This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-04-24T07:26:00+00:00 www.secnews.physaphae.fr Korben - Bloger francais 2024-04-23T07:00:00+00:00 https://korben.info/un-nouvel-outil-de-programmation-visuelle-flyde-en-alpha-pour-les-developpeurs.html www.secnews.physaphae.fr/article.php?IdArticle=8487263 False None None None Zataz - Magazine Francais de secu 2024-04-23T06:56:55+00:00 https://www.zataz.com/exploitation-critique-de-magento-installation-de-portes-derobees-dans-les-boutiques-en-ligne/ www.secnews.physaphae.fr/article.php?IdArticle=8487228 False None None None Data Security Breach - Site de news Francais 2024-04-23T06:50:47+00:00 https://www.datasecuritybreach.fr/open-worldwide-application-security-project/ www.secnews.physaphae.fr/article.php?IdArticle=8487245 False None None None Data Security Breach - Site de news Francais 2024-04-23T06:48:06+00:00 https://www.datasecuritybreach.fr/dbsc-chrome/ www.secnews.physaphae.fr/article.php?IdArticle=8487246 False None None None Zataz - Magazine Francais de secu 2024-04-23T06:45:08+00:00 https://www.zataz.com/usurpation-le-virus-etait-dans-lhopital/ www.secnews.physaphae.fr/article.php?IdArticle=8487229 False None None None Data Security Breach - Site de news Francais 2024-04-23T06:40:13+00:00 https://www.datasecuritybreach.fr/wordpress-isql-layerslider/ www.secnews.physaphae.fr/article.php?IdArticle=8487247 False None None None Data Security Breach - Site de news Francais 2024-04-23T06:37:34+00:00 https://www.datasecuritybreach.fr/xss-cisco/ www.secnews.physaphae.fr/article.php?IdArticle=8487248 False None None None Korben - Bloger francais 2024-04-23T06:18:24+00:00 https://korben.info/nasa-sonde-voyager-1-transmet-donnees-ingenierie.html www.secnews.physaphae.fr/article.php?IdArticle=8487264 False None None None The Register - Site journalistique Anglais Yet X remains a supporter of an international commitment to stop this, and its owner knows it +Comment  Australia\'s government has secured a court order requiring Elon Musk\'s social network, X, to remove all videos depicting a terrorist attack.…]]> 2024-04-23T04:15:12+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/23/australia_x_terror_video_takedown/ www.secnews.physaphae.fr/article.php?IdArticle=8487186 False Legislation None None Wired Threat Level - Security News The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.]]> 2024-04-23T03:55:10+00:00 https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8487165 False Ransomware,Medical None None The State of Security - Magazine Américain In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies and tackles nefarious behaviors that are often overlooked by conventional defenses. The Significance of Advanced HIDS in Endpoint Security An advanced HIDS plays a crucial part in strengthening endpoint security. It is capable of identifying and...]]> 2024-04-23T03:03:59+00:00 https://www.tripwire.com/state-of-security/enhancing-endpoint-security-advanced-host-based-intrusion-detection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8487265 False None None None The State of Security - Magazine Américain Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don\'t have the funds to invest in cybersecurity. To make matters worse, cybercriminals see these organizations as easy prey. Although they may not be able to shell out for extortionate ransom demands as big business can, at the end of the day, data is data and is always worth something on the dark web. In many cases, smaller...]]> 2024-04-23T03:03:45+00:00 https://www.tripwire.com/state-of-security/university-cybersecurity-clinics-can-now-use-new-cisa-resource-guide www.secnews.physaphae.fr/article.php?IdArticle=8487266 False None None None The Register - Site journalistique Anglais Putin\'s pals use \'GooseEgg\' malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…]]> 2024-04-23T01:15:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/23/russia_fancy_bear_goose_egg/ www.secnews.physaphae.fr/article.php?IdArticle=8487124 False Malware,Tool,Vulnerability,Threat APT 28 None Dark Reading - Informationweek Branch Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms - and in some cases, individual consultants - to obtain licenses to do business, but concerns remain.]]> 2024-04-23T01:00:00+00:00 https://www.darkreading.com/cyber-risk/licensed-to-bill-nations-mandate-certification-licensure-of-cybersecurity-pros www.secnews.physaphae.fr/article.php?IdArticle=8487103 False None None None Hacking Articles - Blog de Raj Chandel Welcome to WordPress. This is your first post. Edit or delete it, then start writing!]]> 2024-04-23T00:38:37+00:00 https://www.hackingarticles.in/uncategorized/hello-world/ www.secnews.physaphae.fr/article.php?IdArticle=8487255 False None None None Zataz - Magazine Francais de secu 2024-04-22T22:38:57+00:00 https://www.zataz.com/les-methodes-renouvelees-de-la-mafia-roumaine-dans-le-vol-de-cartes-de-debit-en-californie/ www.secnews.physaphae.fr/article.php?IdArticle=8487059 False None None None Zataz - Magazine Francais de secu 2024-04-22T22:13:39+00:00 https://www.zataz.com/le-commerce-malveillant-de-contrefacons-pornographiques-une-nouvelle-menace-en-ligne-decouverte/ www.secnews.physaphae.fr/article.php?IdArticle=8487060 False None None None Zataz - Magazine Francais de secu 2024-04-22T22:07:51+00:00 https://www.zataz.com/le-fsb-traque-les-pirates-informatiques/ www.secnews.physaphae.fr/article.php?IdArticle=8487061 False None None None Data Security Breach - Site de news Francais 2024-04-22T22:02:33+00:00 https://www.datasecuritybreach.fr/bot-internet/ www.secnews.physaphae.fr/article.php?IdArticle=8487052 False None None None CyberScoop - scoopnewsgroup.com special Cyber D'autres soutiennent que la relance des choses pourrait avoir des conséquences dangereuses, et l'administration devrait aller dans la direction opposée.

---

>Others contend that loosening things up could have dangerous consequences, and the administration should go the opposite direction. ]]> 2024-04-22T22:01:20+00:00 https://cyberscoop.com/proposed-data-broker-regulations-draw-industry-pushback-on-anonymized-data-exceptions-bulk-thresholds/ www.secnews.physaphae.fr/article.php?IdArticle=8487033 False None None None Korben - Bloger francais 2024-04-22T21:28:55+00:00 https://korben.info/mercedes-drive-pilot-avenir-conduite-autonome.html www.secnews.physaphae.fr/article.php?IdArticle=8487038 False None None None Ars Technica - Risk Assessment Security Hacktivism Rivalry with Apple now mirrors the Android/iOS competition more than ever.]]> 2024-04-22T21:19:56+00:00 https://arstechnica.com/?p=2019154 www.secnews.physaphae.fr/article.php?IdArticle=8487058 False Mobile None None Recorded Future - FLux Recorded Future 2024-04-22T21:16:14+00:00 https://therecord.media/crushftp-file-transfer-vulnerability-patch-asap www.secnews.physaphae.fr/article.php?IdArticle=8487035 False Tool None None Dark Reading - Informationweek Branch The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.]]> 2024-04-22T21:15:51+00:00 https://www.darkreading.com/cyber-risk/-toddycat-apt-is-stealing-data-on-an-industrial-scale- www.secnews.physaphae.fr/article.php?IdArticle=8487034 False Threat None None Recorded Future - FLux Recorded Future 2024-04-22T20:42:32+00:00 https://therecord.media/hhs-privacy-protections-reproductive-healthcare www.secnews.physaphae.fr/article.php?IdArticle=8487012 False None None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in]]> 2024-04-22T20:41:00+00:00 https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html www.secnews.physaphae.fr/article.php?IdArticle=8486890 False Tool,Threat,Industrial None 3.0000000000000000 TroyHunt - Blog Security Microsoft didn\'t disclose the in-the-wild exploits by Kremlin-backed group until now.]]> 2024-04-22T20:36:56+00:00 https://arstechnica.com/?p=2019186 www.secnews.physaphae.fr/article.php?IdArticle=8487082 False Malware,Vulnerability None None CyberScoop - scoopnewsgroup.com special Cyber CISA et OMB n'ont qu'une poignée de tâches exceptionnelles à terminer dans le cadre de l'ordre du président en 2021.

---

>CISA and OMB have just a handful of outstanding tasks to finish as part of the president\'s 2021 order. ]]> 2024-04-22T20:22:19+00:00 https://fedscoop.com/cybersecurity-executive-order-requirements-gao-omb-cisa/ www.secnews.physaphae.fr/article.php?IdArticle=8487010 False None None None knowbe4 - cybersecurity services Ce nouveau jeu dure 10 minutes, disponible en anglais (GB) et au niveau d'abonnement Diamond. & Nbsp;

---

We released a new game, now available on the KnowBe4 Modstore. I played it myself and this is recommended for all Inside Man fans!  "Mark Shepherd, The Inside Man himself, is recruiting a crack security team to thwart the sinister \'Handler\'. Your mission is to accumulate points in a series of challenges that apply lessons learnt throughout The Inside Man series, to test your expertise in combating phishing, social engineering, password breaches, ransomware and document security. "This new Game is 10 minutes in duration, available in English (GB), and at Diamond subscription level. ]]> 2024-04-22T20:21:06+00:00 https://blog.knowbe4.com/your-blnew-game-the-inside-man-new-recruits-gameog-post-title-here www.secnews.physaphae.fr/article.php?IdArticle=8487011 False Ransomware None None Krebs on Security - Chercheur Américain The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump\'s Dumps.]]> 2024-04-22T20:07:56+00:00 https://krebsonsecurity.com/2024/04/russian-fsb-counterintelligence-chief-gets-9-years-in-cybercrime-bribery-scheme/ www.secnews.physaphae.fr/article.php?IdArticle=8487009 False None None None Dark Reading - Informationweek Branch An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims\' Microsoft credentials.]]> 2024-04-22T19:35:01+00:00 https://www.darkreading.com/cyberattacks-data-breaches/nespresso-domain-phish-cream-sugar www.secnews.physaphae.fr/article.php?IdArticle=8486986 False Vulnerability None None Dark Reading - Informationweek Branch The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself - including exploiting the Ivanti bugs that attackers have been swarming on for months.]]> 2024-04-22T19:11:27+00:00 https://www.darkreading.com/endpoint-security/mitre-attacked-infosecs-most-trusted-name-falls-to-ivanti-bugs www.secnews.physaphae.fr/article.php?IdArticle=8486987 False Threat None None RiskIQ - cyber risk firms (now microsoft) ## Snapshot Botnets such as Moobot, Miori, AGoent, and Gafgyt Variant are exploiting the CVE-2023-1389 vulnerability, which was disclosed last year. The vulnerability is an unauthenticated command injection vulnerability in the “locale” API available via the web management interface of the TP-Link Archer AX21 (AX1800). ## Description Multiple botnets, including Moobot, Miroi, AGoent, and the Gafgyt Variant, have been observed exploiting this vulnerability. Each botnet employs unique methods of infection and attack, with AGoent and the Gafgyt Variant targeting Linux-based architectures to launch DDoS attacks, while Moobot initiates DDoS attacks on remote IPs after retrieving ELF files from a specific URL. The initial infiltration occurs through the unauthenticated command injection vulnerability in the "locale" API, allowing attackers to achieve command injection by manipulating the "country" form and "write" operation. ## References [https://www.fortinet.com/blog/threat-research/botnets-continue-exploiting-cve-2023-1389-for-wide-scale-spread](https://www.fortinet.com/blog/threat-research/botnets-continue-exploiting-cve-2023-1389-for-wide-scale-spread)]]> 2024-04-22T19:02:33+00:00 https://community.riskiq.com/article/244cbe20 www.secnews.physaphae.fr/article.php?IdArticle=8487003 False Vulnerability None None Dark Reading - Informationweek Branch Though organizations are increasingly incorporating zero-trust strategies, for many, these strategies fail to address the entirety of an operation, according to Gartner.]]> 2024-04-22T18:12:41+00:00 https://www.darkreading.com/endpoint-security/zero-trust-takes-over-63-percent-of-orgs-implementing-globally www.secnews.physaphae.fr/article.php?IdArticle=8486964 False None None None Recorded Future - FLux Recorded Future 2024-04-22T17:47:00+00:00 https://therecord.media/russia-gru-malware-gooseegg-microsoft www.secnews.physaphae.fr/article.php?IdArticle=8486932 False Malware None None TroyHunt - Blog Security With 16GB of RAM, there\'s lot of room for Google\'s AI models to live in memory.]]> 2024-04-22T17:43:09+00:00 https://arstechnica.com/?p=2019066 www.secnews.physaphae.fr/article.php?IdArticle=8486963 False None None None Korben - Bloger francais 2024-04-22T17:33:30+00:00 https://korben.info/deadpool-wolverine-duo-dejante-mcu-ete-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8486967 False None None None CrowdStrike - CTI Society Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation.  However, as organizations migrate to the cloud, they face a complex and growing threat landscape of […]]]> 2024-04-22T17:03:13+00:00 https://www.crowdstrike.com/blog/best-practices-to-secure-aws-resources/ www.secnews.physaphae.fr/article.php?IdArticle=8486953 False Threat,Cloud None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half.  And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and]]> 2024-04-22T17:00:00+00:00 https://thehackernews.com/2024/04/penteras-2024-report-reveals-hundreds.html www.secnews.physaphae.fr/article.php?IdArticle=8486778 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance]]> 2024-04-22T16:35:00+00:00 https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html www.secnews.physaphae.fr/article.php?IdArticle=8486779 False Vulnerability,Threat None 3.0000000000000000 Intigrity - Blog L'industrie du transport et de la logistique (t & # 38; l) est un acteur crucial dans le monde interconnecté d'aujourd'hui, permettant le mouvement transparent des marchandises sur de longues distances avec une efficacité exceptionnelle. & # 160; & # 160;Cependant, cette efficacité même a également fait de l'industrie une cible privilégiée pour les cyberattaques.Alors que les entreprises t & # 38; l s'appuient de plus en plus sur les technologies numériques pour optimiser les opérations, elles deviennent vulnérables [& # 8230;]

---

>The transport and logistics (T&L) industry is a crucial player in today’s interconnected world, enabling the seamless movement of goods across long distances with exceptional efficiency.   However, this very efficiency has also made the industry a prime target for cyber attacks. As T&L companies rely increasingly on digital technologies to optimize operations, they become vulnerable […] ]]> 2024-04-22T16:23:24+00:00 https://blog.intigriti.com/2024/04/22/pentesting-for-transport-and-logistics/ www.secnews.physaphae.fr/article.php?IdArticle=8486911 False None None None IT Security Guru - Blog Sécurité # miwic2024: messaChambers, PDG et co-fondateur de Sitehop est apparu pour la première fois sur gourou de la sécurité informatique .

---

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] The post #MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop first appeared on IT Security Guru. ]]> 2024-04-22T16:00:10+00:00 https://www.itsecurityguru.org/2024/04/22/miwic2024-melissa-chambers-ceo-and-co-founder-of-sitehop/?utm_source=rss&utm_medium=rss&utm_campaign=miwic2024-melissa-chambers-ceo-and-co-founder-of-sitehop www.secnews.physaphae.fr/article.php?IdArticle=8486886 False None None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-04-22T15:52:34+00:00 https://www.globalsecuritymag.fr/la-cybersecurite-de-zero-par-vincent-senetaire-nicolas-lepotier-et-titouan.html www.secnews.physaphae.fr/article.php?IdArticle=8486882 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to]]> 2024-04-22T15:52:00+00:00 https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html www.secnews.physaphae.fr/article.php?IdArticle=8486755 False Ransomware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The scheme was uncovered by Kaspersky and has been operational since November 2023]]> 2024-04-22T15:30:00+00:00 https://www.infosecurity-magazine.com/news/telegram-exploited-toncoin-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8486889 False Threat None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain attaquez le vecteur d'attaque: McAfee a publié un rapport sur un newLUA Malware Loader Distribué via ce qui semblait être un référentiel Microsoft Github légitime pour le gestionnaire de bibliothèque & # 8220; C ++ pour Windows, Linux et MacOS, & # 8221;connu sous le nom de vcpkg . L'attaquant exploite une propriété de GitHub: les commentaires à un dépôt particulier peuvent contenir des fichiers, et ces fichiers seront associés au projet dans l'URL. Cela signifie que quelqu'un peut télécharger des logiciels malveillants et & # 8220; joint & # 8221;à un projet légitime et fiable. Comme l'URL du fichier contient le nom du référentiel dans lequel le commentaire a été créé, et comme presque toutes les sociétés de logiciels utilisent Github, ce défaut peut permettre aux acteurs de menace de développer des leurres extraordinairement astucieux et dignes de confiance..

---

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL. What this means is that someone can upload malware and “attach” it to a legitimate and trusted project. As the file’s URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures...]]> 2024-04-22T15:26:34+00:00 https://www.schneier.com/blog/archives/2024/04/using-legitimate-github-urls-for-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8486881 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-22T15:20:31+00:00 https://therecord.media/unitedhealth-ceo-andrew-witty-testimony-house-subcommittee www.secnews.physaphae.fr/article.php?IdArticle=8486884 False Ransomware None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-22T15:20:08+00:00 https://therecord.media/belarus-cyber-partisans-fertilizer-hack-lukashenko www.secnews.physaphae.fr/article.php?IdArticle=8486885 False None None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-22T15:04:06+00:00 https://community.riskiq.com/article/03b84c13 www.secnews.physaphae.fr/article.php?IdArticle=8486904 False Vulnerability,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Find out how OT organizations can shift from a legacy implied trust model to a zero-trust model seamlessly across and within critical infrastructures.]]> 2024-04-22T15:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/is-zero-trust-right-for-ot www.secnews.physaphae.fr/article.php?IdArticle=8486880 False Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said&]]> 2024-04-22T14:52:00+00:00 https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8486727 False Threat None 3.0000000000000000 Silicon - Site de News Francais 2024-04-22T14:44:52+00:00 https://www.silicon.fr/paris-2024-numerique-responsable-478008.html www.secnews.physaphae.fr/article.php?IdArticle=8486859 False None None 3.0000000000000000 McAfee Labs - Editeur Logiciel Nous l'avons dit plusieurs fois dans nos blogs - c'est difficile de savoir ce qui est réel et ce qui est faux.Et ...

---

> We\'ve said it several times in our blogs - it\'s tough knowing what\'s real and what\'s fake out there. And... ]]> 2024-04-22T14:15:19+00:00 https://www.mcafee.com/blogs/internet-security/how-to-spot-ai-audio-deepfakes-at-election-time/ www.secnews.physaphae.fr/article.php?IdArticle=8486856 False None None 3.0000000000000000 Dark Reading - Informationweek Branch The five intelligence sources that power social engineering scams.]]> 2024-04-22T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/where-hackers-find-your-weak-spots www.secnews.physaphae.fr/article.php?IdArticle=8486831 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-22T13:36:10+00:00 https://therecord.media/germany-arrests-spies-lasers-china www.secnews.physaphae.fr/article.php?IdArticle=8486833 False None None 3.0000000000000000 SecurityWeek - Security News Les vulnérabilités dans les réseaux Palo Alto Cortex XDR ont permis à un chercheur en sécurité de le transformer en un outil offensif malveillant.

---

>Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool. ]]> 2024-04-22T13:34:47+00:00 https://www.securityweek.com/research-shows-how-attackers-can-abuse-edr-security-products/ www.secnews.physaphae.fr/article.php?IdArticle=8486858 False Tool None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-04-22T13:32:58+00:00 https://blog.knowbe4.com/4-out-of-5-of-physicians-impacted-by-februarys-cyberattack-on-change-healthcare www.secnews.physaphae.fr/article.php?IdArticle=8486826 False Medical None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-04-22T13:31:26+00:00 https://blog.knowbe4.com/kudos-ceo-reveals-he-got-phished www.secnews.physaphae.fr/article.php?IdArticle=8486827 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers]]> 2024-04-22T13:30:00+00:00 https://www.infosecurity-magazine.com/news/dependency-confusion-flaw-found/ www.secnews.physaphae.fr/article.php?IdArticle=8486835 False Vulnerability,Threat None 2.0000000000000000 SecurityWeek - Security News Un hack qui a provoqué un débordement du système d'eau de Texas Town \\ en janvier a été lié à un groupe hacktiviste russe sombre, le dernier cas d'un utilitaire public américain devenant une cible de cyberattaques étrangères.

---

>A hack that caused a small Texas town\'s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks. ]]> 2024-04-22T13:28:31+00:00 https://www.securityweek.com/rural-texas-towns-report-cyberattacks-that-caused-one-water-system-to-overflow/ www.secnews.physaphae.fr/article.php?IdArticle=8486830 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-22T13:12:00+00:00 https://therecord.media/cyber-foreign-aid-nathaniel-fick-state-department www.secnews.physaphae.fr/article.php?IdArticle=8486834 False None None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Netzer Shohet est un chef de produit basé à Givatayim, en Israël.Il a rejoint Check Point en tant que développeur dans l'équipe d'infrastructure IPS en 2005 et travaille actuellement sur le développement du cloud pour notre plate-forme qui a permis le lancement de CloudGuard WAF, Quantum SD-WAN et Quantum IoT Protect, entre autres.Netzer est titulaire d'un diplôme de maîtrise en philosophie et d'un baccalauréat en informatique et biologie de l'Université de Tel Aviv et a rédigé son livre le plus vendu, «The Cyber-Safe Child», pour aider les parents à enseigner à leurs enfantssur la cyber-sécurité.Quel est votre rôle à Check Point, en particulier au sein de l'équipe de produit?Je travaille comme [& # 8230;]

---

>Netzer Shohet is a Product Manager based in Givatayim, Israel. He joined Check Point as a developer on the IPS infrastructure team in 2005 and currently works on cloud development for our platform that enabled the launch of CloudGuard WAF, Quantum SD-WAN, and Quantum IoT Protect, among others. Netzer holds a Master\'s degree in Philosophy and a Bachelor\'s degree in Computer Science and Biology from Tel Aviv University and authored his best-selling book, “The Cyber-Safe Child,” to help parents teach their children about cyber safety. What is your role at Check Point, specifically within the product team? I work as […] ]]> 2024-04-22T13:00:37+00:00 https://blog.checkpoint.com/company-and-culture/getting-to-know-netzer-shohet/ www.secnews.physaphae.fr/article.php?IdArticle=8486828 False Cloud None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les secteurs fédéral, étatique, gouvernemental local et éducation continuent d'être les plus ciblés par les cyberattaques aux États-Unis.Selon les organismes de recherche, d'éducation et de recherche sur les points de contrôle, connaissent 1 248 par semaine, en moyenne & # 8212;la plupart de toute industrie.Le gouvernement et les organisations militaires connaissent 1 034 par semaine, quatrième parmi toutes les industries.De plus, les organisations gouvernementales et militaires ont connu des attaques plus élevées que la moyenne de types de logiciels malveillants notables, notamment l'infostaler, le mobile, le ransomware et le botnet.Dans le secteur de l'éducation, les recherches sur les points de contrôle ont révélé des volumes d'attaque supérieurs à la moyenne d'infostaler, de ransomwares et de malwares de botnet.Pour aider à lutter contre ces menaces, vérifiez [& # 8230;]

---

>The federal, state, local government and education sectors continue to be the most targeted by cyberattacks in the United States. According to Check Point Research, education and research organizations experience 1,248 per week, on average — the most of any industry. The government and military organizations experience 1,034 per week, fourth among all industries. Further, government and military organizations have seen higher than average attacks of notable malware types, including Infostealer, mobile, ransomware and botnet. In the education sector, Check Point research found higher than average attack volumes of Infostealer, ransomware and botnet malwares. To help combat these threats, Check […] ]]> 2024-04-22T13:00:33+00:00 https://blog.checkpoint.com/security/taking-steps-toward-achieving-fedramp/ www.secnews.physaphae.fr/article.php?IdArticle=8486829 False Ransomware,Malware,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Trend Micro Unveils New Cyber Risk Management Capabilities to Anticipate and Eliminate Breaches 10-to-1 tool consolidation drives record adoption by thousands of enterprise customers - Product Reviews]]> 2024-04-22T12:55:24+00:00 https://www.globalsecuritymag.fr/trend-micro-incorporated-announced-the-availability-of-ai-driven-cyber-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8486832 False Tool,Prediction None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations Mitre Corporation ont révélé un événement de sécurité qui s'est produit en janvier 2024. L'attaque, liée au groupe chinois de l'APP, UNC5221, a impliqué l'exploitation de deux vulnérabilités zéro jour dans les produits VPN Ivanti.L'attaquant [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 22nd April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES MITRE Corporation disclosed a security event that occurred in January 2024. The attack, which is linked to Chinese APT group UNC5221, involved exploitation of two zero-day vulnerabilities in Ivanti VPN products. The attacker […] ]]> 2024-04-22T12:50:21+00:00 https://research.checkpoint.com/2024/22nd-april-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8486800 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant said in its latest report on East Asia hacking groups. The company]]> 2024-04-22T12:42:00+00:00 https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8486679 False Tool None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le Département américain de la Défense (DOD) Cyber Crime Center (DC3) et l'agence de contre-espionnage et de sécurité de la défense (DCSA) annoncent ...

---

>The U.S. Department of Defense (DoD) Cyber Crime Center (DC3) and Defense Counterintelligence and Security Agency (DCSA) announce... ]]> 2024-04-22T12:30:29+00:00 https://industrialcyber.co/news/dc3-dcsa-collaborate-to-launch-vulnerability-disclosure-program-for-defense-industrial-base/ www.secnews.physaphae.fr/article.php?IdArticle=8486804 False Vulnerability,Industrial None 2.0000000000000000 The Register - Site journalistique Anglais High-flying AI scientist claims unfair dismissal following pregnancy leave A lawsuit is alleging Amazon was so desperate to keep up with the competition in generative AI it was willing to breach its own copyright rules.…]]> 2024-04-22T12:30:12+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/22/ghaderi_v_amazon/ www.secnews.physaphae.fr/article.php?IdArticle=8486802 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Waterfall Security Solutions et Thuthukani Technology Solutions (2TS) ont annoncé un partenariat qui aidera à sécuriser les réseaux OT à travers ...

---

>Waterfall Security Solutions and Thuthukani Technology Solutions (2TS) announced a partnership that will help secure OT networks across... ]]> 2024-04-22T12:24:32+00:00 https://industrialcyber.co/news/waterfall-2ts-enter-into-cybersecurity-alliance-for-african-market/ www.secnews.physaphae.fr/article.php?IdArticle=8486805 False Industrial None 2.0000000000000000 Silicon - Site de News Francais 2024-04-22T12:21:55+00:00 https://www.silicon.fr/ptcc-programme-transfert-campus-cyber-477979.html www.secnews.physaphae.fr/article.php?IdArticle=8486803 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-22T12:15:38+00:00 https://therecord.media/european-police-end-to-end-encryption-statement www.secnews.physaphae.fr/article.php?IdArticle=8486801 False Legislation None 3.0000000000000000 NIST Security - NIST cybersecurity insights We all need supplements sometimes. Whether it\'s a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. Today, we published a supplement that provides interim guidance for agencies seeking to make use of \'syncable authenticators\' ( for example, passkeys) in both enterprise-facing and public-facing use cases]]> 2024-04-22T12:00:00+00:00 https://www.nist.gov/blogs/cybersecurity-insights/giving-nist-digital-identity-guidelines-boost-supplement-incorporating www.secnews.physaphae.fr/article.php?IdArticle=8486910 False None None None Bleeping Computer - Magazine Américain Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. [...]]]> 2024-04-22T11:27:52+00:00 https://www.bleepingcomputer.com/news/security/synlab-italia-suspends-operations-following-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8486883 False Ransomware,Medical None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-04-22T11:16:38+00:00 https://www.globalsecuritymag.fr/kaspersky-rapporte-que-les-toncoins-d-utilisateurs-de-telegram-sont-pris-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8486776 False None None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Les professionnels de l'informatique sont attaqués!Cet article expose une campagne malveillante malveillante ciblant les équipes informatiques avec une nouvelle porte dérobée nommée MADMXSHELL.Découvrez comment les attaquants utilisent les techniques de typosquat et de DNS pour compromettre les systèmes. Ceci est un article de HackRead.com Lire le post original: Malvertising: les fausses publicités de logiciels populaires diffusent de nouvelles chambres arrière Madmxshell

---

>By Deeba Ahmed IT professionals are under attack! This article exposes a malicious malvertising campaign targeting IT teams with a novel backdoor named MadMxShell. Learn how attackers use typosquatting and DNS techniques to compromise systems. This is a post from HackRead.com Read the original post: Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor]]> 2024-04-22T11:12:51+00:00 https://www.hackread.com/fake-popular-software-ads-madmxshell-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8486777 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. [...]]]> 2024-04-22T11:05:44+00:00 https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/ www.secnews.physaphae.fr/article.php?IdArticle=8486857 False Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files]]> 2024-04-22T11:00:00+00:00 https://www.infosecurity-magazine.com/news/crushftp-file-transfer/ www.secnews.physaphae.fr/article.php?IdArticle=8486753 False Vulnerability None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial A new report from Honeywell\'s GARD (Global Analysis, Research, and Defense) team disclosed that overall malware frequency continues... ]]> 2024-04-22T10:55:30+00:00 https://industrialcyber.co/reports/honeywells-2024-usb-threat-report-reveals-significant-rise-in-malware-frequency-highlighting-growing-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8486749 False Data Breach,Malware,Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) hosted the final round of the fifth annual President\'s Cup... ]]> 2024-04-22T10:47:33+00:00 https://industrialcyber.co/cisa/cisa-declares-winners-of-presidents-cup-cybersecurity-competition-with-artificially-intelligent-team-leading/ www.secnews.physaphae.fr/article.php?IdArticle=8486750 False None None 3.0000000000000000 Silicon - Site de News Francais 2024-04-22T10:45:05+00:00 https://www.silicon.fr/worldline-fait-evoluer-sa-gouvernance-des-ia-generatives-477981.html www.secnews.physaphae.fr/article.php?IdArticle=8486752 False None None 3.0000000000000000 HackRead - Chercher Cyber Par uzair amir La profondeur des activités dans le développement de logiciels varie de l'idéation et de la conception au codage, aux tests et au déploiement.Le & # 8230; Ceci est un article de HackRead.com Lire le post original: Dépicement de l'économie de l'économie deDéveloppement de logiciels: une exploration approfondie

---

>By Uzair Amir The depth of activities within software development ranges from ideation and design to coding, testing, and deployment. The… This is a post from HackRead.com Read the original post: Deciphering the Economics of Software Development: An In-Depth Exploration]]> 2024-04-22T10:24:45+00:00 https://www.hackread.com/deciphering-software-development-economics/ www.secnews.physaphae.fr/article.php?IdArticle=8486751 False None None 3.0000000000000000 Hacking Articles - Blog de Raj Chandel Pwncat stands out as an open-source Python tool highly regarded for its versatility, providing a contemporary alternative to the traditional netcat utility. Tailored for network]]> 2024-04-22T10:18:34+00:00 https://www.hackingarticles.in/a-detailed-guide-on-pwncat/ www.secnews.physaphae.fr/article.php?IdArticle=8486748 False Tool None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The new document is the first release from NSA\'s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries]]> 2024-04-22T10:15:00+00:00 https://www.infosecurity-magazine.com/news/nsa-launches-guidance-secure-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8486754 False None None 3.0000000000000000 IT Security Guru - Blog Sécurité ACDS lance l'observatoire révolutionnaireSolution: Redéfinir la gestion de la surface d'attaque est apparu pour la première fois sur gourou de la sécurité informatique .

---

Advanced Cyber Defence Systems (ACDS) has unveiled its groundbreaking Attack Surface Management (ASM) solution: OBSERVATORY. Engineered with a comprehensive three-pronged approach-Discovery, Validation, and Insight-OBSERVATORY offers an unparalleled level of network security.  As the number of internet-connected devices explodes, organisations struggle to keep track and secure them before attackers strike. Shockingly, surveys show 69% of companies […] The post ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management first appeared on IT Security Guru. ]]> 2024-04-22T10:04:50+00:00 https://www.itsecurityguru.org/2024/04/22/acds-launches-revolutionary-observatory-solution-redefining-attack-surface-management/?utm_source=rss&utm_medium=rss&utm_campaign=acds-launches-revolutionary-observatory-solution-redefining-attack-surface-management www.secnews.physaphae.fr/article.php?IdArticle=8486724 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog We continue to report on the APT group ToddyCat. This time, we\'ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.]]> 2024-04-22T10:00:00+00:00 https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/ www.secnews.physaphae.fr/article.php?IdArticle=8486723 False None None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC With the rise of remote and flexible work arrangements, Bring Your Own Device (BYOD) programs that allow employees to use their personal devices for work are becoming increasingly mainstream. In addition to slashing hardware costs, BYOD improves employee satisfaction by 56% and productivity by 55%, a survey by Crowd Research Partners finds. Yet, cybersecurity remains a concern for businesses. 72% are worried about data leakage or loss, while 52% fear the potential for malware on personal devices. But by implementing a strong BYOD policy and educating your employees on cybersecurity best practices, you can reap the benefits of BYOD without putting your company assets and data at risk. Put a Formal BYOD Policy in Place Just as your business has acceptable use policies in place for corporate devices, similar policies for personal devices are just as important. Your company’s BYOD policy should provide your employees with clear rules and guidelines on how they can use their devices safely at work without compromising cybersecurity. This policy should cover: Devices, software, and operating systems that can be used to access digital business resources Devices, software, and operating systems that can’t be used to access digital business resources Policies that outline the acceptable use of personal devices for corporate activities Essential security measures employees must follow on personal devices (such as, complex passwords and regular security updates) Steps employees must follow if their device is stolen or lost (like immediately report it to their manager or IT department) A statement that your business will erase company-related data from lost or stolen devices remotely What happens if an employee violates your BYOD policy (are you going to revoke certain access privileges? If you give employees an allowance to cover BYOD costs, will you freeze the funds? Provide additional corrective training?). Don’t forget to also include a signature field the employee must sign in to indicate their agreement with your BYOD policies. The best time to introduce employees to the policy is during onboarding or, for existing employees, during the network registration process for the BYOD device. Setting expectations and educating your employees is essential to protect both company data and employee privacy. Basic Cybersecurity Training When putting together your BYOD employee training program, don’t make the mistake of thinking basic device security is too…basic. It’s not. Since personal devices are usually less secure than corporate devices, they’re generally at a greater risk of data breaches, viruses, and loss or theft. Comprehensive user education that includes the basics is therefore all the more important to mitigate these risks. So as a basic rule, your employees should know not to allow their devices to auto-connect to public networks. If, on rare occasions, employees really do need to access company data on an open network, they should use a virtual private network (VPN). VPNs encrypt data and hide we]]> 2024-04-22T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/bring-your-own-device-how-to-educate-your-employees-on-cybersecurity-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8487608 False Malware,Vulnerability None None Global Security Mag - Site de news francais Points de Vue]]> 2024-04-22T09:54:00+00:00 https://www.globalsecuritymag.fr/spear-phishing-l-art-de-seduire-virtuellement-votre.html www.secnews.physaphae.fr/article.php?IdArticle=8486725 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s National Cyber Security Centre will see Richard Horne take over as its new boss in the autumn]]> 2024-04-22T09:15:00+00:00 https://www.infosecurity-magazine.com/news/ncsc-pwcs-richard-horne-new-ceo/ www.secnews.physaphae.fr/article.php?IdArticle=8486726 False None None 3.0000000000000000 Silicon - Site de News Francais 2024-04-22T08:53:27+00:00 https://www.silicon.fr/jo-2024-cyber-anssi-477970.html www.secnews.physaphae.fr/article.php?IdArticle=8486701 False None None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days]]> 2024-04-22T08:30:00+00:00 https://www.infosecurity-magazine.com/news/mitre-ivanti-breach-nation-state/ www.secnews.physaphae.fr/article.php?IdArticle=8486702 False None None 4.0000000000000000 Sekoia - Cyber Firms Le changement global vers le cloud computing est indéniable.Selon Statista, le marché mondial de l'informatique du cloud public continue de croître et devrait atteindre environ 679 milliards de dollars américains en 2024. AWS, Azure et Google Cloud Services dominent le marché et offrent l'évolutivité et la rentabilité des entreprises.Néanmoins, tout devient plus compliqué lorsqu'il [& # 8230;] la publication Suivante sécuriser les périmètres de cloud est un article de Blog Sekoia.io .

---

>The global shift towards cloud computing is undeniable. According to Statista, the worldwide public cloud computing market continues to grow and is expected to reach an estimated 679 billion U.S. dollars in 2024. AWS, Azure and Google Cloud services dominate the market and offer businesses scalability and cost-effectiveness. Nevertheless, everything becomes more complicated when it […] La publication suivante Securing cloud perimeters est un article de Sekoia.io Blog.]]> 2024-04-22T07:18:51+00:00 https://blog.sekoia.io/securing-cloud-perimeters/ www.secnews.physaphae.fr/article.php?IdArticle=8486700 False Cloud None 2.0000000000000000 Korben - Bloger francais 2024-04-22T07:00:00+00:00 https://korben.info/base-donnees-incidents-ia-construire-ia-sure-responsable-signaler-bugs-crowdsourcing.html www.secnews.physaphae.fr/article.php?IdArticle=8486678 False None None 3.0000000000000000 The State of Security - Magazine Américain The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the importance of adopting stringent security measures to protect the sanctity of this vital service. Advanced Cybersecurity Threats to Telemedicine The stakes are high as the healthcare sector grapples with the dual challenge of expanding digital...]]> 2024-04-22T02:35:34+00:00 https://www.tripwire.com/state-of-security/exploring-cybersecurity-risks-telemedicine-new-healthcare-paradigm www.secnews.physaphae.fr/article.php?IdArticle=8486676 False Medical None 3.0000000000000000 The State of Security - Magazine Américain As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let \' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model...]]> 2024-04-22T02:35:32+00:00 https://www.tripwire.com/state-of-security/nsa-debuts-cloud-security-mitigation-strategies www.secnews.physaphae.fr/article.php?IdArticle=8486677 False Vulnerability,Cloud None 3.0000000000000000 The Register - Site journalistique Anglais 2024-04-22T01:57:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/22/in_brief_security/ www.secnews.physaphae.fr/article.php?IdArticle=8486555 False Ransomware None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment identifié la distribution de fichiers de phishing identiques à la connexion du site Web de portail coréenécrans.Les cas qui se font l'identité de plusieurs sites Web de portail coréen, les marques de logistique et d'expédition et les pages de connexion WebMail ont été très courantes du passé.* Dans les images de comparaison gauche / droite utilisée dans ce post, le côté gauche montre la page de phishing et le côté droit montre la page normale.La figure 1 montre des captures d'écran de la page de phishing qui se font l'identité de la page de connexion Naver et ...

---

AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of phishing files identical to Korean portal website login screens. Cases impersonating multiple Korean portal websites, logistics and shipping brands, and webmail login pages have been very common from the past. * In the left/right comparison images used in this post, the left side shows the phishing page and the right side shows the normal page. Figure 1 shows screenshots of the phishing page impersonating the Naver login page and... ]]> 2024-04-22T01:35:57+00:00 https://asec.ahnlab.com/en/64294/ www.secnews.physaphae.fr/article.php?IdArticle=8486554 False None None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Penser en dehors de la boîte n'est pas toujours une tâche facile.Surtout quand il s'agit de trouver un moyen de connecter en toute sécurité un dispositif IoT sur une bouée au milieu de l'océan à un centre de données à Amsterdam.Mais ce type de projet n'était pas à la hauteur pour Brice Renaud, une solutions [& # 8230;]

---

>Thinking outside of the box isn\'t always an easy task. Especially when it comes to finding a way to securely connect an IoT device on a buoy in the middle of the ocean to a data centre all the way in Amsterdam. But this kind of project was no match for Brice Renaud, a Solutions […] ]]> 2024-04-21T17:00:00+00:00 https://www.netskope.com/blog/saving-the-coral-reefs-securing-iot-under-the-sea www.secnews.physaphae.fr/article.php?IdArticle=8486372 False None None 3.0000000000000000 The Register - Site journalistique Anglais With little competition at the goverment level, Windows giant has no incentive to make its systems safer Interview  Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it\'s fair to call Redmond\'s recent security failures a national security issue. …]]> 2024-04-21T15:25:08+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/21/microsoft_national_security_risk/ www.secnews.physaphae.fr/article.php?IdArticle=8486351 False Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn\'t make you feel bad for the victims. [...]]]> 2024-04-21T14:49:58+00:00 https://www.bleepingcomputer.com/news/security/malware-dev-lures-child-exploiters-into-honeytrap-to-extort-them/ www.secnews.physaphae.fr/article.php?IdArticle=8486413 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine Stealer, ]]> 2024-04-21T14:12:00+00:00 https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html www.secnews.physaphae.fr/article.php?IdArticle=8486229 False Malware None 3.0000000000000000