www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:50:52+00:00 www.secnews.physaphae.fr Recorded Future - FLux Recorded Future En créant un nouveau cyber-travail, le Pentagone cherche une aide extérieure [In creating a new top cyber job, Pentagon seeks outside help] Le Pentagone embauche une firme de recherche indépendante pour examiner comment intégrer un nouveau conseiller de cyber-politique de haut niveau dans la bureaucratie existante du Département de la défense, selon des personnes familières avec le problème.La Rand Corporation conseillera sur la création d'un nouveau secrétaire adjoint à la Défense pour la cyber politique, a déclaré les sources, qui ont parlé
The Pentagon is hiring an independent research firm to examine how to fit a new, top-ranking cyber policy adviser into the Defense Department\'s existing bureaucracy, according to people familiar with the matter. The RAND Corporation will advise on the creation of a new assistant secretary of Defense for cyber policy, said the sources, who spoke]]> 2023-03-29T22:00:00+00:00 https://therecord.media/dod-cyber-policy-leader-rand-study www.secnews.physaphae.fr/article.php?IdArticle=8323246 False General Information None 2.0000000000000000 TroyHunt - Blog Security Lenovo abandonne son rêve de téléphones de jeu Android [Lenovo gives up on its dream of Android gaming phones] Phones brought special gaming-centric Android hardware, but nobody made games for it.]]> 2023-03-29T21:27:41+00:00 https://arstechnica.com/?p=1927757 www.secnews.physaphae.fr/article.php?IdArticle=8323254 False General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Smart Mobility a un point mort en ce qui concerne la sécurité de l'API [Smart Mobility has a Blindspot When it Comes to API Security] The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application attack surface areas.  With no surprise, similar trends are emerging also in the smart mobility]]> 2023-03-29T17:13:00+00:00 https://thehackernews.com/2023/03/smart-mobility-has-blindspot-when-it.html www.secnews.physaphae.fr/article.php?IdArticle=8322935 False General Information None 2.0000000000000000 Dark Reading - Informationweek Branch Utiliser l'observabilité pour alimenter une stratégie de cybersécurité plus intelligente [Using Observability to Power a Smarter Cybersecurity Strategy] With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.]]> 2023-03-29T17:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/using-observability-to-power-a-smarter-cybersecurity-strategy www.secnews.physaphae.fr/article.php?IdArticle=8323009 False General Information None 1.00000000000000000000 Global Security Mag - Site de news francais Votre cyber-assurance couvrira-t-elle une attaque en 2023? [Will your cyber insurance cover an attack in 2023?] opinion
Will your cyber insurance cover an attack in 2023? Nick Westall, CTO, CSI LTD - Opinion]]> 2023-03-29T15:16:57+00:00 https://www.globalsecuritymag.fr/Will-your-cyber-insurance-cover-an-attack-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8322999 False General Information None 2.0000000000000000 Dark Reading - Informationweek Branch The Ciso Mantra: Préparez-vous à faire plus avec moins [The CISO Mantra: Get Ready to Do More With Less] For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.]]> 2023-03-29T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/the-ciso-mantra-get-ready-to-do-more-with-less www.secnews.physaphae.fr/article.php?IdArticle=8322953 False General Information None 2.0000000000000000 Global Security Mag - Site de news francais Ransomware: payer le prix deux fois! [Ransomware: paying the price twice!] rapports spéciaux
Ransomware: paying the price twice! - Special Reports]]> 2023-03-29T13:27:55+00:00 https://www.globalsecuritymag.fr/Ransomware-paying-the-price-twice.html www.secnews.physaphae.fr/article.php?IdArticle=8322986 False General Information None 2.0000000000000000 McAfee Labs - Editeur Logiciel Protéger vos parents contre les escroqueries avec nos nouveaux plans familiaux [Protecting Your Parents from Scams with Our New Family Plans] Alors que les gens entrent dans les années 70, ils perdent plus de fraude que tout autre groupe d'âge - qui fait un ...
> As people get into their 70s, they stand to lose more to fraud than any other age group-which makes a... ]]> 2023-03-28T23:26:03+00:00 https://www.mcafee.com/blogs/family-safety/protecting-your-parents-from-scams-with-our-new-family-plans/ www.secnews.physaphae.fr/article.php?IdArticle=8322778 False General Information None 2.0000000000000000 Recorded Future - FLux Recorded Future La cyberattaque sur le géant de l'achat d'endettement expose des informations sensibles sur près de 500 000 personnes [Cyberattack on debt-buying giant exposes sensitive info on nearly 500,000 people] Près d'un demi-million de personnes ont fait divulguer leurs informations financières sensibles lors d'une cyberattaque sur les services de gestion NCB & # 8211;une entreprise qui achète de la dette.La société basée en Pennsylvanie a envoyé des lettres de notification de violation la semaine dernière après avoir découvert l'attaque le 4 février. Dans des documents [déposés] (https://apps.web.maine.gov/online/aeviewer/me/40/65d544dc-79b0-437c-a7f8-757ffec624af.shtml) avec le procureur général du Maine \\, la société a déclaré que 494 969 personnes avaient leur
Nearly half a million people had their sensitive financial information leaked during a cyberattack on NCB Management Services – a company that purchases debt. The Pennsylvania-based company sent out breach notification letters last week after discovering the attack on February 4. In documents [filed](https://apps.web.maine.gov/online/aeviewer/ME/40/65d544dc-79b0-437c-a7f8-757ffec624af.shtml) with Maine\'s Attorney General, the company said 494,969 people had their]]> 2023-03-28T23:01:00+00:00 https://therecord.media/debt-buyer-cyberattack-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8322777 False General Information None 2.0000000000000000 Zataz - Magazine Francais de secu La grande majorité des serveurs de LockBit ont disparu 2023-03-28T22:42:11+00:00 https://www.zataz.com/la-grande-majorite-des-serveurs-de-lockbit-ont-disparu/ www.secnews.physaphae.fr/article.php?IdArticle=8322767 False General Information None 3.0000000000000000 Global Security Mag - Site de news francais Les attaques de phishing en hausse de 61 % entre 2021 et 2022, à quoi s\'attendre en 2023 ? Points de Vue / ]]> 2023-03-28T21:30:00+00:00 https://www.globalsecuritymag.fr/Les-attaques-de-phishing-en-hausse-de-61-entre-2021-et-2022-a-quoi-s-attendre.html www.secnews.physaphae.fr/article.php?IdArticle=8322463 False Threat,General Information,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Briser le moule: des solutions de test de stylo qui défient le statu quo [Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo] Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning: Malicious actors are increasingly leveraging AI and machine learning to]]> 2023-03-28T17:24:00+00:00 https://thehackernews.com/2023/03/breaking-mold-pen-testing-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8322507 False General Information None 3.0000000000000000 TechRepublic - Security News US Comment prévenir les bombes à fourche sur vos serveurs de développement Linux [How to prevent fork bombs on your Linux development servers] Apprenez à protéger votre serveur Linux de l'attaque du déni de service de la bombe de fourche avec ce tutoriel vidéo de Jack Wallen.
>Learn how to protect your Linux server from the fork bomb denial-of-service attack with this video tutorial by Jack Wallen. ]]> 2023-03-28T16:13:21+00:00 https://www.techrepublic.com/article/how-to-prevent-fork-bombs-linux-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8322577 False Threat,General Information,Guideline None 3.0000000000000000 Global Security Mag - Site de news francais Bitwarden annonce la gestion des secrets [Bitwarden announces secrets management] revues de produits
Bitwarden announces secrets management with a unique combination of open source, end-to-end encryption, and ease of use • Now in open beta, Bitwarden Secrets Manager serves developer, DevOps, and IT teams seeking a simple and convenient way to centrally secure, control, and manage infrastructure secrets. • Bitwarden Secrets Manager minimizes secrets proliferation across multiple systems and services, closing security gaps to prevent unauthorized access. • Beta features include the ability to create, manage, and edit secrets and projects, as well as a CLI tool. • In a market that\'s expanded significantly as companies rush to protect exposed secrets from insecure DevOps processes, Bitwarden offers a unique solution that is the first to combine an open source approach, ease of use with a graphical user interface, predictable pricing, and zero knowledge, end-to-end encryption. - Product Reviews]]> 2023-03-28T15:18:21+00:00 https://www.globalsecuritymag.fr/Bitwarden-announces-secrets-management.html www.secnews.physaphae.fr/article.php?IdArticle=8322569 False General Information None 2.0000000000000000 Global Security Mag - Site de news francais FIC – L\'European Cyber Cup 2023 organisée par Hack4Values Business]]> 2023-03-28T15:07:05+00:00 https://www.globalsecuritymag.fr/FIC-L-European-Cyber-Cup-2023-organisee-par-Hack4Values.html www.secnews.physaphae.fr/article.php?IdArticle=8322570 False General Information None 2.0000000000000000 Global Security Mag - Site de news francais APT43 : Un groupe nord-coréen utilise la cybercriminalité pour financer des opérations d\'espionnage Malwares]]> 2023-03-28T15:03:38+00:00 https://www.globalsecuritymag.fr/APT43-Un-groupe-nord-coreen-utilise-la-cybercriminalite-pour-financer-des.html www.secnews.physaphae.fr/article.php?IdArticle=8322553 False General Information APT 43 3.0000000000000000 IT Security Guru - Blog Sécurité Comment réussir en tant que nouveau directeur de la sécurité de l'information (CISO) [How to Succeed As a New Chief Information Security Officer (CISO)]   As cyber threats increase in frequency and complexity, organizations recognize the importance of having a Chief Information Security Officer (CISO) to protect their sensitive data and infrastructure. To succeed as a new CISO, it’s essential to clearly understand the organization’s security landscape, establish strong relationships with key stakeholders, and develop a comprehensive cybersecurity strategy […] ]]> 2023-03-28T15:02:16+00:00 https://www.itsecurityguru.org/2023/03/28/how-to-succeed-as-a-new-chief-information-security-officer-ciso/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-succeed-as-a-new-chief-information-security-officer-ciso www.secnews.physaphae.fr/article.php?IdArticle=8322538 False General Information None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le président Biden signe un décret exécutif restreignant l'utilisation de logiciels espions commerciaux [President Biden Signs Executive Order Restricting Use of Commercial Spyware] U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." It also seeks to ensure that the government\'s use of]]> 2023-03-28T14:25:00+00:00 https://thehackernews.com/2023/03/president-biden-signs-executive-order.html www.secnews.physaphae.fr/article.php?IdArticle=8322460 True Threat,General Information,Legislation None 4.0000000000000000 Global Security Mag - Site de news francais Kaspersky : Les cybercriminels s\'attaquent à l\'“interplanétaire” en exploitant un système de fichiers décentralisé dans leurs campagnes Malwares]]> 2023-03-28T13:03:16+00:00 https://www.globalsecuritymag.fr/Kaspersky-Les-cybercriminels-s-attaquent-a-l-interplanetaire-en-exploitant-un.html www.secnews.physaphae.fr/article.php?IdArticle=8322531 False General Information None 3.0000000000000000 Global Security Mag - Site de news francais Renforcement du dispositif Alerte Cyber : le Gouvernement annonce un partenariat entre Cybermalveillance.gouv.fr et BFM Business permettant une diffusion plus large de l\'alerte pour protéger les entreprises des cyberattaques Business]]> 2023-03-28T13:00:25+00:00 https://www.globalsecuritymag.fr/Renforcement-du-dispositif-Alerte-Cyber-le-Gouvernement-annonce-un-partenariat.html www.secnews.physaphae.fr/article.php?IdArticle=8322508 False General Information None 3.0000000000000000 Global Security Mag - Site de news francais Cyberark: 90% des organisations britanniques indiquent que la sécurité de l'identité est essentielle pour une mise en œuvre robuste de confiance zéro [CyberArk: 90% of UK Organisations Indicate Identity Security as Critical for a Robust Zero Trust Implementation] rapports spéciaux
Survey: 90% of UK Organisations Indicate Identity Security as Critical for a Robust Zero Trust Implementation CyberArk Introduces Peer-Based Framework for Evaluating and Maturing Identity Security Strategies - Special Reports]]> 2023-03-28T12:58:48+00:00 https://www.globalsecuritymag.fr/CyberArk-90-of-UK-Organisations-Indicate-Identity-Security-as-Critical-for-a.html www.secnews.physaphae.fr/article.php?IdArticle=8322509 False General Information None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé À qui appartient vos données?Top 6 des entreprises californiennes qui achètent des courtiers de données [Who owns your data? Top 6 California companies buying up data brokers] qui possède vos données?Les 6 meilleures entreprises californiennes achetant des courtiers de données en savoir plus & # 187;
> Who owns your data? Top 6 California companies buying up data brokers Read More »]]> 2023-03-28T12:43:30+00:00 https://blog.incogni.com/california-companies-buying-up-data-brokers/ www.secnews.physaphae.fr/article.php?IdArticle=8322512 False General Information None 2.0000000000000000 01net. Actualites - Securite - Magazine Francais Pire que TikTok, ces VPN populaires peuvent lire vos données privées Très populaires, les VPN vous permettent de protéger votre anonymat sur Internet. Aujourd'hui, des experts alertent sur le fait que les données personnelles cachées sont accessibles par les VPN eux-mêmes, ce qui pose de sérieuses questions sur l'utilisation de ces données privées.]]> 2023-03-28T11:30:36+00:00 https://www.01net.com/actualites/pire-que-tiktok-ces-vpn-populaires-peuvent-lire-vos-donnees-privees.html www.secnews.physaphae.fr/article.php?IdArticle=8322495 False Threat,General Information None 3.0000000000000000 Silicon - Site de News Francais Confiance numérique : le double jeu des Big Tech 2023-03-28T11:25:55+00:00 https://www.silicon.fr/confiance-numerique-double-jeu-big-tech-461566.html www.secnews.physaphae.fr/article.php?IdArticle=8322493 False General Information None 3.0000000000000000 Global Security Mag - Site de news francais Elimane Prud\'hom, Salt Security : en élaborant une stratégie de sécurité des API, les RSSI peuvent aider leurs entreprises à dynamiser l\'innovation Interviews / , ]]> 2023-03-27T23:30:00+00:00 https://www.globalsecuritymag.fr/Elimane-Prud-hom-Salt-Security-en-elaborant-une-strategie-de-securite-des-API.html www.secnews.physaphae.fr/article.php?IdArticle=8322082 False General Information,Guideline None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le fondateur de BreachForums, 20 ans, risque jusqu'à 5 ans de prison [20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison] Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was arrested on March 15, 2023. "Cybercrime victimizes and steals financial]]> 2023-03-27T20:48:00+00:00 https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html www.secnews.physaphae.fr/article.php?IdArticle=8322097 False General Information None 2.0000000000000000 Silicon - Site de News Francais SUSE nomme un ancien dirigeant de Red Hat à sa tête 2023-03-27T15:25:23+00:00 https://www.silicon.fr/suse-nomme-ancien-red-hat-tete-461538.html www.secnews.physaphae.fr/article.php?IdArticle=8322098 False General Information None 2.0000000000000000 01net. Actualites - Securite - Magazine Francais Comment des pirates pourraient bientôt prendre le contrôle de votre smartphone à cause de Google Assistant Une équipe de chercheurs en sécurité a développé un nouveau type d'attaque silencieuse exploitant des ultrasons inaudibles pour prendre le contrôle de smartphones et d'enceintes connectés grâce aux assistants vocaux.]]> 2023-03-27T12:47:51+00:00 https://www.01net.com/actualites/comment-des-pirates-pourraient-bientot-prendre-le-controle-de-votre-smartphone-a-cause-de-google-assistant.html www.secnews.physaphae.fr/article.php?IdArticle=8322064 False General Information None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine NCA récolte des informations sur DDOS-for-Hire avec de faux sites de botter [NCA Harvests Info on DDoS-For-Hire With Fake Booter Sites] Agency attempts to disrupt the cybercrime underground]]> 2023-03-27T09:30:00+00:00 https://www.infosecurity-magazine.com/news/nca-harvests-info-ddosers-fake/ www.secnews.physaphae.fr/article.php?IdArticle=8322031 False General Information None 2.0000000000000000 Zataz - Magazine Francais de secu Le plus ancien service de police américain piraté : 350 Go d\'informations confidentielles en vente pour 150 000 $ 2023-03-27T01:41:52+00:00 https://www.zataz.com/le-plus-ancien-service-de-police-americain-pirate-350-go-dinformations-confidentielles-en-vente-pour-150-000/ www.secnews.physaphae.fr/article.php?IdArticle=8321941 False Threat,General Information None 3.0000000000000000 Zataz - Magazine Francais de secu Comme la Russie, l\'Ukraine veut légaliser son armée de hackers volontaires 2023-03-27T00:00:38+00:00 https://www.zataz.com/comme-la-russie-lukraine-veut-legaliser-son-armee-de-hackers-volontaires/ www.secnews.physaphae.fr/article.php?IdArticle=8321916 False General Information,Legislation None 3.0000000000000000 Zataz - Magazine Francais de secu Les autorités ont créé de faux sites de cyberattaques DDoS 2023-03-26T23:00:54+00:00 https://www.zataz.com/les-autorites-ont-cree-de-faux-sites-de-cyberattaques-ddos/ www.secnews.physaphae.fr/article.php?IdArticle=8321908 False General Information None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le package Python malveillant utilise une ruse Unicode pour échapper à la détection et à voler des données [Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data] A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting]]> 2023-03-24T19:10:00+00:00 https://thehackernews.com/2023/03/malicious-python-package-uses-unicode.html www.secnews.physaphae.fr/article.php?IdArticle=8321243 False General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Webinaire Thn: à l'intérieur du risque élevé des applications SaaS 3rd-partie [THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps] Any app that can improve business operations is quickly added to the SaaS stack. However, employees don\'t realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their]]> 2023-03-24T17:13:00+00:00 https://thehackernews.com/2023/03/thn-webinar-inside-high-risk-of-3rd.html www.secnews.physaphae.fr/article.php?IdArticle=8321215 False General Information,Cloud None 3.0000000000000000 Zataz - Magazine Francais de secu Clés USB explosives envoyées à des journalistes 2023-03-24T15:59:29+00:00 https://www.zataz.com/cles-usb-explosives-envoyees-a-des-journalistes/ www.secnews.physaphae.fr/article.php?IdArticle=8321264 False Threat,General Information None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les chercheurs découvrent les pirates d'État national chinois \\ 'Stratégies d'attaque trompeuse [Researchers Uncover Chinese Nation State Hackers\\' Deceptive Attack Strategies] A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a]]> 2023-03-24T15:29:00+00:00 https://thehackernews.com/2023/03/researchers-uncover-chinese-nation.html www.secnews.physaphae.fr/article.php?IdArticle=8321199 False General Information None 3.0000000000000000 Zataz - Magazine Francais de secu Des pirates de l\'administration fiscale devant la justice 2023-03-24T15:19:36+00:00 https://www.zataz.com/des-pirates-de-ladministration-fiscale-devant-la-justice/ www.secnews.physaphae.fr/article.php?IdArticle=8321265 False General Information,Legislation None 2.0000000000000000 The Intercept - Site journalistique Anglais Exclusif: Deux groupes soutenus par Koch dénoncent l'attaque de Ron DeSantis contre les journalistes [Exclusive: Two Koch-Backed Groups Speak Out Against Ron DeSantis\\'s Attack on Journalists] Americans for Prosperity, un géant du plaidoyer de droite, a fermement soutenu le gouverneur de la Floride - mais fait pression contre son plan pour paralyser les journalistes.
>Americans for Prosperity, a giant of right-wing advocacy, has strongly supported the Florida governor - but is lobbying against his plan to cripple journalists. ]]> 2023-03-24T15:11:55+00:00 https://theintercept.com/2023/03/24/ron-desantis-news-media-koch/ www.secnews.physaphae.fr/article.php?IdArticle=8321263 False General Information None 2.0000000000000000 MitnickSecurity - Former Hacker Services Violation et simulation d'attaque vs équipe rouge Pentest [Breach and Attack Simulation vs Red Team Pentesting] 2023-03-24T14:56:26+00:00 https://www.mitnicksecurity.com/blog/breach-and-attack-simulation www.secnews.physaphae.fr/article.php?IdArticle=8321257 False Threat,General Information None 2.0000000000000000 Global Security Mag - Site de news francais AI en cybersécurité, de Matt Aldridge, cyber-sécurité OpenText [AI in cybersecurity, from Matt Aldridge, OpenText Cyber Security] opinion
The commentary from Matt Aldridge, Prinicpal Solutions Consultant, OpenText Cyber Security, on AI in cybersecurity - Opinion]]> 2023-03-24T14:13:05+00:00 https://www.globalsecuritymag.fr/AI-in-cybersecurity-from-Matt-Aldridge-OpenText-Cyber-Security.html www.secnews.physaphae.fr/article.php?IdArticle=8321255 False General Information None 2.0000000000000000 Dark Reading - Informationweek Branch La sécurité des applications nécessite plus d'investissement dans l'éducation des développeurs [Application Security Requires More Investment in Developer Education] If you haven\'t done so already, it\'s time to take the first step toward solving this application security dilemma.]]> 2023-03-24T14:00:00+00:00 https://www.darkreading.com/application-security/application-security-requires-more-investment-in-developer-education www.secnews.physaphae.fr/article.php?IdArticle=8321244 False General Information None 2.0000000000000000 IT Security Guru - Blog Sécurité Dole confirme que les données des employés ont été violées après l'attaque de ransomware de février [Dole confirms employee data was breached following February ransomware attack] This week, Dole Food Company revealed that hackers behind a February ransomware attack have accessed the data of an undisclosed number of employees. “In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” said Dole in a filing to the U.S. Securities and Exchange Commission (SEC) […] ]]> 2023-03-24T12:55:52+00:00 https://www.itsecurityguru.org/2023/03/24/dole-confirms-employee-data-was-breached-following-february-ransomware-attack/?utm_source=rss&utm_medium=rss&utm_campaign=dole-confirms-employee-data-was-breached-following-february-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8321225 False Ransomware,General Information None 3.0000000000000000 Silicon - Site de News Francais " Pourquoi nous quittons le cloud " : les raisons d\'un retour en arrière 2023-03-24T12:39:00+00:00 https://www.silicon.fr/pourquoi-quittons-cloud-raisons-dun-retour-arriere-461421.html www.secnews.physaphae.fr/article.php?IdArticle=8321229 False General Information,Cloud None 4.0000000000000000 Silicon - Site de News Francais Bill Gates : " L\'ère de l\'IA a commencé " 2023-03-24T11:52:45+00:00 https://www.silicon.fr/bill-gates-ia-chatgpt-461405.html www.secnews.physaphae.fr/article.php?IdArticle=8321211 False General Information None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Sticks USB explosifs [Exploding USB Sticks] Cachette d'explosifs & # 8212; réelles & # 8212; In USB Sticks: Dans la ville portuaire de Guayaquil, la journaliste Lenin Artieda de la station de télévision privée de l'Equcisa a reçu une enveloppe contenant un lecteur de stylo qui a explosé lorsqu'il l'a inséré dans un ordinateur, a déclaré son employeur. Artieda a subi de légères blessures à une main et à son visage, a déclaré le responsable de la police, Xavier Chango.Personne d'autre n'a été blessé. Chango a déclaré que le lecteur USB envoyé à Artieda aurait pu être chargé de RDX, un explosif de type militaire. Plus : Selon le responsable de la police Xavier Chango, le lecteur flash qui s'est éteint avait une charge explosive de 5 volts et aurait utilisé RDX.Également connu sous le nom de T4, selon l'Environmental Protection Agency (...
In case you don’t have enough to worry about, people are hiding explosives—actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango. No one else was hurt. Chango said the USB drive sent to Artieda could have been loaded with RDX, a military-type explosive. More: According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (...]]> 2023-03-24T11:04:43+00:00 https://www.schneier.com/blog/archives/2023/03/exploding-usb-sticks.html www.secnews.physaphae.fr/article.php?IdArticle=8321196 False General Information None 2.0000000000000000 Global Security Mag - Site de news francais Le harcèlement a été multiplié par 20 dans les attaques par ransomware, selon l\'Unit 42 de Palo Alto Networks Malwares]]> 2023-03-24T11:02:26+00:00 https://www.globalsecuritymag.fr/Le-harcelement-a-ete-multiplie-par-20-dans-les-attaques-par-ransomware-selon-l.html www.secnews.physaphae.fr/article.php?IdArticle=8321217 False Ransomware,General Information None 2.0000000000000000 Global Security Mag - Site de news francais Jean-Dominique Quien, TrustBuilder : Les RSSI doivent favoriser l\'utilisation de solutions de cybersécurité développées en Europe Interviews / ]]> 2023-03-24T10:56:13+00:00 https://www.globalsecuritymag.fr/Jean-Dominique-Quien-TrustBuilder-Les-RSSI-doivent-favoriser-l-utilisation-de.html www.secnews.physaphae.fr/article.php?IdArticle=8321202 False General Information None 2.0000000000000000 Silicon - Site de News Francais Pourquoi Accenture réaligne ses effectifs 2023-03-24T10:55:42+00:00 https://www.silicon.fr/accenture-realigne-ses-effectifs-461368.html www.secnews.physaphae.fr/article.php?IdArticle=8321212 False General Information None 2.0000000000000000 Bleeping Computer - Magazine Américain \\ 'amer \\' Hackers d'espionnage cibler les orgs d'énergie nucléaire chinoise [\\'Bitter\\' espionage hackers target Chinese nuclear energy orgs] A cyberespionage hacking group tracked as \'Bitter APT\' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. [...]]]> 2023-03-24T10:47:57+00:00 https://www.bleepingcomputer.com/news/security/bitter-espionage-hackers-target-chinese-nuclear-energy-orgs/ www.secnews.physaphae.fr/article.php?IdArticle=8321252 False Malware,General Information None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Maintenant, le Parlement britannique interdit Tiktok de son réseau et de ses appareils [Now UK Parliament Bans TikTok from its Network and Devices] Further blow for Chinese social media app]]> 2023-03-24T10:00:00+00:00 https://www.infosecurity-magazine.com/news/parliament-bans-tiktok-network/ www.secnews.physaphae.fr/article.php?IdArticle=8321185 False General Information,Legislation None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les e-mails de phishing IRS utilisés pour distribuer Emotet [IRS Phishing Emails Used to Distribute Emotet] Monster 500MB attachment hides a nasty surprise]]> 2023-03-24T10:00:00+00:00 https://www.infosecurity-magazine.com/news/irs-phishing-emails-emotet/ www.secnews.physaphae.fr/article.php?IdArticle=8321184 False Threat,General Information None 2.0000000000000000 Silicon - Site de News Francais SAP fait face aux doléances de ses clients allemands 2023-03-24T09:43:21+00:00 https://www.silicon.fr/sap-doleances-club-utilisateurs-referent-461367.html www.secnews.physaphae.fr/article.php?IdArticle=8321188 False Vulnerability,Threat,General Information None 3.0000000000000000 01net. Actualites - Securite - Magazine Francais Comment la police a utilisé un AirTag pour piéger des trafiquants de drogue N'en déplaise à Apple, la police fédérale américaine s'est servie d'un AirTag pour enquêter sur un trafic de drogues.]]> 2023-03-24T09:15:10+00:00 https://www.01net.com/actualites/comment-police-utilise-airtag-pieger-trafiquants-drogues.html www.secnews.physaphae.fr/article.php?IdArticle=8321183 False General Information,Legislation None 3.0000000000000000 ComputerWeekly - Computer Magazine Opération de piqûre de l'agence nationale de la criminalité infiltre le marché de la cybercriminalité [National Crime Agency sting operation infiltrates cyber crime market] 2023-03-24T08:45:00+00:00 https://www.computerweekly.com/news/365533993/National-Crime-Agency-sting-operation-infiltrates-cyber-crime-market www.secnews.physaphae.fr/article.php?IdArticle=8321224 False General Information None 3.0000000000000000 Silicon - Site de News Francais OpenAI amorce le décloisonnement de ChatGPT 2023-03-24T08:17:09+00:00 https://www.silicon.fr/openai-decloisonnement-chatgpt-461362.html www.secnews.physaphae.fr/article.php?IdArticle=8321175 False General Information ChatGPT,ChatGPT 2.0000000000000000 Korben - Bloger francais Configurez votre webcam sous Linux avec Cameractrls Suite]]> 2023-03-24T08:00:00+00:00 https://korben.info/configurer-webcam-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8321173 False General Information None 2.0000000000000000 The Register - Site journalistique Anglais Oncle Sam révèle qu'il a envoyé des cyber-soldateurs en Albanie pour chasser les menaces iraniennes [Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats] \'Hunt forward\' teams of this sort aid with defense and learn how attackers like Tehran operate US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year\'s cyber attacks against the local government.…]]> 2023-03-24T01:05:10+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/24/us_hunt_forward_albania/ www.secnews.physaphae.fr/article.php?IdArticle=8321122 False Threat,General Information,Legislation None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cinq heures brutales pour Tiktok: le PDG a ratissé les charbons au milieu de la confidentialité, des problèmes de sécurité [Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns] TikTok came to win hearts and minds with technology and reason. It lost. ]]> 2023-03-23T20:54:48+00:00 https://cyberscoop.com/tiktok-congress-privacy-security-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8321044 False Data Breach,General Information,Legislation None 3.0000000000000000 Recorded Future - FLux Recorded Future Les sénateurs appellent le poste de cybersécurité approuvé par le Congrès au ministère de l'Énergie [Senators call for Congress-approved cybersecurity position at Department of Energy] Plusieurs sénateurs des deux parties ont appelé à l'élévation du poste de directeur de la cybersécurité au ministère de l'Énergie lors d'une audience jeudi.Le Congrès a [passé des années] (https://www.risch.senate.gov/public/index.cfm/2021/3/risch-king-urge-energy-department-don-t-downgrade-cbersesecurity) Critiquant le blancChambre et secrétaire à l'énergie Jennifer Granholm pour avoir effectivement abaissé le poste de cybersécurité à partir d'un rôle de niveau assistant-secrétaire qui nécessiterait une confirmation du Sénat
Several senators from both parties called for the elevation of the cybersecurity director position at the Department of Energy during a hearing on Thursday. Congress has [spent years](https://www.risch.senate.gov/public/index.cfm/2021/3/risch-king-urge-energy-department-don-t-downgrade-cybersecurity) criticizing the White House and Secretary of Energy Jennifer Granholm for effectively downgrading the cybersecurity position from an assistant-secretary level role that would require Senate confirmation to]]> 2023-03-23T17:50:00+00:00 https://therecord.media/department-of-energy-congress-approved-cyber-director www.secnews.physaphae.fr/article.php?IdArticle=8320993 False General Information,Legislation None 2.0000000000000000 Dark Reading - Informationweek Branch Le conseil d'administration vous verra maintenant [The Board of Directors Will See You Now] Help the board understand where the business is vulnerable, where controls end, and where exposure begins.]]> 2023-03-23T17:00:00+00:00 https://www.darkreading.com/risk/the-board-of-directors-will-see-you-now www.secnews.physaphae.fr/article.php?IdArticle=8320973 False General Information None 3.0000000000000000 Dark Reading - Informationweek Branch Épidémie de stockage sans sécurité, les appareils de sauvegarde sont une manne pour les cybercriminels [Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals] Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.]]> 2023-03-23T17:00:00+00:00 https://www.darkreading.com/risk/epidemic-insecure-storage-backup-devices-cybercriminals www.secnews.physaphae.fr/article.php?IdArticle=8320974 False Ransomware,General Information None 2.0000000000000000 Global Security Mag - Site de news francais Commentaire d'expert: Withsecure - sur le récent Rio Tinto Hack [Expert comment: WithSecure - On the recent Rio Tinto hack] mise à jour malveillant
Following the news that former and current Australian employees of Rio Tinto may have had Personal data stolen by a cybercriminal group, Paul Brucciani Cyber Security Advisor at WithSecure explain. - Malware Update]]> 2023-03-23T16:57:08+00:00 https://www.globalsecuritymag.fr/Expert-comment-WithSecure-On-the-recent-Rio-Tinto-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8320949 False Hack,General Information None 1.00000000000000000000 Recorded Future - FLux Recorded Future Les législateurs américains disent au PDG de Tiktok que l'application \\ 'devrait être interdite \\' [US lawmakers tell TikTok CEO the app \\'should be banned\\'] Le PDG de Tiktok \\ a tenté jeudi de dissiper les inquiétudes que l'application vidéo abrégée pose un risque de cybersécurité et de sécurité nationale lors de son premier témoignage auprès d'un comité de la Chambre des États-Unis.Les législateurs bipartisans du comité de l'énergie et du commerce de la Chambre ont pressé Shou Chew, qui a pris la tête de Tiktok en 2021, sur les liens de l'application
TikTok\'s chief executive attempted on Thursday to dispel concerns that the short-form video app poses a cybersecurity and national security risk in his first time testifying to a U.S. House committee. Bipartisan lawmakers on the House Energy and Commerce Committee pressed Shou Chew, who took the helm of TikTok in 2021, about the app\'s ties]]> 2023-03-23T16:45:00+00:00 https://therecord.media/tiktok-hearing-congress-ceo-shou-chew www.secnews.physaphae.fr/article.php?IdArticle=8320951 False General Information None 2.0000000000000000 Dark Reading - Informationweek Branch Mitre déploie le prototype de sécurité de la chaîne d'approvisionnement [MITRE Rolls Out Supply Chain Security Prototype] Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.]]> 2023-03-23T16:15:00+00:00 https://www.darkreading.com/risk/mitre-rolls-out-supply-chain-security-prototype www.secnews.physaphae.fr/article.php?IdArticle=8320975 False General Information None 3.0000000000000000 Silicon - Site de News Francais FinOps : optimiser les coûts, une priorité contrariée 2023-03-23T16:04:25+00:00 https://www.silicon.fr/finops-couts-priorite-contrariee-461336.html www.secnews.physaphae.fr/article.php?IdArticle=8320985 False General Information None 2.0000000000000000 SecurityWeek - Security News Intel possède une réduction de surface d'attaque avec une nouvelle plate-forme VPRO de base de 13e génération [Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform] Intel partage des informations sur les améliorations de sécurité apportées par sa nouvelle plateforme VPRO propulsée par les processeurs de base de 13e génération.
>Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors. ]]> 2023-03-23T16:01:00+00:00 https://www.securityweek.com/intel-boasts-attack-surface-reduction-with-new-13th-gen-core-vpro-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8320932 False General Information None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Nouvelle méthode d'attaque post-exploitation trouvée affectant les mots de passe OKTA [New Post-Exploitation Attack Method Found Affecting Okta Passwords] The flaw derives from the way the Okta system records failed login attempts to instances]]> 2023-03-23T16:00:00+00:00 https://www.infosecurity-magazine.com/news/attack-method-affect-okta-passwords/ www.secnews.physaphae.fr/article.php?IdArticle=8320931 False General Information None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Félicitations aux lauréats du prix du NETSKOPE 2023 de l'année [Congratulations to the Netskope 2023 Partner of the Year Award Winners] Netskope est fier d'annoncer les lauréats du prix du partenaire de l'année de cette année.Ces prix reconnaissent et célèbrent les partenaires qui ont démontré la croissance, l'innovation et l'exécution.Ces partenaires de premier plan jouent un rôle essentiel dans la transformation du réseautage et de la sécurité;Permettre aux entreprises de protéger les données partout où elle va.& # 160;Les gagnants ont été annoncés cette semaine au cours de [& # 8230;]
>Netskope is proud to announce this year\'s Global Partner of the Year award winners. These awards recognize and celebrate partners that have demonstrated growth, innovation, and execution. These leading partners are playing an integral role in transforming networking and security; enabling enterprises to protect data everywhere it goes.   Winners were announced this week during […] ]]> 2023-03-23T15:49:21+00:00 https://www.netskope.com/blog/congratulations-to-the-netskope-2023-partner-of-the-year-award-winners www.secnews.physaphae.fr/article.php?IdArticle=8320928 False General Information,Guideline None 1.00000000000000000000 Data Security Breach - Site de news Francais programme Cybersecurity Startups Growth Academy 2023-03-23T15:16:16+00:00 https://www.datasecuritybreach.fr/programme-cybersecurity-startups-growth-academy/ www.secnews.physaphae.fr/article.php?IdArticle=8320933 False General Information None 2.0000000000000000 Silicon - Site de News Francais Comment EDF mise sur les jumeaux numériques pour construire ses futurs EPR 2023-03-23T15:14:43+00:00 https://www.silicon.fr/comment-edf-mise-sur-les-jumeaux-numeriques-pour-construire-ses-futurs-epr-461292.html www.secnews.physaphae.fr/article.php?IdArticle=8320934 False General Information None 3.0000000000000000 Silicon - Site de News Francais Avec Loop, Microsoft réussira-t-il là où Google a échoué ? 2023-03-23T15:10:49+00:00 https://www.silicon.fr/loop-microsoft-reussira-t-il-google-echoue-461284.html www.secnews.physaphae.fr/article.php?IdArticle=8320935 False General Information None 2.0000000000000000 The Security Ledger - Blog Sécurité Épisode 249: CTO fédéral d'Intel Steve Orrin sur la loi sur les puces et la sécurité de la chaîne d'approvisionnement [Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security] Paul speaks with Steve Orrin, the Federal CTO at Intel Corp about representing Intel and its technologies to Uncle Sam and the impact of the CHIPS Act a massive new federal investment in semiconductors. ]]> 2023-03-23T15:08:32+00:00 https://feeds.feedblitz.com/~/732475739/0/thesecurityledger~Episode-Intel-Federal-CTO-Steve-Orrin-on-the-CHIPS-Act-and-Supply-Chain-Security/ www.secnews.physaphae.fr/article.php?IdArticle=8320927 False General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Opération cellule douce: les pirates chinoises abritent les fournisseurs de télécommunications du Moyen-Orient [Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers] Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps. "The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy]]> 2023-03-23T14:59:00+00:00 https://thehackernews.com/2023/03/operation-soft-cell-chinese-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8320862 False General Information None 2.0000000000000000 Silicon - Site de News Francais Cloud : la FTC évalue les pratiques d\'hyperscalers Les pratiques des principaux fournisseurs cloud sont-elles anticoncurrentielles ? La Commission américaine du commerce (FTC) investigue.]]> 2023-03-23T14:22:25+00:00 https://www.silicon.fr/cloud-ftc-pratiques-hyperscalers-461285.html www.secnews.physaphae.fr/article.php?IdArticle=8320913 False General Information,Cloud None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Agences allemandes et sud-coréennes alertes des attaques de Kimsuky \\ [German and South Korean Agencies Alerts of Kimsuky\\'s Attacks] German and South Korean intelligence agencies have issued a joint warning against the increasing cyber-attack tactics of a North Korean hacker group called Kimsuky. The group, believed to be backed by the North Korean government, has been targeting organizations in both countries with sophisticated phishing campaigns and malware attacks. The warning comes as cyber-attacks continue […]]]> 2023-03-23T14:10:11+00:00 https://informationsecuritybuzz.com/german-south-korean-agencies-alerts-kimsuky-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8320910 False Malware,General Information None 3.0000000000000000 Dark Reading - Informationweek Branch Parlez-vous à un carbone, un silicium ou une identité artificielle? [Are You Talking to a Carbon, Silicon, or Artificial Identity?] In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms - humans - is key. Safeguards must be in place as AI becomes more interactive.]]> 2023-03-23T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/are-you-talking-to-a-carbon-silicon-or-artificial-identity- www.secnews.physaphae.fr/article.php?IdArticle=8320902 False General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les agences allemandes et sud-coréennes mettent en garde contre les tactiques de cyber-attaque de Kimsuky \\ [German and South Korean Agencies Warn of Kimsuky\\'s Expanding Cyber Attack Tactics] German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users\' Gmail inboxes. The joint advisory comes from Germany\'s domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea\'s National Intelligence Service of the Republic of Korea (NIS]]> 2023-03-23T13:07:00+00:00 https://thehackernews.com/2023/03/german-and-south-korean-agencies-warn.html www.secnews.physaphae.fr/article.php?IdArticle=8320822 False Threat,General Information None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La menace pressante des drones de fabrication chinoise volant au-dessus des infrastructures critiques américaines [The pressing threat of Chinese-made drones flying above U.S. critical infrastructure] Les drones de China \'s DJI contiennent des caméras haute résolution, des capteurs avancés et un accès sans fil, ouvrant la porte à l'espionnage et au sabotage.
>Drones from China\'s DJI contain high-res cameras, advanced sensors and wireless access, opening the door for espionage and sabotage. ]]> 2023-03-23T13:00:00+00:00 https://cyberscoop.com/chinese-drone-threat-dji-regulation-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8320886 False Threat,General Information None 3.0000000000000000 Recorded Future - FLux Recorded Future Les incidents liés à l'Iran ont incité le cyber commandement à envoyer \\ 'Hunt Forward \\' Team en Albanie [Iran-linked incidents spurred Cyber Command to send \\'hunt forward\\' team to Albania] L'armée américaine a envoyé une équipe de cyber-opérateurs en Albanie l'année dernière pour aider à y défendre les réseaux gouvernementaux après une paire d'attaques numériques qui ont été imputées à l'Iran.La Cyber National Mission Force (CNMF) a déployé une équipe de deux douzaines de personnel sur une opération «Hunt Forward» [après le deuxième piratage] (https://therecord.media/Abanian-pm-says-iranian-hackers-hit-country-With-un autre cyberattaque), qui a eu lieu
The U.S. military sent a team of cyber operators to Albania last year to help defend government networks there after a pair of digital attacks that were blamed on Iran. The Cyber National Mission Force (CNMF) deployed a team of two dozen personnel on a “hunt forward” operation [following the second hack](https://therecord.media/albanian-pm-says-iranian-hackers-hit-country-with-another-cyberattack), which took place]]> 2023-03-23T12:44:00+00:00 https://therecord.media/iran-albania-cyber-command-hunt-forward www.secnews.physaphae.fr/article.php?IdArticle=8320884 False General Information None 3.0000000000000000 knowbe4 - cybersecurity services Les utilisateurs cliquant sur plusieurs liens de phishing mobile augmentent de 637% en seulement deux ans [Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years] Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years ]]> 2023-03-23T12:13:58+00:00 https://blog.knowbe4.com/users-click-multiple-mobile-phishing-links www.secnews.physaphae.fr/article.php?IdArticle=8320882 False General Information None 3.0000000000000000 knowbe4 - cybersecurity services Les cyber-assureurs suppriment tranquillement la couverture de l'ingénierie sociale et des allégations d'instruction frauduleuse [Cyber Insurers Quietly Remove Coverage for Social Engineering and Fraudulent Instruction Claims] Cyber Insurers Quietly Remove Coverage for Social Engineering and Fraudulent Instruction Claims ]]> 2023-03-23T12:13:56+00:00 https://blog.knowbe4.com/cyber-insurers-remove-social-engineering-coverage www.secnews.physaphae.fr/article.php?IdArticle=8320883 False General Information None 2.0000000000000000 Intigrity - Blog Comment l'intigriti protége vos données avec le chiffrement au niveau de l'application [How Intigriti keeps your data safe with application-level encryption] Notre processus de chiffrement au niveau de l'application est inégalé par toute autre plate-forme de prime de bogue. & # 160;Chez Intigriti, nous savons à quel point nos clients sont importants pour assurer la sécurité de leurs données.Après tout, les plates-formes de prime de bogue et de sécurité du crowdsourced gèrent une multitude d'informations sensibles, y compris les soumissions de vulnérabilité, les communications des chercheurs et les données financières. & # 160;Cependant, ce n'est pas seulement notre [& # 8230;]
>Our application-level encryption process is unmatched by any other bug bounty platform.  At Intigriti, we know how important it is for our customers to keep their data safe. After all, bug bounty and crowdsourced security platforms handle a wealth of sensitive information, including vulnerability submissions, researcher communications, and financial data.  However, it\'s not only our […] ]]> 2023-03-23T11:46:21+00:00 https://blog.intigriti.com/2023/03/23/how-intigriti-keeps-your-data-safe-with-application-level-encryption/ www.secnews.physaphae.fr/article.php?IdArticle=8320871 False Vulnerability,General Information None 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le gouvernement britannique définit la vision de la cybersécurité du NHS [UK Government Sets Out Vision for NHS Cybersecurity] Plans to boost cyber-resilience in the health service by 2030]]> 2023-03-23T10:40:00+00:00 https://www.infosecurity-magazine.com/news/government-sets-out-vision-nhs/ www.secnews.physaphae.fr/article.php?IdArticle=8320864 False General Information None 2.0000000000000000 Silicon - Site de News Francais Broadcom-VMware : coup de frein sur le rachat au Royaume-Uni 2023-03-23T10:39:55+00:00 https://www.silicon.fr/broadcom-vmware-coup-de-frein-sur-le-rachat-au-royaume-uni-461269.html www.secnews.physaphae.fr/article.php?IdArticle=8320863 False General Information None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Comprendre la détection et la réponse gérées & # 8211;Et que rechercher dans une solution MDR [Understanding Managed Detection and Response – and what to look for in an MDR solution] Why your organization should consider an MDR solution and five key things to look for in a service offering ]]> 2023-03-23T10:30:58+00:00 https://www.welivesecurity.com/2023/03/23/understanding-managed-detection-response-what-look-mdr-solution/ www.secnews.physaphae.fr/article.php?IdArticle=8320939 False General Information None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Blackguard Stealer étend ses capacités dans une nouvelle variante [BlackGuard stealer extends its capabilities in new variant] 2021, when a Russian user posted information about a new malware called BlackGuard. It was offered for $700 lifetime or $200 monthly, claiming it can collect information from a wide range of applications and browsers. In November 2022, an update for BlackGuard was announced in Telegram by its developer. Along with the new features, the malware author suggests free help with installing the command & control panel (Figure 1) announcement in Telegraph Figure 1. Announcement of new malware version in its Telegram channel. Analysis When executed, BlackGuard first checks if another instance is running by creating a Mutex. Then to ensure it will survive a system reboot, the malware adds itself to the “Run” registry key. The malware also checks if it\'s running in debugger mode by checking TickCount and checking if the current user belongs to a specific list to determine whether it is running in a malware sandbox environment. (Figure 2) Blackguard avoiding detection Figure 2. Malware will avoid execution if running under specific user names. Now all is ready for stealing the user’s sensitive data. It collects all stolen information in a folder where each piece of data is stored in a specific folder, such as Browsers, Files, Telegram, etc. (Figure 3) Blackguard main folder Figure 3. BlackGuard main folder with stolen data divided into folders. When it finishes collecting sensitive data, the malware will zip the main folder using the password “xNET3301LIVE” and send it to its command & control. (Figure 4) Zipped exfiltration data Figure 4. Zipping exfiltrated data with password and uploading to command & control. Browser stealth Along with collecting cookies, history and downloads of different browsers, BlackGuard also looks for the existence of special files and folders of different browsers. (This includes “Login Data”, AutoFill, History and Downloads. (Figure 5)  Blackguard collecting browser information Figure 5. Collecting browser information. Below is the list of browsers BlackGuard is looking for: Chromium ]]> 2023-03-23T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/blackguard-stealer-extends-its-capabilities-in-new-variant www.secnews.physaphae.fr/article.php?IdArticle=8320836 False Malware,Tool,Threat,General Information None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Malivents Chatgpt Chrome Extension détourne les comptes Facebook [Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts] Software was unwittingly downloaded thousands of times]]> 2023-03-23T10:00:00+00:00 https://www.infosecurity-magazine.com/news/malicious-chatgpt-chrome-hijacks/ www.secnews.physaphae.fr/article.php?IdArticle=8320841 False General Information ChatGPT,ChatGPT 2.0000000000000000 Silicon - Site de News Francais GitHub Copilot : ce qui va changer avec GPT-4 2023-03-23T09:59:20+00:00 https://www.silicon.fr/github-copilot-gpt-4-461265.html www.secnews.physaphae.fr/article.php?IdArticle=8320840 False General Information None 2.0000000000000000 SecurityWeek - Security News Dole dit que les informations des employés sont compromises dans l'attaque des ransomwares [Dole Says Employee Information Compromised in Ransomware Attack] Dole a admis dans un dossier de la SEC que son enquête sur la récente attaque de ransomware a révélé que les pirates avaient accédé aux informations des employés.
>Dole has admitted in an SEC filing that its investigation into the recent ransomware attack found that the hackers had accessed employee information. ]]> 2023-03-23T09:24:48+00:00 https://www.securityweek.com/dole-says-employee-information-compromised-in-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8320851 False Ransomware,General Information None 3.0000000000000000 The Register - Site journalistique Anglais Les attaquants ont frappé Bitcoin ATM pour voler 1,5 million de dollars en espèces crypto [Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash] 2023-03-23T09:02:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/23/general_bytes_crypto_atm/ www.secnews.physaphae.fr/article.php?IdArticle=8320830 False General Information,Cloud None 2.0000000000000000 Kaspersky - Kaspersky Research blog Développer un livre de jeu de réponse aux incidents [Developing an incident response playbook] Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the (almost) perfect playbook.]]> 2023-03-23T08:00:00+00:00 https://securelist.com/developing-an-incident-response-playbook/109145/ www.secnews.physaphae.fr/article.php?IdArticle=8320821 False General Information None 3.0000000000000000 Korben - Bloger francais Jarg – Une interface graphique pour Restic Suite]]> 2023-03-23T08:00:00+00:00 https://korben.info/jarg-interface-graphique-restic.html www.secnews.physaphae.fr/article.php?IdArticle=8320828 False General Information,Cloud None 1.00000000000000000000 The State of Security - Magazine Américain ITIL pour la gestion du changement et l'amélioration continue & # 8211;Propulsé par Tripwire [ITIL For Change Management and Continuous Improvement – Powered by Tripwire] During discussions with clients about their approach to managing IT services, many organizations refer to the Information Technology Infrastructure Library (ITIL) practices as a key component of their approach. This is not surprising, as the ITIL framework provides a practical methodology for IT management, enabling the use of technology to align with business needs. By prioritizing business goals over technology-centric standards, ITIL can be readily applied to a broad range of infrastructure environments, driving continuous improvement and enhancing operational stability. In the fast-moving...]]> 2023-03-23T04:23:25+00:00 https://www.tripwire.com/state-of-security/itil-the-change-management-process-and-tripwire-enterprise www.secnews.physaphae.fr/article.php?IdArticle=8320837 False General Information None 2.0000000000000000 AhnLab - Korean Security Firm Avertissement pour la vulnérabilité d'escalade des privilèges Office Microsoft Office (CVE-2023-23397) [Warning for Microsoft Office Outlook Privilege Escalation Vulnerability (CVE-2023-23397)] aperçu Microsoft a découvert une vulnérabilité dans Outlook pour Windows qui est exploité pour voler les informations d'identification NTLM.Microsoft a attribué le code CVE-2023-23397 à cette vulnérabilité.La société lui a donné un score CVSS inhabituellement élevé de 9,8, CVSS étant le score d'évaluation du niveau de gravité.Détails de la vulnérabilité Outlook a une fonctionnalité \\ 'rappel \' qui alerte les utilisateurs des horaires de leur calendrier.L'alerte suivante est également affichée lorsque la période de planification s'est écoulée.Figure 1. Fonctionnement du rappel Outlook le ...
Overview Microsoft has discovered a vulnerability in Outlook for Windows that is being exploited to steal NTLM credentials. Microsoft has assigned the code CVE-2023-23397 to this vulnerability. The company gave it an unusually high CVSS score of 9.8, with CVSS being the evaluation score for the severity level. Vulnerability Details Outlook has a \'Reminder\' feature which alerts users of schedules on their calendar. The following alert is also displayed when the schedule period has elapsed. Figure 1. Outlook Reminder feature The... ]]> 2023-03-23T02:00:00+00:00 https://asec.ahnlab.com/en/50218/ www.secnews.physaphae.fr/article.php?IdArticle=8320792 False Vulnerability,General Information None 2.0000000000000000 AhnLab - Korean Security Firm AVERTISSEMENT POUR LE PROGRAMME DE GESTION D'ACTIF [Warning for Asset Management Program (TCO!Stream) Vulnerability and Update Recommendation] logiciel vulnérable et aperçu TCO! Stream est une solution de gestion des actifs développée par la société coréenne, MLSoft.Composé d'un serveur et d'un client, les administrateurs peuvent utiliser le programme de console pour effectuer des travaux de gestion des actifs en accédant au serveur.TCO! Stream offre diverses fonctionnalités pour la gestion des actifs, mais il existe un processus qui s'exécute constamment sur le client afin de recevoir des commandes du serveur.Les commandes sont effectuées via ce processus.Cette solution de gestion est exposée à des attaques de vulnérabilité qui pourraient ...
Vulnerable Software and Overview TCO!Stream is an asset management solution developed by the Korean company, MLsoft. Consisting of a server and a client, administrators can use the console program to perform asset management work by accessing the server. TCO!Stream offers various features for asset management, but there is a process that runs constantly on the client in order to receive commands from the server. Commands are performed through this process. This management solution is exposed to vulnerability attacks that could... ]]> 2023-03-23T01:50:00+00:00 https://asec.ahnlab.com/en/50213/ www.secnews.physaphae.fr/article.php?IdArticle=8320793 False Vulnerability,General Information None 2.0000000000000000 AhnLab - Korean Security Firm Avertissement pour la solution de certification (VESTCERT) Vulnérabilité et recommandation de mise à jour [Warning for Certification Solution (VestCert) Vulnerability and Update Recommendation] logiciel vulnérable et aperçu Vestcert est un programme de certification utilisé lors de l'accès aux sites Web, et est un module non actifxDéveloppé par la société coréenne, YETTIESOFT. & # 160; Ce programme est enregistré en tant que programme de démarrage et sera relancé par le service de Yettiesoft (Gozi) même s'il est résilié.Il reste constamment actif en tant que processus une fois qu'il est installé, il peut donc être exposé à des attaques de vulnérabilité. & # 160; Ainsi, il doit être mis à jour vers la dernière version.Description de la vulnérabilité Cette vulnérabilité était la première ...
Vulnerable Software and Overview VestCert is a certification program used while accessing websites, and is a non-ActiveX module developed by the Korean company, Yettiesoft. This program is registered as a Startup Program and will be relaunched by Yettiesoft’s service (Gozi) even if it is terminated. It remains constantly active as a process once it is installed, so it can be exposed to vulnerability attacks. Thus, it needs to be updated to the latest version. Description of the Vulnerability This vulnerability was first... ]]> 2023-03-23T00:20:00+00:00 https://asec.ahnlab.com/en/50205/ www.secnews.physaphae.fr/article.php?IdArticle=8320794 False Vulnerability,General Information None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection AMADEY INFO-SELECTEUR: Exploiter les vulnérabilités du jour pour lancer des informations sur le vol de logiciels malveillants [Amadey Info-Stealer: Exploiting N-Day Vulnerabilities to Launch Information Stealing Malware] Amadey Info-stealer malware was detected across over 30 customers between August and December 2022, spanning various regions and industry verticals. This blog highlights the resurgence of Malware as a Service (MaaS) and the leveraging of existing N-Day vulnerabilities in SmokeLoader campaigns to launch Amadey on customers\' networks. This investigation was part of Darktrace\'s continuous Threat Research work in efforts to identify and contextualize threats across the Darktrace fleet, building off of AI insights through collaborative human analysis.]]> 2023-03-23T00:00:00+00:00 https://darktrace.com/blog/amadey-info-stealer-exploiting-n-day-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8320872 False Malware,Threat,General Information None 3.0000000000000000 AhnLab - Korean Security Firm Caractéristique d'évasion MDS \\ 'des boîtes anti-sands qui utilisent des fenêtres contextuelles [MDS\\' Evasion Feature of Anti-sandboxes That Uses Pop-up Windows] Ahnlab Security Emergency Response Center (ASEC) surveille diverses tactiques anti-sandbox pour échapper aux bacs à sands.Cet article couvrira la technique anti-sandbox plutôt persistante qui exploite la forme de bouton des fichiers de mots icedid malveillants et la caractéristique d'évasion des MDS des Ahnlab & # 8217; qui est destiné à détecter un comportement malveillant.Une technique anti-sandbox qui exploite le formulaire de bouton est contenue dans le fichier mot icedid malveillant (convert.dot);Cependant, un processus en 2 étapes doit être effectué par un utilisateur avant le malveillant ...
AhnLab Security Emergency response Center (ASEC) is monitoring various anti-sandbox tactics to evade sandboxes. This post will cover the rather persistent anti-sandbox technique that exploits the button form of the malicious IcedID Word files and the evasion feature of AhnLab’s MDS which is meant for detecting malicious behavior. An anti-sandbox technique that exploits the button form is contained within the malicious IcedID Word file (convert.dot); however, a 2-step process is required to be done by a user before the malicious... ]]> 2023-03-23T00:00:00+00:00 https://asec.ahnlab.com/en/50198/ www.secnews.physaphae.fr/article.php?IdArticle=8320795 False General Information None 2.0000000000000000 AhnLab - Korean Security Firm ASEC Weekly Malware Statistics (13 mars 2023 & # 8211; 19 mars 2023) [ASEC Weekly Malware Statistics (March 13th, 2023 – March 19th, 2023)] L'équipe d'analyse du centre d'intervention d'urgence (ASEC) AHNLAB utilise le système d'analyse automatique ASEC Rapit pour catégoriser et répondreaux logiciels malveillants connus.Ce message répertorie les statistiques hebdomadaires collectées du 13 mars 2023 (lundi) au 19 mars 2023 (dimanche).Pour la catégorie principale, InfostEaler s'est d'abord classé avec 43,8%, suivi de la porte dérobée avec 34,5%, du téléchargeur avec 18,7%, des ransomwares avec 1,7%, des logiciels malveillants bancaires avec 0,9% et de la co -minner avec 0,4%.Top 1 & # 8211; & # 160;Redline Redline s'est classée en première place avec 23,4%.Le malware vole ...
AhnLab Security Emergency response Center (ASEC) analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 13th, 2023 (Monday) to March 19th, 2023 (Sunday). For the main category, Infostealer ranked first with 43.8%, followed by backdoor with 34.5%, downloader with 18.7%, ransomware with 1.7%, banking malware with 0.9%, and CoinMiner with 0.4%. Top 1 –  Redline RedLine ranked first place with 23.4%. The malware steals... ]]> 2023-03-22T23:50:00+00:00 https://asec.ahnlab.com/en/50173/ www.secnews.physaphae.fr/article.php?IdArticle=8320796 False Ransomware,Malware,General Information None 2.0000000000000000 AhnLab - Korean Security Firm ASEC Weekly Phishing Email Trends Threat (5 mars 2023 & # 8211; 11 mars 2023) [ASEC Weekly Phishing Email Threat Trends (March 5th, 2023 – March 11th, 2023)] Ahnlab Security Emergency Response Center (ASEC) surveille les menaces par e-mail avec le système d'analyse automatique ASEC (Rapit) et le pot de miel.Ce message couvrira les cas de distribution des e-mails de phishing au cours de la semaine du 5 mars 2023 au 11 mars 2023 et fournira des informations statistiques sur chaque type.Généralement, le phishing est cité comme une attaque qui fuit les utilisateurs & # 8217;Connexion des informations de connexion en déguisant ou en imitant un institut, une entreprise ou un individu grâce à des méthodes d'ingénierie sociale.Sur une note plus large, ...
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from March 5th, 2023 to March 11th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,... ]]> 2023-03-22T23:30:00+00:00 https://asec.ahnlab.com/en/49839/ www.secnews.physaphae.fr/article.php?IdArticle=8320797 False Threat,General Information None 2.0000000000000000