-for-a-warranty-from-an-mdr-provider-ask-these-key-questions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300941 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510, allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.To read this article in full, please click here]]> 2023-01-13T04:00:00+00:00 https://www.csoonline.com/article/3685414/royal-ransomware-group-actively-exploiting-citrix-vulnerability.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300872 False Ransomware,Vulnerability None 2.0000000000000000 CSO - CSO Daily Dashboard 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn't just the big players caught in the line of fire. IBM's report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes - from local credit unions to Fortune 500s - are at risk. While ransomware attacks get the most time in the financial headlines, most breaches aren't caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.To read this article in full, please click here]]> 2023-01-12T10:00:00+00:00 https://www.csoonline.com/article/3685191/how-financial-institutions-can-soar-to-success-with-devo-soar.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300630 False Ransomware,Data Breach,Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-12T09:58:00+00:00 https://www.csoonline.com/article/3685531/the-unrelenting-rise-of-botnet-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300631 False Malware None 3.0000000000000000 CSO - CSO Daily Dashboard CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code.BeVigil scans all the apps installed on a user's phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps and rated them. The tool also alerts software companies and app developers about vulnerabilities found through the app, and helps users and developers win bug bounty contests from various software companies by giving them access to the code of apps running on their phone and reporting bugs.To read this article in full, please click here]]> 2023-01-12T03:57:00+00:00 https://www.csoonline.com/article/3685529/cloudsek-launches-free-security-tool-that-helps-users-win-bug-bounty.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300530 False Tool None 2.0000000000000000 CSO - CSO Daily Dashboard ESG research.First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023.These numbers mean that some organizations with flat or decreasing IT budgets will still increase spending on cybersecurity. This trend is further supported by the fact that 40% of survey respondents claim that improving cybersecurity is the most important justification for IT investments in 2023. This research was conducted in late 2022 when respondents were well aware of the economic headwinds and built appropriate assumptions into their budget planning.To read this article in full, please click here]]> 2023-01-12T02:00:00+00:00 https://www.csoonline.com/article/3685049/cybersecurity-spending-and-economic-headwinds-in-2023.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300492 False Prediction None 2.0000000000000000 CSO - CSO Daily Dashboard Common Vulnerability and Exposures program - in the Intel Ethernet diagnostics driver for Windows (iqvw64.sys).To read this article in full, please click here]]> 2023-01-11T15:37:00+00:00 https://www.csoonline.com/article/3685408/cybercriminals-bypass-windows-security-with-driver-vulnerability-exploit.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300311 False Vulnerability None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-11T10:36:00+00:00 https://www.csoonline.com/article/3685368/study-shows-attackers-can-use-chatgpt-to-significantly-enhance-phishing-and-bec-scams.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300250 False None ChatGPT 2.0000000000000000 CSO - CSO Daily Dashboard unauthorized access to its development environment in August last year, serious vulnerabilities in 2017, a phishing attack in 2016, and a data breach in 2015.To read this article in full, please click here]]> 2023-01-11T02:00:00+00:00 https://www.csoonline.com/article/3684790/timeline-of-the-latest-lastpass-data-breaches.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299921 False None LastPass 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-10T15:44:00+00:00 https://www.csoonline.com/article/3685288/adaptive-ddos-suppression-for-a-safer-more-resilient-internet.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299706 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard Le Monde Informatique website.]More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider.The mistake, discovered by France Info - Radio France's news and investigation service - just before the year-end holidays, could hit the CAF hard. The investigation found that the CAF in Gironde (Nouvelle-Aquitaine) sent a file containing sensitive and personal information of 10,204 beneficiaries to a service provider responsible for training the organization's statisticians.To read this article in full, please click here]]> 2023-01-10T15:31:00+00:00 https://www.csoonline.com/article/3685233/data-leak-exposes-information-of-10-000-french-social-security-beneficiaries.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299707 False None None 3.0000000000000000 CSO - CSO Daily Dashboard confidential computing umbrella of security features. Improvements to Intel's trusted execution environment and a new technique for combatting jump- and return-oriented programming attacks were the most notable upgrades.Xeon's fourth generation introduces a number of new features across the board, including marked improvements to energy efficiency, AI processing, and edge workload handling, but the security side's highlights are virtual machine (VM) isolation technology and control flow enforcement. The former technique provides hardware-level VM isolation, without the need for hypervisor oversight - instead of a single app living inside of a trusted environment, a whole VM can live there.To read this article in full, please click here]]> 2023-01-10T10:01:00+00:00 https://www.csoonline.com/article/3685070/intel-boosts-vm-security-guards-against-stack-attacks-in-new-xeon-release.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299607 False None None 3.0000000000000000 CSO - CSO Daily Dashboard projected to reach $2.36 billion by 2027, and small to mid-size enterprises are leading the way.To read this article in full, please click here]]> 2023-01-10T09:48:00+00:00 https://www.csoonline.com/article/3685230/the-converging-future-of-xdr-and-threat-hunting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299608 False Threat,Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard the Sophos' 2023 Threat Report, which details how the cyberthreat landscape has changed due to an easier barrier of entry for criminal hopefuls.Threat researchers with Sophos say the expansion is due to the commoditization of “malware-as-a-service” and the sale of stolen credentials and other sensitive data. Today, nearly every aspect of the cybercrime toolkit - from initial infection to ways to avoid detection - is available for purchase on the dark web, say researchers. This thriving business selling what once would have been considered “advanced persistent threat” tools and tactics means any would-be criminal can buy their way into exploitation for profit.To read this article in full, please click here]]> 2023-01-10T08:14:00+00:00 https://www.csoonline.com/article/3685069/cybercrime-as-a-service-ransomware-still-on-the-rise.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299592 False Ransomware,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-09T15:05:00+00:00 https://www.csoonline.com/article/3685048/tcp-floods-are-again-the-leading-ddos-attack-vector.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299349 False Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard CSO Online's overview, highlighted that the “legislation required the Office of Management and Budget in consultation with the administrator of general services, the director of CISA, the director of national intelligence, and the secretary of defense, to develop within two months standards and guidelines for executive agencies requiring the app's removal.” Duly noted was the action taken by the House of Representatives, which immediately voted to ban the app from the phones of House members and staff amid protestations from TikTok, owned by China-based ByteDance.To read this article in full, please click here]]> 2023-01-09T02:00:00+00:00 https://www.csoonline.com/article/3684908/if-governments-are-banning-tiktok-why-is-it-still-on-your-corporate-devices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299128 False None None 2.0000000000000000 CSO - CSO Daily Dashboard security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR). In fact, some XDR platforms listed here are the fusion of existing tools the vendor has offered for some time.To read this article in full, please click here]]> 2023-01-09T02:00:00+00:00 https://www.csoonline.com/article/3684850/11-top-xdr-tools-and-how-to-evaluate-them.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299129 False Tool,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard BBC reported, with Vice Society hackers using generic search terms to steal documents. “One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked 'confidential' contains documents on the headmaster's pay and student bursary fund recipients,” the BBC wrote. The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner's Office (ICO) and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.To read this article in full, please click here]]> 2023-01-06T06:51:00+00:00 https://www.csoonline.com/article/3684851/14-uk-schools-suffer-cyberattack-highly-confidential-documents-leaked.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298546 False Ransomware,Hack None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-06T04:22:00+00:00 https://www.csoonline.com/article/3684771/twitters-mushrooming-data-breach-crisis-could-prove-costly.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298511 False Data Breach None 2.0000000000000000 CSO - CSO Daily Dashboard cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub,  Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials.Researchers from Palo Alto Networks' Unit 42 have dubbed the group Automated Libra and believe it's based in South Africa. During the peak of the campaign, dubbed PurpleUrchin, in November, the group was registering between three and five GitHub accounts every minute using automated CAPTCHA defeating processes with the intention to abuse GitHub Actions workflows for mining.To read this article in full, please click here]]> 2023-01-05T10:34:00+00:00 https://www.csoonline.com/article/3684749/attackers-create-130k-fake-accounts-to-abuse-limited-time-cloud-computing-resources.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298285 False None None 4.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-05T04:00:00+00:00 https://www.csoonline.com/article/3684730/nato-tests-ai-s-ability-to-protect-critical-infrastructure-against-cyberattacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298162 False Malware None 3.0000000000000000 CSO - CSO Daily Dashboard descriptions found online and those laid out by multiple sources interviewed for this article. The people holding these roles also come from diverse educational and experiential backgrounds, at the core of which are strong familiarity with compliance regulations, solid cybersecurity foundations, and business acumen.To read this article in full, please click here]]> 2023-01-05T02:00:00+00:00 https://www.csoonline.com/article/3684728/the-biso-bringing-security-to-business-and-business-to-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298064 False Medical None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-04T15:19:00+00:00 https://www.csoonline.com/article/3684769/attackers-use-stolen-banking-data-as-phishing-lure-to-deploy-bitrat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297971 False Data Breach,Tool None 1.00000000000000000000 CSO - CSO Daily Dashboard The Reality of SMB Cloud Security in 2022, show significant changes in IaaS users' experiences of cyberattacks over the past year.To read this article in full, please click here]]> 2023-01-04T14:01:00+00:00 https://www.csoonline.com/article/3684768/the-cloud-is-under-attack-the-state-of-cloud-security-in-2023.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297960 False None None 2.0000000000000000 CSO - CSO Daily Dashboard report by AI-based cybersecurity company CloudSek. The increase in attacks can be attributed to rapid digitization and the shift to remote work during the pandemic, which broadened the attack surface of government entities and paved the way for an increase in cyberwarfare waged by nation-state actors, according to the report.Government agencies collect and store huge amounts of data, which include information about individual citizens that can be sold on the dark web. There is also a risk that national security and military data can be used by terrorist organizations. To read this article in full, please click here]]> 2023-01-04T11:22:00+00:00 https://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297914 False None None 2.0000000000000000 CSO - CSO Daily Dashboard 2023-01-04T09:48:00+00:00 https://www.computerworld.com/article/3684514/meta-hit-with-413-million-fine-in-eu-for-breaking-gdpr-rules.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297877 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard LastPass breach that exposed an encrypted backup of a database of saved passwords. For organizations with high security requirements, that leaves hardware-based login options such as FIDO devices.To read this article in full, please click here]]> 2023-01-04T02:00:00+00:00 https://www.csoonline.com/article/3684275/why-it-might-be-time-to-consider-using-fido-based-authentication-devices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297735 False None LastPass 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-03T16:25:00+00:00 https://www.csoonline.com/article/3684412/overcoming-the-barriers-to-digital-transformation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297621 False None None 2.0000000000000000 CSO - CSO Daily Dashboard a security advisory.To read this article in full, please click here]]> 2023-01-03T10:29:00+00:00 https://www.csoonline.com/article/3684468/pytorch-suffers-supply-chain-attack-via-dependency-confusion.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297513 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor. SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital.To read this article in full, please click here]]> 2023-01-03T06:57:00+00:00 https://www.csoonline.com/article/3684429/lockbit-apologizes-for-ransomware-attack-on-hospital-offers-decryptor.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297468 False Ransomware None 2.0000000000000000 CSO - CSO Daily Dashboard report. "Fast forward to this year, when the ransomware scene seems as dynamic as ever, with various groups adapting to increased disruptive efforts by law enforcement and private industry, infighting and insider threats, and a competitive market that has developers and operators shifting their affiliation continuously in search of the most lucrative ransomware operation."To read this article in full, please click here]]> 2023-01-02T02:00:00+00:00 https://www.csoonline.com/article/3684248/ransomware-ecosystem-becoming-more-diverse-for-2023.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297128 False Ransomware None 3.0000000000000000 CSO - CSO Daily Dashboard The 4,155-page bill reflects an already agreed-upon $858 billion for defense spending and an additional $800 billion for non-defense spending, including several prominent cybersecurity items.US Senator Chris Murphy (D-CT), chair of the Subcommittee on Homeland Security, said, “This bill is a reasonable compromise, and I'm proud of the investments it would make in the responsible management of our border, the protection of our nation from cyber threats, and the protection of our coastlines and airports.”To read this article in full, please click here]]> 2022-12-30T04:09:00+00:00 https://www.csoonline.com/article/3684388/us-congress-funds-cybersecurity-initiatives-in-fy2023-spending-bill.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8295995 False None None 2.0000000000000000 CSO - CSO Daily Dashboard Log4Shell, officially tracked as CVE-2021-44228, was discovered in December 2021 in Log4j, a widely popular open-source Java library that's used for logging. Initially disclosed as a zero-day, the project's developers quickly created a patch, but getting that patch widely adopted and deployed proved challenging because it relies on developers who used this component in their software to release their own updates.To read this article in full, please click here]]> 2022-12-28T02:00:00+00:00 https://www.csoonline.com/article/3684108/log4shell-remains-a-big-threat-and-a-common-cause-for-security-breaches.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8295482 False Vulnerability,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard California Consumer Privacy Act (CCPA), adopted in 2018. It went into effect in January 2020, and enforcement officially began in July 2020.To read this article in full, please click here]]> 2022-12-26T23:00:00+00:00 https://www.csoonline.com/article/3601123/cpra-explained-new-california-privacy-law-ramps-up-restrictions-on-data-use.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8295161 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard 2022-12-26T03:00:00+00:00 https://www.computerworld.com/article/3684170/the-top-12-tech-stories-of-2022.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8294925 False None None 2.0000000000000000 CSO - CSO Daily Dashboard UK CSO 30 2022 Awards & Conference. The candidates are out there, he adds, but you have to change the traditional practices for hiring because if you always do what you always did, you'll always get what you've always had.To read this article in full, please click here]]> 2022-12-22T02:00:00+00:00 https://www.csoonline.com/article/3683869/how-marvels-avengers-inspire-pinsent-masons-ciso-to-adapt-cybersecurity-hiring.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293650 False None None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-21T08:56:00+00:00 https://www.csoonline.com/article/3684009/the-next-big-attack-vector-your-supply-chain.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293411 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-21T02:00:00+00:00 https://www.csoonline.com/article/3683868/how-social-media-puts-companies-at-risk-and-how-to-mitigate-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293341 False None None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-20T13:06:00+00:00 https://www.csoonline.com/article/3683948/today-s-workforce-wants-flexibility-companies-need-zero-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293169 False Ransomware None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-20T07:32:00+00:00 https://www.csoonline.com/article/3683888/managing-risk-would-be-easier-if-it-weren-t-for-people.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293086 False Threat,Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard security information and event management (SIEM) or security, orchestration, automation, and response (SOAR) systems are the ideal in an enterprise environment because of their ability to not only collect and correlate log event data, but also to add context, perform deep analysis, and even to initiate incident response.To read this article in full, please click here]]> 2022-12-20T02:00:00+00:00 https://www.csoonline.com/article/3683210/how-to-enable-event-collection-in-windows-server.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293029 False None None 2.0000000000000000 CSO - CSO Daily Dashboard automation. These issues slow down the security operations center (SOC) team, which in turn slows the response to attacks.The second challenge is process-related. Automating in pockets is easier, but to automate from start to finish, you need to understand the automation flow. Many organizations struggle to define the right process within their teams, technology stacks, and across users and suppliers.To read this article in full, please click here]]> 2022-12-19T15:12:00+00:00 https://www.csoonline.com/article/3683828/overcoming-the-top-technology-process-and-people-challenges-faced-by-cisos.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8292917 False None None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-19T14:51:00+00:00 https://www.csoonline.com/article/3683789/why-a-culture-of-awareness-and-accountability-is-essential-to-cybersecurity.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8292910 False Patching None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-19T08:33:00+00:00 https://www.csoonline.com/article/3683270/us-consumers-seriously-concerned-over-their-personal-data.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8292817 False None None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-16T13:24:00+00:00 https://www.csoonline.com/article/3683212/one-policy-framework-zero-trust-and-ops-teams.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8292233 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-16T10:46:00+00:00 https://www.csoonline.com/article/3683490/what-s-next-in-authentication-passwordless-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8292198 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-16T07:11:00+00:00 https://www.csoonline.com/article/3683589/keeping-your-retail-business-safe-from-the-cyber-grinches.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291992 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-15T11:18:00+00:00 https://www.csoonline.com/article/3683508/mttr-not-a-viable-metric-for-complex-software-system-reliability-and-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291654 False None None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-15T07:51:00+00:00 https://www.csoonline.com/article/3683488/how-to-choose-security-technology-that-works.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291616 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard Threat Stack and will be a part of the F5 Distributed Cloud Services portfolio, launched earlier this year. AIP will complement F5's API Security F5 already has a service called API Security, which helps organizations discover and map APIs, block unwanted connections, and prevent data leakage. AIP goes one step further and provides telemetry collection and intrusion detection for cloud-native workloads. To read this article in full, please click here]]> 2022-12-15T04:54:00+00:00 https://www.csoonline.com/article/3683468/f5-expands-security-portfolio-with-app-infrastructure-protection.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291542 False None None 2.0000000000000000 CSO - CSO Daily Dashboard bill is no exception.Titled the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the legislation clocks in at over 4,408 pages. The entire package is worth $858 billion, an increase of 10.3%, or $80.4 billion, over FY2022 NDAA's topline with a good chunk of that amount going to cybersecurity efforts.To read this article in full, please click here]]> 2022-12-15T04:48:00+00:00 https://www.csoonline.com/article/3683469/dozens-of-cybersecurity-efforts-included-in-this-year-s-us-ndaa.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291543 False None None 2.0000000000000000 CSO - CSO Daily Dashboard 2022-12-15T03:39:00+00:00 https://www.computerworld.com/article/3683291/microsofts-eu-data-boundary-plan-to-take-effect-from-january-1.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291524 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard 2022-12-15T03:39:00+00:00 https://www.computerworld.com/article/3683291/microsofts-eu-data-boundary-plan-to-take-effect-jan-1.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291544 True None None 3.0000000000000000 CSO - CSO Daily Dashboard recent report, the GAO shone a light on the Departments of Energy, Health and Human Services, Homeland Security, and Transportation. How each of these entities reacted and responded to its recommendations was telling.In its forward to Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices, the GAO noted that the Departments of Homeland Security and Transportation concurred with the GAO recommendations, Energy deferred a response until “further coordination with other agencies,” and Health and Human Services punted, saying it “neither agreed nor disagreed with the recommendations but noted planned actions,” adding that it doesn't have the ability to compel the private sector to adopt any cybersecurity plan.To read this article in full, please click here]]> 2022-12-15T02:00:00+00:00 https://www.csoonline.com/article/3682777/gao-warns-government-agencies-focus-on-iot-and-ot-within-critical-infrastructure.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291491 False None None 2.0000000000000000 CSO - CSO Daily Dashboard ProxyLogon and ProxyShell made waves in the infosec sphere. Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain comprising two actively exploited flaws: CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that an authenticated attacker can exploit for privilege escalation. This vulnerability occurs because the root cause of ProxyShell's path confusion flaw remains, as explained further below. CVE-2022-41082 is a deserialization flaw that can be abused to achieve remote code execution (RCE) in Exchange's PowerShell backend once it becomes accessible to the attacker.  Both vulnerabilities impact Microsoft Exchange Server on-premises and hybrid setups running Exchange versions 2013, 2016, and 2019 with an internet-exposed Outlook Web App (OWA) component.To read this article in full, please click here]]> 2022-12-15T02:00:00+00:00 https://www.csoonline.com/article/3682762/microsoft-exchange-proxynotshell-vulnerability-explained-and-how-to-mitigate-it.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291492 False Vulnerability None 3.0000000000000000 CSO - CSO Daily Dashboard a new report about the incident. "In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."To read this article in full, please click here]]> 2022-12-14T14:07:00+00:00 https://www.csoonline.com/article/3683288/cuba-ransomware-group-used-microsoft-developer-accounts-to-sign-malicious-drivers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291350 False Ransomware,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard cloud security posture management (CSPM) capabilities, designed to help organizations create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure. The new CSPM solution offers three key enhancements. First, it allows organizations to customize policies and ensure configurations align with an organization's specific needs. Second, it helps organizations build custom cross-account reports to measure hygiene. Finally, the new CSPM will now be compliant with the latest CIS benchmarks, industry standards, and other additional controls written by the Lacework Labs team. To read this article in full, please click here]]> 2022-12-14T06:39:00+00:00 https://www.csoonline.com/article/3682782/lacework-adds-new-capabilities-to-its-cspm-solution.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291216 False None None 2.0000000000000000 CSO - CSO Daily Dashboard ExtraReplica and Hell's Keychain. “Although these issues have been reported on extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry,” Wiz stated. What's more, the root cause of these vulnerabilities – improperly implemented security boundaries, usually compounded by otherwise harmless bugs in customer-facing interfaces – is significant, the firm added.To read this article in full, please click here]]> 2022-12-14T06:00:00+00:00 https://www.csoonline.com/article/3682778/wiz-debuts-peach-tenant-isolation-framework-for-cloud-applications.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291200 False Vulnerability None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-14T04:31:00+00:00 https://www.csoonline.com/article/3682854/new-royal-ransomware-group-evades-detection-with-partial-encryption.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291187 False Ransomware None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-14T02:00:00+00:00 https://www.csoonline.com/article/3682760/how-acceptable-is-your-acceptable-use-policy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291127 False None None 2.0000000000000000 CSO - CSO Daily Dashboard DEFENSELESS - A statistical report on the state of cybersecurity maturity across the defense industrial base (DIB) should embarrass the sector and begs the question: why are some companies still allowed to do business with the government at all?The CyberSheath report, conducted by Merrill research, surveyed 300 US members of the DIB and judged their results as having a 95% probability of being accurate. Which should give everyone pause, as the results are startling.To read this article in full, please click here]]> 2022-12-14T02:00:00+00:00 https://www.csoonline.com/article/3682673/clear-and-present-danger-report-highlights-serious-cybersecurity-issues-with-us-defense-contractors.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291128 False Industrial None 3.0000000000000000 CSO - CSO Daily Dashboard DDoS Threat Intelligence Report from NETSCOUT. These include adaptive distributed denial-of-service (DDoS), direct-path TCP-based DDoS, proliferation of botnets, sociopolitical fallout, and collateral damage. The thing these trends all have in common is they are designed to evade common DDoS defense measures and cause maximum harm to targets and others in their proximity. DDoS always attempts to disrupt, destabilize, and deny availability and often succeeds. The only thing that can prevent its success is a well-designed network with intelligent DDoS mitigation systems (IDMSs). For many organizations, common myths can lead to poor choices and overconfidence when it comes to properly architecting a solution.To read this article in full, please click here]]> 2022-12-13T15:57:00+00:00 https://www.csoonline.com/article/3682658/3-common-ddos-myths.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291034 False Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-13T13:04:00+00:00 https://www.csoonline.com/article/3682756/securing-operational-technology-environments-for-critical-infrastructure.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290934 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard ransomware and business email compromise as the most common attacks faced by businesses worldwide, with supply chain threats, malicious insiders and DDoS attacks rounding out the top five. Over the course of the past year, 96% of respondents to the company's executive survey said that they'd experienced at least one security breach, and over half said that they'd experienced three or more. Fully 84% said that they pin the responsibility for increased security incidents in the past year on the growing prevalence of remote work.To read this article in full, please click here]]> 2022-12-13T12:37:00+00:00 https://www.csoonline.com/article/3682754/palo-alto-networks-flags-top-cyberthreats-offers-new-zero-day-protections.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290921 False Threat None 2.0000000000000000 CSO - CSO Daily Dashboard right technologies can undoubtedly go a long way in protecting organizations against cybercrime. Still, the reality is that employees are an organization's first line of defense when it comes to halting bad actors. Cybersecurity is everyone's job, not just the responsibility of the security and IT teams.To read this article in full, please click here]]> 2022-12-13T11:30:00+00:00 https://www.csoonline.com/article/3682753/staying-cyber-safe-this-holiday-season-with-security-awareness-training.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290902 False Threat None 2.0000000000000000 CSO - CSO Daily Dashboard 2022-12-13T11:09:00+00:00 https://www.computerworld.com/article/3683068/european-commission-takes-step-toward-approving-eu-us-data-privacy-pact.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290922 False None None 2.0000000000000000 CSO - CSO Daily Dashboard The latest version introduces minor changes to the standard relating to clarification/guidance and structure/formatting. It also introduces more significant changes regarding new or evolving content, chiefly the Web Software Module, a set of supplemental security requirements to address the most common security issues related to the use of internet-accessible payment technologies. Version 1.2 also adds a requirement that SSF company QA staff are either an SSF assessor or have completed SSF knowledge training. This comes ahead of the PCI DSS 4.0 regulation, which will comes into full effect in March 2025.To read this article in full, please click here]]> 2022-12-13T04:57:00+00:00 https://www.csoonline.com/article/3682656/pci-secure-software-standard-version-1-2-sets-out-new-payment-security-requirements.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290687 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive charges “to contact, incapacitate, or disorient violent, armed, or dangerous suspects” only when lives are at stake.To read this article in full, please click here]]> 2022-12-13T02:00:00+00:00 https://www.csoonline.com/article/3682852/are-robots-too-insecure-for-lethal-use-by-law-enforcement.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290652 False None None 3.0000000000000000 CSO - CSO Daily Dashboard a security chief sentenced to prison for concealing a data breach.These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.To read this article in full, please click here]]> 2022-12-12T02:00:00+00:00 https://www.csoonline.com/article/3682748/14-lessons-cisos-learned-in-2022.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290226 False None Uber 2.0000000000000000 CSO - CSO Daily Dashboard CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers.The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users manage both systems from the same management console.To read this article in full, please click here]]> 2022-12-09T06:01:00+00:00 https://www.csoonline.com/article/3682849/uptycs-announces-agentless-cloud-workload-scanning.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289550 False None None 2.0000000000000000 CSO - CSO Daily Dashboard work-from-anywhere (WFA) employees with secure, reliable, and authenticated access to critical corporate assets, applications, and resources.It is crucial to have enterprise-grade protection, whether workers are on-premises, working from home, or anywhere in between.Today's hybrid networks are only as secure as their weakest link. Consequently, when the pandemic forced many to suddenly shift to working out of home offices and other off-site locations, a spike in malware, particularly ransomware, was experienced worldwide. Cybercriminals moved quickly from attacking the corporate network to targeting poorly defended remote and non-traditional workplaces. These malicious hackers were then able to infiltrate networks by hijacking encrypted VPN tunnels.To read this article in full, please click here]]> 2022-12-09T05:21:00+00:00 https://www.csoonline.com/article/3682891/7-key-considerations-before-purchasing-a-sase-solution.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289591 False None None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-08T12:26:00+00:00 https://www.csoonline.com/article/3682770/json-based-sql-injection-attacks-trigger-need-to-update-web-application-firewalls.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289305 False None None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-08T09:08:00+00:00 https://www.csoonline.com/article/3682808/in-house-vs-outsourced-security-understanding-the-differences.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289181 False None None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-08T08:25:00+00:00 https://www.csoonline.com/article/3682672/prevention-or-detection-which-is-more-important-for-defending-your-network.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289165 False None None 2.0000000000000000 CSO - CSO Daily Dashboard claim that the global skills shortage creates additional cyber risks for their organization, including 80% who reported experiencing at least one breach during the last 12 months that they attributed to the cybersecurity skills gap.The always-changing threat landscape, with fewer skilled people makes it nearly impossible to keep ahead of threats. That's why it's time to talk about the human element – specifically your Security Operations Center (SOC) analysts – and their role in your cybersecurity framework.To read this article in full, please click here]]> 2022-12-08T05:35:00+00:00 https://www.csoonline.com/article/3682078/want-to-help-your-analysts-embrace-automation-and-outsourcing.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289345 False Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.To read this article in full, please click here]]> 2022-12-08T02:00:00+00:00 https://www.csoonline.com/article/3682082/microsofts-rough-2022-security-year-in-review.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289025 False Vulnerability,Patching None 5.0000000000000000 CSO - CSO Daily Dashboard 2022-12-07T13:42:00+00:00 https://www.computerworld.com/article/3682649/apple-finally-adds-encryption-to-icloud-backups.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289346 False None None 2.0000000000000000 CSO - CSO Daily Dashboard 2022-12-07T09:01:00+00:00 https://www.computerworld.com/article/3682588/us-congress-rolls-back-proposal-to-restrict-use-of-chinese-chips.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288758 False None None 3.0000000000000000 CSO - CSO Daily Dashboard Brooks Jon Hocut, director of information security for BrooksTo read this article in full, please click here]]> 2022-12-07T02:00:00+00:00 https://www.csoonline.com/article/3682142/athletic-shoe-maker-brooks-runs-down-cyberattacks-with-zero-trust-segmentation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288616 False None None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-06T11:26:00+00:00 https://www.csoonline.com/article/3681997/rethinking-ddos-defenses.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289348 False None None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-06T08:28:00+00:00 https://www.csoonline.com/article/3682137/flaws-in-megarac-baseband-management-firmware-impact-many-server-brands.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288308 False Malware None 3.0000000000000000 CSO - CSO Daily Dashboard In an announcement, Action1 stated that the new enhancement helps ensure that any attempt at misuse of its remote management platform is identified and terminated before cybercriminals accomplish their goals. “It scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1's dedicated security team to investigate the issue,” it added.To read this article in full, please click here]]> 2022-12-06T06:00:00+00:00 https://www.csoonline.com/article/3681933/action1-launches-threat-actor-filtering-to-block-remote-management-platform-abuse.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288271 False Ransomware,Tool,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard threat landscape might evolve, one thing is certain: Bad actors are increasingly adding more attack tactics and vectors to their playbooks. Case in point: In the first half of 2022, the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period, largely thanks to the rise in popularity of Ransomware-as-a-Service (RaaS). Combine this proliferation of new threats with expanding attack surfaces, resulting in elevated risk levels impacting every industry.To read this article in full, please click here]]> 2022-12-06T05:40:00+00:00 https://www.csoonline.com/article/3682138/five-ways-to-enhance-your-security-stack-right-now.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288383 False Ransomware None 2.0000000000000000 CSO - CSO Daily Dashboard MITRE ATT&CK framework has been of interest to security operations professionals. In the early years, the security operations center (SOC) team used MITRE as a reference architecture, comparing alerts and threat intelligence nuggets with the taxonomy's breakdown of adversary tactics and techniques. Based on ESG research, MITRE ATT&CK usage has reached an inflection point. Security teams not only recognize its value as a security operations foundation but also want to build upon this foundation with more use cases and greater benefits.To read this article in full, please click here]]> 2022-12-06T02:00:00+00:00 https://www.csoonline.com/article/3681990/the-changing-role-of-the-mitre-att-ck-framework.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288163 False Threat None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-06T02:00:00+00:00 https://www.csoonline.com/article/3682132/the-cybersecurity-challenges-and-opportunities-of-digital-twins.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288162 False None None 2.0000000000000000 CSO - CSO Daily Dashboard an October 2022 memorandum from the National Association of Insurance Commissioners. “Some companies see it as essential to their risk management strategy,” says Heather Engel, managing partner at advisory firm Strategic Cyber Partners.To read this article in full, please click here]]> 2022-12-06T02:00:00+00:00 https://www.csoonline.com/article/3681852/what-you-should-know-when-considering-cyber-insurance-in-2023.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288164 False None None 2.0000000000000000 CSO - CSO Daily Dashboard IoT Security offering, designed to  provide improved visibility, automated monitoring and more for hitherto vulnerable healthcare IoT frameworks, thanks to machine learning and adherence to zero trust principles.Medical device security is a serious problem for most organizations in healthcare, with a long string of reported vulnerabilities in the area stretching back for years. Fundamentally, experts agree, a large part of the problem is that many connected devices being used in medicine were not originally designed for network connectivity. With that feature grafted on after the fact, rather than being designed in from the outset, unsafe default configurations, reliance on compromised code libraries and a host of other serious issues have continually arisen.To read this article in full, please click here]]> 2022-12-05T14:19:00+00:00 https://www.csoonline.com/article/3681992/palo-alto-networks-looks-to-shore-up-healthcare-iot-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8288001 False None None 3.0000000000000000 CSO - CSO Daily Dashboard strengthen the security of the nation's emergency alert system (EAS) and wireless emergency alerts (WEA). These systems warn the public about emergencies through alerts on their televisions, radios, and wireless phones via AM, FM, satellite radio, broadcast, cable, and satellite TV. Although EAS Participants are required to broadcast presidential alerts, they voluntarily participate in broadcasting state and local EAS alerts.To read this article in full, please click here]]> 2022-12-05T04:11:00+00:00 https://www.csoonline.com/article/3681932/fcc-s-proposal-to-strengthen-emergency-alert-security-might-not-go-far-enough.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8287808 False None None 2.0000000000000000 CSO - CSO Daily Dashboard Elevate Health, praises the instincts that stopped the attacks from causing financial or reputational damage. Yet, he contends that expecting users to be the frontline defense against rampant phishing, pharming, whaling, and other credential-based attacks increasingly taking place over out-of-band channels is a recipe for disaster.To read this article in full, please click here]]> 2022-12-05T02:00:00+00:00 https://www.csoonline.com/article/3681328/when-blaming-the-user-for-a-security-breach-is-unfair-or-just-wrong.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8287760 False Threat,Guideline None 3.0000000000000000 CSO - CSO Daily Dashboard Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers.Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds. That said, when done correctly – and with the right pieces in place – MFA is an invaluable tool in the cyber toolbox and a key piece of proper cyber hygiene. This is a primary reason why MFA was a key topic for this year's cybersecurity awareness month. For leaders and executives, the key is to ensure employees are trained to understand the importance of the security tools – like MFA – available to them while also making the process easy for them.To read this article in full, please click here]]> 2022-12-02T04:33:00+00:00 https://www.csoonline.com/article/3681893/improving-cyber-hygiene-with-multi-factor-authentication-and-cyber-awareness.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8286704 False Tool,Guideline None 2.0000000000000000