This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-04-25T09:37:01+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais Business]]> 2024-04-09T12:34:42+00:00 https://www.globalsecuritymag.fr/netapp-remporte-le-prix-google-cloud-technology-partner-of-the-year-pour-l.html www.secnews.physaphae.fr/article.php?IdArticle=8478666 False Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future L'un des plus grands fabricants d'accessoires technologiques a déclaré que les opérations commerciales ont été «temporairement perturbées» à la suite d'une cyberattaque qui a commencé le 5 avril. & NBSP;Dans un dépôt de la SEC lundi soir, Targus International a déclaré avoir découvert qu'un pirate avait eu accès aux systèmes de fichiers, ce qui a incité l'entreprise à embaucher en dehors des consultants en cybersécurité. & NBSP;«Targus immédiatement

---

One of the biggest manufacturers of technology accessories said business operations have been “temporarily disrupted” following a cyberattack that began on April 5.  In an SEC filing on Monday evening, Targus International said it discovered that a hacker had gained access to file systems, prompting the company to hire outside cybersecurity consultants.  “Targus immediately]]> 2024-04-09T12:28:48+00:00 https://therecord.media/targus-cyberattack-operations-disrupted www.secnews.physaphae.fr/article.php?IdArticle=8478663 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Paris Saint-Germain (PSG), le Titan du football français, a informé ses supporters qu'une cyberattaque ciblait le service de billetterie en ligne du club \\.L'avertissement a été partagé avec les fans lundi, bien que l'incident ait été détecté la semaine dernière le 3 avril, selon la lettre publiée pour la première fois par le journal Le Parisien.Ça arrive

---

Paris Saint-Germain (PSG), the Qatari-owned titan of French football, has informed its supporters that a cyberattack targeted the club\'s online ticketing service last week. The warning was shared with fans on Monday, although the incident was detected last week on April 3, according to the letter first published by Le Parisien newspaper. It comes]]> 2024-04-09T12:05:44+00:00 https://therecord.media/paris-saint-germain-cyberattack-ticketing-system www.secnews.physaphae.fr/article.php?IdArticle=8478664 False None None 4.0000000000000000 Cisco - Security Firm Blog Identity related attacks are a common tactic used by bad actors. Learn how to help protect against these attacks.]]> 2024-04-09T12:00:31+00:00 https://feedpress.me/link/23535/16645478/defusing-the-threat-of-compromised-credentials www.secnews.physaphae.fr/article.php?IdArticle=8478650 False Threat None 2.0000000000000000 CrowdStrike - CTI Society CrowdStrike and Google Cloud today debuted an expanded strategic partnership with a series of announcements that demonstrate our ability to stop cloud breaches with industry-leading AI-powered protection. These new features and integrations are built to protect Google Cloud and multi-cloud customers against adversaries that are increasingly targeting cloud environments. At a time when cloud intrusions […]]]> 2024-04-09T11:52:21+00:00 https://www.crowdstrike.com/blog/crowdstrike-google-cloud-expand-strategic-partnership/ www.secnews.physaphae.fr/article.php?IdArticle=8486962 False Cloud None 2.0000000000000000 IT Security Guru - Blog Sécurité utilisant une technologie émergente pourÉcouter l'écart des cyber-compétences

---

While the UK\'s cyber security skills gap is no secret, it seems there has been little progress made in solving it. The 2023 government report on cyber security skills in the UK labour market found that half of all businesses have a basic cyber security skills gap, and 33% have an advanced skills gap – […] The post Using emerging technology to bridge the cyber skills gap first appeared on IT Security Guru. ]]> 2024-04-09T11:48:22+00:00 https://www.itsecurityguru.org/2024/04/09/using-emerging-technology-to-bridge-the-cyber-skills-gap/?utm_source=rss&utm_medium=rss&utm_campaign=using-emerging-technology-to-bridge-the-cyber-skills-gap www.secnews.physaphae.fr/article.php?IdArticle=8478637 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future L'Agence américaine de protection de l'environnement (EPA) a déclaré qu'elle enquêtait sur les tentatives d'un pirate de vendre des informations prétendument obtenues auprès des systèmes de l'organisation. & NBSP;Dimanche, un pirate dans un forum cybercriminal populaire a offert 3 gigaoctets de données prétendument tirés de l'EPA Systems.La personne derrière le message a indiqué que les informations étaient une liste de contacts

---

The U.S. Environmental Protection Agency (EPA) said it is investigating attempts by a hacker to sell information allegedly obtained from the organization\'s systems.  On Sunday, a hacker in a popular cybercriminal forum offered 3 gigabytes of data allegedly taken from EPA systems. The person behind the post said the information was a contact list]]> 2024-04-09T11:46:15+00:00 https://therecord.media/epa-investigation-leaked-data www.secnews.physaphae.fr/article.php?IdArticle=8478635 False None None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux / / affiche

---

Aus den Berichten geht hervor, dass fast 90 Prozent der Unternehmen angeben, sensible Daten oder Workloads in der öffentlichen Cloud zu hosten. Laut dem Cloud Security Report 2023 lagern 39 Prozent der Unternehmen mehr als 50 Prozent ihrer Workloads in der Cloud aus. 24 Prozent der Unternehmen haben Sicherheitsvorfälle im Zusammenhang mit der Cloud-Umgebung erlebt. - Sonderberichte / affiche]]> 2024-04-09T11:41:43+00:00 https://www.globalsecuritymag.fr/zunehmende-migration-von-unternehmen-in-die-cloud-vier-tipps-zum-schutz-von.html www.secnews.physaphae.fr/article.php?IdArticle=8478636 False Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain A Romanian botnet group named \'RUBYCARP\' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. [...]]]> 2024-04-09T11:30:06+00:00 https://www.bleepingcomputer.com/news/security/rubycarp-hackers-linked-to-10-year-old-cryptomining-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=8478768 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in]]> 2024-04-09T11:16:00+00:00 https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html www.secnews.physaphae.fr/article.php?IdArticle=8478517 False Malware,Vulnerability,Threat None 1.00000000000000000000 SecurityWeek - Security News La société de soutien à l'analyse économique et aux litiges GMA affirme que les informations personnelles et médicales ont été volées en mai 2023 violation de données.

---

>Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach. ]]> 2024-04-09T10:56:16+00:00 https://www.securityweek.com/doj-collected-information-exposed-in-data-breach-affecting-340000/ www.secnews.physaphae.fr/article.php?IdArticle=8478633 False Data Breach,Medical None 2.0000000000000000 Silicon - Site de News Francais 2024-04-09T10:42:06+00:00 https://www.silicon.fr/caroline-delarue-nouvelle-directrice-des-systemes-dinformation-de-dhl-express-france-477598.html www.secnews.physaphae.fr/article.php?IdArticle=8478612 False None None 1.00000000000000000000 TechRepublic - Security News US Discover the top open-source password managers for Windows. Learn about the features and benefits of each to determine which one is the best fit for your needs.]]> 2024-04-09T10:29:22+00:00 https://www.techrepublic.com/article/best-password-manager-open-source-windows/ www.secnews.physaphae.fr/article.php?IdArticle=8478611 False None None 1.00000000000000000000 SecurityWeek - Security News RansomHub extorque les soins de santé des changements, menaçant de publier des données volées dans une attaque de ransomware Blackcat de février 2024.

---

>RansomHub is extorting Change Healthcare, threatening to release data stolen in a February 2024 BlackCat ransomware attack. ]]> 2024-04-09T10:18:23+00:00 https://www.securityweek.com/second-ransomware-group-extorting-change-healthcare/ www.secnews.physaphae.fr/article.php?IdArticle=8478634 False Ransomware,Medical None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux / / affiche

---

Die Messlatte für die Cybersicherheit wird immer höher gelegt, diese Umfrage bietet einen wichtigen Ansatzpunkt für Unternehmen, um ihre Abwehrmaßnahmen zu bewerten und an die Standards der NIS2-Richtlinie anzupassen. - Sonderberichte / affiche]]> 2024-04-09T10:10:50+00:00 https://www.globalsecuritymag.fr/umfrage-des-sans-institutes-zielt-auf-die-prufung-der-nis2-readiness-ab.html www.secnews.physaphae.fr/article.php?IdArticle=8478587 False None None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-04-09T10:05:00+00:00 https://www.computerweekly.com/news/366580174/UK-plc-failing-on-multiple-cyber-measures www.secnews.physaphae.fr/article.php?IdArticle=8478742 False None None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua]]> 2024-04-09T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-hidden-threat-in-plain-sight-analyzing-subtextual-attacks-in-digital-communications www.secnews.physaphae.fr/article.php?IdArticle=8478586 False Ransomware,Tool,Vulnerability,Threat,Medical None 2.0000000000000000 Silicon - Site de News Francais 2024-04-09T09:50:39+00:00 https://www.silicon.fr/atos-annonce-un-besoin-de-financement-de-12-milliard-e-477578.html www.secnews.physaphae.fr/article.php?IdArticle=8478589 False None None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-04-09T09:25:48+00:00 https://www.globalsecuritymag.fr/l-ia-generative-cybersecurite-entre-promesses-et-prudence.html www.secnews.physaphae.fr/article.php?IdArticle=8478588 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-04-09T09:22:22+00:00 https://www.silicon.fr/rgpd-cnil-ia-477572.html www.secnews.physaphae.fr/article.php?IdArticle=8478590 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices]]> 2024-04-09T09:05:00+00:00 https://www.infosecurity-magazine.com/news/over-90000-dlink-nas-devices-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8478565 False Vulnerability,Threat None 2.0000000000000000 Silicon - Site de News Francais 2024-04-09T08:55:19+00:00 https://www.silicon.fr/avis-expert/cinq-tendances-qui-bouleversent-la-connectivite-cloud www.secnews.physaphae.fr/article.php?IdArticle=8478563 False Cloud None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-04-09T08:48:00+00:00 https://www.computerweekly.com/news/366580213/Is-a-cyber-arms-control-treaty-out-of-reach www.secnews.physaphae.fr/article.php?IdArticle=8478667 False None None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-04-09T08:46:05+00:00 https://www.globalsecuritymag.fr/naviguer-dans-l-ere-de-la-cybersecurite.html www.secnews.physaphae.fr/article.php?IdArticle=8478561 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-04-09T08:10:45+00:00 https://www.silicon.fr/urps-cour-des-comptes-projets-informatiques-477548.html www.secnews.physaphae.fr/article.php?IdArticle=8478564 False None None 2.0000000000000000 Securonix - Siem Securonix Threat Labs Monthly Intelligence Insights March 2024 provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs.]]> 2024-04-09T08:00:06+00:00 https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-march-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8478682 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine For the fourth edition of Identity Management Day, the Identity Defined Security Alliance shared staggering numbers on the boom of identity-related cyber incidents]]> 2024-04-09T08:00:00+00:00 https://www.infosecurity-magazine.com/news/identity-management-day-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8478539 False None None 2.0000000000000000 Korben - Bloger francais 2024-04-09T07:00:00+00:00 https://korben.info/indicator-of-canary-detecter-fichiers-pieges-indicateurs-compromission-urls-callback.html www.secnews.physaphae.fr/article.php?IdArticle=8478538 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-09T06:00:39+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/securing-human-risk-objectivity-phishing-simulation www.secnews.physaphae.fr/article.php?IdArticle=8478668 False Threat None 2.0000000000000000 Korben - Bloger francais 2024-04-09T05:04:17+00:00 https://korben.info/pretendo-network-avenir-jeu-en-ligne-apres-nintendo.html www.secnews.physaphae.fr/article.php?IdArticle=8478496 False None None 2.0000000000000000 Korben - Bloger francais 2024-04-09T04:20:55+00:00 https://korben.info/android-studio-integre-gemini-pro-developpement-android-optimise.html www.secnews.physaphae.fr/article.php?IdArticle=8478474 False Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch With a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries - and appears to have accidentally infected itself as well.]]> 2024-04-09T04:01:00+00:00 https://www.darkreading.com/vulnerabilities-threats/vietnamese-cybercrime-group-coralraider-nets-financial-data www.secnews.physaphae.fr/article.php?IdArticle=8478453 False None None 2.0000000000000000 Korben - Bloger francais 2024-04-09T03:43:39+00:00 https://korben.info/sodium-vapor-technique-revolutionnaire-compositing-surpasse-green-screen.html www.secnews.physaphae.fr/article.php?IdArticle=8478475 False None None 2.0000000000000000 The State of Security - Magazine Américain In an era where data breaches and privacy concerns are increasingly shaping global discourse, India\'s proactive stance on data protection is noteworthy. Introducing the Digital Personal Data Protection (DPDP) Act 2023 marks a significant milestone in India\'s legislative landscape. This groundbreaking Act fortifies individual data privacy rights and aligns India with global cybersecurity and data protection standards, setting a new benchmark for regulatory compliance. Background and Development of the DPDP Act The genesis of India\'s Digital Personal Data Protection (DPDP) Act of 2023 traces...]]> 2024-04-09T02:40:10+00:00 https://www.tripwire.com/state-of-security/cybersecurity-compliance-around-globe-indias-dpdp www.secnews.physaphae.fr/article.php?IdArticle=8478540 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future La Federal Communications Commission (FCC) a annoncé lundi qu'elle lançait une procédure officielle pour étudier les moyens d'empêcher les agresseurs d'utiliser des outils de connectivité automobile pour harceler les survivants de la violence domestique.L'agence a déclaré avoir publié un avis de réglementation proposée qui abritera comment s'assurer que les constructeurs automobiles et les services sans fil

---

The Federal Communications Commission (FCC) announced Monday that it is launching a formal proceeding to study ways to prevent abusers from using car connectivity tools to harass domestic violence survivors. The agency said it has issued a notice of proposed rulemaking which will home in on how to make sure automakers and wireless service]]> 2024-04-09T00:37:43+00:00 https://therecord.media/fcc-connected-car-stalking-rulemaking www.secnews.physaphae.fr/article.php?IdArticle=8478392 False Tool,Studies None 2.0000000000000000 Fortinet Vunerability - Fortinet Vunerability A use of externally-controlled format string vulnerability [CWE-134] in FortiOS command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-413 www.secnews.physaphae.fr/article.php?IdArticle=8478729 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-493 www.secnews.physaphae.fr/article.php?IdArticle=8478731 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-489 www.secnews.physaphae.fr/article.php?IdArticle=8478736 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Fortinet is aware of the new SMTP smuggling technique.By exploiting interpretation differences of the SMTP protocol for the end of data sequence, it is possible to send spoofed e-mails, while still passing SPF alignment checks.FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks:- Enable DKIM (Domain Keys Identified Mail) to enhance e-mail authentication. Select "None" action under DKIM check in AntiSpam profile in order to block by default e-mail without DKIM signature.- Disable "any-any" traffic policy to restrict unauthorized access.- Modify the configuration settings in line with the recommended security practices (DMARC/DKIM/SPF, proper ACL policy, avoid open relay MTA).]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-009 www.secnews.physaphae.fr/article.php?IdArticle=8478737 False None None None Fortinet Vunerability - Fortinet Vunerability An improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability [CWE-22] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-416 www.secnews.physaphae.fr/article.php?IdArticle=8478734 False None None None Fortinet Vunerability - Fortinet Vunerability An external control of file name or path vulnerability [CWE-73] in FortiClientMac\'s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-345 www.secnews.physaphae.fr/article.php?IdArticle=8478726 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-288 www.secnews.physaphae.fr/article.php?IdArticle=8478728 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-419 www.secnews.physaphae.fr/article.php?IdArticle=8478727 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An Improper Control of Generation of Code (\'Code Injection\') vulnerability [CWE-94] in FortiClientLinux may allow##an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-087 www.secnews.physaphae.fr/article.php?IdArticle=8478725 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS may allow an unauthenticated attacker to fingerprint the device version via HTTP requests.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-224 www.secnews.physaphae.fr/article.php?IdArticle=8478730 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability An improper neutralization of special elements used in an OS Command (\'OS Command Injection\') vulnerability [CWE-78] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.]]> 2024-04-09T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-411 www.secnews.physaphae.fr/article.php?IdArticle=8478735 False None None None Dark Reading - Informationweek Branch Industry experts share how to implement comprehensive security strategies necessary to secure the software supply chain in Dark Reading\'s latest Tech Insights report.]]> 2024-04-08T22:33:51+00:00 https://www.darkreading.com/cyber-risk/tips-for-securing-the-software-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8478660 False None None 2.0000000000000000 Dark Reading - Informationweek Branch SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.]]> 2024-04-08T21:13:49+00:00 https://www.darkreading.com/cyberattacks-data-breaches/home-depot-hammered-by-supply-chain-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8478330 False Data Breach,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.]]> 2024-04-08T20:49:32+00:00 https://www.darkreading.com/cyberattacks-data-breaches/round-2-change-healthcare-targeted-second-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8478306 False Ransomware,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch 2024-04-08T20:39:40+00:00 https://www.darkreading.com/application-security/wyden-releases-draft-legislation-to-end-federal-dependence-on-insecure-proprietary-software www.secnews.physaphae.fr/article.php?IdArticle=8478307 False Legislation None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The article from FortiGuard Labs Threat Research uncovers a recent threat actor\'s distribution of VenomRAT and other plugins through a phishing email containing malicious Scalable Vector Graphics (SVG) files. ## Description The email entices victims to click on an attachment, which downloads a ZIP file containing a Batch file obfuscated with the BatCloak tool. Subsequently, ScrubCrypt is used to load the final payload, VenomRAT, while maintaining a connection with a command and control (C2) server to install plugins on victims\' environments. The plugin files downloaded from the C2 server include VenomRAT version 6, Remcos, XWorm, NanoCore, and a stealer designed for specific crypto wallets. ## References [https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins](https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins)]]> 2024-04-08T20:36:41+00:00 https://community.riskiq.com/article/98d69c76 www.secnews.physaphae.fr/article.php?IdArticle=8478320 False Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch 2024-04-08T20:33:32+00:00 https://www.darkreading.com/application-security/strikeready-raises-12m-for-ai-security-command-platform-purpose-built-for-modern-soc-teams www.secnews.physaphae.fr/article.php?IdArticle=8478308 False None None 1.00000000000000000000 Recorded Future - FLux Recorded Future Le gouvernement de Palau a nié plusieurs nouvelles affirmations par un gang de ransomware que les deux parties étaient en contact à la suite d'une attaque le mois dernier. & NBSP;Le gang de ransomware de Dragonforce a officiellement publié des Palao sur son site de fuite dimanche, menaçant de publier des données volées au gouvernement de l'île de la nation \\ en trois jours. & Nbsp;Le groupe a répondu à un

---

The government of Palau denied several new claims by a ransomware gang that the two sides were in contact following an attack last month.  The DragonForce ransomware gang officially posted Palau to its leak site on Sunday, threatening to publish data stolen from the island-nation\'s government in three days.  The group responded to a]]> 2024-04-08T19:32:02+00:00 https://therecord.media/palau-denies-ransomware-gang-claims www.secnews.physaphae.fr/article.php?IdArticle=8478285 False Ransomware None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / affiche]]> 2024-04-08T19:32:00+00:00 https://www.globalsecuritymag.fr/gabriel-ladet-chimere-chimere-cyberstealth-est-une-alternative-au-vpn-et.html www.secnews.physaphae.fr/article.php?IdArticle=8477713 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has announced support for what\'s called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox]]> 2024-04-08T19:21:00+00:00 https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html www.secnews.physaphae.fr/article.php?IdArticle=8478161 False Technical None 2.0000000000000000 TechRepublic - Security News US Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.]]> 2024-04-08T18:47:15+00:00 https://www.techrepublic.com/article/xz-backdoor-linux/ www.secnews.physaphae.fr/article.php?IdArticle=8478262 False Threat None 2.0000000000000000 The Register - Site journalistique Anglais SaaS slip up leads to scumbags seeking sinecure Home Depot has confirmed that a third-party company accidentally exposed some of its employees\' personal details after a criminal copy-pasted the data online.…]]> 2024-04-08T18:26:02+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/08/home_depot_data_theft/ www.secnews.physaphae.fr/article.php?IdArticle=8478264 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial L'Agence américaine de sécurité de cybersécurité et d'infrastructure (CISA) a annoncé qu'elle rejoignait le produit sécurisé minimum viable ...

---

>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it is joining the Minimum Viable Secure Product... ]]> 2024-04-08T17:45:48+00:00 https://industrialcyber.co/cisa/cisa-now-part-of-mvsp-working-group-set-to-enhance-secure-by-design-principles/ www.secnews.physaphae.fr/article.php?IdArticle=8478238 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Les procureurs russes ont lancé une affaire pénale rare contre deux dirigeants d'une plate-forme de réservation de vols locaux, appelée Leonardo, après que des pirates ont enfreint les systèmes de la société l'année dernière, comme l'a rapporté les médias locaux.Selon l'enquête, les vice-présidents suspects de Leonardo Igor Roitman et Alexander Kalchuk - n'ont pas protégé les données personnelles de

---

Russian prosecutors initiated a rare criminal case against two executives of a local flight booking platform, called Leonardo, after hackers breached the company\'s systems last year, as reported by local media. According to the investigation, the suspects - Leonardo vice presidents Igor Roitman and Alexander Kalchuk - failed to protect the personal data of]]> 2024-04-08T17:42:06+00:00 https://therecord.media/russia-seeks-criminal-charges-against-flight-booking-executives-leonardo www.secnews.physaphae.fr/article.php?IdArticle=8478240 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le centre de coordination de la cybersécurité du secteur de la santé (HC3) dans le département américain de la santé & # 38;Services humains (HHS) émis ...

---

>The Health Sector Cybersecurity Coordination Center (HC3) in the U.S. Department of Health & Human Services (HHS) issued... ]]> 2024-04-08T17:40:35+00:00 https://industrialcyber.co/medical/hhs-warns-of-social-engineering-attacks-targeting-it-help-desks-across-health-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8478239 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Medicare et d'autres informations appartenant à 341 000 personnes ont été divulguées après qu'un cabinet de conseil travaillant avec le ministère de la Justice a été piraté.Vendredi, Greylock McKinnon Associates a signalé une violation de données aux régulateurs du Maine, indiquant aux victimes que des informations personnelles comme les numéros de sécurité sociale et d'autres ont été accessibles lors d'un incident en mai dernier.Le

---

Medicare and other information belonging to 341,000 people was leaked after a consulting firm working with the Department of Justice was hacked. Greylock McKinnon Associates reported a data breach to regulators in Maine on Friday, telling victims that personal information like Social Security numbers and more were accessed during an incident last May. The]]> 2024-04-08T17:02:49+00:00 https://therecord.media/doj-data-leaked-in-attack-on-consulting-firm www.secnews.physaphae.fr/article.php?IdArticle=8478215 False Data Breach None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it\'s designed to retrieve]]> 2024-04-08T16:59:00+00:00 https://thehackernews.com/2024/04/watch-out-for-latrodectus-this-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8478076 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure]]> 2024-04-08T16:53:00+00:00 https://thehackernews.com/2024/04/the-drop-in-ransomware-attacks-in-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8478077 False Ransomware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two US lawmakers have published a draft federal data privacy law, dubbed the American Privacy Rights Act, which aims to provide protections for the personal information of all US citizens]]> 2024-04-08T16:30:00+00:00 https://www.infosecurity-magazine.com/news/us-federal-privacy-law-legislators/ www.secnews.physaphae.fr/article.php?IdArticle=8478214 False None None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-08T16:24:08+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/evolving-threat-landscape-deep-dive-multichannel-attacks-targeting www.secnews.physaphae.fr/article.php?IdArticle=8478123 False Tool,Threat,Mobile,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch As manufacturers sprint to add software-defined features for vehicles, the ability for third-party maintenance and repair falls behind, leaving businesses with few choices to manage their cybersecurity.]]> 2024-04-08T16:08:31+00:00 https://www.darkreading.com/ics-ot-security/software-defined-vehicle-fleets-twisty-road-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8478331 False None None 2.0000000000000000 RedCanary - Red Canary Adversaries are exploiting CVE-2023-4878 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors.]]> 2024-04-08T16:07:21+00:00 https://redcanary.com/blog/cve-2023-48788/ www.secnews.physaphae.fr/article.php?IdArticle=8479348 False Tool,Vulnerability None 2.0000000000000000 RedCanary - Red Canary Adversaries are exploiting CVE-2023-4878 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors.]]> 2024-04-08T16:07:21+00:00 https://redcanary.com/blog/cve-2023-4878/ www.secnews.physaphae.fr/article.php?IdArticle=8478186 False Tool,Vulnerability None 2.0000000000000000 IT Security Guru - Blog Sécurité # miwic2024: Jennifer Fernick, ingénieur principal de la sécurité, lead de Encryption, Google est apparu pour la première fois sur gourou de la sécurité informatique .

---

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] The post #MIWIC2024: Jennifer Fernick, Senior Staff Security Engineer, Encryption Lead, Google first appeared on IT Security Guru. ]]> 2024-04-08T16:07:12+00:00 https://www.itsecurityguru.org/2024/04/08/miwic2024-jennifer-fernick-senior-staff-security-engineer-encryption-lead-google/?utm_source=rss&utm_medium=rss&utm_campaign=miwic2024-jennifer-fernick-senior-staff-security-engineer-encryption-lead-google www.secnews.physaphae.fr/article.php?IdArticle=8478188 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Fortinet said the malware functions identified include screen monitoring, screen capturing, cryptomining and more]]> 2024-04-08T16:00:00+00:00 https://www.infosecurity-magazine.com/news/byakugan-infostealer-capabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8478189 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Anviz Unveils Innovative All-in-One Intelligent Security Solution for SMBs at ISC West 2024 Anviz One sets new industry leading standard for SMB security solutions - Product Reviews]]> 2024-04-08T15:51:15+00:00 https://www.globalsecuritymag.fr/anviz-introduced-anviz-one.html www.secnews.physaphae.fr/article.php?IdArticle=8478191 False None None 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine The malware, discovered by Proofpoint and Team Cymru, was mainly utilized by initial access brokers]]> 2024-04-08T15:30:00+00:00 https://www.infosecurity-magazine.com/news/malware-latrodectus-linked-icedid/ www.secnews.physaphae.fr/article.php?IdArticle=8478190 False Malware None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-08T15:09:15+00:00 https://community.riskiq.com/article/974639f2 www.secnews.physaphae.fr/article.php?IdArticle=8478203 False Ransomware,Spam,Malware,Tool,Threat,Cloud APT 41 3.0000000000000000 Fortinet - Fabricant Materiel Securite FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more.]]> 2024-04-08T15:00:00+00:00 https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins www.secnews.physaphae.fr/article.php?IdArticle=8478187 False Threat None 2.0000000000000000 Silicon - Site de News Francais 2024-04-08T14:55:35+00:00 https://www.silicon.fr/avis-expert/responsable-de-la-securite-des-systemes-dinformation-un-poste-sous-les-projecteurs www.secnews.physaphae.fr/article.php?IdArticle=8478159 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Un projet de loi complet sur la confidentialité des données dévoilés dimanche offrirait des protections historiques de confidentialité et semble avoir de l'élan des deux côtés de l'allée.Le projet de loi de balayage envisagé par la sénatrice Maria Cantwell (D-WA) et la représentante Cathy McMorris Rodgers (R-WA) élèvent la vie privée à un droit de consommation, préempte un patchwork de lois des États qui ont été amicales

---

A comprehensive data privacy bill unveiled Sunday would offer historic privacy protections and appears to have momentum on both sides of the aisle. The sweeping bill envisioned by Sen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA) elevates privacy to a consumer right, preempts a patchwork of state laws that have been friendly]]> 2024-04-08T14:53:44+00:00 https://therecord.media/sweeping-bipartisan-privacy-bill-to-be-introduced-congress www.secnews.physaphae.fr/article.php?IdArticle=8478162 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain Google is rolling out an upgraded Find My Device network to Android devices in the United States and Canada, almost one year after it was first unveiled during the Google I/O 2023 conference in May. [...]]]> 2024-04-08T14:50:43+00:00 https://www.bleepingcomputer.com/news/google/google-rolls-out-new-find-my-device-network-to-android-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8478263 False Mobile,Conference None 2.0000000000000000 The Register - Site journalistique Anglais IT systems pulled offline for chance to paws and reflect First, they came for hospitals, then it was charities and cancer centers. Now, cyber scumbags are coming for the puppies and kittens.…]]> 2024-04-08T14:30:13+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/08/cyber_incident_strikes_veterinary_services/ www.secnews.physaphae.fr/article.php?IdArticle=8478158 False None None 2.0000000000000000 IT Security Guru - Blog Sécurité 4 leçons Les sociétés industrielles peuvent s'appuyer dans la cyberattaque de la bibliothèque britannique C'est apparu pour la première fois sur gourou de la sécurité informatique .

---

While cyberattacks occur daily, few garner as much attention and media coverage as the attack that struck the British Library in October 2023. The attack, which paralysed the Library\'s online systems for months and caused an estimated cost of £7 million, was striking by its magnitude. Yet, the blueprint attackers followed is sadly familiar. After […] The post 4 lessons industrial companies can draw from the British Library cyberattack first appeared on IT Security Guru. ]]> 2024-04-08T14:20:29+00:00 https://www.itsecurityguru.org/2024/04/08/4-lessons-industrial-companies-can-draw-from-the-british-library-cyberattack/?utm_source=rss&utm_medium=rss&utm_campaign=4-lessons-industrial-companies-can-draw-from-the-british-library-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8478157 False Industrial None 3.0000000000000000 Silicon - Site de News Francais 2024-04-08T14:17:41+00:00 https://www.silicon.fr/avis-expert/microsoft-ouvre-un-hub-ia-a-londres www.secnews.physaphae.fr/article.php?IdArticle=8478160 False None None 2.0000000000000000 GoogleSec - Firm Security Blog Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they\'re offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered protections across three main areas: data safeguards, safety-first protections, and user controls. This approach provides defense-in-depth for Find My Device users. How location crowdsourcing works on the Find My Device network The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. When the owner realizes they have lost their keys and logs into the Find My Device mobile app, they will be able to see the aggregated location contributed by nearby Android devices and locate their keys. Find My Device network protections Let\'s dive into key details of the multi-layered protections for the Find My Device network: Data Safeguards: We\'ve implemented protections that help ensure the privacy of everyone participating in the network and the crowdsourced location data that powers it. Location data is end-to-end encrypted. When Android devices participating in the network report the location of a Bluetooth tag, the location is end-to-end encrypted using a key that is only a]]> 2024-04-08T14:12:48+00:00 http://security.googleblog.com/2024/04/find-my-device-network-security-privacy-protections.html www.secnews.physaphae.fr/article.php?IdArticle=8486086 False Vulnerability,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email]]> 2024-04-08T14:06:00+00:00 https://thehackernews.com/2024/04/cybercriminals-targeting-latin-america.html www.secnews.physaphae.fr/article.php?IdArticle=8478025 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Les responsables de Westminster sont invités à mettre plus d'argent derrière les opérations pour perturber les gangs de ransomware à la suite d'un nombre croissant d'attaques ayant un large éventail de services. & NBSP;L'objectif actuel du gouvernement britannique pour lutter contre la crise des ransomwares - encourageant les organisations à améliorer leur cybersécurité et à se préparer à récupérer rapidement

---

Officials in Westminster are being urged to put more money behind operations to disrupt ransomware gangs in the wake of a growing number of attacks impacting a wide range of services.  The British government\'s current focus for tackling the ransomware crisis - encouraging organizations to improve their cybersecurity, and to prepare to recover quickly]]> 2024-04-08T14:04:13+00:00 https://therecord.media/uk-urged-to-get-on-forward-foot-with-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8478163 False Ransomware None 2.0000000000000000 Dark Reading - Informationweek Branch Investing in cybersecurity skills creates a safer digital world for everyone.]]> 2024-04-08T14:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/fight-for-cybersecurity-awareness www.secnews.physaphae.fr/article.php?IdArticle=8478128 False None None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Ceva Launches Multi-Protocol Wireless Platform IP Family to Accelerate Enhanced Connectivity in MCUs and SOCs for IoT and Smart Edge AI Applications • Ceva-Waves™ Links™ IP Family delivers fully integrated multi-protocol connectivity solutions with Wi-Fi, Bluetooth, UWB, Thread, Zigbee, and Matter, simplifying development and accelerating time to market for next generation, connectivity-rich, MCUs and SoCs • Ceva-Waves™ Links100, an IoT-focused connectivity platform IP with RF implemented on TSMC 22nm, currently being deployed by a leading OEM customer - Product Reviews]]> 2024-04-08T13:47:54+00:00 https://www.globalsecuritymag.fr/ceva-inc-launched-ceva-waves-tm-links-tm.html www.secnews.physaphae.fr/article.php?IdArticle=8478164 False None None 2.0000000000000000 MitnickSecurity - Former Hacker Services avec 3 205 compromis de données survenant en 2023 seuls , Fortifier la posture de cybersécurité de votre entreprise \\ est plus importante que jamais.

---

With 3,205 data compromises occurring in 2023 alone, fortifying your enterprise\'s cybersecurity posture is more important than ever.]]> 2024-04-08T13:32:41+00:00 https://www.mitnicksecurity.com/blog/enterprise-cyber-security www.secnews.physaphae.fr/article.php?IdArticle=8478122 False None None 2.0000000000000000 Korben - Bloger francais 2024-04-08T13:29:25+00:00 https://korben.info/jbl-quantum-guide-play-audio-3d-accessibilite-fps.html www.secnews.physaphae.fr/article.php?IdArticle=8478129 False None None 3.0000000000000000 McAfee Labs - Editeur Logiciel c'est à nouveau cette période de l'année & # 8211;Saison fiscale!Que vous ayez déjà été déposé dans l'espoir d'un remboursement précoce ...

---

> It\'s that time of year again – tax season! Whether you\'ve already filed in the hopes of an early refund... ]]> 2024-04-08T13:27:04+00:00 https://www.mcafee.com/blogs/tips-tricks/how-to-steer-clear-of-tax-season-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8478156 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-04-08T13:25:20+00:00 https://www.silicon.fr/aios-llm-systeme-exploitation-477532.html www.secnews.physaphae.fr/article.php?IdArticle=8478126 False None None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

Netscout: Visibility and collaboration key in securing upcoming summer games - Opinion]]> 2024-04-08T13:20:36+00:00 https://www.globalsecuritymag.fr/netscout-visibility-and-collaboration-key-in-securing-upcoming-summer-games.html www.secnews.physaphae.fr/article.php?IdArticle=8478130 False None None 2.0000000000000000 SecurityWeek - Security News Les nouvelles attaques Ahoi Heckler et WESEE ciblent AMD SEV-SNP et Intel TDX avec des interruptions malveillantes pour pirater des VM confidentiels.

---

>New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. ]]> 2024-04-08T13:16:22+00:00 https://www.securityweek.com/confidential-vms-hacked-via-new-ahoi-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8478127 False Hack None 3.0000000000000000 HackRead - Chercher Cyber Par contributeurs quotidiens Aujourd'hui, chez Resonance Security, je vais examiner l'une des façons les plus inhabituelles de & # 8230; Ceci est un article de HackRead.com Lire le post original: L'héritage d'une violation de sécurité

---

>By Daily Contributors Today over at Resonance Security I am going to look at one of the more unusual ways in… This is a post from HackRead.com Read the original post: The Legacy of a Security Breach]]> 2024-04-08T13:10:52+00:00 https://www.hackread.com/the-legacy-of-a-security-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8478125 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur Le premier du genre, Strata Cloud Manager \'s Command Center, représente la puissance de la plate-forme dans votre infrastructure de sécurité réseau.

---

>The first of its kind, Strata Cloud Manager\'s Command Center, represents the power of platformization within your network security infrastructure. ]]> 2024-04-08T13:00:34+00:00 https://www.paloaltonetworks.com/blog/2024/04/platform-power-with-strata-cloud-managers-command-center/ www.secnews.physaphae.fr/article.php?IdArticle=8478099 False Cloud None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les cookies sont l'une des technologies Web les plus importantes du monde, même si elles sont presque aussi anciennes que le navigateur Web lui-même.Ils ont parfois une mauvaise réputation, mais il ne fait pas que nier que les cookies nous facilitent la vie.Ils stockent des informations qui nous permettent de rester connectés à un site et de profiter d'une expérience productive au lieu de devoir continuellement à réapparaître et refaire les mêmes actions.Cependant, les cookies représentent également une opportunité pour les attaquants, qui peuvent les voler pour mener une gamme d'activités illicites.Pour les applications SaaS de votre organisation, cela peut conduire au [& # 8230;]

---

>Cookies are one of the most important web technologies around, even though they are almost as old as the web browser itself. They sometimes have a bad reputation, but there\'s no denying that cookies do make our lives a lot easier. They store information that allows us to stay logged in to a site and enjoy a productive experience instead of continually having to re-authenticate and redo the same actions.    However, cookies also represent an opportunity for attackers, who can steal them to conduct a range of illicit activities. For your organization\'s SaaS applications, this can lead to the […] ]]> 2024-04-08T13:00:11+00:00 https://blog.checkpoint.com/security/attackers-find-your-session-cookies-irresistible/ www.secnews.physaphae.fr/article.php?IdArticle=8478124 False Cloud None 2.0000000000000000 The Register - Site journalistique Anglais Theories abound over who\'s truly responsible Change Healthcare is allegedly being extorted by a second ransomware gang, mere weeks after recovering from an ALPHV attack.…]]> 2024-04-08T13:00:09+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/08/change_healthcare_ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8478100 False Ransomware,Medical None 2.0000000000000000 Securonix - Siem In DevOps, compliance ensures that software development and delivery are secure and trustworthy. And to ensure companies follow compliance regulations, audits are performed by external vendors (usually, but companies may have internal audits as well). Compliance involves adhering to established security policies, regulatory requirements, and industry standards throughout the development lifecycle.]]> 2024-04-08T12:40:33+00:00 https://www.securonix.com/blog/breaking-bias-with-ueba/ www.secnews.physaphae.fr/article.php?IdArticle=8478227 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-08T12:29:54+00:00 https://www.globalsecuritymag.fr/tanium-xem-et-microsoft-copilot-for-security-s-associent-pour-offrir-une.html www.secnews.physaphae.fr/article.php?IdArticle=8478131 False None None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-04-08T12:12:00+00:00 https://www.computerweekly.com/news/366580132/UK-vet-network-CVS-hit-by-cyber-attack www.secnews.physaphae.fr/article.php?IdArticle=8478261 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The AhnLab Security Intelligence Center discovered new infostealer distribution campaigns leveraging legitimate YouTube channels]]> 2024-04-08T12:00:00+00:00 https://www.infosecurity-magazine.com/news/youtube-channels-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8478075 False None None 3.0000000000000000 knowbe4 - cybersecurity services Les médias sociaux sont devenus un outil indispensable pour la communication, la sensibilisation et l'engagement.Des dirigeants mondiaux aux individus de haut niveau, ces plateformes offrent une occasion inégalée de se connecter avec les masses.

---

Social media has become an indispensable tool for communication, outreach, and engagement. From world leaders to high-profile individuals, these platforms offer an unparalleled opportunity to connect with the masses.]]> 2024-04-08T11:55:51+00:00 https://blog.knowbe4.com/why-world-leaders-and-high-profile-individuals-must-prioritise-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8478072 False Tool None 3.0000000000000000