This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T10:30:37+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine 2023-01-16T17:00:00+00:00 https://www.infosecurity-magazine.com/news/circleci-breach-caused-by/ www.secnews.physaphae.fr/article.php?IdArticle=8301578 False Data Breach,Malware Uber 4.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-01-16T13:22:57+00:00 https://informationsecuritybuzz.com/6000-customer-accounts-breached-nortonlifelock-alert-users/ www.secnews.physaphae.fr/article.php?IdArticle=8301504 False Data Breach None 2.0000000000000000 SecurityWeek - Security News 2023-01-16T11:53:44+00:00 https://www.securityweek.com/circleci-hacked-malware-employee-laptop www.secnews.physaphae.fr/article.php?IdArticle=8301475 False Data Breach,Malware None 3.0000000000000000 Soc Radar - Blog spécialisé SOC 2023-01-16T10:36:01+00:00 https://socradar.io/attackers-infected-a-circleci-employee-with-malware-to-steal-customer-session-tokens/ www.secnews.physaphae.fr/article.php?IdArticle=8301452 False Data Breach,Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-13T11:47:56+00:00 https://www.bleepingcomputer.com/news/security/nortonlifelock-warns-that-hackers-breached-password-manager-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8300917 False Data Breach None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-01-12T20:15:00+00:00 https://www.darkreading.com/attacks-breaches/new-survey-sheds-light-on-why-enterprises-struggle-to-thwart-api-attacks www.secnews.physaphae.fr/article.php?IdArticle=8300653 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-12T11:31:36+00:00 https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-australian-firefighting-service/ www.secnews.physaphae.fr/article.php?IdArticle=8300584 False Ransomware,Data Breach None 2.0000000000000000 CSO - CSO Daily Dashboard 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn't just the big players caught in the line of fire. IBM's report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes - from local credit unions to Fortune 500s - are at risk. While ransomware attacks get the most time in the financial headlines, most breaches aren't caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.To read this article in full, please click here]]> 2023-01-12T10:00:00+00:00 https://www.csoonline.com/article/3685191/how-financial-institutions-can-soar-to-success-with-devo-soar.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300630 False Ransomware,Data Breach,Threat,Guideline None 2.0000000000000000 SecurityWeek - Security News 2023-01-11T11:53:21+00:00 https://www.securityweek.com/251k-impacted-data-breach-insurance-firm-bay-bridge-administrators www.secnews.physaphae.fr/article.php?IdArticle=8300001 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-10T22:03:00+00:00 https://www.darkreading.com/attacks-breaches/bay-bridge-administrators-llc-notifies-individuals-of-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8299664 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-10T19:43:00+00:00 https://www.darkreading.com/ics-ot/san-fran-bart-investigates-vice-society-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8299629 False Data Breach None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC A study reveals that 80% of global IT decision-makers have already adopted or are planning to adopt an IAM solution in the upcoming years. IAM refers to business policies, processes, and technologies to control unauthorized data and digital systems access. Two IAM approaches are widely known, one for the cloud and the other for on-premises. The cloud based IAM practices are fast-growing because the demand for cloud adoption has increased over time. With the right IAM solutions and techniques, IT managers and businesses control users' access to sensitive business data within their networks. In addition, these solutions help protect organizations from cyber-attacks; they become more efficient, reduce IT operational costs, and improve user experience. Six best IAM practices that organizations must not neglect The IAM framework means using the right solution to implement user authentication and privileges policies. In addition, with IAM, companies demonstrate that any data is not misused, and they comply with government regulations. For all these characteristics, businesses are increasingly adopting IAM solutions, and their demand will undoubtedly be high in the upcoming time. It's also estimated that the IAM market will grow to $15.3 billion by 2025. The organization needs to use the right IAM tools and practices to reap the most benefits from the IAM solution. The six best IAM practices that every business should incorporate into its security strategy are as follows: Adopt passwordless authentication Many data breaches occur because of weak or stolen credentials. Threat actors can use advanced tools and tactics to steal and break passwords. Organizations need a secure identity management system to prevent bad actors from breaking in and stealing credentials that can result in breaches such as the Lapsus$ attack or the Colonial Pipeline ransomware attack. Organizations eliminate password issues by choosing passwordless authentication to protect vital business data and ensure that only authentic people access it. Passwordless authentication enables users to authenticate their identity without entering a password. There are various benefits for organizations to become passwordless- it enhances the overall efficiency, saves time and productivity, and provides greater ease of access. But, most importantly, passwordless authentication allows IAM leaders and users to access the cloud environment safely and securely. Implement a Zero-Trust approach The zero-trust approach is not new but has gained popularity as the threat landscape is evolving. Organizations cannot have a robust IAM policy without a function zero-trust architecture. The average cost of a data breach is $4.24 million, but the zero-trust model helps re]]> 2023-01-10T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/key-to-success-while-implementing-iam-best-practices-that-every-company-should-implement www.secnews.physaphae.fr/article.php?IdArticle=8299486 False Ransomware,Data Breach,Threat,Guideline None 2.0000000000000000 SecurityWeek - Security News 2023-01-09T14:15:05+00:00 https://www.securityweek.com/air-france-klm-customers-warned-loyalty-program-account-hacking www.secnews.physaphae.fr/article.php?IdArticle=8299247 False Data Breach None 4.0000000000000000 SecurityWeek - Security News 2023-01-09T13:16:26+00:00 https://www.securityweek.com/fcc-proposes-tighter-data-breach-reporting-rules-wireless-carriers www.secnews.physaphae.fr/article.php?IdArticle=8299248 False Data Breach None 3.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2023-01-09T12:07:40+00:00 https://www.globalsecuritymag.fr/Expert-Reveals-Twitter-Data-Leak-Could-Impact-Victim-s-Credit.html www.secnews.physaphae.fr/article.php?IdArticle=8299158 False Data Breach None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC $3.86 million to $4.24 million in 2021. That's costly enough to put most SMBs into the red. Not to mention the reputational damage it can cause for your brand. Avoid this dreaded fate by protecting yourself against the latest cybersecurity developments — like Malware-as-a-Service (MaaS) — to protect your networks, data, systems, and business reputation. If you've never heard of Malware-as-a-Service (MaaS) before, don't fret. This article is for you. We'll teach you everything you need to know about Malware-as-a-Service and wrap it up by sharing some best practices for protecting your proprietary company data from potential threats. Let's dive in. What is Malware-as-a-Service (Maas)? Malware-as-a-Service (MaaS) is a type of cyber attack in which criminals offer malware and deployment services to other hackers or malicious actors on the internet. These services typically are available on the dark web. When purchased, a bad actor can carry out various malicious activities, such as stealing sensitive information, disrupting computer systems, or encrypting data and demanding a ransom to unlock it. Some of the most common types of malware include the following: Viruses: Programs that can replicate themselves and spread to other computers. They can cause various problems, such as disrupting computer operations, stealing information, or damaging files. Trojan horses: These programs masquerade themselves as legitimate software but can carry out malicious activities, such as stealing data or giving attackers unauthorized access to a computer. Worms: A self-replicating program that can spread across networks, disrupting computer operations and consuming network resources. Adware: Software that displays unwanted advertisements on a computer. It can be intrusive and annoying and sometimes track a user's online activities. Ransomware: Encryption of a victim's data with the demand for a ransom payment to unlock it. It can devastate businesses, resulting in losing important data and files. Spyware: Software designed to collect information about a user's online activities without their knowledge or consent to steal sensitive information (like financial statements and passwords). Bots: Often used in conjunction with other types of malware, such as viruses or worms. For example, a virus could infect a computer and then download and install a bot, which could carry out malicious activities on that computer or other computers on the network. MaaS makes it easier for cybercriminals to launch attacks, as they can purchase and use pre-made malware without developing it themselves. This distinction can make it harder for law enforcement, cybersecurity experts, and IT teams to track down the people responsible for the attacks. And sadly, cyber-attacks are industry agnostic. For example, in the transportation industry, cybercriminals exploit vulnerabilities of electronic logging devices and steal valuable information from cloud-connected trucks. MaaS is also a significant threat to online job boards like ]]> 2023-01-09T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/understanding-malware-as-a-service-maas-the-future-of-cyber-attack-accessibility www.secnews.physaphae.fr/article.php?IdArticle=8299142 False Ransomware,Data Breach,Malware,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The proposed rule would expand the definition of a breach and require telecoms to immediately report intrusions to law enforcement. ]]> 2023-01-06T17:10:28+00:00 https://www.cyberscoop.com/fcc-data-breach-notifications/ www.secnews.physaphae.fr/article.php?IdArticle=8298596 False Data Breach None 3.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2023-01-06T13:27:38+00:00 https://www.globalsecuritymag.fr/Expert-commentary-on-data-breach-affecting-UK-schools-from-Steven-Wood-OpenText.html www.secnews.physaphae.fr/article.php?IdArticle=8298529 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-01-06T12:59:12+00:00 https://informationsecuritybuzz.com/wabtec-announces-global-data-breach-in-lockbit-atta/ www.secnews.physaphae.fr/article.php?IdArticle=8298519 False Ransomware,Data Breach None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-06T04:22:00+00:00 https://www.csoonline.com/article/3684771/twitters-mushrooming-data-breach-crisis-could-prove-costly.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298511 False Data Breach None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-05T17:00:00+00:00 https://www.infosecurity-magazine.com/news/five-guys-data-breach-affect/ www.secnews.physaphae.fr/article.php?IdArticle=8298233 False Data Breach None 3.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2023-01-05T15:59:26+00:00 https://www.globalsecuritymag.fr/Expert-commentary-on-Five-Guys-data-breach-from-Steven-Wood-OpenText.html www.secnews.physaphae.fr/article.php?IdArticle=8298216 False Data Breach None 1.00000000000000000000 SecurityWeek - Security News 2023-01-05T13:12:10+00:00 https://www.securityweek.com/burger-chain-five-guys-discloses-data-breach-impacting-job-applicants www.secnews.physaphae.fr/article.php?IdArticle=8298192 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-01-05T10:55:38+00:00 https://informationsecuritybuzz.com/235-million-twitter-users-leaked-biggest-data-leak/ www.secnews.physaphae.fr/article.php?IdArticle=8298088 False Data Breach,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2023-01-05T10:38:42+00:00 https://www.globalsecuritymag.fr/Expert-commentary-Five-Guys-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8298089 False Data Breach None 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-05T09:30:00+00:00 https://www.infosecurity-magazine.com/news/rail-tech-wabtec-global-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8298067 False Ransomware,Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-01-05T08:27:18+00:00 https://informationsecuritybuzz.com/five-guys-breached-burger-franchise-suffers-data-compromise/ www.secnews.physaphae.fr/article.php?IdArticle=8298059 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-04T22:01:56+00:00 https://www.darkreading.com/attacks-breaches/five-guys-data-breach-hr-data www.secnews.physaphae.fr/article.php?IdArticle=8297961 False Data Breach None 1.00000000000000000000 SC Magazine - Magazine 2023-01-04T15:58:06+00:00 https://www.scmagazine.com/news/ransomware/wabtec-breach-linked-to-lockbit-ransomware-group www.secnews.physaphae.fr/article.php?IdArticle=8297938 False Ransomware,Data Breach None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-04T15:19:00+00:00 https://www.csoonline.com/article/3684769/attackers-use-stolen-banking-data-as-phishing-lure-to-deploy-bitrat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297971 False Data Breach,Tool None 1.00000000000000000000 Bleeping Computer - Magazine Américain 2023-01-03T15:13:35+00:00 https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8297542 False Ransomware,Data Breach None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below.  1. Compliance with regulations There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards. It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place. 2. Protecting enterprise assets Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data.  3. Protecting consumer data Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people. The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data.  Thorough and effective cybersecurity awareness training will reduce the chances of employee error l]]> 2023-01-03T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/five-reasons-why-cybersecurity-training-is-important-in-2023 www.secnews.physaphae.fr/article.php?IdArticle=8297413 False Data Breach,Threat,Guideline,Industrial,Prediction None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-01-03T10:47:26+00:00 https://informationsecuritybuzz.com/data-breach-involves-users-maybank-astro-ec/ www.secnews.physaphae.fr/article.php?IdArticle=8297416 False Data Breach None 2.0000000000000000 BBC - BBC News - Technology 2022-12-29T15:19:38+00:00 https://www.bbc.co.uk/news/technology-64109777?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8295804 False Data Breach None 2.0000000000000000 SecurityWeek - Security News 2022-12-29T10:42:45+00:00 https://www.securityweek.com/data-breach-louisiana-healthcare-provider-impacts-270000-patients www.secnews.physaphae.fr/article.php?IdArticle=8295758 False Data Breach,Medical None 2.0000000000000000 Wired Threat Level - Security News 2022-12-28T19:53:16+00:00 https://www.wired.com/story/lastpass-breach-vaults-password-managers/ www.secnews.physaphae.fr/article.php?IdArticle=8295615 False Data Breach LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-28T08:54:26+00:00 https://www.bleepingcomputer.com/news/security/ransomware-attack-at-louisiana-hospital-impacts-270-000-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8295526 False Ransomware,Data Breach,Medical None 2.0000000000000000 The State of Security - Magazine Américain 2022-12-27T02:51:41+00:00 https://www.tripwire.com/state-of-security/are-passwords-really-safe-we-think www.secnews.physaphae.fr/article.php?IdArticle=8295176 False Data Breach None 2.0000000000000000 SC Magazine - Magazine 2022-12-23T13:02:01+00:00 https://www.scmagazine.com/brief/breach/data-breach-hits-sports-betting-firm-betmgm www.secnews.physaphae.fr/article.php?IdArticle=8296275 False Data Breach None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-23T11:48:55+00:00 https://informationsecuritybuzz.com/lastpass-latest-data-breach-exposes-customer-passwords/ www.secnews.physaphae.fr/article.php?IdArticle=8294177 False Data Breach LastPass 1.00000000000000000000 SecurityWeek - Security News 2022-12-23T10:38:13+00:00 https://www.securityweek.com/betmgm-confirms-breach-hackers-offer-sell-data-15-million-customers www.secnews.physaphae.fr/article.php?IdArticle=8294160 False Data Breach None 1.00000000000000000000 SecurityWeek - Security News 2022-12-22T21:07:44+00:00 https://www.securityweek.com/lastpass-says-password-vault-data-stolen-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8293994 False Data Breach LastPass 1.00000000000000000000 Bleeping Computer - Magazine Américain 2022-12-22T17:25:27+00:00 https://www.bleepingcomputer.com/news/security/leading-sports-betting-firm-betmgm-discloses-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8293996 False Data Breach,Threat,Guideline None 4.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-20T14:59:14+00:00 https://informationsecuritybuzz.com/draftkings-data-breach-exposes-users-information/ www.secnews.physaphae.fr/article.php?IdArticle=8293077 False Data Breach None 1.00000000000000000000 SecurityWeek - Security News 2022-12-20T14:38:03+00:00 https://www.securityweek.com/draftkings-data-breach-impacts-personal-information-68000-customers www.secnews.physaphae.fr/article.php?IdArticle=8293099 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-18T11:07:14+00:00 https://www.bleepingcomputer.com/news/security/restaurant-crm-platform-sevenrooms-confirms-breach-after-data-for-sale/ www.secnews.physaphae.fr/article.php?IdArticle=8292566 False Data Breach,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-16T16:00:00+00:00 https://www.infosecurity-magazine.com/news/social-blade-confirms-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8291994 False Data Breach None 2.0000000000000000 ComputerWeekly - Computer Magazine 2022-12-16T06:00:00+00:00 https://www.computerweekly.com/news/252528441/Shiseido-data-breach-victims-plan-legal-action-over-fake-companies www.secnews.physaphae.fr/article.php?IdArticle=8291935 False Data Breach None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC dark data is generated by users' daily online interactions between several devices and systems. Dark data might seem like a scary term, but it isn't, though it poses some risks. Since its percentage of data is rising more quickly than organizational data, business organizations are getting concerned about it. Hence, to grasp what dark data is and what issues it signifies, it's essential to understand it from a broader perspective. What Is dark data? Dark data is the type of organizational data whose value is not identified; hence, it can be crucial business data or useless data. A research report published by BigID reveals that 84% of organizations are seriously concerned about dark data. This data consists of the additional information collected and stored during daily business activities. But perhaps to your surprise, the organization may be unaware of the dark data and typically doesn't use it. Dark data tends to be unstructured data that contains sensitive and unclassified information. The research report further reveals that eight out of ten organizations consider unstructured data the most critical to handle and secure. Dark data can be classified as follows: Emails, images, audio, video, and social media posts. Application trials including API caches and encryption keys such as VPN or SSH support. Data stored in overlooked virtual images activated or installed in local or cloud infrastructure. Forgotten unstructured data created on various database engines a long time ago. Customers and the company's employees own data on the desktop and mobile devices. The hidden data file in a file system can be in the form of old pictures, scanned documents, pdf forms, notes on MS Word documents, and signed files. Dark data might seem benign, but it holds most of the organization's information. Thus, it can pose significant security risks if it falls into the wrong hands, like leaking a company's sensitive data and damaging its industry reputation. This is particularly alarming for organisations that do not use a reliable VPN or any other security tools to ensure data privacy and safety. How can you utilize dark data to help your business? Dark data seems challenging to handle and involves lengthy manual processes, but companies need to automate these processes. Technological advancements such as the use of AI have made it easier for companies to explore and process unstructured data. Another important use of dark data is its role in boosting AI-powered solutions. As more and more data exists, the information that AI can analyse to produce even deeper insights. Alongside Artificial Intelligence, you can also use Machine Learning technology to discover untapped and unused data and insights. These insights might help organizations make more informed decisions regarding incoming data. Also, it guides them toward taking practical steps in response to their data. Implementing AI and ML systems needs internal structural changes for businesses, costing organizations a great deal of time and money. H]]> 2022-12-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/dark-data-what-is-it-how-can-you-best-utilize-it www.secnews.physaphae.fr/article.php?IdArticle=8291507 False Data Breach,Threat,Guideline,Prediction None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-15T10:29:26+00:00 https://www.bleepingcomputer.com/news/security/social-blade-confirms-breach-after-hacker-posts-stolen-user-data/ www.secnews.physaphae.fr/article.php?IdArticle=8291589 False Data Breach None 2.0000000000000000 McAfee Labs - Editeur Logiciel Did you just get word that your personal information may have been caught up in a data breach? If so,... ]]> 2022-12-14T13:11:51+00:00 https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-yourself-from-identity-theft-after-a-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8291202 False Data Breach None 2.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2022-12-14T10:22:28+00:00 https://www.globalsecuritymag.fr/Comment-CybelAngel-CISO-on-Uber-suffering-new-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8291152 False Data Breach Uber,Uber 1.00000000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-13T20:32:46+00:00 https://informationsecuritybuzz.com/tequivity-cloud-server-compromise-leads-to-uber-breached-experts-reacted/ www.secnews.physaphae.fr/article.php?IdArticle=8290920 False Data Breach Uber,Uber 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-13T16:00:00+00:00 https://www.infosecurity-magazine.com/news/uber-hit-by-new-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8290729 False Data Breach Uber,Uber 2.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2022-12-13T14:59:10+00:00 https://www.globalsecuritymag.fr/Comment-from-cyber-expert-on-Uber-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8290711 False Data Breach Uber,Uber 1.00000000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2022-12-13T14:17:48+00:00 https://www.globalsecuritymag.fr/Expert-commentary-UberLeaks-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8290716 False Data Breach Uber 1.00000000000000000000 Bleeping Computer - Magazine Américain 2022-12-12T14:27:52+00:00 https://www.bleepingcomputer.com/news/security/twitter-confirms-recent-user-data-leak-is-from-2021-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8290453 False Data Breach None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-12T13:30:18+00:00 https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/ www.secnews.physaphae.fr/article.php?IdArticle=8290444 False Data Breach,Threat Uber,Uber 1.00000000000000000000 Wired Threat Level - Security News 2022-12-08T13:00:00+00:00 https://www.wired.com/story/sequoia-hr-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8289094 False Data Breach None 3.0000000000000000 SecurityWeek - Security News 2022-12-08T12:01:56+00:00 https://www.securityweek.com/cloudsek-blames-hack-another-cybersecurity-company www.secnews.physaphae.fr/article.php?IdArticle=8289093 False Data Breach,Hack None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 12 #49  |   December 6th, 2022 [Keep An Eye Out] Beware of New Holiday Gift Card Scams By Roger A. Grimes Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something. The gift card market is estimated in the many hundreds of BILLIONS of dollars. Who doesn't like to get a free gift card? Unfortunately, scammers often use gift cards as a way to steal value from their victims. There are dozens of ways gift cards can be used by scammers to steal money. Roger covers these three scams in a short [VIDEO] and in detail on the KnowBe4 blog: You Need to Pay a Bill Using Gift Cards Maliciously Modified Gift Cards in Stores Phish You for Information to Supposedly Get a Gift Card Blog post with 2:13 [VIDEO] and links you can share with your users and family:https://blog.knowbe4.com/beware-of-holiday-gift-card-scams [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, December 7 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. NEW! KnowBe4 Mobile Learner App - Users Can Now Train Anytime, Anywhere! NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers NEW! AI-Driven phishing and training recommendations for your end users Did You Know? You can upload your own training video and SCORM modules into your account for home workers Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes Find out how 50,000+ organizations have mobilized their end-users as their human firewall. Date/Time: TOMORROW, Wednesday, December 7 @ 2:00 PM (ET) Save My Spot!https://event.on24.com/wcc/r/3947028/0273119CCBF116DBE42DF81F151FF99F?partnerref=CHN3 ]]> 2022-12-06T14:30:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-49-keep-an-eye-out-beware-of-new-holiday-gift-card-scams www.secnews.physaphae.fr/article.php?IdArticle=8288279 False Ransomware,Data Breach,Spam,Hack,Tool,Guideline None 3.0000000000000000 The Register - Site journalistique Anglais 2022-12-02T23:10:59+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/02/medibank_data_dump/ www.secnews.physaphae.fr/article.php?IdArticle=8287950 False Data Breach None 2.0000000000000000 SecurityWeek - Security News mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the internet because officials didn't follow policies or understand how to operate their website, according to an investigation released Wednesday. ]]> 2022-12-02T13:48:36+00:00 https://www.securityweek.com/report-california-gun-data-breach-was-unintentional www.secnews.physaphae.fr/article.php?IdArticle=8286632 False Data Breach None 4.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain was hacked, and customer information accessed. No passwords were compromised.]]> 2022-12-02T12:09:45+00:00 https://www.schneier.com/blog/archives/2022/12/lastpass-security-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8286626 False Data Breach LastPass 3.0000000000000000 Naked Security - Blog sophos 2022-12-02T01:10:59+00:00 https://nakedsecurity.sophos.com/2022/12/02/lastpass-admits-to-customer-data-breach-caused-by-previous-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8286494 False Data Breach LastPass 3.0000000000000000 CyberSecurityVentures - cybersecurity services Security intelligence from around the world Our daily alert provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we’re following. If there’s a cyberattack, hack, or data breach you should know about, then we’re on it. ]]> 2022-12-01T20:32:42+00:00 https://cybersecurityventures.com/hacks/ www.secnews.physaphae.fr/article.php?IdArticle=8286428 False Data Breach None 3.0000000000000000 Security Affairs - Blog Secu Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented Data breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible, but some things can be done to reduce it significantly. Here are three of the […] ]]> 2022-12-01T12:38:04+00:00 https://securityaffairs.co/wordpress/139160/data-breach/worst-data-breaches.html www.secnews.physaphae.fr/article.php?IdArticle=8286256 False Data Breach None 3.0000000000000000 SecurityWeek - Security News 2022-12-01T11:47:33+00:00 https://www.securityweek.com/goto-lastpass-notify-customers-new-data-breach-related-previous-incident www.secnews.physaphae.fr/article.php?IdArticle=8286227 False Data Breach LastPass 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-11-30T19:52:28+00:00 https://informationsecuritybuzz.com/south-staffs-water-hacking-victims-have-bank-details-published-on-dark-web-after-cyber-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8286034 False Data Breach None 3.0000000000000000 Global Security Mag - Site de news francais Product Reviews]]> 2022-11-30T15:13:54+00:00 https://www.globalsecuritymag.fr/Surfshark-launches-a-browser-extension-upgrade-with-a-CleanWeb-2-0.html www.secnews.physaphae.fr/article.php?IdArticle=8285945 False Data Breach,Malware None 3.0000000000000000 Global Security Mag - Site de news francais Opinion]]> 2022-11-28T17:54:48+00:00 https://www.globalsecuritymag.fr/Expert-comment-Ireland-s-DPC-fines-Meta-265m.html www.secnews.physaphae.fr/article.php?IdArticle=8277936 False Data Breach None 2.0000000000000000 SecurityWeek - Security News 2022-11-28T15:54:53+00:00 https://www.securityweek.com/irish-regulator-fines-meta-265-million-euros-over-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8272490 False Data Breach None 4.0000000000000000 SecurityWeek - Security News 2022-11-28T12:48:49+00:00 https://www.securityweek.com/twitter-data-breach-bigger-initially-reported www.secnews.physaphae.fr/article.php?IdArticle=8271178 False Data Breach None 3.0000000000000000 Security Affairs - Blog Secu The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] ]]> 2022-11-26T21:11:03+00:00 https://securityaffairs.co/wordpress/139001/data-breach/twitter-massive-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8244621 False Data Breach,Vulnerability,Threat None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-11-26T20:29:06+00:00 https://blog.knowbe4.com/whatsapp-data-breach-sees-nearly-500-million-user-records-up-for-sale www.secnews.physaphae.fr/article.php?IdArticle=8244023 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-11-26T13:49:47+00:00 https://informationsecuritybuzz.com/7-email-security-risks-and-how-to-tackle-them/ www.secnews.physaphae.fr/article.php?IdArticle=8238214 False Data Breach,Malware None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-11-23T10:26:14+00:00 https://informationsecuritybuzz.com/airasia-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8177632 True Ransomware,Data Breach None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-11-23T10:26:14+00:00 https://informationsecuritybuzz.com/air-asia-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8182303 False Data Breach None None SecurityWeek - Security News 2022-11-21T18:02:59+00:00 https://www.securityweek.com/california-county-says-personal-information-compromised-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8151492 False Data Breach None None McAfee Labs - Editeur Logiciel Hackers have posted another batch of stolen health records on the dark web-following a breach that could potentially affect nearly... ]]> 2022-11-15T00:39:38+00:00 https://www.mcafee.com/blogs/security-news/the-medibank-data-breach-steps-you-can-take-to-protect-yourself/ www.secnews.physaphae.fr/article.php?IdArticle=8020140 False Data Breach None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-11-14T13:19:27+00:00 https://www.bleepingcomputer.com/news/security/whoosh-confirms-data-breach-after-hackers-sell-72m-user-records/ www.secnews.physaphae.fr/article.php?IdArticle=8012947 False Data Breach None None CSO - CSO Daily Dashboard Optus breach, which impacted a third of the Australian population.To read this article in full, please click here]]> 2022-11-11T01:54:00+00:00 https://www.csoonline.com/article/3679630/medibank-hackers-revealed-to-be-in-russia.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7944597 False Data Breach None None InformationSecurityBuzzNews - Site de News Securite 2022-11-09T18:58:27+00:00 https://informationsecuritybuzz.com/medibank-hackers-begin-publishing-data/ www.secnews.physaphae.fr/article.php?IdArticle=7909173 False Data Breach None None Data Security Breach - Site de news Francais 2022-11-09T14:55:31+00:00 https://www.datasecuritybreach.fr/mirai-emotet-lemonduck/ www.secnews.physaphae.fr/article.php?IdArticle=7906130 False Data Breach None None Security Intelligence - Site de news Américain In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by […] ]]> 2022-11-08T14:00:00+00:00 https://securityintelligence.com/articles/mitigating-public-facing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=7890187 False Data Breach Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-11-07T17:16:00+00:00 https://www.infosecurity-magazine.com/news/medibank-refuses-to-pay-ransom/ www.secnews.physaphae.fr/article.php?IdArticle=7882444 False Data Breach None None SecurityWeek - Security News 2022-11-07T14:10:41+00:00 https://www.securityweek.com/solarwinds-agrees-pay-26-million-settle-shareholder-lawsuit-over-data-breach www.secnews.physaphae.fr/article.php?IdArticle=7881539 False Data Breach None None SecurityWeek - Security News 2022-11-07T11:10:57+00:00 https://www.securityweek.com/medibank-confirms-data-breach-impacts-97-million-customers www.secnews.physaphae.fr/article.php?IdArticle=7879985 False Data Breach,Threat None None InfoSecurity Mag - InfoSecurity Magazine 2022-11-04T10:30:00+00:00 https://www.infosecurity-magazine.com/news/ico-slashes-government-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=7820561 False Data Breach None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC an estimated $9.3 trillion as of 2018. Individual ones can hold millions of dollars, making them tempting targets for cybercriminals. ESOPs pose unique risks, as participating employees have an ownership stake in the company. Consequently, cyberattacks that damage the business’s reputation will affect ESOP participants. Lower stock values will reduce workers’ payouts when they retire. This ownership stake means an attack doesn’t have to target the retirement plan directly to impact its participants. Any cybersecurity incident against the business poses a significant risk, and ESOP security means safeguarding the entire company’s attack surface. How to minimize ESOP security concerns ESOP cybersecurity concerns are significant, but you can take several steps to address them. Here’s how you can mitigate these security risks. Assess company-specific risks The first step in ESOP cybersecurity is to assess your specific risk landscape. Every organization and plan within one has unique considerations determining the most effective mitigation measures, so these assessments are a crucial starting point. Every risk contains two key components: an event that could happen and the consequences if it does. Teams must compile a formal list of threats facing their ESOP plans, ensuring to cover both these categories. This will reveal the most important vulnerabilities to address, helping guide further security steps. Verify vendors Like many retirement plans, ESOPs typically rely on third-party vendors to manage funds. Consequently, breaches in these partners could impact the business itself. About 51% of all organizations have experienced a data breach from a third party, so verifying their security before going into business with them is crucial. Ask for third-party audits and similar proofs of security to ensure any vendors meet strict cybersecurity standards. Contracts should include detailed pictures of their security responsibilities and consequences for noncompliance. Ensuring all vendors have sufficient cybersecurity insurance is also a good idea. Minimize access You should minimize access privileges across the organization and its partners even after verification. Well-meaning employees can still make critical errors, but if each account can only use a few resources, a breach in one won’t jeopardize the entire system. Operate by the principle of least privilege: Every user, program and endpoint should only be able to access what it needs to work correctly. That applies to third parties as well as company insiders. This will minimize lateral movement risks, helping keep ESOPs safe from attacks elsewhere in the organization. Create a culture of Cybersecurity]]> 2022-11-03T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/minimizing-security-concerns-of-esops www.secnews.physaphae.fr/article.php?IdArticle=7799447 False Data Breach None None InformationSecurityBuzzNews - Site de News Securite 2022-11-02T14:09:37+00:00 https://informationsecuritybuzz.com/expert-comments/royal-mail-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=7783166 False Data Breach None None Bleeping Computer - Magazine Américain 2022-11-02T13:05:18+00:00 https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=7784922 False Data Breach None None SecurityWeek - Security News 2022-11-02T11:30:41+00:00 https://www.securityweek.com/hackers-stole-source-code-personal-data-dropbox-following-phishing-attack www.secnews.physaphae.fr/article.php?IdArticle=7780841 False Data Breach None None SecurityWeek - Security News 2022-11-01T12:10:08+00:00 https://www.securityweek.com/bed-bath-beyond-investigating-data-breach-after-employee-falls-phishing-attack www.secnews.physaphae.fr/article.php?IdArticle=7764565 False Data Breach None None SecurityWeek - Security News 2022-10-31T13:15:12+00:00 https://www.securityweek.com/label-giant-multi-color-corporation-discloses-data-breach www.secnews.physaphae.fr/article.php?IdArticle=7754763 False Data Breach None None SecurityWeek - Security News 2022-10-28T13:12:07+00:00 https://www.securityweek.com/twilio-says-employees-targeted-separate-smishing-vishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=7718704 False Data Breach None None InformationSecurityBuzzNews - Site de News Securite 2022-10-27T14:08:16+00:00 https://informationsecuritybuzz.com/expert-comments/expert-commentary-see-tickets-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=7703590 True Data Breach None None Bleeping Computer - Magazine Américain 2022-10-27T14:05:38+00:00 https://www.bleepingcomputer.com/news/security/australian-clinical-labs-says-patient-data-stolen-in-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=7705772 False Ransomware,Data Breach None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC new compliance requirement in many industries, including healthcare, finance, and retail. In the event of a data breach, companies are often required to notify their customers and partners, which can be costly. Cyber insurance can help cover these expenses. Employee training Employees are often the weakest link in a company's cybersecurity defenses. They may not be aware of the latest cyber threats or how to protect themselves from them. That's why it's important to provide employees with regular training on cybersecurity risks and best practices. There are many different types of employee training programs available, ranging from in-person seminars to online courses. Some companies even offer financial incentives for employees who complete training programs. In the remote work era, employee education also increasingly means arming remote workers with knowledge that will keep company data safe while they are working on networks that might not be well secured. This is especially the case if you know people are connecting via public networks at cafes, co-working spaces, and airports. Endpoint security Endpoints are the devices that connect to a network, such as laptops, smartphones, and tablets. They are also a common entry point for cyber-attacks. That's why it's important to invest in endpoint security, which includes solutions such as antivirus software, firewalls, and encryption. You can invest in endpoint security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any endpoint security solution before deploying it in your environment. Identity and access management Identity and access management (IAM) is a process for managing user identities and permissions. It can be used to control who has access to what data and resources, and how they can use them. IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with one set of credentials, and two-factor authentication (2FA), which adds an extra layer of security. IAM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems. Intrusion detection and prevention Intrusion detection and prevention systems (IDPS) are designed to detect and prevent cyber-attacks. They work by monitoring network traffic for suspicious activity and blocking or flagging it as needed. IDPS solutions can be deployed on-premises or in the cloud. There are many different types of IDPS solutions available, ranging from simple network-based solutions to more sophisticated host-based ones. Make sure you choose a solution that is right for your environment and needs. Security information and event management Security information and event management (SIEM) solutions are designed to collect and analyze data from a variety of security ]]> 2022-10-27T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/11-cybersecurity-investments-you-can-make-right-now www.secnews.physaphae.fr/article.php?IdArticle=7700503 False Data Breach,Spam,Malware,Vulnerability,Patching None None Security Affairs - Blog Secu 2022-10-26T19:09:16+00:00 https://securityaffairs.co/wordpress/137673/data-breach/see-tickets-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7690434 False Data Breach,Threat None None