www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-13T20:00:44+00:00 www.secnews.physaphae.fr Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Mémo sur les menaces du cloud: un parasite exploitant les services cloud légitimes Cloud Threats Memo: A Parasite Exploiting Legitimate Cloud Services Les extensions de navigateur malveillant sont un vecteur d'attaque commun utilisé par les acteurs de la menace pour voler des informations sensibles, telles que les cookies d'authentification ou les informations de connexion, ou pour manipuler les transactions financières.Dans le dernier exemple d'une menace similaire, les chercheurs de Trend Micro ont découvert une extension Google Chrome malveillante (travaillant également sur des navigateurs à base de chrome tels que Microsoft [& # 8230;]

>Malicious browser extensions are a common attack vector used by threat actors to steal sensitive information, such as authentication cookies or login credentials, or to manipulate financial transactions. In the latest example of a similar threat, researchers from Trend Micro have discovered a malicious Google Chrome extension (also working on Chromium-based browsers such as Microsoft […] ]]> 2023-12-01T16:50:30+00:00 https://www.netskope.com/blog/cloud-threats-memo-a-parasite-exploiting-legitimate-cloud-services www.secnews.physaphae.fr/article.php?IdArticle=8418358 False Threat,Prediction,Cloud None 2.0000000000000000 UnderNews - Site de news "pirate" francais Cyber 2024 : Proofpoint voit cinq tendances clés En cette saison de prédictions pour l'année à venir, nous vous proposons un regard sur les tendances cyber 2024, à travers l'analyse de Patrick Joyce, RSSI Global chez Proofpoint, société spécialisée en matière de cybersécurité et de conformité. Tribune – L'année 2023 a une nouvelle fois été marquée par une recrudescence des cyberattaques – en […] The post Cyber 2024 : Proofpoint voit cinq tendances clés first appeared on UnderNews.]]> 2023-11-30T09:10:53+00:00 https://www.undernews.fr/reseau-securite/cyber-2024-proofpoint-voit-cinq-tendances-cles.html www.secnews.physaphae.fr/article.php?IdArticle=8418014 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Trend Micro Incorporated annonce Trend Vision One™ Produits]]> 2023-11-29T08:05:35+00:00 https://www.globalsecuritymag.fr/Trend-Micro-Incorporated-annonce-Trend-Vision-One-TM.html www.secnews.physaphae.fr/article.php?IdArticle=8417731 False Threat,Prediction,Cloud None 2.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels Les prédictions cyber 2024 du Threat Lab WatchGuard 2023-11-29T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/manipulation-de-modeles-linguistiques-piratage-de-casques-vr-renouveau-des www.secnews.physaphae.fr/article.php?IdArticle=8417803 False Tool,Threat,Prediction ChatGPT,ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms Prédictions 2024 de Proofpoint \\: Brace for Impact Proofpoint\\'s 2024 Predictions: Brace for Impact 2023-11-28T23:05:04+00:00 https://www.proofpoint.com/us/blog/ciso-perspectives/proofpoints-2024-predictions-brace-impact www.secnews.physaphae.fr/article.php?IdArticle=8417740 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Prediction ChatGPT,ChatGPT 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Spotlight des ransomwares: Trigona Ransomware Spotlight: Trigona #### Description The Trigona ransomware, first tracked by Trend Micro as Water Ungaw, emerged in October 2022 but binaries of the ransomware were seen as early as June of the same year. The group positioned itself as running a lucrative scheme, launching global attacks and advertising revenues up to 20% to 50% for each successful attack.The group was also reported as communicating with network access brokers who provide compromised credentials via the Russian Anonymous Marketplace (RAMP) forum\'s internal chats and using the sourced information to obtain initial access to targets. In April 2023, Trigona started targeting compromised Microsoft SQL (MSSQL) Servers via brute-force attacks. A month later, a Linux version of Trigona was found that shared similarities with its Windows counterpart. The Trigona ransomware is also linked to CryLock due to their similarities in tactics, techniques, and procedures (TTPs), ransom note file name, and email addresses used. Trigona ransomware targeted government organizations the most, with attack attempts making up 21.4% of total detections, according to feedback from Trend customers who detailed the industries in which they belong. Trigona also targeted enterprises in the technology, retail, fast-moving consumer goods, and banking industries. The group set its sights on small- and medium-sized businesses, which made up more than half of the group\'s total victims from April to October 2023. Trigona compromised a total of 33 organizations within the aforementioned period. #### Reference URL(s) 1. https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona #### Publication Date November 28, 2023 #### Author(s) Trend Micro Research ]]> 2023-11-28T21:56:39+00:00 https://community.riskiq.com/article/c02ee065 www.secnews.physaphae.fr/article.php?IdArticle=8417638 False Ransomware,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Cybersécurité : cinq tendances à suivre en 2024 Points de Vue]]> 2023-11-28T17:44:32+00:00 https://www.globalsecuritymag.fr/Cybersecurite-cinq-tendances-a-suivre-en-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8417578 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Cinq tendances de cybersécurité à s'attendre en 2024 Five cybersecurity trends to expect in 2024 opinion

Five cybersecurity trends to expect in 2024 AI-powered attacks will accelerate cybercrime and cyber insurance will be harder to get. - Opinion]]> 2023-11-28T17:38:09+00:00 https://www.globalsecuritymag.fr/Five-cybersecurity-trends-to-expect-in-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8417579 False Prediction None 3.0000000000000000 Kovrr - cyber risk management platform Enquêter sur le risque de références compromises et d'actifs exposés à Internet explorez le rapport révélant les industries et les tailles d'entreprise avec les taux les plus élevés d'identification compromises et d'actifs exposés à Internet.En savoir plus Investigating the Risk of Compromised Credentials and Internet-Exposed Assets Explore the report revealing industries and company sizes with the highest rates of compromised credentials and internet-exposed assets. Read More 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 17,APT 39,APT 39 3.0000000000000000 Dark Reading - Informationweek Branch Cyber Threats to Watch Out for in 2024 As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key.]]> 2023-11-27T23:16:00+00:00 https://www.darkreading.com/cyber-risk/cyber-threats-to-watch-out-for-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8418317 False Threat,Prediction,Cloud None 3.0000000000000000 CybeReason - Vendor blog 2024 Prédictions de la cybersécurité - L'IA générative remodèle la cybersécurité 2024 Cybersecurity Predictions - Generative AI Reshapes Cybersecurity 2023-11-27T16:07:26+00:00 https://www.cybereason.com/blog/2024-cybersecurity-predictions-generative-ai-reshapes-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8417298 False Prediction,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Imperva annonce ses prédictions en matière de cybersécurité pour 2024 Points de Vue]]> 2023-11-27T10:26:33+00:00 https://www.globalsecuritymag.fr/Imperva-annonce-ses-predictions-en-matiere-de-cybersecurite-pour-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8417169 False Prediction None 2.0000000000000000 TrendLabs Security - Editeur Antivirus Prédictions de sécurité du cloud à AWS Re: Invent 2023 Cloud Security Predictions at AWS re:Invent 2023 Heading to AWS re:Invent 2023? Don\'t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what\'s trending in cloud security.]]> 2023-11-27T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/k/cloud-security-predictions-at-aws-re-invent-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8417331 False Prediction,Cloud None 3.0000000000000000 Kaspersky - Kaspersky Research blog Cyberstérines de consommation: prédictions pour 2024 Consumer cyberthreats: predictions for 2024 Kaspersky experts review last year\'s predictions on consumer cyberthreats and try to anticipate the trends for 2024.]]> 2023-11-23T10:00:45+00:00 https://securelist.com/kaspersky-security-bulletin-consumer-threats-2024/111135/ www.secnews.physaphae.fr/article.php?IdArticle=8416281 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais 2024 Prédictions de Convera 2024 predictions from Convera opinion

In the dynamic realm of cybersecurity, Alex Beavan, Convera\'s Head of Ethics and Anti-Corruption and former British Intelligence officer, shares his anticipations for the upcoming year. Offering a comprehensive outlook on the evolving threat landscape, Beavan delves into the rising menace of AI-enhanced Business Email Compromise attacks orchestrated by organized crime groups. Additionally, he sheds light on the imperative cultural shifts required to combat fraud in B2B payments. - Opinion]]> 2023-11-22T13:58:46+00:00 https://www.globalsecuritymag.fr/2024-predictions-from-Convera.html www.secnews.physaphae.fr/article.php?IdArticle=8415917 False Threat,Prediction None 3.0000000000000000 TrendMicro - Security Firm Blog Signaux d'attaque Retour possible du marché de Genesis, abuse Node.js et signature du code EV Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.]]> 2023-11-22T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html www.secnews.physaphae.fr/article.php?IdArticle=8415757 False Prediction None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Cinq prédictions de menaces à noter pour 2024 Five Threats Predictions To Note For 2024 Afin de continuation de nos séries en cours collectant des prédictions de nos nombreux experts de la matière ici à NetSkope, nous nous sommes dirigés vers le long du couloir (métaphorique) des laboratoires de menace.Nous voulions en extraire des menaces et des prédictions liées à la cyberattaque, sur la base de ce qu'ils commencent à voir évoluer dans le paysage.Nous avons une grande sélection, couvrant [& # 8230;]

>As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical) corridor to the Threat Labs. We wanted to extract from them some threats and cyberattack-related predictions, based on what they are starting to see evolving in the landscape. We’ve got a great selection, covering […] ]]> 2023-11-21T18:07:30+00:00 https://www.netskope.com/blog/five-threats-predictions-to-note-for-2024 www.secnews.physaphae.fr/article.php?IdArticle=8415517 False Threat,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais 2024 Prédictions - Keeper Security & Tigera 2024 Predictions - Keeper Security & Tigera opinion

2024 predictions from Tigera and Keeper Security DARREN GUCCIONE, CEO AND CO-FOUNDER, KEEPER SECURITY Malavika Balachandran Tadeusz, Senior Product Manager, Tigera DR. ADAM EVERSPAUGH, CRYPTOGRAPHY EXPERT, KEEPER SECURITY give their opion\'s - Opinion]]> 2023-11-21T15:35:20+00:00 https://www.globalsecuritymag.fr/2024-Predictions-Keeper-Security-Tigera.html www.secnews.physaphae.fr/article.php?IdArticle=8415448 False Prediction None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Résultats de l'étude comparative sur les attaques de ransomware Linux et Windows, explorant les tendances notables et la montée des attaques sur les systèmes Linux Comparative Study Results on Linux and Windows Ransomware Attacks, Exploring Notable Trends and Surge in Attacks on Linux Systems Fait saillie: & # 160;Évolution du paysage: Check Point Research (RCR) dévoile une étude complète explorant la surtension des attaques de ransomwares contre les systèmes Linux, faisant des comparaisons avec leurs homologues Windows.Tendance de simplification: L'analyse de la RCR en RCR révèle une tendance notable vers la simplification parmi les familles de ransomwares ciblant les linux.Les fonctionnalités de base réduites aux processus de cryptage de base, rendant ces menaces insaisissables et difficiles à détecter les informations de chiffrement: un examen comparatif des techniques de chiffrement entre Windows et Linux expose une préférence pour les algorithmes Chacha20 / RSA et AES / RSA dans les ransomwares de Linux.& # 160;Dans une étude récente menée par Check Point Research (RCR), un examen approfondi des attaques de ransomwares contre Linux et Windows [& # 8230;]

>Highlights: Evolving Landscape: Check Point Research (CPR) unveils a comprehensive study exploring the surge in ransomware attacks on Linux systems, drawing comparisons to their Windows counterparts. Simplification Trend: CPR’s analysis reveals a notable trend towards simplification among Linux-targeting ransomware families. Core functionalities reduced to basic encryption processes, making these threats elusive and challenging to detect Encryption Insights: A comparative examination of encryption techniques between Windows and Linux exposes a preference for ChaCha20/RSA and AES/RSA algorithms in Linux ransomware. In a recent study conducted by Check Point Research (CPR), an in-depth examination of ransomware attacks on Linux and Windows […] ]]> 2023-11-21T13:15:00+00:00 https://blog.checkpoint.com/security/comparative-study-results-on-linux-and-windows-ransomware-attacks-exploring-notable-trends-and-surge-in-attacks-on-linux-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8415388 False Ransomware,Studies,Prediction,Technical None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 7 Questions incontournables pour les leaders sur la culture de la sécurité 7 must-ask questions for leaders on security culture 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train]]> 2023-11-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/7-must-ask-questions-for-leaders-on-security-culture www.secnews.physaphae.fr/article.php?IdArticle=8415314 False Ransomware,Tool,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais BeyondTrust présente ses prévisions en matière de cybersécurité pour 2024 et au-delà Points de Vue]]> 2023-11-20T14:16:55+00:00 https://www.globalsecuritymag.fr/BeyondTrust-presente-ses-previsions-en-matiere-de-cybersecurite-pour-2024-et-au.html www.secnews.physaphae.fr/article.php?IdArticle=8414895 False Threat,Studies,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Prédictions 2024 : Trellix identifie une escalade des cyberattaques de plus en plus complexe à détecter Produits]]> 2023-11-20T14:08:31+00:00 https://www.globalsecuritymag.fr/Predictions-2024-Trellix-identifie-une-escalade-des-cyberattaques-de-plus-en.html www.secnews.physaphae.fr/article.php?IdArticle=8414866 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais 2024 Prédictions de sécurité des données & # 8211;Claude Mandy, systèmes de symétrie 2024 Data Security Predictions – Claude Mandy, Symmetry Systems opinion

The predictions from ex Gartner Analyst & Data security expert Claude Mandy, Chief Evangelist at Symmetry Systems for what is on the horizon for the cybersecurity space in 2024. Please see below for predictions from Claude below. - Opinion]]> 2023-11-17T09:32:20+00:00 https://www.globalsecuritymag.fr/2024-Data-Security-Predictions-Claude-Mandy-Symmetry-Systems.html www.secnews.physaphae.fr/article.php?IdArticle=8413313 False Prediction None 3.0000000000000000 Dragos - CTI Society Dragos Industrial Ransomware Analysis: T1 2023 Dragos Industrial Ransomware Analysis: Q3 2023 Dans une tendance prévisible mais préoccupante, les groupes de ransomwares ont continué d'avoir un impact sur les entités industrielles et les infrastructures critiques au cours du troisième trimestre ... Le post Dragos Industrial Ransomware Analysis: Q3 2023 = "https://www.dragos.com"> dragos .

>In a predictable yet concerning trend, ransomware groups continued to impact industrial entities and critical infrastructure during the third quarter... The post Dragos Industrial Ransomware Analysis: Q3 2023 first appeared on Dragos.]]> 2023-11-16T14:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q3-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8412881 False Ransomware,Studies,Industrial,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais 2024 Tendances et prédictions de sécurité 2024 Security Trends and Predictions opinion

2024 Security Trends and Predictions - Opinion]]> 2023-11-15T20:37:09+00:00 https://www.globalsecuritymag.fr/2024-Security-Trends-and-Predictions.html www.secnews.physaphae.fr/article.php?IdArticle=8412541 False Prediction None 3.0000000000000000 Recorded Future - FLux Recorded Future Désinformation générée par l'AI-AI une préoccupation majeure pour 2024 élections, a déclaré le secrétaire d'État du Michigan AI-generated disinformation a top concern for 2024 elections, Michigan secretary of state says

Le secrétaire d'État du Michigan, Jocelyn Benson, a déclaré mercredi que l'une de ses meilleurs inquiétudes concernant les élections de 2024 découle du potentiel de l'intelligence artificielle pour fomenter ce qu'elle a appelé la dissémination «hyper-localisée» de la désinformation.«Imaginez le jour du scrutin, les informations se déroulent sur les longues lignes [dans un quartier donné] qui appellent à la violence

Michigan Secretary of State Jocelyn Benson said Wednesday that one of her top worries about the 2024 elections stems from the potential for artificial intelligence to foment what she called “hyper-localized” dissemination of mis- and disinformation. “Imagine on election day, information goes out about long lines [in a given precinct] that are calling for violence]]> 2023-11-15T20:15:00+00:00 https://therecord.media/ai-generated-disinfo-concern-elections-michigan www.secnews.physaphae.fr/article.php?IdArticle=8412856 False Prediction None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Ce qui est en magasin pour 2024: prédictions sur zéro confiance, AI et au-delà What\\'s in Store for 2024: Predictions About Zero Trust, AI, and Beyond Avec 2024 à l'horizon, nous avons une fois de plus contacté notre profondeur d'experts ici à Netskope pour leur demander de faire de leur mieux en regardant la boule de cristal et de nous donner une tête sur les tendances et les thèmes qu'ils s'attendent à voir émerger dansla nouvelle année.Nous avons brisé leurs prédictions [& # 8230;]

>With 2024 on the horizon, we have once again reached out to our deep bench of experts here at Netskope to ask them to do their best crystal ball gazing and give us a heads up on the trends and themes that they expect to see emerging in the new year. We\'ve broken their predictions […] ]]> 2023-11-15T19:16:36+00:00 https://www.netskope.com/blog/whats-in-store-for-2024-predictions-about-zero-trust-ai-and-beyond www.secnews.physaphae.fr/article.php?IdArticle=8412507 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais 2024 Prédictions de cybersécurité des experts en sécurité des données 2024 Cybersecurity Predictions from Data Security Experts opinion

2024 Cybersecurity Predictions from Data Security Experts Adam Gavish, CEO & Co-founder, and Tim Davis, VP Solutions Consulting, at DoControl - Opinion]]> 2023-11-14T18:35:46+00:00 https://www.globalsecuritymag.fr/2024-Cybersecurity-Predictions-from-Data-Security-Experts.html www.secnews.physaphae.fr/article.php?IdArticle=8412018 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais 2024 Prédictions de l'industrie & # 8211;Des dirigeants de Stackhawk 2024 Industry Predictions – Executives from StackHawk opinion

As 2023 comes to a close, I wanted to share some predictions from the leadership team at StackHawk about what\'s on the horizon for the cybersecurity space in 2024. Please see below for predictions from Joni Klippert, CEO and Founder of StackHawk, Scott Gerlach, CSO and Co-Founder of StackHawk, and Dan Hopkins, VP of Engineering at StackHawk. Shift left security, compliance, and automation are among the top trends that Joni, Scott and Dan are expecting to shake up the threat landscape next year. - Opinion]]> 2023-11-14T16:40:49+00:00 https://www.globalsecuritymag.fr/2024-Industry-Predictions-Executives-from-StackHawk.html www.secnews.physaphae.fr/article.php?IdArticle=8411954 False Threat,Industrial,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Confiance numérique : DigiCert dévoile ses prédictions pour 2024 Points de Vue]]> 2023-11-14T13:48:11+00:00 https://www.globalsecuritymag.fr/Confiance-numerique-DigiCert-devoile-ses-predictions-pour-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8411841 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Prévisions de cybersécurité pour 2024 - SecurityScorecard Points de Vue]]> 2023-11-14T13:21:20+00:00 https://www.globalsecuritymag.fr/Previsions-de-cybersecurite-pour-2024-SecurityScorecard.html www.secnews.physaphae.fr/article.php?IdArticle=8411845 False Threat,Prediction None 3.0000000000000000 Kaspersky - Kaspersky Research blog Prédictions avancées des menaces pour 2024 Advanced threat predictions for 2024 Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024.]]> 2023-11-14T10:00:24+00:00 https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/ www.secnews.physaphae.fr/article.php?IdArticle=8411683 False Threat,Prediction None 3.0000000000000000 ProofPoint - Cyber Firms Informations exploitables: comprenez votre profil de risque global avec le rapport de résumé exécutif Actionable Insights: Understand Your Overall Risk Profile with the Executive Summary Report 2023-11-13T07:14:17+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/actionable-insights-understand-risk-profile-executive-summary www.secnews.physaphae.fr/article.php?IdArticle=8411686 False Malware,Tool,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm 2023 Sep & # 8211;Rapport de tendance des menaces sur les groupes APT 2023 Sep – Threat Trend Report on APT Groups Dans ce rapport, nous couvrons des groupes de menaces dirigés par la nation présumés de mener du cyber-espionnage ou du sabotage sous le soutien du soutiendes gouvernements de certains pays, appelés groupes de menace persistante avancés (APT) & # 8221;Pour des raisons pratiques.Par conséquent, ce rapport ne contient pas d'informations sur les groupes de cybercrimins visant à obtenir des bénéfices financiers.Nous avons organisé des analyses liées aux groupes APT divulgués par des sociétés de sécurité et des institutions, notamment AHNLAB au cours du mois précédent;Cependant, le contenu de certains groupes APT peut ne pas ...

In this report, we cover nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions including AhnLab during the previous month; however, the content of some APT groups may not... ]]> 2023-11-13T01:42:44+00:00 https://asec.ahnlab.com/en/59011/ www.secnews.physaphae.fr/article.php?IdArticle=8410648 False Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm 2023 Sep & # 8211;Rapport de tendance des menaces sur les statistiques des ransomwares et les problèmes majeurs 2023 Sep – Threat Trend Report on Ransomware Statistics and Major Issues Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en septembre 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) diminution nette des entreprises ciblées liées aux ransomwares de CloP et à Moveit 2) Ransomware de Noescape et ses imitations 3) Ransomware Group utilisant le RGPD comme bluff (GDPR GAMBIT) 4) Autres SEP_Trente Rapport sur les statistiques de rançon et les principaux problèmes

This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in September 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) Sharp Decrease in Targeted Businesses Related to CLOP Ransomware and MOVEit 2) NoEscape Ransomware and Its Imitations 3) Ransomware Group Using GDPR as a Bluff (GDPR Gambit) 4) Others Sep_Threat Trend Report on Ransomware Statistics and Major Issues ]]> 2023-11-13T01:42:17+00:00 https://asec.ahnlab.com/en/59026/ www.secnews.physaphae.fr/article.php?IdArticle=8410649 False Ransomware,Threat,Prediction None 3.0000000000000000 AhnLab - Korean Security Firm 2023 Sep & # 8211;Rapport de tendance des menaces sur le groupe Kimsuky 2023 Sep – Threat Trend Report on Kimsuky Group Les activités de Kimsuky Group & # 8217; en septembre 2023 ont montré une augmentation notable du type RandomQuery, tandis que, tandis que, tandis que, tandis queLes activités d'autres types étaient relativement faibles ou inexistantes.& # 160;SEP_TRÉTERAT TREND RAPPORT SUR KIMSUKY GROUP

The Kimsuky group’s activities in September 2023 showed a notable surge in the RandomQuery type, while the activities of other types were relatively low or non-existent. Sep_Threat Trend Report on Kimsuky Group ]]> 2023-11-13T01:41:52+00:00 https://asec.ahnlab.com/en/59020/ www.secnews.physaphae.fr/article.php?IdArticle=8410650 False Threat,Prediction None 3.0000000000000000 AhnLab - Korean Security Firm 2023 Sep & # 8211;Rapport sur la tendance des menaces du Web Deep et Dark 2023 Sep – Deep Web and Dark Web Threat Trend Report Ce rapport de tendance sur le Web Deep et le Web Dark de septembre 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteurs de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.Ransomware & # 8211;Akira & # 8211;Alphv (Blackcat) & # 8211;Lockbit & # 8211;Forum Ransomedvc & # 38;Marché noir & # 8211;Violation de données affectant 7 millions d'utilisateurs & # 8211;Les informations personnelles des policiers ont divulgué l'acteur de menace & # 8211;Poursuite des individus associés au ...

This trend report on the deep web and dark web of September 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware – Akira – ALPHV (BlackCat) – LockBit – RansomedVC Forum & Black Market – Data Breach Affecting 7 Million Users – Personal Information of Police Officers Leaked Threat Actor – Prosecution of Individuals Associated with the... ]]> 2023-11-13T01:41:34+00:00 https://asec.ahnlab.com/en/59016/ www.secnews.physaphae.fr/article.php?IdArticle=8410651 False Ransomware,Data Breach,Threat,Prediction None 3.0000000000000000 knowbe4 - cybersecurity services Désinformation de l'IA exposée: un faux "Tom Cruise" attaque les Jeux olympiques AI Disinformation Exposed: A Fake "Tom Cruise" Attacks the Olympics Ai Disinformation Exposed: Un faux

En utilisant une page directement hors du livre de jeu KGB, une nouvelle attaque de désinformation dirigée par AI a été déchaînée.La dernière victime de cette tendance inquiétante n'est autre que le Comité international olympique (CIO).Voici plus sur la façon dont l'IA a été mal utilisée pour créer une fausse campagne de nouvelles ciblant l'un des corps sportifs les plus connus du monde. Une série "documentaire", fabriquée à l'aide d'une IA avancée,A présenté la star de la voix de Hollywood, Tom Cruise.Cependant, c'était une illusion.La voix, les allégations, le prétendu documentaire intitulé «Les Jeux olympiques ont diminué» & # 8211;Rien de tout cela n'était réel.Cette série a allégué une corruption au cœur du CIO, une affirmation qui a depuis été démystifiée mais pas avant de provoquer des ondulations importantes. Ce qui rend cet incident particulièrement alarmant, c'est l'utilisation sophistiquée de l'IA pour cloner les voix de célébrités.Il ne s'agit pas seulement du CIO ou des Jeux olympiques;C'est un exemple flagrant des défis éthiques et juridiques posés par l'IA.L'utilisation abusive des voix de célébrités comme Tom Cruise, Tom Hanks et Scarlett Johansson montre une responsabilité de l'industrie du divertissement & # 8211;L'utilisation non autorisée et contraire à l'éthique de l'IA pour Génie social . L'attaquea fait une mise en évidence avec la suspension du Comité olympique national de Russie sur les tensions géopolitiques, en particulier la reconnaissance des organisations sportives régionales dans les territoires ukrainiens contestés.Le moment de cette campagne de désinformation est un effort orchestré pour tirer parti des événements mondiaux à enjeux élevés pour influencer l'opinion publique. & Nbsp; Le CIO, en réponse, a été proactif En dénonçant ces Deepfakes générés par l'AI et a conseillé aux représentants des médias de confirmer l'authenticité d'un tel contenuavec leur bureau de presse.Malgré leurs efforts pour supprimer le contenu des plateformes comme YouTube, il a trouvé un paradis sur un canal télégramme, montrant qu'il est très difficile de contrôler la désinformation de la propagation sur Internet. Cet incident sert deUn rappel brutal de la nature à double tranchant de l'IA.Alors que l'IA a le potentiel de révolutionner notre monde de manière positive, son utilisation abusive peut entraîner des conséquences importantes.Pour des organisations comme le CIO, c'est un réveil aux menaces du nouvel âge auxquelles ils sont confrontés & # 8211;où le champ de bataille n'est pas seulement physique mais de plus en plus numérique.

Using a page straight out of the KGB playbook, a new AI-driven disinformation attack has been unleashed. The latest victim of this disturbing trend is none other than the International Olym]]> 2023-11-12T15:12:07+00:00 https://blog.knowbe4.com/ai-disinformation-exposed-a-fake-tom-cruise-attacks-the-olympics www.secnews.physaphae.fr/article.php?IdArticle=8410366 False Prediction None 2.0000000000000000 ProofPoint - Cyber Firms 2023 Prédictions de l'escroquerie de vacances, si ce que vous devez savoir 2023 Holiday Scam Predictions-Here\\'s What You Should Know 2023-11-10T08:04:20+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/holiday-scam-predictions www.secnews.physaphae.fr/article.php?IdArticle=8409070 False Tool,Threat,Prediction FedEx 3.0000000000000000 TechRepublic - Security News US Les tendances de cybersécurité de Google Cloud \\ à regarder en 2024 incluent des attaques génératives basées sur l'IA Google Cloud\\'s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.]]> 2023-11-09T15:52:19+00:00 https://www.techrepublic.com/article/state-of-cybersecurity-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8408575 False Malware,Prediction,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Perspectives pour 2024 : avec l\'IA et le CaaS, les cybercriminels s\'offrent de nouveaux leviers d\'attaque plus simples Points de Vue]]> 2023-11-09T14:25:07+00:00 https://www.globalsecuritymag.fr/Perspectives-pour-2024-avec-l-IA-et-le-CaaS-les-cybercriminels-s-offrent-de.html www.secnews.physaphae.fr/article.php?IdArticle=8408554 False Prediction None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Prédictions de menace pour 2024: les opérations d'IA et de CAAS enchaînées donnent aux attaquants plus «faciles» que jamais Threat Predictions for 2024: Chained AI and CaaS Operations Give Attackers More “Easy” Buttons Than Ever Read FortiGuard Labs\' latest threat predictions look at the latest attack tactics and techniques organizations might see in 2024 and beyond.]]> 2023-11-09T14:00:00+00:00 https://www.fortinet.com/blog/threat-research/2024-threat-predictions-chained-ai-and-caas-operations www.secnews.physaphae.fr/article.php?IdArticle=8408534 False Threat,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Digicert dévoile les prédictions du PDG pour la confiance numérique en 2024 DigiCert Unveils CEO Predictions for Digital Trust in 2024 opinion

DigiCert Unveils CEO Predictions for Digital Trust in 2024 Top predictions center on seismic impact of artificial intelligence and post-quantum cryptography on cybersecurity landscape - Opinion]]> 2023-11-08T14:29:47+00:00 https://www.globalsecuritymag.fr/DigiCert-Unveils-CEO-Predictions-for-Digital-Trust-in-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8407918 False Prediction None 2.0000000000000000 Recorded Future - FLux Recorded Future Un package python désagréable continue une tendance à cibler les développeurs A nasty Python package continues a trend of targeting developers

Parfois, lorsque des pirates malveillants se mêlent d'un développement de logiciels open source, la cible n'est pas le logiciel - c'est les développeurs eux-mêmes.Les chercheurs de la société de cybersécurité CheckMarx disent qu'ils ont suivi des logiciels malveillants destinés à infecter les ordinateurs des développeurs qui travaillent avec la langue Python populaire et ont besoin d'obscurcir leur code, ou de le faire

Sometimes when malicious hackers meddle with open-source software development, the target isn\'t the software - it\'s the developers themselves. Researchers at cybersecurity firm Checkmarx say they have been tracking malware intended to infect the computers of developers who work with the popular Python language and have a need to obfuscate their code, or make it]]> 2023-11-08T13:00:00+00:00 https://therecord.media/python-package-checkmarx-python-developers www.secnews.physaphae.fr/article.php?IdArticle=8407845 False Malware,Prediction None 2.0000000000000000 GoogleSec - Firm Security Blog Évolution de l'App Defence Alliance Evolving the App Defense Alliance Lancé Par Google en 2019, dédié à garantir la sécurité de l'écosystème de l'application, fait un pas en avant majeur.Nous sommes fiers de Annonce que l'App Defence Alliance se déplace sous l'égide de la Fondation Linux, avec Meta, Microsoft et Google en tant que membres de la direction fondatrice. Cette migration stratégique représente un moment central dans le parcours de l'Alliance \\, ce qui signifie un engagement partagé par les membres pour renforcer la sécurité des applications et les normes connexes entre les écosystèmes.Cette évolution de l'App Defence Alliance nous permettra de favoriser une mise en œuvre plus collaborative des normes de l'industrie pour la sécurité des applications. Uniter pour la sécurité des applications Le paysage numérique évolue continuellement, tout comme les menaces pour la sécurité des utilisateurs.Avec la complexité toujours croissante des applications mobiles et l'importance croissante de la protection des données, c'est le moment idéal pour cette transition.La Fondation Linux est réputée pour son dévouement à favoriser des projets open source qui stimulent l'innovation, la sécurité et la durabilité.En combinant des forces avec des membres supplémentaires sous la Fondation Linux, nous pouvons nous adapter et répondre plus efficacement aux défis émergents. L'engagement de la nouvelle application de défense de la Defence Alliance \\ est des membres de la direction & # 8211;Meta, Microsoft et Google & # 8211;est essentiel pour faire de cette transition une réalité.Avec une communauté membre couvrant 16 membres généraux et contributeurs supplémentaires, l'alliance soutiendra l'adoption à l'échelle de l'industrie des meilleures pratiques et directives de la sécurité des applications, ainsi que des contre-mesures contre les risques de sécurité émergents. Poursuivant le programme d'atténuation des logiciels malveillants L'App Defence Alliance a été formée avec la mission de réduire le risque de logiciels malveillants basés sur l'application et de mieux protéger les utilisateurs d'Android.La défense malveillante reste un objectif important pour Google et Android, et nous continuerons de nous associer étroitement avec les membres du programme d'atténuation des logiciels malveillants & # 8211;ESET, Lookout, McAfee, Trend Micro, Zimperium & # 8211;sur le partage direct du signal.La migration de l'ADA sous la Fondation Linux permettra un partage plus large de l'intelligence des menaces à travers les principaux partenaires et chercheurs écosystémiques. en regardant vers l'avenir et en se connectant avec l'ADA Nous vous invitons à rester connecté avec la nouvelle Alliance de défense de l'application sous l'égide de la Fondation Linux.Rejoignez la conversation pour aider à rendre les applications plus sécurisées.Avec le comité directeur, Alliance Partners et l'écosystème plus large, nous sommes impatients de créer des écosystèmes d'applications plus sûrs et dignes de confiance.

Posted by Nataliya Stanetsky, Android Security and Privacy Team The App Defense Alliance (ADA), an industry-leading collaboration launched by Google in 2019 dedicated to ensuring the safety of the app ecosystem, is taking a major step forward. We are proud to ]]> 2023-11-08T09:03:58+00:00 http://security.googleblog.com/2023/11/evolving-app-defense-alliance.html www.secnews.physaphae.fr/article.php?IdArticle=8407899 False Malware,Threat,Mobile,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Dévoiler le côté obscur: une plongée profonde dans les familles de ransomwares actifs Unveiling the Dark Side: A Deep Dive into Active Ransomware Families #### Description In the ever-evolving cybersecurity landscape, one consistent trend witnessed in recent years is the unsettling rise in ransomware attacks. NCC Group shares TTP\'s deployed by four ransomware families recently observed during NCC Group\'s incident response engagements. The ransomware families that will be explored are: - BlackCat – Also known as ALPHV, first observed in 2021, is a Ransomware-as-a-Service (Raas) often using the double extortion method for monetary gain. - Donut –The D0nut extortion group was first reported in August 2022 for breaching networks and demanding ransoms in return for not leaking stolen data. A few months later, reports of the group utilizing encryption as well as data exfiltration were released with speculation that the ransomware deployed by the group was linked to HelloXD ransomware. There is also suspected links between D0nut affiliates and both Hive and Ragnar Locker ransomware operations. - Medusa – Not to be confused with MedusaLocker, Medusa was first observed in 2021, is a Ransomware-as-a-Service (RaaS) often using the double extortion method for monetary gain. In 2023 the groups\' activity increased with the launch of the \'Medusa Blog\'. This platform serves as a tool for leaking data belonging to victims. - NoEscape – At the end of May 2023, a newly emerged Ransomware-as-a-Service (RaaS) was observed on a cybercrime forum named NoEscape. #### Reference URL(s) 1. https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/ #### Publication Date October 31, 2023 #### Author(s) Alex Jessop @ThisIsFineChief Molly Dewis ]]> 2023-11-02T20:07:38+00:00 https://community.riskiq.com/article/b7e4b3b3 www.secnews.physaphae.fr/article.php?IdArticle=8404933 False Ransomware,Tool,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Prévisions Forrester sur la cybersécurité, les risques et la confidentialité pour 2024 Points de Vue]]> 2023-10-31T15:08:46+00:00 https://www.globalsecuritymag.fr/Previsions-Forrester-sur-la-cybersecurite-les-risques-et-la-confidentialite.html www.secnews.physaphae.fr/article.php?IdArticle=8403626 False Prediction None 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-21366 In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21366 www.secnews.physaphae.fr/article.php?IdArticle=8403046 False Prediction None None Global Security Mag - Site de news francais Trend Micro annonce Trend Vision One Produits]]> 2023-10-30T10:03:14+00:00 https://www.globalsecuritymag.fr/Trend-Micro-annonce-Trend-Vision-One.html www.secnews.physaphae.fr/article.php?IdArticle=8402729 False Prediction,Cloud None 2.0000000000000000 TrendLabs Security - Editeur Antivirus Trend Micro reconnue comme un favori des clients Trend Micro Recognized as a Customer Favorite Customer feedback validates Trend\'s leadership in in XDR, endpoint security, hybrid Cloud]]> 2023-10-30T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/j/customers-prefer-trend-micro-xdr-endpoint-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8405887 False Prediction,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch 10 conseils pour une formation de sensibilisation à la sécurité qui atteint la cible 10 Tips for Security Awareness Training That Hits the Target Try these tricks for devising an education program that gets employees invested - and stays with them after the training is over.]]> 2023-10-28T00:08:00+00:00 https://www.darkreading.com/edge/10-tips-for-security-awareness-training-that-hits-the-target www.secnews.physaphae.fr/article.php?IdArticle=8401702 False Guideline,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch Verve buy de Rockwell \\ Enlivens Critical Infrastructure Security Rockwell\\'s Verve Buy Enlivens Critical Infrastructure Security The industrial automation giant agrees to buy Verve Industrial Protection, joining in an ICS trend of bringing cybersecurity capabilities in-house to keep up with attackers.]]> 2023-10-26T19:56:00+00:00 https://www.darkreading.com/ics-ot/rockwell-verve-buy-critical-infrastructure-security www.secnews.physaphae.fr/article.php?IdArticle=8401034 False Industrial,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Une année 2024 chargée pour les DPO et les RSSI Investigations

Une année 2024 chargée pour les DPO et les RSSI. Le président de l\'AFCDP, l\'Association française des correspondants à la protection des données à caractère personnel, Paul-Olivier Gibert confirme que la mise en œuvre de la directive NIS 2 (Network and Information Security), cinq ans après le RGPD, occupera l\'agenda des DPO et celui des RSSI en 2024. - Investigations]]> 2023-10-26T13:55:43+00:00 https://www.globalsecuritymag.fr/Une-annee-2024-chargee-pour-les-DPO-et-les-RSSI.html www.secnews.physaphae.fr/article.php?IdArticle=8400865 False Prediction None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite The Financial Implications of Cyber Security: How Catch Rates Impact Organizational Risk Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […]

>Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […] ]]> 2023-10-26T13:00:35+00:00 https://blog.checkpoint.com/security/the-financial-implications-of-cyber-security-how-catch-rates-impact-organizational-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8400860 False Threat,Prediction,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms Break the Attack Chain with Identity Threat Protection 2023-10-26T06:00:18+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/identity-threat-protection-break-the-attack-chain www.secnews.physaphae.fr/article.php?IdArticle=8400888 False Ransomware,Malware,Tool,Threat,Prediction,Cloud None 2.0000000000000000 The State of Security - Magazine Américain Sécurité dans l'industrie immobilière: défis et comment éviter les attaques Security in the Property Industry: Challenges and How to Avoid Attacks In recent years, there has been a major ongoing trend toward more digital infrastructure and an increased dependence on technology across a wide variety of sectors. In the property industry, this has manifested heavily in the growth of the property technology (PropTech) market. These developments have had a serious impact on the sector, enabling advances that both improve existing processes and add new features to real estate transactions. Unfortunately, the ubiquity of digital technology in the property industry also makes it a prime target for cybercriminals, leaving organizations and...]]> 2023-10-25T03:03:28+00:00 https://www.tripwire.com/state-of-security/security-property-industry-challenges-and-how-avoid-attacks www.secnews.physaphae.fr/article.php?IdArticle=8400026 False Prediction None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Dans le cyber-abîme: les prédictions de Riveting 2024 de Check Point \\ révèlent une tempête de l'IA, du hacktivisme et des fasks profonds armés Into the Cyber Abyss: Check Point\\'s Riveting 2024 Predictions Reveal a Storm of AI, Hacktivism, and Weaponized Deepfakes Les activités criminelles ont bondi au premier semestre, avec des recherches sur le point de contrôle (RCR) signalant une augmentation de 8% des cyberattaques hebdomadaires mondiales au deuxième trimestre, marquant le volume le plus élevé en deux ans.Les menaces familières telles que le ransomware et le hacktivisme ont évolué, les gangs criminels modifiant leurs méthodes et outils pour infecter et affecter les organisations du monde entier.Même les technologies héritées telles que les périphériques de stockage USB ont repris la popularité en tant que véhicule pour répandre les logiciels malveillants.L'un des développements les plus importants de cette année a été l'évolution du paysage des ransomwares.Les données dérivées de plus de 120 «sites de honte» ransomwares ont révélé que dans le premier [& # 8230;]

Criminal activities surged in the first half of the year, with Check Point Research (CPR) reporting an 8% increase in global weekly cyberattacks in the second quarter, marking the highest volume in two years. Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology such as USB storage devices regained popularity as a vehicle to spread malware. One of the most significant developments this year was the evolution of the ransomware landscape. Data derived from over 120 ransomware “shame-sites” revealed that in the first […] ]]> 2023-10-23T13:00:45+00:00 https://blog.checkpoint.com/artificial-intelligence/into-the-cyber-abyss-check-points-riveting-2024-predictions-reveal-a-storm-of-ai-hacktivism-and-weaponized-deepfakes/ www.secnews.physaphae.fr/article.php?IdArticle=8399281 False Ransomware,Tool,Prediction None 3.0000000000000000 AhnLab - Korean Security Firm 2023 août & # 8211;Rapport de tendance des menaces sur les statistiques des ransomwares et les problèmes majeurs 2023 Aug – Threat Trend Report on Ransomware Statistics and Major Issues Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en août 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) Tactiques de pression élargies des ransomwares sur les entreprises ciblées 2) Rhysida Ransomware Connection avec la vice Society 3) Monti Ransomware a introduit une nouvelle technique de chiffrement Linux Aug_Thereat Trend Rapport sur les statistiques des ransomwares et les principaux problèmes

This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in August 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) CLOP ransomware expanded pressure tactics on targeted businesses 2) Rhysida ransomware connection with Vice Society 3) Monti ransomware introduced new Linux encryption technique Aug_Threat Trend Report on Ransomware Statistics and Major Issues ]]> 2023-10-23T02:24:33+00:00 https://asec.ahnlab.com/en/57944/ www.secnews.physaphae.fr/article.php?IdArticle=8399122 False Ransomware,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm 2023 Jul & # 8211;Rapport sur la tendance des menaces du Web Deep et Dark 2023 Jul – Deep Web and Dark Web Threat Trend Report Ce rapport de tendance sur le Web Deep et le Web sombre d'août 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteurs de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) Alphv (Blackcat) (2) Lockbit (3) NoEscape (4) Metaencryptor (5) Rhysida 2) Forum & # 38;Black Market (1) Le retour du voleur de raton laveur (2) Anonfiles a fermé (3) violation de données du site Web d'apprentissage des langues étrangères 3) ...

This trend report on the deep web and dark web of August 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) LockBit (3) NoEscape (4) MetaEncryptor (5) Rhysida 2) Forum & Black Market (1) The Return of Raccoon Stealer (2) Anonfiles Shut Down (3) Data Breach of Foreign Language Learning Website 3)... ]]> 2023-10-23T02:22:46+00:00 https://asec.ahnlab.com/en/57934/ www.secnews.physaphae.fr/article.php?IdArticle=8399123 False Ransomware,Data Breach,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm 2023 août & # 8211;Rapport de tendance des menaces sur les groupes APT 2023 Aug – Threat Trend Report on APT Groups août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT

August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups ]]> 2023-10-23T02:22:16+00:00 https://asec.ahnlab.com/en/57930/ www.secnews.physaphae.fr/article.php?IdArticle=8399124 False Threat,Prediction APT 38,APT 38,APT 29,APT 37,APT 31 3.0000000000000000 AhnLab - Korean Security Firm 2023 août & # 8211;Rapport de tendance des menaces sur le groupe Kimsuky 2023 Aug – Threat Trend Report on Kimsuky Group Les activités de Kimsuky Group & # 8217;Les activités d'autres types étaient relativement faibles.De plus, des échantillons de phishing ont été trouvés dans l'infrastructure connue pour la distribution de logiciels malveillants antérieurs (fleurs, randomquery et appleseed), et des échantillons de babyshark ont été découverts dans l'infrastructure RandomQuery.Cela suggère la probabilité de plusieurs types de logiciels malveillants en utilisant une seule infrastructure.Rapport de tendance AUG_TRÉTÉE sur le groupe Kimsuk

The Kimsuky group’s activities in August 2023 showed a notable surge in the BabyShark type, while the activities of other types were relatively low. Also, phishing samples were found in the infrastructure known for distributing previous malware (FlowerPower, RandomQuery, and AppleSeed), and BabyShark samples were discovered in the RandomQuery infrastructure. This suggests the likelihood of multiple types of malware utilizing a single infrastructure. Aug_Threat Trend Report on Kimsuky Group ]]> 2023-10-23T02:21:45+00:00 https://asec.ahnlab.com/en/57938/ www.secnews.physaphae.fr/article.php?IdArticle=8399125 False Malware,Threat,Prediction APT 43 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2022-26943 The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26943 www.secnews.physaphae.fr/article.php?IdArticle=8397701 False Prediction None None CVE Liste - Common Vulnerability Exposure CVE-2022-24400 A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.]]> 2023-10-19T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24400 www.secnews.physaphae.fr/article.php?IdArticle=8397692 False Prediction None None Security Intelligence - Site de news Américain Les coûts de violation des soins de santé montent en flèche nécessitant une nouvelle réflexion pour la sauvegarde des données Healthcare breach costs soar requiring new thinking for safeguarding data À l'ère numérique, les données sont souvent appelées la nouvelle huile.Sa valeur réside dans les idées qu'elle peut céder, en particulier en ce qui concerne les soins de santé, où les données peuvent aider à détecter les maladies, à prédire les résultats des patients et à aider les professionnels de la santé à personnaliser les traitements.Mais avec la numérisation croissante des informations de santé sensibles, il existe des [& # 8230;] légitimes [& # 8230;]

>In the digital age, data is often referred to as the new oil. Its value lies in the insights it can yield, particularly when it comes to healthcare, where data can help detect diseases, predict patient outcomes and help health professionals personalize treatments. But with the increasing digitization of sensitive health information, there are legitimate […] ]]> 2023-10-16T13:00:00+00:00 https://securityintelligence.com/posts/healthcare-breach-costs-soar-new-thinking-safeguarding-data/ www.secnews.physaphae.fr/article.php?IdArticle=8396232 False Prediction,Medical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Renforcement de la cybersécurité: multiplication de force et efficacité de sécurité Strengthening Cybersecurity: Force multiplication and security efficiency asymmetrical relationship. Within the cybersecurity realm, asymmetry has characterized the relationship between those safeguarding digital assets and those seeking to exploit vulnerabilities. Even within this context, where attackers are typically at a resource disadvantage, data breaches have continued to rise year after year as cyber threats adapt and evolve and utilize asymmetric tactics to their advantage. These include technologies and tactics such as artificial intelligence (AI), and advanced social engineering tools. To effectively combat these threats, companies must rethink their security strategies, concentrating their scarce resources more efficiently and effectively through the concept of force multiplication. Asymmetrical threats, in the world of cybersecurity, can be summed up as the inherent disparity between adversaries and the tactics employed by the weaker party to neutralize the strengths of the stronger one. The utilization of AI and similar tools further erodes the perceived advantages that organizations believe they gain through increased spending on sophisticated security measures. Recent data from InfoSecurity Magazine, referencing the 2023 Checkpoint study, reveals a disconcerting trend: global cyberattacks increased by 7% between Q1 2022 and Q1 2023. While not significant at first blush, a deeper analysis reveals a more disturbing trend specifically that of the use of AI. AI\'s malicious deployment is exemplified in the following quote from their research: "...we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains." Furthermore, the report highlights: "Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks." As threat actors continue to employ asymmetrical strategies to render organizations\' substantial and ever-increasing security investments less effective, organizations must adapt to address this evolving threat landscape. Arguably, one of the most effective methods to confront threat adaptation and asymmetric tactics is through the concept of force multiplication, which enhances relative effectiveness with fewer resources consumed thereby increasing the efficiency of the security dollar. Efficiency, in the context of cybersecurity, refers to achieving the greatest cumulative effect of cybersecurity efforts with the lowest possible expenditure of resources, including time, effort, and costs. While the concept of efficiency may seem straightforward, applying complex technological and human resources effectively and in an efficient manner in complex domains like security demands more than mere calculations. This subject has been studied, modeled, and debated within the military community for centuries. Military and combat efficiency, a domain with a long history of analysis, ]]> 2023-10-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/strengthening-cybersecurity-force-multiplication-and-security-efficiency www.secnews.physaphae.fr/article.php?IdArticle=8396097 False Tool,Vulnerability,Threat,Studies,Prediction ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nouvelle campagne de cyberattaque de Peapod ciblant les femmes dirigeantes politiques New PEAPOD Cyberattack Campaign Targeting Women Political Leaders European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also]]> 2023-10-13T20:01:00+00:00 https://thehackernews.com/2023/10/new-peapod-cyberattack-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8395186 False Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Dans l\'abîme du cyberespace : les prédictions alarmantes de Check Point pour 2024, une tempête d\'IA, d\'hacktivisme et de Deepfakes. Points de Vue]]> 2023-10-13T14:03:55+00:00 https://www.globalsecuritymag.fr/Dans-l-abime-du-cyberespace-les-predictions-alarmantes-de-Check-Point-pour-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8395142 False Prediction None 3.0000000000000000 Silicon - Site de News Francais XDR : quatre offres pour une approche cyber qui décolle 2023-10-12T11:44:24+00:00 https://www.silicon.fr/xdr-quatre-offres-pour-une-approche-cyber-qui-decolle-472290.html www.secnews.physaphae.fr/article.php?IdArticle=8394710 False Prediction None 2.0000000000000000 ProofPoint - Cyber Firms Une journée dans la vie d'un analyste de cybersécurité A Day in the Life of a Cybersecurity Analyst 2023-10-12T10:52:45+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/day-in-the-life-of-cybersecurity-analyst www.secnews.physaphae.fr/article.php?IdArticle=8394760 False Tool,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC L'évolution des attaques de phishing The evolution of phishing attacks FBI Internet Crime Report issued in 2022 reported phishing as the top reported internet crime for the past 5 years. Its ability to persuade individuals to divulge sensitive information to seemingly familiar contacts and companies over email and/or SMS text messages has resulted in significant data breaches, both personal and financial, across all industries. Mobile phishing, in particular, is quickly becoming a preferred attack vector among hackers seeking to use them as a jump point to gain access to proprietary data within a company’s network. This article provides an overview of the origins of phishing, its impact on businesses, the types of mobile phishing attacks hackers employ, and ways in which companies can best defend themselves against such attacks. The origins of phishing The belief among many in the cybersecurity industry is that phishing attacks first emerged in the mid-90s when dial-up was the only means of gaining access to the internet. Hackers posing as ISP administrators used fake screen names to establish credibility with the user, enabling them to “phish” for personal log-in data. Once successful, they were able to exploit the victim’s account by sending out phishing emails to other users in their contact list, with the goal of scoring free internet access or other financial gain. Awareness of phishing was still limited until May 2000 when Love Bug entered the picture. Love Bug, a highly effective and contagious virus designed to take advantage of the user’s psyche was unleashed in the Philippines, impacting an estimated 45 million Window PCs globally. Love Bug was sent via email with the subject line reading “ILOVEYOU”. The body of the message simply read “Kindly check the attached LOVELETTER coming from me”. Users who couldn’t resist opening the message unleashed a worm virus infecting and overwriting user’s files with copies of the virus. When the user opened the file, they would reinfect the system. Lovebug elevated phishing to a new level as it demonstrated the ability to target a user’s email mailing list for the purpose of spamming acquaintances thereby incentivizing the reader to open his/her email. This enabled the lovebug worm to infect computer systems and steal other user’s passwords providing the hacker the opportunity to log-in to other user accounts providing unlimited internet access. Since Love Bug, the basic concept and primary goal of phishing tactics has remained consistent, but the tactics and vectors have evolved. The window of opportunity has increased significantly for hackers with the increased use of social media (e.g., Linkedin, Twitter, Facebook). This provides more personal data to the hackers enabling them to exploit their targets with more sophisticated phishing tactics while avoiding detection. Phishing’s impact in the marketplace today Phishing attacks present a significant threat for organizations as their ability to capture proprietary business and financial data are both costly and time consuming for IT organizations to detect and remediate. Based on a ]]> 2023-10-12T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-evolution-of-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8394756 False Ransomware,Malware,Tool,Threat,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine La moitié des cisos se rendent désormais au PDG à mesure que l'influence se développe Half of CISOs Now Report to CEO as Influence Grows Trend is more pronounced in Europe than America]]> 2023-10-10T12:00:00+00:00 https://www.infosecurity-magazine.com/news/half-cisos-report-ceo-influence/ www.secnews.physaphae.fr/article.php?IdArticle=8393705 False Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch Trend Micro Drive Dernière phase de la prospérité et de l'engagement des canaux Trend Micro Drives Latest Phase of Channel Prosperity and Engagement 2023-10-04T22:00:00+00:00 https://www.darkreading.com/careers-and-people/trend-micro-drives-latest-phase-of-channel-prosperity-and-engagement www.secnews.physaphae.fr/article.php?IdArticle=8391653 False Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Trend Micro : Etat des attaques de ransomware au premier semestre 2023 Investigations]]> 2023-10-03T07:45:20+00:00 https://www.globalsecuritymag.fr/Trend-Micro-Etat-des-attaques-de-ransomware-au-premier-semestre-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8390820 False Ransomware,Studies,Prediction None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le FBI met en garde contre la tendance à la hausse des attaques à double rançon ciblant les entreprises américaines FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants]]> 2023-09-30T15:19:00+00:00 https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html www.secnews.physaphae.fr/article.php?IdArticle=8389842 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian APT Group OilRig Utilisation de nouveaux logiciels malveillants Menorah pour les opérations secrètes Iranian APT Group OilRig Using New Menorah Malware for Covert Operations Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy]]> 2023-09-30T14:51:00+00:00 https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8389819 False Malware,Prediction APT 34 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Célébrer plus de 20 000 heures de formation de cyber-piratage via l'esprit de contrôle et le partenariat NotSosecure Celebrating Over 20,000 Hours of Cyber Hacking Training via the Check Point MIND and NotSoSecure Partnership Notre rapport de cybersécurité en milieu d'année en 2023 a révélé que les cyberattaques avaient bondi de 8% au premier semestre de 2023, avec plus d'attaques que jamais.Les cybercriminels ne montrent aucun signe de ralentissement.Malheureusement, les chercheurs de ISC2 prédisent qu'en 2025, il y aura 3,5 millions de postes non remplis au sein de la main-d'œuvre de la cybersécurité.Laissez cela s'enfoncer un instant.Plus que toute autre chose, l'écart existant au sein de la main-d'œuvre de la cybersécurité est le principal défi de l'industrie.Il est si massif qu'aucune organisation ne peut l'attaquer à elle seule.Reconnaître ce point de contrôle de besoin croissant a développé l'organisation Mind, sous l'égide de [& # 8230;]

>Our 2023 Mid-Year Cybersecurity Report found that cyberattacks surged 8% in the first half of 2023, with more attacks than ever before. Cyber criminals show no signs of slowing down. Unfortunately, researchers at ISC2 predict that by 2025, there will be 3.5 million unfilled positions within the cybersecurity workforce. Let that sink in for a moment. More than anything else, the existing gap within the cyber security workforce is our industry’s main challenge. It\'s so massive that no single organization can tackle it on its own. Recognizing this growing need Check Point developed the MIND organization, under the umbrella of […] ]]> 2023-09-27T13:00:00+00:00 https://blog.checkpoint.com/company-and-culture/celebrating-over-20000-hours-of-cyber-hacking-training-via-the-check-point-mind-and-notsosecure-partnership/ www.secnews.physaphae.fr/article.php?IdArticle=8388403 False Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Guillaume Leseigneur, Cybereason : nous arrivons aujourd\'hui à un nouveau point de basculement dans le paysage des menaces Interviews]]> 2023-09-26T14:31:49+00:00 https://www.globalsecuritymag.fr/Guillaume-Leseigneur-Cybereason-nous-arrivons-aujourd-hui-a-un-nouveau-point-de.html www.secnews.physaphae.fr/article.php?IdArticle=8388020 False Threat,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Les cybercriminels exploitent la tragédie marocaine dans une nouvelle campagne d\'escroquerie Malwares]]> 2023-09-22T07:17:18+00:00 https://www.globalsecuritymag.fr/Les-cybercriminels-exploitent-la-tragedie-marocaine-dans-une-nouvelle-campagne.html www.secnews.physaphae.fr/article.php?IdArticle=8386607 False Threat,Prediction None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les nouvelles victimes de ransomwares augmentent de 47% avec des gangs ciblant les petites entreprises New Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat]]> 2023-09-21T14:15:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-victims-surge-gangs/ www.secnews.physaphae.fr/article.php?IdArticle=8386314 False Ransomware,Prediction None 2.0000000000000000 TrendMicro - Security Firm Blog Décodage Turla: Trend Micro \\'s Mitre Performance Decoding Turla: Trend Micro\\'s MITRE Performance This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro\'s 100% successful protection performance.]]> 2023-09-21T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/i/mitre-attack-solution-tested.html www.secnews.physaphae.fr/article.php?IdArticle=8386397 False Prediction None 1.00000000000000000000 Schneier on Security - Chercheur Cryptologue Américain Sur la pénurie d'emplois de cybersécurité On the Cybersecurity Jobs Shortage Sur la pénurie de travaux de cybersécurité extrême: ]]> 2023-09-20T11:06:33+00:00 https://www.schneier.com/blog/archives/2023/09/on-the-cybersecurity-jobs-shortage.html www.secnews.physaphae.fr/article.php?IdArticle=8385777 False Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Trend Micro verse une solution urgente pour la vulnérabilité de sécurité critique exploitée activement Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that\'s bundled along with the software. The complete list of impacted]]> 2023-09-20T10:58:00+00:00 https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html www.secnews.physaphae.fr/article.php?IdArticle=8385635 False Vulnerability,Prediction None 2.0000000000000000 ProofPoint - Cyber Firms Toutes les vulnérabilités ne sont pas créées égales: les risques d'identité et les menaces sont la nouvelle vulnérabilité Not All Vulnerabilities Are Created Equal: Identity Risks and Threats Are the New Vulnerability 2023-09-20T05:00:47+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/identity-risk-threat-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8386765 False Data Breach,Vulnerability,Threat,Prediction None 2.0000000000000000 ProofPoint - Cyber Firms Les logiciels malveillants chinois apparaissent sérieusement dans le paysage des menaces de cybercriminalité Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape 2023-09-20T05:00:00+00:00 https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8386764 False Malware,Tool,Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch L'acteur lié à la Chine puise la porte dérobée Linux dans une campagne d'espionnage énergique China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign "SprySOCKS" melds features from multiple previously known badware and adds to the threat actor\'s growing malware arsenal, Trend Micro says.]]> 2023-09-19T21:11:00+00:00 https://www.darkreading.com/attacks-breaches/china-linked-actor-taps-linux-backdoor-in-forceful-espionage-campaign www.secnews.physaphae.fr/article.php?IdArticle=8385512 False Malware,Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch Trend micro patchs vulnérabilité de point final zéro jour Trend Micro Patches Zero-Day Endpoint Vulnerability The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.]]> 2023-09-19T20:20:00+00:00 https://www.darkreading.com/endpoint/trend-micro-patches-zero-day-endpoint-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8385493 False Vulnerability,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les nouvelles cotes de la terre de Lusca \\ ont cible la porte dérobée Linux cible les entités gouvernementales Earth Lusca\\'s New SprySOCKS Linux Backdoor Targets Government Entities The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary\'s attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on]]> 2023-09-19T16:40:00+00:00 https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8385302 False Threat,Prediction None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-41179 A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.]]> 2023-09-19T14:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41179 www.secnews.physaphae.fr/article.php?IdArticle=8385395 False Vulnerability,Prediction None None Checkpoint - Fabricant Materiel Securite Est-ce que le VRAI Slim Shady se lèvera?La recherche sur les points de contrôle expose le cybercriminé derrière un logiciel malveillant impactant EMEA et APAC Will the Real Slim Shady Please Stand Up? Check Point Research Exposes Cybercriminal Behind Malicious Software Impacting EMEA and APAC >Highlights: Advertised as legitimate tools, Remcos and GuLoader are malware in disguise, heavily utilized in cyberattacks Check Point Research (CPR) has uncovered evidence that the distributor is deeply entwined within the cybercrime scene, leveraging their platform to facilitate cybercrime, while making a profit CPR has identified “EMINэM” as one of the cyberciminals behind the distribution Remcos and GuLoader CPR has disclosed its findings to the relevant law enforcement entity “Legit” software becomes cybercrminals\' preferred choice In an alarming trend highlighted in Check Point\'s 2023 Mid-Year Security Report, seemingly legitimate software has become the preferred choice of cybercriminals. Notable examples are […] ]]> 2023-09-19T13:00:32+00:00 https://blog.checkpoint.com/security/exclusive-check-point-research-unveils-software-disguised-as-legitimate-exploited-by-cybercriminals-with-troubling-distributor-connection/ www.secnews.physaphae.fr/article.php?IdArticle=8385305 False Malware,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Trend Micro rejoint le Hacking Policy Council Business]]> 2023-09-18T09:37:48+00:00 https://www.globalsecuritymag.fr/Trend-Micro-rejoint-le-Hacking-Policy-Council.html www.secnews.physaphae.fr/article.php?IdArticle=8384799 False Threat,Prediction None 2.0000000000000000 ProofPoint - Cyber Firms Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment 2023-09-18T05:00:09+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/how-better-secure-and-protect-microsoft-365-environment www.secnews.physaphae.fr/article.php?IdArticle=8386767 False Ransomware,Data Breach,Malware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 IT Security Guru - Blog Sécurité Trend Micro protège l'Université de Kingston pendant la période de compensation de pointe Trend Micro Protects Kingston University During Peak Clearing Period Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that it is supplying managed detection and response (MDR) capabilities to Kingston University free of charge to mitigate the threat of serious cyber disruption during their busiest time of year for student recruitment. “University clearing is like the run up to Christmas for retailers. And in the same way, threat […] ]]> 2023-09-15T15:26:04+00:00 https://www.itsecurityguru.org/2023/09/15/trend-micro-protects-kingston-university-during-peak-clearing-period/?utm_source=rss&utm_medium=rss&utm_campaign=trend-micro-protects-kingston-university-during-peak-clearing-period www.secnews.physaphae.fr/article.php?IdArticle=8383734 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les cybercriminels combinent des certificats de phishing et de véhicules électriques pour livrer les charges utiles des ransomwares Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this]]> 2023-09-15T14:19:00+00:00 https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html www.secnews.physaphae.fr/article.php?IdArticle=8383639 False Ransomware,Threat,Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Eco-Hacks: l'intersection de la durabilité et des cyber-menaces Eco-hacks: The intersection of sustainability and cyber threats advanced-level cybersecurity protocols needed to secure these endeavors against cyberattacks, resulting in unintended consequences: an increase in cyber vulnerabilities. In this article, we will take an in-depth look at the enhanced cybersecurity risks presented by certain sustainability and tech initiatives. Then we will explore best practices intended to keep businesses cyber secure as they transition to new, more environmentally friendly modes of operation and production. 1. The unexpected cybersecurity risks of going green While new green technology rollouts provide highly visible, obvious benefits, contributing to the important global cause of sustainability, the cybersecurity underpinnings that run in the background are easy to ignore but no less significant. There is a subtle interdependence between new green tech and expanded cybersecurity risks. 2. New developments in green technology New developments in green technology are vast and wide-ranging, offering revolutionary potential to cut down on harmful greenhouse gas emissions. By some estimates, Green IT can contribute to reducing greenhouse gas emissions by ten times more than it emits. Green coding focuses on creating more energy efficient modes of engaging computational power that can be applied to everything from virtual reality gaming devices in development to cloud computing. Sustainable data collection centers aim to reduce carbon and greenhouse gas emissions by finding alternative methods of collecting data that require less energy. Smart city technology, such as IoT-enabled power grids, smart parking meters, and smart traffic controls, can utilize predictive capabilities to ensure that urban infrastructures are running at optimal energy levels, reducing resource and energy waste and improving city living experiences. Similarly, smart HVAC systems can respond to global climate change issues by managing the internal temperature of buildings using smart regulators that reduce energy waste and carbon emissions, while still heating or cooling buildings. All of these innovations are building towards a more sustainable future by reducing our need for harmful fossil fuel consumption, managing power usage across the energy grid, and creating more sustainable alternatives to existing technologies for transportation, waste management, entertainment, and more. But each of these new technologies also presents a broader risk level ]]> 2023-09-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/eco-hacks-the-intersection-of-sustainability-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8382200 False Vulnerability,Threat,Prediction,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Réseaux résilients: éléments constitutifs de l'architecture de la cybersécurité moderne Resilient networks: Building blocks of modern Cybersecurity architecture cybersecurity has never been more pronounced. As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture. Understanding resilient networks Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions. They aren\'t just about preventing breaches; they\'re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover. Network security It\'s essential to distinguish between network security and network resilience. Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods. On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures. Resilience Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It\'s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached. Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes. Key components of resilient networks Consider your home\'s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats. Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience. Redundancy Redundancy involves creating backup systems or pathways. It\'s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions. Diversity Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact. Segmentation and isolation Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it\'s isolated, preventing the entire building from]]> 2023-09-12T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/resilient-networks-building-blocks-of-modern-cybersecurity-architecture www.secnews.physaphae.fr/article.php?IdArticle=8381857 False Tool,Vulnerability,Threat,Prediction,Medical None 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les ransomwares & # 8211;Juillet 2023 Threat Trend Report on Ransomware – July 2023 Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en juillet 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) Plus d'entreprises affectées par l'exploitation des ransomwares de Clop & # 8217;Problèmes

This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in July 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) More businesses affected by CLOP ransomware’s exploitation of MOVEit zero-day vulnerability 2) Big Head ransomware disguised as an emergency Windows update 3) Detection names for ransomware disguised as Sophos file ATIP_2023_Jul_Threat Trend Report on Ransomware Statistics and Major Issues ]]> 2023-09-11T05:05:00+00:00 https://asec.ahnlab.com/en/56987/ www.secnews.physaphae.fr/article.php?IdArticle=8381127 False Ransomware,Vulnerability,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Juillet 2023 Threat Trend Report on APT Groups – July 2023 juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 35,APT 35,APT 29,APT 29,APT 37,APT 37,APT 31,APT 28,APT 28 2.0000000000000000 AhnLab - Korean Security Firm Rapport sur la tendance du Web Deep et Dark WEB & # 8211;Juillet 2023 Deep Web and Dark Web Threat Trend Report – July 2023 Ce rapport de tendance sur le Web Deep et le réseau sombre de juillet 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) Alphv (Blackcat) (2) Cactus (3) Clop (4) Monti 2) Forum & # 38;Black Market (1) La vente de Genesis Market (2) Base de données pour violation de la base de données (3) US Medical Institution & # 8217; s Base de données 3) Acteur de menace (1) ...

This trend report on the deep web and dark web of July 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) Cactus (3) CLOP (4) Monti 2) Forum & Black Market (1) The Sale of Genesis Market (2) BreachedForums Database on Sale (3) US Medical Institution’s Database Breached 3) Threat Actor (1)... ]]> 2023-09-11T05:02:13+00:00 https://asec.ahnlab.com/en/56976/ www.secnews.physaphae.fr/article.php?IdArticle=8381129 False Ransomware,Threat,Prediction,Medical None 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur le groupe Kimsuky & # 8211;Juillet 2023 Threat Trend Report on Kimsuky Group – July 2023 Les activités de Kimsuky Group & # 8217;diversifie simultanément leurs méthodes d'attaque.De plus, il n'y avait pas de problèmes particuliers concernant les types d'applications et RandomQuery car ils sont désormais moins utilisés.Le type BabyShark qui sera décrit en détail sur ce rapport sera inclus dans les statistiques de juillet.ATIP_2023_JUL_TRÉTERAT RAPPORT DE TRENDE SUR LE GROUPE KIMSUKY

The Kimsuky group’s activities in July 2023 showed that FlowerPower is gaining traction, and the group is simultaneously diversifying their attack methods. Additionally, there were no particular issues regarding AppleSeed and RandomQuery types as they are now less used. The BabyShark type to be described in detail further on this report will be included in the statistics from July thereon. ATIP_2023_Jul_Threat Trend Report on Kimsuky Group ]]> 2023-09-11T05:01:36+00:00 https://asec.ahnlab.com/en/56981/ www.secnews.physaphae.fr/article.php?IdArticle=8381130 False Threat,Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Le jeu du chat et de la souris: rester en avance sur l'évolution des menaces de cybersécurité The cat and mouse game: Staying ahead of evolving cybersecurity threats cyber threats is crucial for safeguarding personal, economic, and societal well-being. The cat and mouse game will never end, and it’s important to not only be aware of where the good guys stand but what to expect while running your business and trying to stay safe. The dynamic nature of cyber threats The dynamic nature of cyber threats lies in their continuous evolution and adaptation. Cybercriminals are relentless in their pursuit of new vulnerabilities, techniques, and tools to breach systems and compromise data. In response, cybersecurity experts are in a constant race to anticipate and counter emerging threats. They develop advanced security protocols like cloud penetration testing, analyze attack patterns, and collaborate to share threat intelligence. This ongoing battle is marked by innovation on both sides. What cybersecurity pros have at their disposal Cybersecurity professionals employ artificial intelligence, machine learning, and behavioural analytics to predict and detect threats, while cybercriminals use sophisticated social engineering and encryption techniques to evade detection. This tug-of-war highlights the necessity of a proactive approach to cybersecurity. As threats evolve, defenders must not only address current vulnerabilities but also anticipate future attack vectors. The rapid pace of technological change means that cybersecurity is not a one-time investment, but an ongoing commitment to staying updated, adapting strategies, and collaborating across sectors to safeguard digital ecosystems. The evolution of cyber threats The cyber threats that your business is likely to face in the 2020s are much different and far more insidious than they were back in the early days of the internet. The early days We have gone from: Viruses and worms: In the early days of computing, viruses and worms were the first types of cyber threats. They spread through infected files and email attachments, causing damage or disruption to systems. Malware: As technology advanced, so did malware. This category includes various types, such as Trojans, which masquerade as legitimate software, and keyloggers, which record keystrokes to steal sensitive information. Current threats What businesses and individuals must contend with now is shocking and, if you haven’t been following the industry and cyber threat landscape, very frightening. Contemporary threats include: Phishing and social engineering: With the rise of the internet, cybercriminals shifted to tactics that exploit human psychology. Phishing attacks trick users into revealing personal information or click]]> 2023-09-07T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-cat-and-mouse-game-staying-ahead-of-evolving-cybersecurity-threats www.secnews.physaphae.fr/article.php?IdArticle=8379991 False Malware,Tool,Vulnerability,Threat,Prediction None 3.0000000000000000