This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-02T04:36:48+00:00 www.secnews.physaphae.fr CyberScoop - scoopnewsgroup.com special Cyber Les chercheurs ont trouvé 97 jours zéro exploités dans la nature en 2023;Près des deux tiers des défauts mobiles et du navigateur ont été utilisés par les entreprises spyware.

---

>Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms. ]]> 2024-03-27T13:00:00+00:00 https://cyberscoop.com/spyware-zero-days-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8471356 False Vulnerability,Threat,Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Les experts en cybersécurité avertissent que les exploits zéro-jours, qui peuvent être utilisés pour compromettre les appareils avant que quiconque ne sache qu'ils sont vulnérables, sont devenus plus courants en tant que pirates et cybercriminels à l'État-nation et en train de trouver des moyens sophistiqués de mener à bien leurs attaques.Des chercheurs de Google ont déclaré mercredi avoir observé 97 jours zéro exploités dans la nature en 2023, comparés

---

Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they\'re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks. Researchers from Google on Wednesday said they observed 97 zero-days exploited in the wild in 2023, compared]]> 2024-03-27T13:00:00+00:00 https://therecord.media/zero-day-exploits-jumped-in-2023-spyware www.secnews.physaphae.fr/article.php?IdArticle=8471355 False Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber Par waqas La cyberattaque a eu lieu dans la première semaine de mars 2024 lors du sommet spécial de l'Asean-Australia à Melbourne. Ceci est un article de HackRead.com Lire le post original: APTS chinois a ciblé l'ASEAN pendant le sommet avec des logiciels malveillants d'espionnage

---

>By Waqas The cyberattack occurred in the first week of March 2024 during the ASEAN-Australia Special Summit in Melbourne. This is a post from HackRead.com Read the original post: Chinese APTs Targeted ASEAN During Summit with Espionage Malware]]> 2024-03-27T12:56:19+00:00 https://www.hackread.com/chinese-apts-asean-summit-espionage-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8471358 False Malware None 3.0000000000000000 ProofPoint - Firm Security 2024-03-27T12:52:47+00:00 https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-unleashes-power-behavioral-ai-thwart-data-loss-over-email www.secnews.physaphae.fr/article.php?IdArticle=8471677 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Pervasive and inexpensive phishing kit encompasses hundreds of templates targeting Kuwait Post, Etisalat, Jordan Post, Saudi Post. Australia Post, Singapore Post, and postal services in South Africa, Nigeria, Morocco, and more.]]> 2024-03-27T12:51:07+00:00 https://www.darkreading.com/endpoint-security/-darcula-phishing-as-a-service-operation-bleeds-victims-worldwide www.secnews.physaphae.fr/article.php?IdArticle=8471359 False None None 4.0000000000000000 SecurityWeek - Security News La vulnérabilité du cadre Ray AI contesté exploitée pour voler des informations et déployer des cryptomines sur des centaines de clusters.

---

>Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. ]]> 2024-03-27T12:22:05+00:00 https://www.securityweek.com/attackers-exploit-ray-ai-framework-vulnerability-to-hack-hundreds-of-clusters/ www.secnews.physaphae.fr/article.php?IdArticle=8471353 False Hack,Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais affaires / / oktey

---

Altospam accède au Label Cybersecurity made in Europe - Business / Oktey]]> 2024-03-27T12:03:57+00:00 https://www.globalsecuritymag.fr/altospam-accede-au-label-cybersecurity-made-in-europe.html www.secnews.physaphae.fr/article.php?IdArticle=8471340 False None None 2.0000000000000000 Detection Engineering - Blog Sécu 2024-03-27T12:03:11+00:00 https://www.detectionengineering.net/p/det-eng-weekly-63-back-in-the-lab www.secnews.physaphae.fr/article.php?IdArticle=8471325 False None None 2.0000000000000000 Cisco - Security Firm Blog Security Cloud is the future for Cisco Security and our customers that requires the utmost in engineering agility from us]]> 2024-03-27T12:00:04+00:00 https://feedpress.me/link/23535/16632939/balancing-agility-and-predictability-to-achieve-major-engineering-breakthroughs www.secnews.physaphae.fr/article.php?IdArticle=8471326 False Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco scored just 3% of organizations as having a \'mature\' level of readiness to cyber threats, a significant decline from the previous year]]> 2024-03-27T12:00:00+00:00 https://www.infosecurity-magazine.com/news/resilient-modern-cyber-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8471328 False None None 3.0000000000000000 ComputerWeekly - Computer Magazine 2024-03-27T11:15:00+00:00 https://www.computerweekly.com/news/366575672/Cyber-spies-not-cyber-criminals-behind-most-zero-day-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8471443 False Vulnerability,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité cyber-saison perturbationSIEM et XDR Market avec une nouvelle solution SDR C'est apparu pour la première fois sur gourou de la sécurité informatique .

---

Attack protection pros Cybereason have announced the launch of a new SIEM Detection and Response (SDR) solution with Observe. Cybereason\'s SDR SaaS solution addresses issues with outdated SIEM architectures and enhances SOC effectiveness through the automated ingestion and enrichment of data across an organisation\'s digital footprint. SDR Consolidates All Security Data Into A Central Data […] The post Cybereason Disrupt SIEM and XDR Market with New SDR Solution first appeared on IT Security Guru. ]]> 2024-03-27T11:01:25+00:00 https://www.itsecurityguru.org/2024/03/27/cybereason-disrupt-siem-and-xdr-market-with-new-sdr-solution/?utm_source=rss&utm_medium=rss&utm_campaign=cybereason-disrupt-siem-and-xdr-market-with-new-sdr-solution www.secnews.physaphae.fr/article.php?IdArticle=8471303 False Cloud None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain assez dévastateur : Aujourd'hui, Ian Carroll, Lennert Wouters et une équipe d'autres chercheurs en sécurité révèlent une technique de piratage de l'hôtel Keycard qu'ils appellent Unfillok .La technique est une collection de vulnérabilités de sécurité qui permettraient à un pirate d'ouvrir presque instantanément plusieurs modèles de serrures Keycard basées sur la marque Saflok-Brand vendues par le fabricant de serrures suisses Dormakaba.Les systèmes Saflok sont installés sur 3 millions de portes dans le monde, dans 13 000 propriétés dans 131 pays.En exploitant les faiblesses dans le cryptage de Dormakaba et du système RFID sous-jacent que Dormakaba, connu sous le nom de Mifare Classic, Carroll et Wouters ont démontré à quel point ils peuvent facilement ouvrir un verrou de Keycard Saflok.Leur technique commence par l'obtention de n'importe quelle carte-clé à partir d'un hôtel cible & # 8212; disons, en réservant une chambre là-bas ou en saisissant une courte-clés dans une boîte de celles d'occasion & # 8212; puis en lisant un certain code de cette carte avec une lecture RFID de 300 $dispositif, et enfin écrire deux cartes-clés qui leur sont propres.Lorsqu'ils appuyent simplement sur ces deux cartes sur une serrure, la première réécrit un certain morceau des données de verrouillage, et la seconde l'ouvre ...

---

It’s pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it...]]> 2024-03-27T11:01:08+00:00 https://www.schneier.com/blog/archives/2024/03/security-vulnerability-in-safloks-rfid-based-keycard-locks.html www.secnews.physaphae.fr/article.php?IdArticle=8471297 False Vulnerability None 3.0000000000000000 Silicon - Site de News Francais 2024-03-27T11:00:28+00:00 https://www.silicon.fr/dma-microgestion-big-tech-477187.html www.secnews.physaphae.fr/article.php?IdArticle=8471299 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto Networks\' Unit 42 observed two Chinese-affiliated APT groups recently conducting cyber espionage campaigns targeting ASEAN organizations]]> 2024-03-27T11:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-apt-asean-entities/ www.secnews.physaphae.fr/article.php?IdArticle=8471302 False None None 3.0000000000000000 IT Security Guru - Blog Sécurité GRAND PROBLÈME DE LA PRODUCTION AVEC NCSC, NCA ET MONT La police pour enquêter sur le cyber-incident est apparu pour la première fois sur gourou de la sécurité informatique .

---

Researchers at Comparitech, the pro-consumer website providing information, tools, reviews and comparisons to help readers improve their cyber security and privacy online, have discovered that ransomware gang Qilin claimed credit on its website for stealing 550 GB of data from the Big Issue, a UK-based street newspaper. The company has said in a statement that […] The post Big Issue working with NCSC, NCA and Met Police to investigate cyber incident first appeared on IT Security Guru. ]]> 2024-03-27T10:29:52+00:00 https://www.itsecurityguru.org/2024/03/27/big-issue-working-with-ncsc-nca-and-met-police-to-investigate-cyber-incident/?utm_source=rss&utm_medium=rss&utm_campaign=big-issue-working-with-ncsc-nca-and-met-police-to-investigate-cyber-incident www.secnews.physaphae.fr/article.php?IdArticle=8471304 False Ransomware,Tool,Legislation None 2.0000000000000000 IT Security Guru - Blog Sécurité Watchguard Threat Lab Lab Lab Analysis AnalysisMontre une augmentation des logiciels malveillants évasifs apparu pour la première fois sur gourou de la sécurité informatique .

---

WatchGuard® Technologies, a unified cybersecurity company, has announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors […] The post WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware first appeared on IT Security Guru. ]]> 2024-03-27T10:02:56+00:00 https://www.itsecurityguru.org/2024/03/27/watchguard-threat-lab-analysis-shows-surge-in-evasive-malware/?utm_source=rss&utm_medium=rss&utm_campaign=watchguard-threat-lab-analysis-shows-surge-in-evasive-malware www.secnews.physaphae.fr/article.php?IdArticle=8471272 False Malware,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems. Let\'s take a look at these techniques: 1. Vulnerability Detection Syntax: nmap -sV --script=vulners Nmap\'s vulnerability detection feature, facilitated by the \'vulners\' script, enables users to identify outdated services susceptible to known security vulnerabilities. By querying a comprehensive vulnerability database, Nmap provides valuable insights into potential weaknesses within target systems. 2. Idle Scanning Syntax: nmap -sI Idle scanning represents a stealthy approach to port scanning, leveraging a "zombie" host to obfuscate the origin of scan requests. By monitoring changes in the zombie host\'s IP identification number (IP ID) in response to packets sent to the target, Nmap infers the state of the target\'s ports without direct interaction. 3. Firewall Testing (Source Port Spoofing) Syntax: nmap --source-port This technique involves testing firewall rules by sending packets with unusual source ports. By spoofing the source port, security professionals can evaluate the effectiveness of firewall configurations and identify potential weaknesses in network defenses. 4. Service-Specific Probes (SMB Example) Syntax: nmap -sV -p 139,445 --script=smb-vuln* Nmap\'s service-specific probes enable detailed examination of services, such as the Server Message Block (SMB) protocol commonly used in Windows environments. By leveraging specialized scripts, analysts can identify vulnerabilities and assess the security posture of target systems. 5. Web Application Scanning (HTTP title grab) Syntax: nmap -sV -p 80 --script=http-title Web application scanning with Nmap allows users to gather information about web servers, potentially aiding in vulnerability identification and exploitation. By analyzing HTTP response headers, Nmap extracts valuable insights about target web applications and server configurations. Nmap Scripting Engine: One of the standout features of Nmap is its robust scripting engine (NSE), which allows users to extend the tool\'s functionality through custom scripts and plugins. NSE scripts enable users to automate tasks, perform specialized scans, gather additional information, and even exploit vulnerabilities in target systems. nmap --script-help scriptname Shows help about scripts. For each script matching the given specification, Nmap prints the script name, its categories, and its description. The specifications are the same as those accepted by --script; so, for example if you want help about the ssl-enum-ciphers script, you would run nmap --script-help ssl-enum-ciphers Users can leverage existing NSE scripts or develop custom scripts tailored to their specific requirements. ]]> 2024-03-27T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/advanced-nmap-scanning-techniques www.secnews.physaphae.fr/article.php?IdArticle=8471442 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as Mustang Panda, which has been recently linked to cyber attacks against Myanmar as well as]]> 2024-03-27T09:50:00+00:00 https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8471179 False Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité Acumen Entre Market britannique offrant une expertise et un outillage de pointe pour protéger les organisations contre les cyberattaques complexes Guru de sécurité .

---

A new cyber security services company has launched today, which pledges to deliver unparalleled expertise and cutting-edge technology to organisations. Headquartered in Glasgow, Acumen offers clients a fully managed 24/7 Security Operations Centre (SOC), while its roster of partners include CrowdStrike, Elastic, Fortinet, and Barracuda. “Our 24/7 Security Operations Centre strives to combine the right […] The post Acumen enters UK market offering expertise and market leading tooling to protect organisations against complex cyberattacks first appeared on IT Security Guru. ]]> 2024-03-27T09:43:05+00:00 https://www.itsecurityguru.org/2024/03/27/acumen-enters-uk-market-offering-expertise-and-market-leading-tooling-to-protect-organisations-against-complex-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=acumen-enters-uk-market-offering-expertise-and-market-leading-tooling-to-protect-organisations-against-complex-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8471273 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine British police have swooped on 400 fraud suspects and seized £19m]]> 2024-03-27T09:25:00+00:00 https://www.infosecurity-magazine.com/news/uk-law-enforcers-arrest-400-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=8471271 False Legislation None 2.0000000000000000 Bleeping Computer - Magazine Américain Google\'s Threat Analysis Group (TAG) and Google subsidiary Mandiant said they\'ve observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. [...]]]> 2024-03-27T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8471385 False Vulnerability,Threat None 3.0000000000000000 Korben - Bloger francais 2024-03-27T08:21:15+00:00 https://korben.info/securite-android-vlc-devoile-dessous-signature-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8471274 False Mobile None 5.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-03-27T08:15:49+00:00 https://www.globalsecuritymag.fr/la-france-reste-vulnerable-aux-cyberattaques-malgre-une-legislation-stricte.html www.secnews.physaphae.fr/article.php?IdArticle=8471260 False None None 3.0000000000000000 Korben - Bloger francais 2024-03-27T08:00:00+00:00 https://korben.info/danswer-open-source-recherche-unifiee-ia-integration-outils-travail.html www.secnews.physaphae.fr/article.php?IdArticle=8471275 False Tool None 3.0000000000000000 SonarSource - Blog Sécu et Codage By acknowledging the impact of technical debt and embracing proactive solutions like Sonar, development teams can mitigate its effects and build software that is resilient, reliable, and scalable.]]> 2024-03-27T08:00:00+00:00 https://www.sonarsource.com/blog/technical-debt-s-impact-on-development-speed-and-code-quality www.secnews.physaphae.fr/article.php?IdArticle=8471591 False Technical None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Au cours de la dernière année, l'innovation de l'IA a balayé le lieu de travail.Dans toutes les industries et toutes les fonctions de l'équipe, nous voyons des employés utiliser des assistants en IA pour rationaliser diverses tâches, notamment en prenant des minutes, en réduisant des e-mails, en développant du code, en élaborant des stratégies de marketing et même en aidant à gérer les finances des entreprises.En tant que CISO, j'envisage déjà un assistant AI qui [& # 8230;]

---

>Over the past year, AI innovation has swept through the workplace. Across industries and all team functions, we are seeing employees using AI assistants to streamline various tasks, including taking minutes, writing emails, developing code, crafting marketing strategies and even helping with managing company finances. As a CISO, I\'m already envisaging an AI assistant which […] ]]> 2024-03-27T07:00:00+00:00 https://www.netskope.com/blog/ai-assistants-a-new-challenge-for-cisos www.secnews.physaphae.fr/article.php?IdArticle=8471204 False None None 2.0000000000000000 Korben - Bloger francais 2024-03-27T05:43:05+00:00 https://korben.info/atari-400-mini-console-retrogaming-fonctions-modernes.html www.secnews.physaphae.fr/article.php?IdArticle=8471202 False None None 2.0000000000000000 Korben - Bloger francais 2024-03-27T05:26:26+00:00 https://korben.info/infinite-mac-emulation-mac-next-navigateur.html www.secnews.physaphae.fr/article.php?IdArticle=8471203 False None None 2.0000000000000000 The State of Security - Magazine Américain In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical world, the aftermath of a crime scene always yields vital clues that can unravel the mystery behind a perpetrator\'s actions. Similarly, in the digital realm, DFIR specialists comb through vast floods of data, analyzing log files, network traffic, and system artifacts to reconstruct the sequence of events...]]> 2024-03-27T04:53:09+00:00 https://www.tripwire.com/state-of-security/incident-response-dfir www.secnews.physaphae.fr/article.php?IdArticle=8471276 False None None 4.0000000000000000 The State of Security - Magazine Américain I\'ll start this one with an apology – I\'ve been watching a lot of the TV show The Bear (which I\'d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his deceased brother\'s sandwich shop. When I see different chefs interacting in a busy environment I can\'t help but think of the same activities happening in the data center and IT offices that I\'ve visited. But whilst the best businesses in the world...]]> 2024-03-27T04:06:11+00:00 https://www.tripwire.com/state-of-security/bake-ensuring-security-cyber-kitchen www.secnews.physaphae.fr/article.php?IdArticle=8471247 False None None 3.0000000000000000 Korben - Bloger francais 2024-03-27T03:59:09+00:00 https://korben.info/scandale-project-ghostbusters-meta-espionne-snapchat.html www.secnews.physaphae.fr/article.php?IdArticle=8471178 False None None 4.0000000000000000 Dark Reading - Informationweek Branch Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.]]> 2024-03-27T01:00:00+00:00 https://www.darkreading.com/cyber-risk/australian-government-doubles-down-on-cybersecurity-in-wake-of-major-attacks www.secnews.physaphae.fr/article.php?IdArticle=8471072 False None None 3.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2024-03-27T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/le-rapport-du-threat-lab-de-watchguard-revele-une-montee-en-puissance-des www.secnews.physaphae.fr/article.php?IdArticle=8471902 False Ransomware,Threat None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Les hommages sont devenus toxiques alors que les escrocs abusent de l'AI. Ceci est un article de HackRead.com Lire le post original: L'IA a généré de faux sites Web nécrologiques cibles les utilisateurs de deuil

---

>By Waqas Tributes turned toxic as crooks abuse AI. This is a post from HackRead.com Read the original post: AI Generated Fake Obituary Websites Target Grieving Users]]> 2024-03-26T23:36:47+00:00 https://www.hackread.com/ai-generated-fake-obituary-websites-target-users/ www.secnews.physaphae.fr/article.php?IdArticle=8471050 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Access Company for Industrial Enterprises Cyolo a annoncé mardi un partenariat avec Synnex, Global Distributor and Solutions Aggregator for ...

---

>Access company for industrial enterprises Cyolo announced Tuesday a partnership with TD SYNNEX, global distributor and solutions aggregator for... ]]> 2024-03-26T23:07:12+00:00 https://industrialcyber.co/news/cyolo-partners-with-td-synnex-to-tap-into-increased-enterprise-demand-for-secure-remote-access/ www.secnews.physaphae.fr/article.php?IdArticle=8471027 False Industrial None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Pour surveiller les politiciens et les dissidents soucieux de la sécurité, les pirates liés à Pékin visent de plus en plus leurs conjoints et leurs proches.

---

>To surveil security conscious politicians and dissidents, hackers linked to Beijing are increasingly targeting their spouses and relatives.  ]]> 2024-03-26T22:30:09+00:00 https://cyberscoop.com/china-hacking-family-members/ www.secnews.physaphae.fr/article.php?IdArticle=8471028 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have identified a suspicious package in the NuGet package manager that\'s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded ]]> 2024-03-26T22:24:00+00:00 https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html www.secnews.physaphae.fr/article.php?IdArticle=8470884 False Tool,Threat,Industrial None 2.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

DeNexus and Cipher Partner to Transform Cybersecurity for Industrial and Physical Critical Infrastructure DeNexus and Cipher join forces to solve OT and ICS cyber risk for critical markets - Business News]]> 2024-03-26T21:21:11+00:00 https://www.globalsecuritymag.fr/denexus-and-cipher-partner-to-transform-cybersecurity-for-industrial-and.html www.secnews.physaphae.fr/article.php?IdArticle=8471003 False Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch A new, improved variant on the group\'s malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.]]> 2024-03-26T21:14:26+00:00 https://www.darkreading.com/cloud-security/agenda-ransomware-vmware-esxi-servers www.secnews.physaphae.fr/article.php?IdArticle=8471002 False Ransomware,Malware None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

UK SMBs experiencing a tsunami of cybersecurity warnings, up 37% since 2023 Private sector received 18% more cyber warnings than the public sector 32% of security professionals feel unable to cope with cyber demands 41% of SMBs taken offline by cyber incidents in 2023 - Opinion]]> 2024-03-26T21:14:05+00:00 https://www.globalsecuritymag.fr/uk-smbs-experiencing-a-tsunami-of-cybersecurity-warnings-up-37-since-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8471004 False None None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-03-26T21:04:27+00:00 https://www.globalsecuritymag.fr/sesame-it-lance-jizo-alert-advisor.html www.secnews.physaphae.fr/article.php?IdArticle=8470977 False None None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / cybersecurite_home_gauche, INCYBER 2024]]> 2024-03-26T21:00:00+00:00 https://www.globalsecuritymag.fr/jerome-notin-cybermalveillance-gouv-fr-les-rssi-devraient-rendre-obligatoire.html www.secnews.physaphae.fr/article.php?IdArticle=8470604 False None None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

Apple cautious AI approach hints focus on user privacy and security, says GlobalData - Opinion]]> 2024-03-26T20:57:28+00:00 https://www.globalsecuritymag.fr/apple-cautious-ai-approach-hints-focus-on-user-privacy-and-security-says.html www.secnews.physaphae.fr/article.php?IdArticle=8470978 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Le gros problème, un journal de rue au Royaume-Uni, célèbre pour avoir fourni aux sans-abri un revenu légitime en les payant en tant que vendeurs pour distribuer le magazine, a confirmé être touché par un cyber-incident.La confirmation suit l'entreprise répertoriée sur le site d'extorsion Darknet de Darknet de Qilin, à côté

---

The Big Issue, a street newspaper in the United Kingdom famed for providing homeless people with a legitimate income by paying them as vendors to distribute the magazine, has confirmed being impacted by a cyber incident. The confirmation follows the company being listed on the Qilin ransomware gang\'s darknet extortion site on Sunday, alongside]]> 2024-03-26T20:48:46+00:00 https://therecord.media/ransomware-gang-attacks-big-issue-street-paper www.secnews.physaphae.fr/article.php?IdArticle=8470975 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices.]]> 2024-03-26T20:42:26+00:00 https://www.darkreading.com/endpoint-security/apple-security-bug-opens-iphone-ipad-rce www.secnews.physaphae.fr/article.php?IdArticle=8470974 False Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Interviews / INCYBER 2024]]> 2024-03-26T20:23:26+00:00 https://www.globalsecuritymag.fr/bertrand-trastour-kaspersky-l-ia-et-le-machine-learning-ml-jouent-depuis.html www.secnews.physaphae.fr/article.php?IdArticle=8470979 False None None 2.0000000000000000 Fortinet - Fabricant Materiel Securite There are five critical SASE trends Fortinet foresees impacting organizations over the next 9 to 12 months. Learn more.]]> 2024-03-26T19:45:16+00:00 https://www.fortinet.com/blog/business-and-technology/top-5-sase-trends-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8470976 False None None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

IT and Cybersecurity Sectors Lead in Generative AI Use, with 46% of Professionals Using the Technology in 2024 - Special Reports]]> 2024-03-26T19:44:54+00:00 https://www.globalsecuritymag.fr/it-and-cybersecurity-sectors-lead-in-generative-ai-use-with-46-of-professionals.html www.secnews.physaphae.fr/article.php?IdArticle=8470950 False None None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description A new malware campaign called Sign1 has been discovered by Sucuri and GoDaddy Infosec. The malware has been found on over 2,500 sites in the past two months. The malware is injected into WordPress custom HTML widgets that the attackers add to compromised websites. The malware is injected using a legitimate Simple Custom CSS and JS plugin. The malware is designed to redirect visitors to scam sites. The malware is time-based and uses dynamic JavaScript code to generate URLs that change every 10 minutes. The malware is specifically looking to see if the visitor has come from any major websites such as Google, Facebook, Yahoo, Instagram etc. If the referrer does not match to these major sites, then the malware will not execute. #### Reference URL(s) 1. https://blog.sucuri.net/2024/03/sign1-malware-analysis-campaign-history-indicators-of-compromise.html #### Publication Date March 20, 2024 #### Author(s) Ben Martin ]]> 2024-03-26T19:39:28+00:00 https://community.riskiq.com/article/063f7fac www.secnews.physaphae.fr/article.php?IdArticle=8470965 False Malware Yahoo 2.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Cyolo Security Announces Partnership with TD SYNNEX TD SYNNEX Partners can now move their clients beyond mere "accessing" to "operating" safely and securely - Business News]]> 2024-03-26T19:36:52+00:00 https://www.globalsecuritymag.fr/cyolo-security-announces-partnership-with-td-synnex.html www.secnews.physaphae.fr/article.php?IdArticle=8470951 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The 12th annual Cyber Security for Critical Assets (CS4CA) USA Summit began Tuesday in Houston, Texas bringing together... ]]> 2024-03-26T19:13:22+00:00 https://industrialcyber.co/events/cs4ca-usa-summit-2024-it-and-ot-security-leaders-share-insights-on-cyberattack-mitigation-and-recovery-strategies/ www.secnews.physaphae.fr/article.php?IdArticle=8470947 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial U.S. security agencies published Monday a joint Secure by Design (SbD) alert in response to a recent, exploitation... ]]> 2024-03-26T19:12:15+00:00 https://industrialcyber.co/secure-by-design/cisa-fbi-release-secure-by-design-alert-to-urge-manufacturers-to-eliminate-sql-injection-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8470948 False Vulnerability None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Denexus, fournisseur de quantification et de gestion de la cyber-risque pour la technologie opérationnelle (OT) avec les entreprises industrielles et la critique physique ...

---

>DeNexus, vendor of cyber risk quantification and management for operational technology (OT) with industrial enterprises and physical critical... ]]> 2024-03-26T19:10:15+00:00 https://industrialcyber.co/news/denexus-cipher-partner-to-transform-cybersecurity-for-industrial-physical-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8470949 False Industrial None 3.0000000000000000 ZD Net - Magazine Info Updated: A new critical vulnerability impacting Exchange Server is being exploited in the wild.]]> 2024-03-26T18:57:00+00:00 https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8470942 False Hack,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs avertissent que les pirates exploitent activement une vulnérabilité contestée dans un cadre d'IA à source ouverte populaire connue sous le nom de Ray.Cet outil est couramment utilisé pour développer et déployer des applications Python à grande échelle, en particulier pour les tâches telles que l'apprentissage automatique, l'informatique scientifique et le traitement des données.Selon le développeur de Ray \\, tous les domaines, le cadre est utilisé par major

---

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray. This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing. According to Ray\'s developer, Anyscale, the framework is used by major]]> 2024-03-26T18:46:40+00:00 https://therecord.media/thousands-exposed-to-ray-framework-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8470918 False Tool,Vulnerability None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Une vulnérabilité non corrigée expose le cadre Ray AI à l'attaque "Shadowray"! Ceci est un article de Hackread.com Lire le post original: La nouvelle campagne Shadowray cible le cadre Ray AI dans Global Attack

---

>By Waqas An unpatched vulnerability is exposing the Ray AI framework to the "ShadowRay" attack! This is a post from HackRead.com Read the original post: New ShadowRay Campaign Targets Ray AI Framework in Global Attack]]> 2024-03-26T18:45:20+00:00 https://www.hackread.com/shadowray-attack-targets-ray-ai-framework/ www.secnews.physaphae.fr/article.php?IdArticle=8470916 False Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-03-26T18:36:14+00:00 https://www.globalsecuritymag.fr/securite-les-entreprises-laissent-leurs-conteneurs-kubernetes-exposes-aux.html www.secnews.physaphae.fr/article.php?IdArticle=8470919 False Ransomware None 2.0000000000000000 Zataz - Magazine Francais de secu 2024-03-26T18:31:39+00:00 https://www.zataz.com/piratage-dent-un-papa-raconte/ www.secnews.physaphae.fr/article.php?IdArticle=8470933 False Threat None 2.0000000000000000 MitnickSecurity - Former Hacker Services 2024-03-26T18:18:31+00:00 https://www.mitnicksecurity.com/blog/ai-in-cyber-security www.secnews.physaphae.fr/article.php?IdArticle=8470914 False None None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-03-26T18:06:00+00:00 https://www.computerweekly.com/news/366575475/Qilin-ransomware-gang-claims-cyber-attack-on-the-Big-Issue www.secnews.physaphae.fr/article.php?IdArticle=8471026 False Ransomware None 3.0000000000000000 Team Cymru - Equipe de Threat Intelligence Insights into Internet Outages along Africa\'s Western Coast About Team Cymru: Internet Weather Reports Our Internet weather reports are...]]> 2024-03-26T17:53:43+00:00 https://www.team-cymru.com/post/team-cymru-internet-weather-report www.secnews.physaphae.fr/article.php?IdArticle=8470883 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng Ming (翁明), Cheng Feng (程锋), Peng Yaowen (彭耀文), Sun Xiaohui (孙小辉), Xiong Wang (熊旺), and Zhao Guangzong (]]> 2024-03-26T17:36:00+00:00 https://thehackernews.com/2024/03/us-charges-7-chinese-nationals-in-major.html www.secnews.physaphae.fr/article.php?IdArticle=8470735 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country\'s parliament disclosed in March 2021. [...]]]> 2024-03-26T17:23:54+00:00 https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8471001 False Legislation APT 31 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

AI and automation have helped organizations respond to security incidents up to 99% faster than last year, according to new study from ReliaQuest With social engineering still the biggest threat to organizations, AI is being leveraged on both sides to increase the threat and the speed of defense; Organizations fully leveraging AI and automation can respond to threats within 7 minutes or less - Special Reports]]> 2024-03-26T17:21:58+00:00 https://www.globalsecuritymag.fr/ai-and-automation-have-helped-organizations-respond-to-security-incidents-up-to.html www.secnews.physaphae.fr/article.php?IdArticle=8470888 False Threat,Studies None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Keeper Security Insight Report reveals IT leaders are unprepared for the new wave of threat vectors - Special Reports]]> 2024-03-26T17:19:21+00:00 https://www.globalsecuritymag.fr/keeper-security-insight-report-reveals-it-leaders-are-unprepared-for-the-new.html www.secnews.physaphae.fr/article.php?IdArticle=8470889 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Claroty and Axonius Partner to Bring Enterprise Attack Surface Management to Cyber-Physical Systems Combined Solution Enables Organizations to Protect the Entire Attack Surface Across Cloud, IT and XIoT Assets - Business News]]> 2024-03-26T17:15:33+00:00 https://www.globalsecuritymag.fr/claroty-and-axonius-partner.html www.secnews.physaphae.fr/article.php?IdArticle=8470890 False Cloud None 2.0000000000000000 IT Security Guru - Blog Sécurité Détails de millions d'électeurs et de plusieurs députés ciblés dans une cyberattaque par l'État chinois est apparu pour la première fois sur Guru de sécurité .

---

The UK has officially attributed a major cyberattack on the Electoral Commission to China. The attack compromised the personal data of approximately 40 million voters, marking the first direct implication of China since the breach came to light. The breach, disclosed by the Electoral Commission in August of the previous year, was initially identified in […] The post Details of Millions of Voters and Several MPs Targeted in a Cyberattack by the Chinese State first appeared on IT Security Guru. ]]> 2024-03-26T17:13:06+00:00 https://www.itsecurityguru.org/2024/03/26/details-of-millions-of-voters-and-several-mps-targeted-in-a-cyberattack-by-the-chinese-state/?utm_source=rss&utm_medium=rss&utm_campaign=details-of-millions-of-voters-and-several-mps-targeted-in-a-cyberattack-by-the-chinese-state www.secnews.physaphae.fr/article.php?IdArticle=8470887 False None None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-03-26T17:12:55+00:00 https://www.globalsecuritymag.fr/a-l-approche-de-l-entree-en-vigueur-de-la-directive-nis-2-hexatrust-lance-sa.html www.secnews.physaphae.fr/article.php?IdArticle=8470891 False None None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description StrelaStealer is a malware that targets email clients to steal login data, sending it to the attacker\'s server for potential further attacks. Since StrelaStealer\'s emergence in 2022, the threat actor has launched multiple large-scale email campaigns, with its most recent campaigns impacting over 100 organizations across the EU and U.S. Attackers have targeted organizations in a variety of industries, but organizations in the high tech industry have been the biggest target. Technical analysis of StrelaStealer reveals an evolving infection chain using ZIP attachments, JScript files, and updated DLL payloads, demonstrating the malware\'s adaptability and the challenge it poses to security analysts and products. #### Reference URL(s) 1. https://unit42.paloaltonetworks.com/strelastealer-campaign/ #### Publication Date March 22, 2024 #### Author(s) Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhaparwal, Anmol Maurya, and Vishwa Thothathri]]> 2024-03-26T17:11:47+00:00 https://community.riskiq.com/article/82785858 www.secnews.physaphae.fr/article.php?IdArticle=8470906 False Malware,Threat,Technical None 2.0000000000000000 Silicon - Site de News Francais 2024-03-26T17:11:09+00:00 https://www.silicon.fr/docaposte-pack-cybersecurite-pme-477168.html www.secnews.physaphae.fr/article.php?IdArticle=8470886 False None None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Companies With Advanced Cybersecurity Performance Deliver Nearly Four Times\' Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight New research shows cybersecurity is an organization-wide issue, and stronger board oversight practices lead to better cybersecurity performance - Special Reports]]> 2024-03-26T17:09:00+00:00 https://www.globalsecuritymag.fr/companies-with-advanced-cybersecurity-performance-deliver-nearly-four-times.html www.secnews.physaphae.fr/article.php?IdArticle=8470892 False None None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-03-26T17:01:44+00:00 https://www.globalsecuritymag.fr/docaposte-lance-une-offre-de-cybersecurite-pour-les-pme-tpe-eti-des.html www.secnews.physaphae.fr/article.php?IdArticle=8470856 False None None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Invicti Launches New Integration with ServiceNow to Deliver Automated Workflows for Vulnerability Discovery through Remediation The partnership leverages integrations in application vulnerability response and issue management - Product Reviews]]> 2024-03-26T16:59:58+00:00 https://www.globalsecuritymag.fr/invicti-launches-new-integration-with-servicenow.html www.secnews.physaphae.fr/article.php?IdArticle=8470857 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game\'s reputation. Despite the prevalence of DDoS attacks on the game, the majority of incidents go unreported, leaving a gap in awareness and protection. This article explains]]> 2024-03-26T16:59:00+00:00 https://thehackernews.com/2024/03/crafting-shields-defending-minecraft.html www.secnews.physaphae.fr/article.php?IdArticle=8470736 False None None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-03-26T16:52:10+00:00 https://www.globalsecuritymag.fr/barometre-de-la-cybersecurite-2023-une-prise-de-conscience-croissante-mais.html www.secnews.physaphae.fr/article.php?IdArticle=8470858 False None None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Website categories American employers don\'t want you to visit Cybersecurity experts say that blocking certain websites lowers the risk of cyberattacks and removes distractions Up to 72% of employers block malware and adult websites. Phishing websites are blocked by 70% of employers, while gambling ones – by 43%. IT managers in North America restrict their employees from eight website categories on average. - Special Reports]]> 2024-03-26T16:47:40+00:00 https://www.globalsecuritymag.fr/website-categories-american-employers-don-t-want-you-to-visit.html www.secnews.physaphae.fr/article.php?IdArticle=8470859 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-03-26T16:42:12+00:00 https://www.globalsecuritymag.fr/les-cyberattaques-sont-plus-sophistiquees-que-jamais-les-attaques-basees-sur-l.html www.secnews.physaphae.fr/article.php?IdArticle=8470860 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

CybeReady Adds SMS Text Phishing (Smishing) Simulations to Cybersecurity Learning Platform Smishing Simulations & Learning Now Part of Social Engineering Suite to Ensure Employee Readiness in Defense Against Fraudulent Text Messages - Product Reviews]]> 2024-03-26T16:33:02+00:00 https://www.globalsecuritymag.fr/cybeready-adds-sms-text-phishing-smishing-simulations-to-cybersecurity-learning.html www.secnews.physaphae.fr/article.php?IdArticle=8470861 False None None 3.0000000000000000 SecurityWeek - Security News La startup dit que la formation simple de sensibilisation n'est pas suffisante & # 8211;Les utilisateurs doivent pratiquer le comportement \\ 'bon \' au-delà de la simple reconnaissance du mauvais comportement et de la mauvaise intention.

---

>Startup says simple awareness training is not sufficient – users need to practice \'good\' behavior beyond simply acknowledging poor behavior and bad intent. ]]> 2024-03-26T16:32:23+00:00 https://www.securityweek.com/uk-firm-think-cyber-raises-3-8-million-for-staff-security-nudging/ www.secnews.physaphae.fr/article.php?IdArticle=8470853 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Dans les cercles de la crypto-monnaie et des forces de l'ordre, Tigran Gambaryan est un peu une légende.En tant qu'agent spécial de l'Internal Revenue Service, il a enquêté sur les délits financiers et il est venu se spécialiser dans quelque chose que beaucoup d'agents, au moins initialement, ne comprenaient pas très bien: la blockchain. & Nbsp;Gambaryan est devenu le zelig des démontages du marché sombre,

---

In cryptocurrency and law enforcement circles, Tigran Gambaryan is a bit of a legend. As a special agent with the Internal Revenue Service he investigated financial crimes and he came to specialize in something a lot of agents, at least initially, didn\'t quite understand: the blockchain.  Gambaryan became the Zelig of dark market takedowns,]]> 2024-03-26T16:22:26+00:00 https://therecord.media/binance-executives-nigeria-click-here-podcast-feature www.secnews.physaphae.fr/article.php?IdArticle=8470855 False Legislation None 2.0000000000000000 IT Security Guru - Blog Sécurité # MIWIC2024: Samantha Humphries, directrice principale de la stratégie de sécurité internationale à Exabeam , est apparue pour la première fois sur guru de sécurité .

---

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] The post #MIWIC2024: Samantha Humphries, Senior Director of International Security Strategy at Exabeam first appeared on IT Security Guru. ]]> 2024-03-26T16:21:14+00:00 https://www.itsecurityguru.org/2024/03/26/miwic2024-samantha-humphries-senior-director-of-international-security-strategy-at-exabeam/?utm_source=rss&utm_medium=rss&utm_campaign=miwic2024-samantha-humphries-senior-director-of-international-security-strategy-at-exabeam www.secnews.physaphae.fr/article.php?IdArticle=8470854 True None None 3.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

An attacker can bypass access restrictions to data of AccountsService, in order to get the password fingerprints. - Security Vulnerability]]> 2024-03-26T16:03:21+00:00 https://www.globalsecuritymag.fr/vigilance-vulnerability-alerts-accountsservice-obtain-hashed-passwords-analyzed.html www.secnews.physaphae.fr/article.php?IdArticle=8470830 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Diligent and Bitsight report found that stronger cybersecurity measures equate to significantly higher financial performance for businesses]]> 2024-03-26T16:00:00+00:00 https://www.infosecurity-magazine.com/news/boards-cyber-expertise-financial/ www.secnews.physaphae.fr/article.php?IdArticle=8470825 False None None 3.0000000000000000 knowbe4 - cybersecurity services Un nouveau rapport sur l'état de la sécurité des e-mails met en lumière la façon dont les organisations consultent et abordent la cyber-assurance alors qu'elles déplacent la stratégie vers la cyber-résilient.

---

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient.]]> 2024-03-26T15:38:51+00:00 https://blog.knowbe4.com/cyber-insurance-no-longer-seen-safety-net www.secnews.physaphae.fr/article.php?IdArticle=8470818 False None None 3.0000000000000000 Krebs on Security - Chercheur Américain Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple\'s password reset feature. In this scenario, a target\'s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don\'t Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user\'s account is under attack and that Apple support needs to "verify" a one-time code.]]> 2024-03-26T15:37:54+00:00 https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/ www.secnews.physaphae.fr/article.php?IdArticle=8470817 False None None 3.0000000000000000 The Register - Site journalistique Anglais SA Special Investigating Unit orders payment within 7 days following alleged breach of public finance laws A Special Tribunal in South Africa has ordered the German software giant SAP to pay a R500 million ($26.4 million, £20.9 million) settlement within a week following a long-running investigation into compliance with public finance laws.…]]> 2024-03-26T15:32:10+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/26/sap_ordered_to_pay_264/ www.secnews.physaphae.fr/article.php?IdArticle=8470824 False None None 3.0000000000000000 Dark Reading - Informationweek Branch A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority.]]> 2024-03-26T15:13:15+00:00 https://www.darkreading.com/cloud-security/patch-critical-fortinet-rce-bug-active-attack www.secnews.physaphae.fr/article.php?IdArticle=8470826 False Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Foundation for Defense of Democracies (FDD) published a study highlighting a mismatch in the U.S. military\'s failure... ]]> 2024-03-26T15:12:18+00:00 https://industrialcyber.co/threat-landscape/fdd-study-reveals-gaps-in-us-militarys-cyber-talent-recruitment-and-retention-calls-for-reforms/ www.secnews.physaphae.fr/article.php?IdArticle=8470828 False Studies None 3.0000000000000000 Recorded Future - FLux Recorded Future Le gouverneur de la Floride, Ron DeSantis, a signé lundi un projet de loi interdisant aux enfants de moins de 14 ans de détenir des comptes de médias sociaux et n'autant que 14 et 15 ans à ouvrir des comptes avec consentement de leurs parents.En vertu de la législation, les comptes déjà détenus par les adolescents de 14 et 15 ans doivent être effacés à moins qu'un parent ou un tuteur ne consent

---

Florida Governor Ron DeSantis on Monday signed a bill barring children younger than 14 from holding social media accounts and only allowing 14- and 15-year-olds to open accounts with consent from their parents. Under the legislation, accounts already held by teens aged 14 and 15 must be erased unless a parent or guardian consents]]> 2024-03-26T15:11:12+00:00 https://therecord.media/florida-enacts-social-media-law-bars-minors www.secnews.physaphae.fr/article.php?IdArticle=8470822 False Legislation None 3.0000000000000000 Korben - Bloger francais 2024-03-26T15:08:12+00:00 https://korben.info/42-parquet-bombe-zip-big-data.html www.secnews.physaphae.fr/article.php?IdArticle=8470820 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Honeywell a récemment annoncé que Petr & Oacute; Leos del Per & Uacute;S.A. (PETROPER & UACUTE;), l'un des plus grands producteurs d'hydrocarbures, raffineurs et distributeurs ...

---

>Honeywell announced recently that Petróleos del Perú S.A. (Petroperú), one of the largest hydrocarbon producers, refiners and distributors... ]]> 2024-03-26T15:07:26+00:00 https://industrialcyber.co/news/honeywell-to-enhance-cyber-resilience-at-petroperu-with-cybersecurity-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8470795 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La société de protection des systèmes cyber-physiques (CPS) Claroty et Axonius, fournisseur de gestion des actifs de cybersécurité et de gestion du SaaS, ont annoncé mardi ...

---

>Cyber-physical systems (CPS) protection company Claroty and Axonius, vendor of cybersecurity asset management and SaaS management, announced Tuesday... ]]> 2024-03-26T15:06:56+00:00 https://industrialcyber.co/news/claroty-axonius-partner-to-bring-enterprise-attack-surface-management-to-cyber-physical-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8470796 False Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite lundi, l'administration Biden a annoncé un acte d'accusation criminel et des sanctions contre un groupe de pirates chinois pour leur rôle dans la conduite prétendument des hacks contre les entreprises aux États-Unis, ainsi que des représentants du gouvernement.Le gouvernement américain a inculpé sept pirates, du groupe connu sous le nom d'APT31;Dans une décision connexe, le gouvernement britannique a annoncé des sanctions contre une entreprise de front, ainsi que deux personnes en lien avec une violation à la Commission électorale du Royaume-Uni.Le gouvernement américain a noté que le groupe avait passé environ 14 ans à cibler les entreprises américaines et étrangères et les responsables politiques.«Aujourd'hui, les gouvernements du Royaume-Uni et des États-Unis [& # 8230;]

---

>On Monday, the Biden administration announced a criminal indictment and sanctions against a group of Chinese hackers for their role in allegedly conducting hacks against companies in the US, as well as government officials. The US government charged seven hackers, from the group known as APT31; in a related move, the British government announced sanctions on a front company, as well as two individuals in connection with a breach at the UK\'s Electoral Commission. The US government noted that the group spent about 14 years targeting US and foreign businesses and political officials. “Today both the UK and US governments […] ]]> 2024-03-26T14:57:51+00:00 https://blog.checkpoint.com/security/us-and-uk-governments-take-stand-against-apt31-state-affiliated-hacking-group/ www.secnews.physaphae.fr/article.php?IdArticle=8470789 False None APT 31 3.0000000000000000 Bleeping Computer - Magazine Américain A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...]]]> 2024-03-26T14:51:32+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/ www.secnews.physaphae.fr/article.php?IdArticle=8470917 False Vulnerability,Threat None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let\'s examine a simple cross-site scripting (XSS) weakness. What is an XSS Vulnerability? An XSS vulnerability occurs when an attacker injects malicious code into a trusted website, which is then executed by unsuspecting users. This can lead to unauthorized access, data theft, or manipulation of user sessions. XSS vulnerabilities are commonly found in input fields, comments sections, or poorly validated user-generated content.  A simple demonstration example is often to enter the following text in a user input field: If an application does not sanitize…]]> 2024-03-26T14:45:35+00:00 https://www.veracode.com/blog/intro-appsec/resolving-simple-cross-site-scripting-flaws-veracode-fix www.secnews.physaphae.fr/article.php?IdArticle=8471406 False Vulnerability None 3.0000000000000000 CybeReason - Vendor blog Cybearason Problèmes de menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris les vulnérabilités critiques.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.

---

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2024-03-26T14:39:15+00:00 https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath www.secnews.physaphae.fr/article.php?IdArticle=8470864 False Vulnerability,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité Plus d'un tiers des dirigeants informatiques sont mal équipés pour faire face aux attaques alimentées par l'IA C'est apparu pour la première fois sur Sécurité informatique en matière de sécurité informatiqueGuru .

---

Today zero-trust, zero-knowledge and password pros at Keeper Security have released the findings of their 2024 Keeper Security Insight Report, The Future of Defence: IT Leaders Brace for Unprecedented Cyber Threats. The report found that emerging attack vectors were presenting significant risk, with business leaders feeling a lack of confidence in their ability to defeat threats […] The post Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks first appeared on IT Security Guru. ]]> 2024-03-26T14:39:07+00:00 https://www.itsecurityguru.org/2024/03/26/over-a-third-of-it-leaders-are-ill-equipped-to-cope-with-ai-powered-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=over-a-third-of-it-leaders-are-ill-equipped-to-cope-with-ai-powered-attacks www.secnews.physaphae.fr/article.php?IdArticle=8470793 False None None 3.0000000000000000 Korben - Bloger francais 2024-03-26T14:32:34+00:00 https://korben.info/street-fighter-iii-gpt-3-5-openai-champion-llm-colosseum.html www.secnews.physaphae.fr/article.php?IdArticle=8470821 False None None 2.0000000000000000 UnderNews - Site de news "pirate" francais Les cybermenaces devenant de plus en plus fréquentes, sophistiquées et importantes, les conseils d'administration sont soumis à une pression croissante pour préserver les intérêts de leur organisation face à ces défis. Tribune – Pour les aider à identifier les points de vigilance et intérêts à développer une approche cyber, l’Institut Diligent et Bitsight ont entrepris de mieux […] The post 10% des entreprises du CAC 40 ont engagé un cyber-expert, bien plus que leurs homologues dans le monde first appeared on UnderNews.]]> 2024-03-26T14:12:02+00:00 https://www.undernews.fr/reseau-securite/10-des-entreprises-du-cac-40-ont-engage-un-cyber-expert-bien-plus-que-leurs-homologues-dans-le-monde.html www.secnews.physaphae.fr/article.php?IdArticle=8470787 False None None 3.0000000000000000