This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T20:09:59+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard an analysis of the issue.To read this article in full, please click here]]> 2022-12-01T05:01:00+00:00 https://www.csoonline.com/article/3681988/software-projects-face-supply-chain-security-risk-due-to-insecure-artifact-downloads-via-github-act.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8286270 False None None 3.0000000000000000 CSO - CSO Daily Dashboard TrueUp's tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world have announced significant staff cuts, including Amazon, Twitter, Meta, and Salesforce. Although perhaps less severely affected, cybersecurity vendors haven't been immune. Popular security firms including Snyk, Malwarebytes, Tripwire, Cybereason, and Lacework have made notable workforce cuts this year, albeit for varying reasons from shifting business strategies to increasing cash runway.To read this article in full, please click here]]> 2022-12-01T02:00:00+00:00 https://www.csoonline.com/article/3681331/8-things-to-consider-amid-cybersecurity-security-vendor-layoffs.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8286203 False None None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-30T12:09:00+00:00 https://www.csoonline.com/article/3681848/fortanix-unveils-aws-integration-for-centralized-key-management.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8286052 False None None 2.0000000000000000 CSO - CSO Daily Dashboard Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes an organization's security data from cloud and on-premises sources into a purpose-built data lake in its AWS account.To read this article in full, please click here]]> 2022-11-30T10:31:00+00:00 https://www.csoonline.com/article/3681117/aws-inspector-offers-vulnerability-management-for-lambda-serverless-functions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8286001 False Vulnerability None 3.0000000000000000 CSO - CSO Daily Dashboard data lake in a customer's AWS account, the company said in a statement. “Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” Jon Ramsey, vice president for Security Services at AWS said in a statement. “Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the Open Cybersecurity Schema Framework (OCSF) standard, and make it more broadly usable so customers can take action quickly using their security tools of choice.”To read this article in full, please click here]]> 2022-11-30T06:12:00+00:00 https://www.csoonline.com/article/3681082/aws-launches-new-cybersecurity-service-amazon-security-lake.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8285916 False None None 2.0000000000000000 CSO - CSO Daily Dashboard top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won't suffice for today's CISO. Here are the top qualities that identify a next-generation chief information security officer.To read this article in full, please click here]]> 2022-11-30T02:00:00+00:00 https://www.csoonline.com/article/3681332/5-top-qualities-you-need-to-become-a-next-gen-ciso.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8285843 False None None 2.0000000000000000 CSO - CSO Daily Dashboard REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.To read this article in full, please click here]]> 2022-11-30T02:00:00+00:00 https://www.csoonline.com/article/3680734/what-is-ransom-cartel-a-ransomware-gang-focused-on-reputational-damage.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8285844 False Ransomware,Malware None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-29T02:00:00+00:00 https://www.csoonline.com/article/3680390/how-to-build-a-public-profile-as-a-cybersecurity-pro.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8278954 False None None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-28T13:58:00+00:00 https://www.csoonline.com/article/3681095/threat-notification-isn-t-the-solution-it-s-a-starting-point.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8274284 False Tool,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year.APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based services among the consumer base. The pandemic merely accelerated a growing trend toward remote banking services, which led to a corresponding growth in the use of APIs.To read this article in full, please click here]]> 2022-11-28T13:56:00+00:00 https://www.csoonline.com/article/3681337/financial-services-increasingly-targeted-for-api-based-cyberattacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8274285 False None None 2.0000000000000000 CSO - CSO Daily Dashboard pharma leaders investing in the Internet of Things (IoT) are better equipped to overcome unforeseen challenges.For these proactive pharmaceutical leaders, two major areas have become increasingly important: preventing network outages and increasing security against cyberattacks. The 2021 State of Pharmaceuticals and Cybersecurity Report from Fortinet found that in the last year, 40% of businesses experienced outages affecting productivity, safety, compliance, revenue, or brand image. These outages are no small glitches: Industry experts estimate the total downtime cost (TDC) of a production disruption ranges from $100,000 to $500,000 per hour. A few disruptions a year can have a massive effect on the bottom line. This necessitates network and application performance management to minimize downtime.To read this article in full, please click here]]> 2022-11-28T12:04:00+00:00 https://www.csoonline.com/article/3681113/5-reasons-to-protect-the-performance-and-security-of-your-pharmaceutical-business.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8274019 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard 2022-11-28T09:12:00+00:00 https://www.computerworld.com/article/3681334/aws-releases-wickr-its-encrypted-messaging-service-for-enterprises.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8272828 False None None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-28T08:10:00+00:00 https://www.csoonline.com/article/3681094/website-offering-spoofing-services-taken-offline-after-joint-operation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8272533 False Legislation None 3.0000000000000000 CSO - CSO Daily Dashboard NIS, the current directive on the security of network and information systems.The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors and aims to harmonize cybersecurity requirements and implementation of measures in different member states.NIS2 enhances EU incident management cooperation “NIS2 will set the baseline for cybersecurity risk management measures and reporting obligations across all sectors that are covered by the directive, such as energy, transport, health and digital infrastructure,” read an EU Council press release.To read this article in full, please click here]]> 2022-11-28T07:08:00+00:00 https://www.csoonline.com/article/3681070/eu-council-adopts-nis2-directive-to-harmonize-cybersecurity-across-member-states.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8272039 False None None 3.0000000000000000 CSO - CSO Daily Dashboard Cybernews.The seller of the leaked data is also offering it through the controversial messaging app Telegram, where the person or the group goes by handle “Palm Yunn.” On the hacking community forum, the user is listed as “Agency123456.” The seller claims the database is from 2022.To read this article in full, please click here]]> 2022-11-28T06:22:00+00:00 https://www.csoonline.com/article/3681449/500-million-whatsapp-mobile-numbers-up-for-sale-on-the-dark-web.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8271678 False None None 2.0000000000000000 CSO - CSO Daily Dashboard released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals.Living off the land is a common tactic The abuse by attackers of system administration, forensic, or security tools that are either already installed on systems or can be easily deployed without raising suspicion has become extremely common. The use of this tactic, known as living off the land (LOTL), used to be a telltale sign of sophisticated cyberespionage groups who moved laterally through environments using manual hacking and placed great value on stealth.To read this article in full, please click here]]> 2022-11-28T02:00:00+00:00 https://www.csoonline.com/article/3681333/here-is-why-you-should-have-cobalt-strike-detection-in-place.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8269413 False Ransomware,Threat None 4.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-28T02:00:00+00:00 https://www.csoonline.com/article/3679329/top-7-ciam-tools.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8269414 False Studies None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-25T05:05:00+00:00 https://www.csoonline.com/article/3681092/cybercriminals-are-increasingly-using-info-stealing-malware-to-target-victims.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8218869 False Malware None None CSO - CSO Daily Dashboard DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target individuals on LinkedIn who have job descriptions that could suggest they have access to manage Facebook business accounts. More recently, the attackers were also observed targeting victims via WhatsApp. The compromised Facebook business accounts are used to run ads on the platform for attackers' financial gain.To read this article in full, please click here]]> 2022-11-24T02:00:00+00:00 https://www.csoonline.com/article/3681108/ducktail-malware-campaign-targeting-facebook-business-and-ads-accounts-is-back.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8197475 False Malware None None CSO - CSO Daily Dashboard has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response and Security Teams (FIRST).To read this article in full, please click here]]> 2022-11-24T02:00:00+00:00 https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8197476 False Vulnerability None None CSO - CSO Daily Dashboard the company said in a 2018 official blog post, are targeted for removal not because of the content that they share, but because of their deceptive nature.To read this article in full, please click here]]> 2022-11-23T10:37:00+00:00 https://www.csoonline.com/article/3680559/meta-outlines-us-involvement-in-social-media-disinformation-in-new-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8184019 False None None 2.0000000000000000 CSO - CSO Daily Dashboard fact sheet about the Biden-Harris administration's “relentless focus” on improving the nation's cybersecurity to tout its impressive sprint.To read this article in full, please click here]]> 2022-11-23T07:56:00+00:00 https://www.csoonline.com/article/3680558/the-biden-administration-has-racked-up-a-host-of-cybersecurity-accomplishments.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8182392 False None None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-23T07:12:00+00:00 https://www.csoonline.com/article/3680557/uk-finalizes-first-independent-post-brexit-data-transfer-deal-with-south-korea.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8181594 False None None None CSO - CSO Daily Dashboard a recent report from application and data security company Imperva, bots account for more than 40% of traffic to online retail websites on average, with around 24% of traffic coming from “bad bots” that engage in various forms of automated attacks.“The high risk for e-commerce is more noticeable during the holiday shopping season, which now begins as early as October,” the company said. “Bad actors have gotten wise to consumer shopping patterns, which start weeks before significant events like Black Friday due to shipping delays and item availability concerns, as well as marketing tactics such as shops offering unbeatable deals weeks before Black Friday.”To read this article in full, please click here]]> 2022-11-23T02:00:00+00:00 https://www.csoonline.com/article/3680516/online-retailers-should-prepare-for-a-holiday-season-spike-in-bot-operated-attacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8177698 False None None 2.0000000000000000 CSO - CSO Daily Dashboard regular reset of the KRBTGT account password. If you've followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.While many of you may be waiting to install the “fixed” versions of the updates that deal with the introduced authentication issues, or you may wish to install the out-of-band updates that will fix the side effects, there are more steps to do this patching month and in the months ahead.To read this article in full, please click here]]> 2022-11-23T02:00:00+00:00 https://www.csoonline.com/article/3680512/how-to-reset-a-kerberos-password-and-get-ahead-of-coming-updates.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8177699 False Patching None 4.0000000000000000 CSO - CSO Daily Dashboard DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft's Ignite conference and is now in public preview.DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that's attractive to SMBs, Microsoft said. With the new product, Microsoft's Azure DDoS Protection family now has two programs, DDoS IP Protection for SMBs and DDoS Network Protection for enterprises.To read this article in full, please click here]]> 2022-11-22T09:36:00+00:00 https://www.csoonline.com/article/3680513/microsoft-azure-launches-ddos-ip-protection-for-smbs.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8164117 False None None 4.0000000000000000 CSO - CSO Daily Dashboard MITRE Engage, a cyber adversary engagement framework.To read this article in full, please click here]]> 2022-11-22T02:00:00+00:00 https://www.csoonline.com/article/3680371/know-thy-enemy-thinking-like-a-hacker-can-boost-cybersecurity-strategy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8159077 False Hack,Threat,Guideline None 3.0000000000000000 CSO - CSO Daily Dashboard Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm alsopredicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.To read this article in full, please click here]]> 2022-11-21T11:59:00+00:00 https://www.csoonline.com/article/3680730/6-questions-to-ask-before-you-hire-a-managed-security-services-provider.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8152081 False Guideline None None CSO - CSO Daily Dashboard Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim's computer to manually exfiltrate data for extortion. “As these tools are not malicious, they're not likely to be flagged by traditional antivirus products,” the researchers wrote.To read this article in full, please click here]]> 2022-11-21T07:02:00+00:00 https://www.csoonline.com/article/3680369/luna-moth-callback-phishing-campaign-leverages-extortion-without-malware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8149728 False Ransomware,Malware,Threat None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-21T02:00:00+00:00 https://www.csoonline.com/article/3680128/how-remote-working-impacts-security-incident-reporting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8147518 False None None None CSO - CSO Daily Dashboard certificate authority and cybersecurity vendor DigiCert.The findings, which have been compiled in the company's 2022 State of Digital Trust Survey, also revealed that 84% of customers would consider switching if they were to lose trust in a company, with 57% saying switching would be likely. The survey was administered as a phone and email survey to 400 enterprises and 400 consumers around the world.To read this article in full, please click here]]> 2022-11-18T10:32:00+00:00 https://www.csoonline.com/article/3680449/almost-half-of-customers-have-left-a-vendor-due-to-poor-digital-trust-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8093005 False None None None CSO - CSO Daily Dashboard a new draft of data privacy laws that would allow personal data transfer to other nations under certain conditions, and impose fines for breaches of data-transfer and data-collection regulations.The proposed legislation has been in the works for about four years. Up until now, the Reserve Bank of India has enacted regulations that make businesses keep transaction data within the country. The government, though, has not issued more general data protection regulations such as the EU's GDPR (General Data Protection Regulation), so companies have been exporting personal data in the absence of clear privacy rules.To read this article in full, please click here]]> 2022-11-18T09:02:00+00:00 https://www.csoonline.com/article/3680551/india-drafts-new-privacy-bill-for-transfer-of-personal-data-internationally.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8092106 False None None None CSO - CSO Daily Dashboard API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization's domains.Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, according to Noname. “Then we start looking at, both actively and passively looking at any API-related information pertaining to those domains,” Troy Leilard, regional solution architect lead ANZ, tells CSO.To read this article in full, please click here]]> 2022-11-18T03:57:00+00:00 https://www.csoonline.com/article/3680550/noname-security-releases-recon-attack-simulator.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8087580 False Guideline None None CSO - CSO Daily Dashboard Fortinet's FortiGuard Labs team found, the number of new ransomware variants doubled in just the first half of 2022 compared to the previous six-month period. It's no wonder more companies are turning to cyber insurance to help recoup their losses when they do have to pay a ransomware settlement.That's an option – but think of it as a parachute for your parachute; it doesn't take the place of having all of your other safety guards in place. Cyber insurance can also be a double-edged sword. It has grown in popularity and usually compensates for losses brought on by hacking and data theft, extortion and destruction. Because it sometimes covers ransomware costs, it may seem like a reasonable way to address this threat.To read this article in full, please click here]]> 2022-11-17T13:50:00+00:00 https://www.csoonline.com/article/3680588/fortinet-s-fortiguard-labs-recaps-state-of-ransomware-settlements.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8074983 False Ransomware None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-17T02:00:00+00:00 https://www.csoonline.com/article/3680154/android-security-which-smartphones-can-enterprises-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8065047 False None APT 32 None CSO - CSO Daily Dashboard 2022-11-16T10:25:00+00:00 https://www.computerworld.com/article/3680368/offboarding-processes-pose-security-risks-as-job-turnover-increases-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8051593 False None None None CSO - CSO Daily Dashboard Code42 Data Exposure Report research shows the Insider Risk problem keeps getting bigger. Employees are 85% more likely to leak or take data today than pre-pandemic, and there's a 1 in 3 chance that you're losing critical intellectual property every time an employee leaves the company. But it's not just the proliferation of cloud tools and remote work that's accelerating the problem. In many ways, the mindset and strategies that security teams use to attack insider threats are actually aggravating the issue.To read this article in full, please click here]]> 2022-11-16T08:47:00+00:00 https://www.csoonline.com/article/3680092/insider-risk-vs-malware-why-insider-risk-requires-a-new-approach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8049967 False Malware None None CSO - CSO Daily Dashboard security releases from Palo Alto in 2022.To read this article in full, please click here]]> 2022-11-16T05:15:00+00:00 https://www.csoonline.com/article/3680288/palo-alto-releases-pan-os-11-0-nova-with-new-evasive-malware-injection-attack-protection.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8047561 False Malware,Threat None None CSO - CSO Daily Dashboard extended detection and response (XDR) for years now, but a fundamental question remains: Just what the heck are we talking about, anyway?Alarmingly, this continues to be a pertinent question. According to ESG research, 62% of security professionals claim to be “very familiar” with the term XDR, up from just 24% in 2020. An improvement, but still 29% are only somewhat familiar, not very familiar, or not at all familiar with XDR. So, despite industry hyperbole, arm waving at the RSA conference, and cacophony of XDR talking heads, nearly one in five security professionals haven't received the message.To read this article in full, please click here]]> 2022-11-16T02:00:00+00:00 https://www.csoonline.com/article/3679433/xdr-still-confusing-after-all-these-years.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8045147 False None None None CSO - CSO Daily Dashboard IAM) vendor ForgeRock said Tuesday that it's set to start rolling out its new Identity Governance offering-a cloud-based security and governance product designed to provide one-stop shopping for organizations looking to solve access management issues.There are three main components to ForgeRock's newest IAM product, according to the company. The first, comprising access certifications, provides AI-generated recommendations to decision-makers on whether to grant access to a given system to users or applications. The second component, which deals with access requests, offers automated application access and an automated, always-on self-service portal. Finally, Identity Governance provides a “segregation of duties” feature that is designed to aid in compliance with regulatory requirements.To read this article in full, please click here]]> 2022-11-15T13:42:00+00:00 https://www.csoonline.com/article/3680155/forgerock-set-to-roll-out-new-iam-capabilities-designed-for-the-cloud.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8034100 False None None None CSO - CSO Daily Dashboard ransomware protection SaaS product called Datahawk, which leverages AI and a host of other capabilities to help companies defend their data against bad actors.There are three core components to Datahawk, according to Cohesity. The first is a ransomware detection engine that uses deep learning to quickly scan for anomalous behavior, potential threats and other indicators of possible ransomware attacks. This system works via a preset list of indicators of concern, which, the company said, will be updated daily.To read this article in full, please click here]]> 2022-11-15T13:21:00+00:00 https://www.csoonline.com/article/3680231/cohesity-previews-ai-powered-ransomware-protection-suite-datahawk.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8034101 False Ransomware None None CSO - CSO Daily Dashboard Domain Security Report 2022. The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75% of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message Authentication, Reporting, and Conformance (DMARC), the only domain security measure with significantly increased adoption since 2020. The data follows Akamai research from August, which discovered increased malicious domain activity and phishing toolkit reuse based on DNS data.To read this article in full, please click here]]> 2022-11-15T04:30:00+00:00 https://www.csoonline.com/article/3680150/global-2000-companies-failing-to-adopt-key-domain-security-measures.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8026237 False None None 5.0000000000000000 CSO - CSO Daily Dashboard Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs).The authors of the paper argued that by leveraging the knowledge of how these adversaries operate, cyber defenders “can create an intelligence feedback loop, enabling defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt.” This so-called kill chain model could “describe phases of intrusions, mapping adversary kill chain indicators to defender courses of action, identifying patterns that link individual intrusions into broader campaigns, and understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense.”To read this article in full, please click here]]> 2022-11-15T03:53:00+00:00 https://www.csoonline.com/article/3680149/meta-s-new-kill-chain-model-tackles-online-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8026238 False Threat None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-15T02:00:00+00:00 https://www.csoonline.com/article/3679431/build-a-mature-approach-for-better-cybersecurity-vendor-evaluation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8024580 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-14T12:16:00+00:00 https://www.csoonline.com/article/3679695/cybersecurity-as-a-service-what-is-it-and-is-it-right-for-your-business.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8014354 False Threat None None CSO - CSO Daily Dashboard CLE Program Rules 22 NYCRR 1500.2(h) and clarified in the Cybersecurity, Privacy, and Data Protection FAQs and Guidance document. “Providers may issue credit in cybersecurity, privacy, and data protection to attorneys who complete courses in this new category on or after January 1, 2023,” it stated. It also noted changes to both Experienced and Newly Admitted Attorney Biennial CLE requirements to include one credit hour of training in cybersecurity, privacy and data protection.To read this article in full, please click here]]> 2022-11-14T06:05:00+00:00 https://www.csoonline.com/article/3679693/new-york-barred-attorneys-required-to-complete-cybersecurity-privacy-and-data-protection-training.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8010076 False None None None CSO - CSO Daily Dashboard survey.To read this article in full, please click here]]> 2022-11-14T02:00:00+00:00 https://www.csoonline.com/article/3679491/how-cisco-keeps-its-apis-secure-throughout-the-software-development-process.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8007076 False None None None CSO - CSO Daily Dashboard different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.To read this article in full, please click here]]> 2022-11-11T02:00:00+00:00 https://www.csoonline.com/article/3679689/cybersecurity-startups-to-watch-for-2023.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7944596 False None None None CSO - CSO Daily Dashboard Optus breach, which impacted a third of the Australian population.To read this article in full, please click here]]> 2022-11-11T01:54:00+00:00 https://www.csoonline.com/article/3679630/medibank-hackers-revealed-to-be-in-russia.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7944597 False Data Breach None None CSO - CSO Daily Dashboard cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture.There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework's apparatus. The first is attack path analysis, which uses Lacework's systems to analyze configurations, network topography and more to provide a visual representation of possible ways in which bad actors could compromise application workloads. The system searches for misconfigurations, open network access, identity management roles and known software vulnerabilities to create its diagnosis.To read this article in full, please click here]]> 2022-11-10T13:34:00+00:00 https://www.csoonline.com/article/3679873/lacework-releases-cloud-native-application-security-service.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7933472 False None None None CSO - CSO Daily Dashboard CISO Insider report.To read this article in full, please click here]]> 2022-11-10T10:14:00+00:00 https://www.csoonline.com/article/3679869/what-is-top-of-mind-for-cisos-right-now.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7930689 False Ransomware,Threat None None CSO - CSO Daily Dashboard Nilson Report.However, credit card issuers, merchants, banks, and third-party transaction processors lost $28.58 billion to credit card fraud in 2020, which comes to nearly 7 cents per $100 in purchase volume. And the Nilson Report projects credit card losses will exceed $400 billion over the next 10 years.To read this article in full, please click here]]> 2022-11-10T02:00:00+00:00 https://www.csoonline.com/article/3678989/pci-dss-4-0-is-coming-how-to-prepare-for-the-looming-changes-to-credit-card-payment-rules.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7923243 False None None None CSO - CSO Daily Dashboard identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products.Okta said that the new cloud program is split into two main components-those aimed at providing identity validation services for consumers, and those aimed at enterprise customers. The former is focused on providing high-security options for online transactions, support for passkeys (instead of passwords, which are thought to be less secure), and providing an all-in-one security center monitoring system for quick response to suspicious activity.To read this article in full, please click here]]> 2022-11-09T13:40:00+00:00 https://www.csoonline.com/article/3679688/okta-streamlines-iam-portfolio-with-consumer-identity-management-cloud.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7911572 False None None None CSO - CSO Daily Dashboard research revealing an increase of almost 800% in software supply chain attacks.To read this article in full, please click here]]> 2022-11-09T09:35:00+00:00 https://www.csoonline.com/article/3679490/github-releases-new-sdlc-security-features-including-private-vulnerability-reporting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7908496 False Vulnerability,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-09T03:00:00+00:00 https://www.csoonline.com/article/3679249/rezilion-expands-sbom-to-support-windows-environments.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7904127 False Vulnerability None None CSO - CSO Daily Dashboard aware of the issue but has not given any estimated time for a fix. WSUS has not been updated in years. If you are considering using WSUS as your go-to patching platform, budget for a subscription to WSUS Automated Maintenance, which includes scripts and routines to optimize WSUS.To read this article in full, please click here]]> 2022-11-09T02:00:00+00:00 https://www.csoonline.com/article/3679248/why-its-time-to-review-your-microsoft-patch-management-options.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7902718 False Patching None None CSO - CSO Daily Dashboard tokenization and Google Cloud external key management, which are limited to one application or 10,000 operations per month, Google Workspace client-side encryption, which is limited to one key and 10 users, and bring-your-own-key offerings for both AWS and Azure, which are limited to one cloud account.To read this article in full, please click here]]> 2022-11-08T12:49:00+00:00 https://www.csoonline.com/article/3679488/fortanix-unveils-free-dsm-explorer-edition-for-managed-data-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7893943 False None None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-08T07:46:00+00:00 https://www.csoonline.com/article/3679430/4-reasons-smbs-should-consider-an-msp-for-threat-hunting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7890718 False Threat,Guideline None None CSO - CSO Daily Dashboard data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21st Century indicates, they have already reached enormous magnitudes. [ Learn the The 5 types of cyberattack you're most likely to face. | Get the latest from CSO by signing up for our newsletters. ]To read this article in full, please click here]]> 2022-11-08T02:00:00+00:00 https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7887866 False None None None CSO - CSO Daily Dashboard research from (ISC)2 finds the global cybersecurity workforce needs to grow 65% to effectively defend organizations' critical assets, requiring a massive influx of 2.7 million professionals to meet demand.  The (ISC)2's Cybersecurity Workforce Study also found the workforce gap remains the #1 barrier to meeting security needs, and 60% of participants feel that a cybersecurity staffing shortage is placing their organizations at risk. And research from the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG) reveals 44% of cyber professionals say the skills gap has only gotten worse over the past few years.To read this article in full, please click here]]> 2022-11-07T09:57:00+00:00 https://www.csoonline.com/article/3678854/managed-security-services-can-relieve-the-cybersecurity-skills-gap.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7882382 False None None None CSO - CSO Daily Dashboard SOC 2 audit. As such, a SOC 2 audit is a big deal, and it's demanding, and it requires some serious preparation.SOC audits were created by the American Institute of CPAs (AICPA) under several evaluation and reporting frameworks comprising the System and Organization Controls headers SOC 1, SOC 2, and SOC 3.Although each of those holds value, many organizations ask their vendors and business partners – and are themselves asked – specifically to provide the results of a SOC 2 Type 2 audit. For that type, auditors evaluate organizations against the SOC 2 framework and the AICPA's five Trust Service Criteria – security, availability, processing integrity, confidentiality, and privacy. Organizations use SOC 2 audit reports as a trusted standard that informs others in detail about how well they're protecting data in each of those five areas.To read this article in full, please click here]]> 2022-11-07T02:00:00+00:00 https://www.csoonline.com/article/3678849/how-to-prepare-for-a-soc2-audit-it-s-a-big-deal-so-you-d-better-get-ready.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7879720 False None None None CSO - CSO Daily Dashboard VMs (virtual machines), databases, user accounts and exploitable vulnerabilities in public-facing assets.To read this article in full, please click here]]> 2022-11-04T13:45:00+00:00 https://www.csoonline.com/article/3678852/qualys-previews-totalcloud-flexscan-for-multicloud-security-management.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7829371 False Vulnerability None None CSO - CSO Daily Dashboard hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report-this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape-notes that in general, geopolitical situations continue to have a high impact on cybersecurity.To read this article in full, please click here]]> 2022-11-04T09:56:00+00:00 https://www.csoonline.com/article/3678771/geopolitics-plays-major-role-in-cyberattacks-says-eu-cybersecurity-agency.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7826671 False Threat None None CSO - CSO Daily Dashboard shortfall of qualified cybersecurity professionals, is driving organizations to seek the help of managed service providers (MSPs). According to recent research, 88% of organizations outsource their cybersecurity processes or tools, and the most common outsourcing agreement selected is through MSPs (55%).To read this article in full, please click here]]> 2022-11-04T06:41:00+00:00 https://www.csoonline.com/article/3679048/why-to-rely-on-an-msp-for-security-and-how-to-pick-the-right-one.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7823087 False None None None CSO - CSO Daily Dashboard NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone's attention.The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.To read this article in full, please click here]]> 2022-11-03T10:41:00+00:00 https://www.csoonline.com/article/3678970/mondelez-and-zurich-s-notpetya-cyber-attack-insurance-settlement-leaves-behind-no-legal-precedent.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7805750 False Malware NotPetya,NotPetya 4.0000000000000000 CSO - CSO Daily Dashboard VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It's an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices.“In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and security, is an excellent example,” Victor Chebyshev, the lead security researcher at Kaspersky's (Global Research & Analysis Team (GReAT), said in a blog post.To read this article in full, please click here]]> 2022-11-03T07:39:00+00:00 https://www.csoonline.com/article/3678851/espionage-campaign-loads-vpn-spyware-on-android-devices-via-social-media.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7803284 False Guideline None None CSO - CSO Daily Dashboard actionable, engaging resources to level up cybersecurity practices for all.To read this article in full, please click here]]> 2022-11-03T06:27:00+00:00 https://www.csoonline.com/article/3678968/becybersmart-all-year-round-with-educational-resources-from-microsoft.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7802473 False None None None CSO - CSO Daily Dashboard new Devo SOC Performance Report shows that security professionals behind the scenes are feeling the pain due to too much work and not enough resources.That means that SOC leaders today have a real balancing act when it comes to retaining analysts amid immense talent shortages and turnover. Respondents reported that average time to fill a SOC position is seven months. And 71% of SOC professionals said they're likely to quit their job, with the top reasons being information and work overload, followed by lack of tool integration, and alert fatigue.To read this article in full, please click here]]> 2022-11-03T06:00:00+00:00 https://www.csoonline.com/article/3678850/new-soc-performance-report-security-analysts-are-overworked-and-under-resourced.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7801673 False Tool,Guideline None None CSO - CSO Daily Dashboard SOC Performance Report shows familiar challenges facing staff and leaders since the start of the global pandemic continue to affect SOC performance, including talent shortage and turnover. Based on an independent survey of more than 1,000 global cybersecurity professionals, the report examines current SOC trends and challenges.The report shows that despite agreement on the importance of the SOC to the cyber strategy – lines are drawn between SOC staff and leaders regarding SOC effectiveness. Recognition is Key  To read this article in full, please click here]]> 2022-11-03T06:00:00+00:00 https://www.csoonline.com/article/3678848/new-report-finds-soc-leaders-and-staff-still-not-aligned.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7801674 False Guideline None None CSO - CSO Daily Dashboard convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, "While the United States is facilitating this meeting, we don't view this solely as a US initiative. It's an international partnership that spans most of the world's time zones, and it really reflects the threat that criminals and cyberattacks bring.”To read this article in full, please click here]]> 2022-11-03T04:22:00+00:00 https://www.csoonline.com/article/3678948/white-house-ransomware-summit-highlights-need-for-borderless-solutions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7800875 False Ransomware,Threat,Guideline None None CSO - CSO Daily Dashboard ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage, CISOs need alternatives to hiring their way out of this quagmire.To read this article in full, please click here]]> 2022-11-03T02:00:00+00:00 https://www.csoonline.com/article/3678355/making-the-case-for-security-operation-automation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7798492 False Threat None None CSO - CSO Daily Dashboard 2022-11-02T04:00:00+00:00 https://www.infoworld.com/article/3678212/azul-detects-java-vulnerabilities-in-production-apps.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7803290 False Vulnerability None None CSO - CSO Daily Dashboard released a comprehensive report in late September 2022 that discussed the need for dedicated privacy leadership within the departments and agencies of the executive branch of government if goals surrounding privacy are to be achieved. The report highlighted how this void in leadership was in essence putting at risk well-intentioned plans and procedures for protecting the personal identifiable information (PII) held within those entities.The GAO recommended that Congress consider legislation that would require a dedicated senior-level privacy official be named within these organizations and sent along more than 60 individual recommendations to enhance privacy programs.To read this article in full, please click here]]> 2022-11-02T02:00:00+00:00 https://www.csoonline.com/article/3678315/gao-report-government-departments-need-dedicated-leaders-to-oversee-privacy-goals.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7779383 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-02T02:00:00+00:00 https://www.csoonline.com/article/3678293/how-to-securely-manage-laps-on-a-windows-network.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7779385 False None None None CSO - CSO Daily Dashboard Business Logic Intelligence Service (BLIS) designed to give customers actionable insight to help them tackle malicious bot activity and security threats. The firm said that the tiered, fee-based service will provide organizations with bot threat intelligence based on research including analysis of dark web forums and marketplaces. Earlier this year, the 2022 Imperva Bad Bot Report revealed an uptick in malicious bot activity driving online fraud and cyberattacks with bots becoming more sophisticated and better equipped to evade detection.To read this article in full, please click here]]> 2022-11-02T02:00:00+00:00 https://www.csoonline.com/article/3678298/netacea-launches-malicious-bot-intelligence-service-to-help-customers-tackle-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7779384 False Threat None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-01T12:46:00+00:00 https://www.csoonline.com/article/3678314/openssl-project-patches-two-vulnerabilities-but-downgrades-severity.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7768460 False None None None CSO - CSO Daily Dashboard State of the Software Supply Chain from Sonatype.With the rapid growth of OSS adoption, organizations have begun to stand up Open Source Program Offices (OSPOs) to help codify strategies around OSS use and contribution and to foster collaboration with the broader OSS community. These OSPO's often have key responsibilities such as cultivating an OSS strategy, leading its execution, and facilitating the use of OSS products and services across an enterprise.To read this article in full, please click here]]> 2022-11-01T02:00:00+00:00 https://www.csoonline.com/article/3678209/the-ospo-the-front-line-for-secure-open-source-software-supply-chain-governance.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7762319 False Guideline None None CSO - CSO Daily Dashboard threat landscape is constantly evolving, with cybercriminals finding new ways to trick unsuspecting victims and infiltrate networks. For example, according to the 1H 2022 FortiGuard Labs Threat Report, ransomware is rampant, showing no signs of slowing its pace. These attacks are becoming more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing, and reusing old ones. What's especially concerning as we look back at the first half of 2022 is that we observed 10,666 ransomware variants, compared to just 5,400 in the previous six months. That's nearly 100% growth in ransomware variants in half a year.To read this article in full, please click here]]> 2022-10-31T11:09:00+00:00 https://www.csoonline.com/article/3678353/phishing-attacks-are-on-the-rise-and-cyber-awareness-is-one-of-your-best-defenses.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7756476 False Ransomware,Threat None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-31T10:31:00+00:00 https://www.csoonline.com/article/3678352/engineering-workstation-attacks-on-industrial-control-systems-double-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7756182 False None None None CSO - CSO Daily Dashboard released voluntary cross-sector Cybersecurity Performance Goals (CPGs). CISA was required to produce the CPGs under a national security memo on improving cybersecurity for critical infrastructure control systems issued by President Biden in July 2021. Working in coordination with the National Institute of Standards and Technology (NIST) and the interagency community, CISA developed “baseline cybersecurity performance goals that are consistent across all critical infrastructure sectors.”To read this article in full, please click here]]> 2022-10-31T10:01:00+00:00 https://www.csoonline.com/article/3678191/cisa-releases-cybersecurity-performance-goals-to-reduce-risk-and-impact-of-adversarial-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7755646 False None None None CSO - CSO Daily Dashboard travel program that provides employees with anticipated scenarios, and to provide them with unique devices for international travel, is a significant investment of resources both physical and monetary.The revelation that U.S. Customs and Border Protection (CBP) routinely downloads the content of devices of individuals who are entering the United States should attract the eyes and attention of every CISO. The fact that the CBP routinely captures device contents is not new; indeed, several lawsuits over the years have challenged the CBP's authority, which has always been upheld as lawful.To read this article in full, please click here]]> 2022-10-31T02:00:00+00:00 https://www.csoonline.com/article/3678291/data-capture-by-border-agencies-can-and-will-happen-are-your-on-the-road-employees-prepared.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7752026 False None None None CSO - CSO Daily Dashboard phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.To read this article in full, please click here]]> 2022-10-28T10:01:00+00:00 https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7718793 False Malware,Threat None 4.0000000000000000 CSO - CSO Daily Dashboard Accenture.Yet gaining a clear picture of these risks is much more complex given interwoven ecosystem dependencies, data sitting in silos, and many organizations' lack of a security mindset.“We are so much more digitally dependent today,” said Mike Wilkes, SecurityScorecard advisor. “Even if you have built a fault-tolerant platform and your third parties have built strong cybersecurity programs, maybe one of those third parties is relying on a vendor that hasn't taken the same precautions. All it takes is one major security event to demonstrate just how fragile our modern, digitally dependent society is.”To read this article in full, please click here]]> 2022-10-28T08:22:00+00:00 https://www.csoonline.com/article/3677858/an-intelligent-way-to-monitor-and-manage-your-cyber-risks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7718794 False None None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-27T09:37:00+00:00 https://www.csoonline.com/article/3678290/10-best-practices-for-a-zero-trust-data-center.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7705039 False None None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-27T09:32:00+00:00 https://www.csoonline.com/article/3678308/top-5-regulatory-reasons-for-implementing-zero-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7705040 False None None None CSO - CSO Daily Dashboard XKCD comic strip shows two tech workers frustrated that there are 14 competing standards for a variety of use cases. “We need to develop one unified standard that covers everyone's use cases,” they say. The next frame shows that there are now 15 standards instead of one.Brad Arkin, the chief security and trust officer at Cisco, will tell you that this illustration of how standards proliferate hits uncomfortably close to the truth. “Everybody is trying to come up with their own set of security controls that they would like to see SaaS applications adhere to,” Arkin says. Such commendable goals notwithstanding, enthusiasm for being the defining standard for SaaS security compliance instead creates a confusing jungle of competing ones: ISO 27001, SOC, CS in Germany, IRAP in Australia, and ISMAP in Japan, to name just a few.To read this article in full, please click here]]> 2022-10-27T09:15:00+00:00 https://www.csoonline.com/article/3677450/how-ciscos-cloud-control-framework-helps-it-comply-with-multiple-security-standards.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7705041 False None None None CSO - CSO Daily Dashboard Network Management Megatrends report, nearly 53% of respondents are investing in network performance management tool upgrades and enhancements. As digital transformations involving software-defined networking (SDN), cloud migrations, co-location additions, and adoption of software-as-a-service (SaaS) and unified communications as a service (UCaaS) applications have increased, the complexity of the networked application environment and the task of troubleshooting end-user problems also have become more challenging. To read this article in full, please click here]]> 2022-10-26T14:12:00+00:00 https://www.csoonline.com/article/3678188/is-it-time-to-rethink-your-network-and-application-performance-management-strategy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7691804 False None None None CSO - CSO Daily Dashboard partial patch on October 11, 2022. Teams are urged to patch systems and monitor suspicious activity to mitigate security risks which include event log crashing and remote denial-of-service (DoS) attacks.To read this article in full, please click here]]> 2022-10-26T08:23:00+00:00 https://www.csoonline.com/article/3677576/microsoft-event-log-vulnerabilities-threaten-some-windows-operating-systems.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7687706 False Threat None None CSO - CSO Daily Dashboard drivers approved and co-designed through the Windows Hardware Compatibility Program in order to gain access to our machines. Ensuring that these malicious drivers are blocked is a key method for protecting systems.Microsoft has long touted a means to update this master listing on our systems and, in theory, the idea was valid: using settings and security hardware on the computer, enabling hypervisor-protected code integrity (HVCI) was supposed to protect systems from malicious drivers. Attackers have used such attacks in the past ranging from RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, to campaigns by the threat actor STRONTIUM. As a Microsoft blog in 2020 pointed out, if a computer had HVCI enabled, it would be able to defend itself against vulnerable and malicious drivers. In the blog post, it was noted that “Microsoft threat research teams continuously monitor the threat ecosystem and update the list of drivers that in the Microsoft-supplied blocklist. This blocklist is pushed down to devices via Windows update.”To read this article in full, please click here]]> 2022-10-26T02:00:00+00:00 https://www.csoonline.com/article/3677856/how-to-update-your-windows-driver-blocklist-to-keep-malicious-drivers-away.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7683787 False Threat APT 28 None CSO - CSO Daily Dashboard according to recent reports, ransomware attacks increased by 80% in the first half of 2022 compared to the first half of 2021. Today's attackers are breaking into networks, spending time enumerating and reconning victims, positioning ransomware on as many devices as possible, and then staging it to execute and encrypt all at once. The impacts can be devastating and costly, as illustrated by incidents like the Colonial Pipeline episode.To read this article in full, please click here]]> 2022-10-25T08:31:00+00:00 https://www.csoonline.com/article/3677574/how-to-bridge-the-ransomware-security-gap.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7673034 False Ransomware None None CSO - CSO Daily Dashboard CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers.The company's announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts planned for “all major regions,” which includes US East and West, Canada, Italy, Spain, Switzerland, India, Japan, Hong Kong and the Middle East. The first new centers will come online in the third quarter of this year, and will continue through 2023.To read this article in full, please click here]]> 2022-10-25T03:31:00+00:00 https://www.csoonline.com/article/3677853/akamai-to-boost-network-layer-ddos-protection-with-new-scrubbing-centers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7671415 False None None None CSO - CSO Daily Dashboard Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech's cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today's value.Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency, Web3 (a decentralized view of the web that incorporates blockchain technologies and token-based economics), and blockchain-related organizations are growing bolder and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates. This month alone, Binance saw its BNB chain drained of $586 million, close to the all-time most significant cryptocurrency theft of $624 million from the Ronin Network in March 2022.To read this article in full, please click here]]> 2022-10-25T02:00:00+00:00 https://www.csoonline.com/article/3677469/blockchain-security-companies-tackle-cryptocurrency-theft-ransom-tracing.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7671117 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-25T02:00:00+00:00 https://www.csoonline.com/article/3677496/8-hallmarks-of-a-proactive-security-strategy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7671116 False None None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-24T13:26:00+00:00 https://www.csoonline.com/article/3677494/with-hyperforce-salesforce-delivers-both-speed-and-agility-to-the-modern-business.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7668480 False None None None CSO - CSO Daily Dashboard FortiGuard Labs shows that the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period.To read this article in full, please click here]]> 2022-10-24T11:05:00+00:00 https://www.csoonline.com/article/3677769/cybersecurity-executives-say-these-are-the-most-pressing-challenges-they-face.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7668058 False Ransomware,Threat None None CSO - CSO Daily Dashboard recent survey found that while most responding organizations said they had implemented or were implementing a zero trust strategy, more than half of them didn't have the ability to authenticate users and devices on an ongoing basis. Giving too much trust could have disastrous – and costly – results. IBM estimates that the worldwide average cost of a data breach is currently a staggering $4.24 million.To read this article in full, please click here]]> 2022-10-24T11:01:00+00:00 https://www.csoonline.com/article/3677852/how-a-zero-trust-platform-approach-takes-security-to-the-next-level.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7668059 False Data Breach None None CSO - CSO Daily Dashboard Cameron spoke during Singapore International Cyber Week, calling for swift ongoing action to ensure connected devices are designed, built, deployed, and managed securely to prevent malicious actors, improve national resilience, and reap the benefits of emerging technologies.Growth of IoT giving rise to increased security threats The scale of consumer-, enterprise-, and city-level IoT has exploded in the last decade, Cameron said, and the magnitude of changes coupled with growing dependency on connected technology has introduced significant security risks. “That is why now is the time to make sure we're designing and building them properly,” she added. “We all know that connected places are an evolving ecosystem, comprising a range of systems that exchange, process and store sensitive data, as well as controlling critical operational technology. Unfortunately, this makes these systems an attractive target for a range of threat actors. The threat posed by nation states is particularly acute.”To read this article in full, please click here]]> 2022-10-24T07:43:00+00:00 https://www.csoonline.com/article/3677850/security-by-design-vital-to-protecting-iot-smart-cities-around-the-world-says-ceo-of-uk-ncsc.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7666384 False Threat None None CSO - CSO Daily Dashboard a statement on the organization's website. "It is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention."To read this article in full, please click here]]> 2022-10-24T07:16:00+00:00 https://www.csoonline.com/article/3677849/irans-nuclear-energy-agency-confirms-email-server-hacked.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7666385 False Hack None None CSO - CSO Daily Dashboard Almost 90% of CISOs consider themselves under moderate or high stress, and many change jobs often. According to the Heidrick & Struggles 2022 global survey, almost a quarter of CISOs have held their previous position for less than two years and 62% have been in their current role for less than a year.To read this article in full, please click here]]> 2022-10-24T02:00:00+00:00 https://www.csoonline.com/article/3676909/when-cisos-are-doomed-to-fail-and-how-to-improve-your-chances-of-success.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7663374 False None None None CSO - CSO Daily Dashboard 2022-10-21T03:00:00+00:00 https://www.networkworld.com/article/3677470/iot-security-strategy-from-those-who-use-connected-devices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7668064 False None None None