This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-15T02:47:12+00:00 www.secnews.physaphae.fr Korben - Bloger francais 2024-03-29T10:52:35+00:00 https://korben.info/malware-cible-joueurs-call-of-duty-cherchant-logiciels-triche-bitcoin-vole.html www.secnews.physaphae.fr/article.php?IdArticle=8472559 False Malware None 3.0000000000000000 Global Security Mag - Site de news francais & eacute; v & eacute; nements

---

12 avril CYCLE DEFENSE & CYBER 2024 - Événements]]> 2024-03-29T10:45:54+00:00 https://www.globalsecuritymag.fr/12-avril-cycle-defense-cyber-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8472510 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-03-29T10:38:26+00:00 https://www.silicon.fr/sentiments-communaute-openai-477326.html www.secnews.physaphae.fr/article.php?IdArticle=8472505 False None None 2.0000000000000000 Korben - Bloger francais 2024-03-29T10:29:34+00:00 https://korben.info/rcs-iphone-apple-adopte-standard-messagerie-universel.html www.secnews.physaphae.fr/article.php?IdArticle=8472560 False Mobile None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result]]> 2024-03-29T10:24:50+00:00 https://www.welivesecurity.com/en/videos/rdp-security-concern-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8472918 False None None 3.0000000000000000 Silicon - Site de News Francais 2024-03-29T10:12:19+00:00 https://www.silicon.fr/emmanuelle-olivie-paul-advaes-le-premier-enjeu-du-scope-3-cest-davoir-les-donnees-pour-faire-une-evaluation-477296.html www.secnews.physaphae.fr/article.php?IdArticle=8472506 False None None 2.0000000000000000 Korben - Bloger francais 2024-03-29T09:56:01+00:00 https://korben.info/faille-critique-0-day-corrigee-microsoft-edge-navigateurs-chromium-vulnerables.html www.secnews.physaphae.fr/article.php?IdArticle=8472511 False None None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

Data Security in Remote Roles: Expert Reveals Key Practices - Opinion]]> 2024-03-29T08:32:32+00:00 https://www.globalsecuritymag.fr/data-security-in-remote-roles-expert-reveals-key-practices.html www.secnews.physaphae.fr/article.php?IdArticle=8472465 False None None 2.0000000000000000 Korben - Bloger francais 2024-03-29T08:00:00+00:00 https://korben.info/decouvrez-lapce-editeur-code-open-source-performant-personnalisable.html www.secnews.physaphae.fr/article.php?IdArticle=8472485 False None None 2.0000000000000000 ProofPoint - Cyber Firms 2024-03-29T06:00:11+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybersecurity-efficiency-healthcare-attack-surface-insights www.secnews.physaphae.fr/article.php?IdArticle=8472554 False Threat,Medical None 2.0000000000000000 Krebs on Security - Chercheur Américain Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient\'s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here\'s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.]]> 2024-03-28T23:56:13+00:00 https://krebsonsecurity.com/2024/03/thread-hijacking-phishes-that-prey-on-your-curiosity/ www.secnews.physaphae.fr/article.php?IdArticle=8472289 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET ]]> 2024-03-28T22:32:00+00:00 https://thehackernews.com/2024/03/linux-version-of-dinodasrat-spotted-in.html www.secnews.physaphae.fr/article.php?IdArticle=8472155 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country\'s Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "]]> 2024-03-28T22:20:00+00:00 https://thehackernews.com/2024/03/finland-blames-chinese-hacking-group.html www.secnews.physaphae.fr/article.php?IdArticle=8472126 False Legislation APT 31 3.0000000000000000 Korben - Bloger francais 2024-03-28T21:30:32+00:00 https://korben.info/faille-critique-wallescape-linux-mots-de-passe-danger.html www.secnews.physaphae.fr/article.php?IdArticle=8472248 False Vulnerability None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Certaines des cibles connues de cette campagne de phishing iMessage sont l'USPS (The United States Postal Service), DHL, Evri, Australia Post, Bulgarian Posts et Singapore Post. Ceci est un article de HackRead.com Lire le post original: La nouvelle campagne de phishing iMessage cible les utilisateurs de services postaux dans le monde

---

>By Waqas Some of the known targets of this iMessage phishing campaign are USPS (the United States Postal Service), DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users Globally]]> 2024-03-28T21:15:23+00:00 https://www.hackread.com/imessage-phishing-targets-postal-service-users/ www.secnews.physaphae.fr/article.php?IdArticle=8472250 False None None 2.0000000000000000 Dark Reading - Informationweek Branch Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.]]> 2024-03-28T21:15:17+00:00 https://www.darkreading.com/application-security/cisco-ios-bugs-unauthenticated-remote-dos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8472251 False Vulnerability,Patching None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La base de données nationale sur la vulnérabilité a cessé certains de ses travaux, mais certains experts craignent que la formation d'un consortium pour résoudre ses problèmes manque d'urgence suffisante.

---

>The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency. ]]> 2024-03-28T21:03:37+00:00 https://cyberscoop.com/plan-to-resuscitate-beleaguered-vulnerability-database-draws-criticism/ www.secnews.physaphae.fr/article.php?IdArticle=8472224 False Vulnerability None 2.0000000000000000 Korben - Bloger francais 2024-03-28T21:02:29+00:00 https://korben.info/elon-musk-fonctionnalites-premium-gratuites-x-ex-twitter.html www.secnews.physaphae.fr/article.php?IdArticle=8472249 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Appelant l'intelligence artificielle et Deepfakes «un saut de technologie», l'ancienne secrétaire d'État Hillary Rodham Clinton a déclaré jeudi que les personnes utilisant l'IA à des fins antidémocratiques permettent à leurs compétences en travaillant avec sa ressemblance.«Parce qu'ils ont une telle bibliothèque de trucs sur moi, ils l'utilisent pour pratiquer et voir comment plus

---

Calling artificial intelligence and deepfakes “a leap in technology,” former Secretary of State Hillary Rodham Clinton said Thursday that people using AI for undemocratic purposes are honing their skills by working with her likeness. “Because they\'ve got such a library of stuff about me, they\'re using it to practice on and see how more]]> 2024-03-28T20:51:46+00:00 https://therecord.media/hillary-clinton-ai-deepfakes-election-threat www.secnews.physaphae.fr/article.php?IdArticle=8472226 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future La Maison Blanche a dévoilé une liste de nouvelles commandes et exigences pour les agences fédérales liées à l'utilisation de l'intelligence artificielle. & NBSP;La vice-présidente Kamala Harris a annoncé jeudi l'ordre, affirmant qu'elle est conçue pour «renforcer la sécurité et la sécurité de l'IA, protéger les Américains \\», les capitaux propres et les droits civils, défendent les consommateurs et les travailleurs,

---

The White House unveiled a slate of new orders and requirements for federal agencies related to the use of artificial intelligence.  Vice President Kamala Harris announced the order on Thursday, saying it is designed to “strengthen AI safety and security, protect Americans\' privacy, advance equity and civil rights, stand up for consumers and workers,]]> 2024-03-28T20:45:38+00:00 https://therecord.media/white-house-federal-agencies-ai-safeguards www.secnews.physaphae.fr/article.php?IdArticle=8472227 False None None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Les normes ISO peuvent ne pas toujours sauter comme les sujets les plus excitants pour la conversation pour le dîner, mais leur importance croissante dans les affaires ne peut pas être refusée.Et cette année, cela vaut la peine de parler d'ISO 27001: 2022 spécifiquement (mais peut-être pas au cours du dîner).Il est prévu que jusqu'à 90 000 * organisations pourraient renouveler [& # 8230;]

---

>ISO standards may not always jump out as the most exciting of topics for dinner party conversation, but their growing importance in business cannot be denied. And this year it is well worth us talking about ISO 27001:2022 specifically (though perhaps not over dinner). It is expected that as many as 90,000* organisations might renew […] ]]> 2024-03-28T20:43:09+00:00 https://www.netskope.com/blog/a-swiss-army-knife-for-iso-270012022-compliance www.secnews.physaphae.fr/article.php?IdArticle=8472221 False None None 2.0000000000000000 Dark Reading - Informationweek Branch The tendency of popular AI-based tools to recommend nonexistent code libraries offers a bigger opportunity than thought to distribute malicious packages.]]> 2024-03-28T20:36:19+00:00 https://www.darkreading.com/application-security/pervasive-llm-hallucinations-expand-code-developer-attack-surface www.secnews.physaphae.fr/article.php?IdArticle=8472225 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and RCS rather than SMS to send text messages has the side effect of bypassing SMS firewalls, which is being used to great]]> 2024-03-28T20:13:00+00:00 https://thehackernews.com/2024/03/darcula-phishing-network-leveraging-rcs.html www.secnews.physaphae.fr/article.php?IdArticle=8472102 False None None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Analysts from Oligo, an Israeli security research company, have identified an ongoing active attack campaign targeting a critical vulnerability in the Ray open-source AI framework, impacting thousands of companies and servers globally. This vulnerability, known as ShadowRay (CVE-2023-48022), allows attackers to take control of computing resources and leak sensitive data. According to Ray\'s developer, Anyscale, this issue is not a vulnerability. Rather, it is an essential feature of Ray\'s design that enables the execution of dynamic code within a cluster. Therefore, Anyscale has not released a patch and CVE-2023-48022 does not appear in several vulnerability databases. Since September 2023, malicious actors have accessed thousands of Ray servers across multiple industries, including education, finance, and biopharma. Exploiting this access, actors have stolen sensitive data, credentials, cloud tokens, and used computing resources for cryptocurrency mining operations. [Check out Microsoft\'s write-up on CVE-2023-48022 here.](https://sip.security.microsoft.com/intel-explorer/cves/CVE-2023-48022/description?) #### Reference URL(s) 1. https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild #### Publication Date March 26, 2024 #### Author(s) Avi Lumelsky, Guy Kaplan, and Gal Elbaz]]> 2024-03-28T20:08:52+00:00 https://community.riskiq.com/article/e4cd5bc2 www.secnews.physaphae.fr/article.php?IdArticle=8472239 False Vulnerability,Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future Les opérations d'influence russe liées au célèbre chef du groupe Wagner Mercenary Troops, Yevgeniy Prigozhin, restent des mois actifs après sa mort, selon de nouvelles recherches.L'Empire des médias de Prigozhin \\, mieux connu pour ses campagnes de désinformation lors de l'élection présidentielle américaine de 2016, continue de cibler le public en Europe, aux États-Unis, en Ukraine et en Russie, selon

---

Russian influence operations linked to the notorious leader of the Wagner Group mercenary troops, Yevgeniy Prigozhin, remain active months after his death, according to new research. Prigozhin\'s media empire, best known for its disinformation campaigns during the 2016 U.S. presidential election, continues to target audiences in Europe, the U.S., Ukraine and inside Russia, according]]> 2024-03-28T19:25:31+00:00 https://therecord.media/wagner-group-linked-influence-operations-continue www.secnews.physaphae.fr/article.php?IdArticle=8472200 False None None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim\'s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions. #### Reference URL(s) 1. https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/ #### Publication Date March 28, 2024 #### Author(s) Joshua Kamp ]]> 2024-03-28T19:11:03+00:00 https://community.riskiq.com/article/3f7c3599 www.secnews.physaphae.fr/article.php?IdArticle=8472213 False Malware,Mobile,Technical None 3.0000000000000000 Recorded Future - FLux Recorded Future Les administrateurs d'un référentiel largement utilisé pour le langage de codage Python ont suspendu certaines fonctions temporairement du jour au lendemain en raison d'une «campagne de téléchargement de logiciels malveillants». & Nbsp;L'indice Python Package (PYPI) a déclaré qu'il avait restauré les services tôt jeudi après avoir bloqué la création de nouveaux projets et l'enregistrement des nouveaux utilisateurs pendant environ 10 heures.PYPI est un élément clé du

---

Administrators for a widely used repository for the Python coding language suspended some functions temporarily overnight because of a “malware upload campaign.”  The Python Package Index (PyPI) said it had restored services early Thursday after blocking new project creation and new user registration for about 10 hours. PyPI is a key part of the]]> 2024-03-28T19:10:50+00:00 https://therecord.media/pypl-python-developer-site-malware-campaign www.secnews.physaphae.fr/article.php?IdArticle=8472201 False Malware None 2.0000000000000000 Recorded Future - FLux Recorded Future Le Pentagone a publié jeudi sa toute première stratégie de cybersécurité pour mieux protéger sa base industrielle massive contre les pirates."Alors que nos adversaires recherchent en permanence des informations sur les capacités américaines, le ministère, en coordination avec le Dib [Base industrielle de la défense], doit rester résilient contre ces attaques et réussir dans le travail d'équipe pour défendre la nation", a déclaré la défense adjointe

---

The Pentagon on Thursday released its first ever cybersecurity strategy to better protect its massive industrial base from hackers. "As our adversaries continuously seek information about U.S. capabilities, the Department, in coordination with the DIB [defense industrial base], must remain resilient against these attacks and succeed through teamwork to defend the Nation,” Deputy Defense]]> 2024-03-28T18:55:00+00:00 https://therecord.media/pentagon-unveils-first-ever-defense-industrial-base-strategy www.secnews.physaphae.fr/article.php?IdArticle=8472177 False Industrial None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Automation is making attacks on open source code repositories harder to fight.]]> 2024-03-28T18:50:22+00:00 https://arstechnica.com/?p=2013233 www.secnews.physaphae.fr/article.php?IdArticle=8472223 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Harvard Pilgrim Health Care a déclaré que le nombre de personnes touchées par une attaque de ransomware au printemps dernier est plus grande que celle initiale.La société d'assurance maladie de la Nouvelle-Angleterre a été attaquée par un gang de ransomware encore non identifié le 17 avril 2023, limitant le service pendant des jours.La société a soumis plusieurs lettres de notification de violation différentes aux régulateurs dans

---

Harvard Pilgrim Health Care said the number of people affected by a ransomware attack last spring is larger than originally stated. The New England health insurance firm was attacked by a still-unidentified ransomware gang on April 17, 2023, limiting service for days. The company has submitted multiple different breach notification letters to regulators in]]> 2024-03-28T18:22:02+00:00 https://therecord.media/harvard-pilgrim-data-breach-notification-update www.secnews.physaphae.fr/article.php?IdArticle=8472178 False Ransomware,Data Breach None 3.0000000000000000 GoogleSec - Firm Security Blog how we have been prioritizing firmware security, and how to apply mitigations in a firmware environment to mitigate unknown vulnerabilities. In this post we will show how the Kernel Address Sanitizer (KASan) can be used to proactively discover vulnerabilities earlier in the development lifecycle. Despite the narrow application implied by its name, KASan is applicable to a wide-range of firmware targets. Using KASan enabled builds during testing and/or fuzzing can help catch memory corruption vulnerabilities and stability issues before they land on user devices. We\'ve already used KASan in some firmware targets to proactively find and fix 40+ memory safety bugs and vulnerabilities, including some of critical severity. Along with this blog post we are releasing a small project which demonstrates an implementation of KASan for bare-metal targets leveraging the QEMU system emulator. Readers can refer to this implementation for technical details while following the blog post. Address Sanitizer (ASan) overview Address sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime. It is capable of detecting the following classes of temporal and spatial memory safety bugs: out-of-bounds memory access use-after-free double/invalid free use-after-return ASan relies on the compiler to instrument code with dynamic checks for virtual addresses used in load/store operations. A separate runtime library defines the instrumentation hooks for the heap memory and error reporting. For most user-space targets (such as aarch64-linux-android) ASan can be enabled as simply as using the -fsanitize=address compiler option for Clang due to existing support of this target both in the toolchain and in the libclang_rt runtime. However, the situation is rather different for bare-metal code which is frequently built with the none system targets, such as arm-none-eabi. Unlike traditional user-space programs, bare-metal code running inside an embedded system often doesn\'t have a common runtime implementation. As such, LLVM can\'t provide a default runtime for these environments. To provide custom implementations for the necessary runtime routines, the Clang toolchain exposes an interface for address sanitization through the -fsanitize=kernel-address compiler option. The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren\'t supported by default with -fsanitize=address. We\'ll demonstrate how to use the version of address sanitizer originally built for the kernel on other bare-metal targets. KASan 101 Let\'s take a look at the KASan major building blocks from a high-level perspective (a thorough explanation of how ASan works under-the-hood is provided in this whitepaper). The main idea behind KASan is that every memory access operation, such as load/store instructions and memory copy functions (for example, memm]]> 2024-03-28T18:16:18+00:00 http://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html www.secnews.physaphae.fr/article.php?IdArticle=8477255 False Tool,Vulnerability,Mobile,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Considering the ever-changing state of cybersecurity, it\'s never too late to ask yourself, "am I doing what\'s necessary to keep my organization\'s web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain]]> 2024-03-28T18:13:00+00:00 https://thehackernews.com/2024/03/new-webinar-avoiding-application.html www.secnews.physaphae.fr/article.php?IdArticle=8472037 False None None 3.0000000000000000 SecurityWeek - Security News Les responsables du référentiel Python Package Index (PYPI) ont été obligés de suspendre la création de nouveaux projets et l'enregistrement des nouveaux utilisateurs pour atténuer une campagne de téléchargement de logiciels malveillants.

---

>Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. ]]> 2024-03-28T17:45:03+00:00 https://www.securityweek.com/malware-upload-attack-hits-pypi-repository/ www.secnews.physaphae.fr/article.php?IdArticle=8472180 False Malware None 2.0000000000000000 HackRead - Chercher Cyber Par uzair amir Wilder World, un métaverse en ligne massivement multijoueur, est maintenant disponible pour la liste de souhaits sur l'Epic Games Store, A & # 8230; Ceci est un article de HackRead.com Lire le post original: Wilder World lance sur Epic Games Store comme le premier \\ 'gta du jeu web3 \'

---

>By Uzair Amir Wilder World, a massively multiplayer online metaverse, is now available for wishlisting on the Epic Games Store, a… This is a post from HackRead.com Read the original post: Wilder World Launches on Epic Games Store as The First \'GTA of Web3\' Game]]> 2024-03-28T17:36:35+00:00 https://www.hackread.com/wilder-world-launches-epic-games-store-gta-web3-game/ www.secnews.physaphae.fr/article.php?IdArticle=8472153 False None None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Flaw Critical Microsoft SharePoint Exploited: Patch Now, Cisa Insigne! Ceci est un article de HackRead.com Lire la publication originale: La CISA invite à corriger la vulnérabilité Microsoft SharePoint (CVE-2023-24955)

---

>By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)]]> 2024-03-28T17:24:22+00:00 https://www.hackread.com/cisa-microsoft-sharepoint-vulnerability-cve-2023-24955/ www.secnews.physaphae.fr/article.php?IdArticle=8472154 False Vulnerability,Patching None 3.0000000000000000 Silicon - Site de News Francais 2024-03-28T17:20:46+00:00 https://www.silicon.fr/etude-trends-of-it-2024-comprendre-les-mutations-de-lenvironnement-it-477266.html www.secnews.physaphae.fr/article.php?IdArticle=8472150 False None None 2.0000000000000000 Dark Reading - Informationweek Branch The malicious actor used Slack channels as an exfiltration point to upload the stolen data.]]> 2024-03-28T17:11:44+00:00 https://www.darkreading.com/cyberattacks-data-breaches/indian-government-breached-by-hackbrowserdata-information-stealer www.secnews.physaphae.fr/article.php?IdArticle=8472152 False None None 3.0000000000000000 Silicon - Site de News Francais 2024-03-28T16:52:31+00:00 https://www.silicon.fr/guillaume-poupard-docaposte-pack-cybersecurite-477299.html www.secnews.physaphae.fr/article.php?IdArticle=8472151 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the]]> 2024-03-28T16:30:00+00:00 https://thehackernews.com/2024/03/behind-scenes-art-of-safeguarding-non.html www.secnews.physaphae.fr/article.php?IdArticle=8471965 False Cloud None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Êtes-vous un développeur Python?Voici ce que vous devez savoir! Ceci est un article de HackRead.com Lire le post original: PYPI suspend les nouveaux projets et utilisateurs en raison de packages malveillants

---

>By Waqas Are you a Python developer? Here\'s what you need to know! This is a post from HackRead.com Read the original post: PyPI Suspends New Projects and Users Due to Malicious Packages]]> 2024-03-28T16:28:04+00:00 https://www.hackread.com/pypi-suspends-projects-users-malicious-packages/ www.secnews.physaphae.fr/article.php?IdArticle=8472125 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). "This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack]]> 2024-03-28T16:25:00+00:00 https://thehackernews.com/2024/03/new-zenhammer-attack-bypasses-rowhammer.html www.secnews.physaphae.fr/article.php?IdArticle=8471966 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Jusqu'à présent, les réglementations de cybersécurité en Europe ont été principalement motivées par les réglementations NIS2.Les réglementations NIS2 sont ...

---

>So far, cybersecurity regulations in Europe have been primarily driven by the NIS2 regulations. The NIS2 regulations are... ]]> 2024-03-28T16:02:10+00:00 https://industrialcyber.co/expert/vulnerability-handling-according-to-the-european-cyber-resilience-act-cra/ www.secnews.physaphae.fr/article.php?IdArticle=8472099 False Vulnerability None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: PIPI est l'un des plus grands index, avec plus de 800 000 utilisateurs, CloudGuard a identifié une campagne de typosquat sur PYPI, comprenant plus de 500 packages malveillants.L'installation de ces packages a exposé les utilisateurs au vol potentiel de leurs informations personnellement identifiables (PII) et à l'installation de logiciels malveillants sur leurs systèmes.Lors de la détection, nous avons rapidement informé PYPI de ces packages, conduisant à leur retrait rapide par l'équipe administrative du PYPI.Intro: avec plus de 800 000 utilisateurs, PYPI (Python Package Index) sert de référentiel officiel pour les packages logiciels adaptés au langage de programmation Python.En tant que centre centralisé, il facilite le [& # 8230;]

---

>Highlights: PiPI is one of the largest Indexes, with more than 800,000 users Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages. Installation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified PyPI about these packages, leading to their swift removal by the PyPI administrative team. Intro: With more than 800,000 users, PyPI (Python Package Index) serves as the official repository for software packages tailored to the Python programming language. As a centralized hub, it facilitates the […] ]]> 2024-03-28T16:00:20+00:00 https://blog.checkpoint.com/securing-the-cloud/pypi-inundated-by-malicious-typosquatting-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8472149 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais Flaws enable privilege escalation and remote code execution Nvidia\'s AI-powered ChatRTX app launched just six week ago but already has received patches for two security vulnerabilities that enabled attack vectors, including privilege escalation and remote code execution.…]]> 2024-03-28T15:33:13+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/28/nvidia_chatrtx_security_flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8472101 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US Treasury report sets out recommendations for financial institutions on addressing immediate AI-related operational risk, cybersecurity and fraud challenges]]> 2024-03-28T15:15:00+00:00 https://www.infosecurity-magazine.com/news/us-treasury-financial-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8472103 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple\'s legitimate customer support line.]]> 2024-03-28T15:03:01+00:00 https://www.darkreading.com/cloud-security/mfa-bombing-attacks-target-apple-iphone-users www.secnews.physaphae.fr/article.php?IdArticle=8472070 False Mobile None 3.0000000000000000 Fortinet - Fabricant Materiel Securite In celebration of Women\'s History Month in March and International Women\'s Day on March 8, Fortinet honored what the month represents by hosting events in our offices across North America, Latin America, and other regions globally.]]> 2024-03-28T15:00:00+00:00 https://www.fortinet.com/blog/industry-trends/celebrating-womens-history-month-international-womens-day-at-fortinet www.secnews.physaphae.fr/article.php?IdArticle=8472098 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Feds are offering cash for information to help them crack down on the ransomware-as-a-service group\'s cyberattacks against US critical infrastructure.]]> 2024-03-28T14:50:51+00:00 https://www.darkreading.com/cyber-risk/us-10m-bounty-blackcat-ransomware-members www.secnews.physaphae.fr/article.php?IdArticle=8472071 False Ransomware None 3.0000000000000000 CyberSecurityVentures - cybersecurity services Et le nouveau XDR vaut-il le prix?& # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;27 mars 2024 Alors que la détection et la réponse des points finaux (EDR) et la détection et la réponse prolongées (XDR) représentent toutes deux des outils cruciaux dans l'arsenal de cybersécurité d'aujourd'hui, il peut

---

>And is the newer XDR worth the price? – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Mar. 27, 2024 While Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) both represent crucial tools in today\'s cybersecurity arsenal, it can ]]> 2024-03-28T14:41:47+00:00 https://cybersecurityventures.com/edr-vs-xdr-the-key-differences/ www.secnews.physaphae.fr/article.php?IdArticle=8472066 False Tool,Technical None 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-03-28T14:38:27+00:00 https://www.globalsecuritymag.fr/yousign-rejoint-le-groupement-hexatrust.html www.secnews.physaphae.fr/article.php?IdArticle=8472083 False Cloud None 3.0000000000000000 SecurityWeek - Security News La société de renseignement sur les menaces Eclecticiq documente la livraison de leurres de phishing malware aux organisations énergétiques gouvernementales et privées en Inde.

---

>Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. ]]> 2024-03-28T14:37:56+00:00 https://www.securityweek.com/cyberespionage-campaign-targets-government-energy-entities-in-india/ www.secnews.physaphae.fr/article.php?IdArticle=8472100 False Malware None 3.0000000000000000 CyberArk - Software Vendor With over 50 countries heading to the polls this year, including major economies like the U.S., India and the U.K., 2024, one way or another, will be a defining year with over 4 billion voters...]]> 2024-03-28T14:30:22+00:00 https://www.cyberark.com/blog/election-security-defending-democracy-in-todays-dynamic-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8472067 False Threat None 3.0000000000000000 GoogleSec - Firm Security Blog Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., www.example.com) into numeric IP addresses (e.g., 192.0.2.1) so that devices and servers can find and communicate with each other. When a user enters a domain name in their browser, the DNS resolver (e.g. Google Public DNS) locates the authoritative DNS nameservers for the requested name, and queries one or more of them to obtain the IP address(es) to return to the browser.When DNS was launched in the early 1980s as a trusted, content-neutral infrastructure, security was not yet a pressing concern, however, as the Internet grew DNS became vulnerable to various attacks. In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.DNS Cache Poisoning AttacksDNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like. Google Public DNS). The path from a client to the resolver is usually on a local network or can be protected using encrypted transports like DoH, DoT. The resolver queries authoritative DNS servers to obtain answers for user queries. This communication primarily occurs over UDP, an insecure connectionless protocol, in which messages can be easily spoofed including the source IP address. The content of DNS queries may be sufficiently predictable that even an off-path attacker can, with enough effort, forge responses that appear to be from the queried authoritative server. This response will be cached if it matches the necessary fields and arrives before the authentic response. This type of attack is called a cache poisoning attack, which can cause great harm once successful. According to RFC 5452, the probability of success is very high without protection. Forged DNS responses can lead to denial of service, or may even compromise application security. For an excellent introduction to cache poisoning attacks, please see “]]> 2024-03-28T14:29:57+00:00 http://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html www.secnews.physaphae.fr/article.php?IdArticle=8477254 False Technical None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Le marché des données de l'AI du réseau MASA sera un réseau interopérable pour les données personnelles du monde \\, en lançant sur plusieurs blockchains dès le premier jour. Ceci est un article de HackRead.com Lire la publication originale: Le réseau MASA s'intègre à LayerZero pour alimenter son réseau de données AI transversal

---

>By Waqas Masa Network\'s AI Data Marketplace will be an interoperable network for the world\'s personal data, launching across multiple blockchains from day one. This is a post from HackRead.com Read the original post: Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network]]> 2024-03-28T14:29:33+00:00 https://www.hackread.com/masa-network-integrates-layerzero-ai-data-network/ www.secnews.physaphae.fr/article.php?IdArticle=8472069 False None None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Aryaka\'s 2024 Secure Network Transformation Report: 81% of IT Pros Say Hybrid Work Drives Demand for SASE and Zero-Trust Networking 70% seek SASE and SD-WAN convergence for simplified network security management - Special Reports]]> 2024-03-28T14:25:37+00:00 https://www.globalsecuritymag.fr/aryaka-s-2024-secure-network-transformation-report-81-of-it-pros-say-hybrid.html www.secnews.physaphae.fr/article.php?IdArticle=8472084 False None None 3.0000000000000000 ZoneAlarm - Security Firm Blog Keeping our digital belongings secure is a top priority in our connected world. The discovery of the GoFetch vulnerability in Apple\'s security mechanisms has caused a stir, shedding light on potential weaknesses that could compromise our personal information. Apple devices, widely recognized for their strong security measures, utilize cryptographic keys to encrypt data, keeping our … ]]> 2024-03-28T14:23:12+00:00 https://blog.zonealarm.com/2024/03/gofetch-vulnerability-in-apple-m-series-chips/ www.secnews.physaphae.fr/article.php?IdArticle=8472065 False Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-03-28T14:16:39+00:00 https://www.globalsecuritymag.fr/la-solution-wallix-idaas-est-accessible-via-l-offre-packagee-de-docaposte.html www.secnews.physaphae.fr/article.php?IdArticle=8472085 False None None 3.0000000000000000 RedCanary - Red Canary Many of the default settings in Microsoft Azure AD leave gaps in your security controls. Here\'s best practices on how to close them.]]> 2024-03-28T14:05:56+00:00 https://redcanary.com/blog/azure-active-directory/ www.secnews.physaphae.fr/article.php?IdArticle=8472041 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...]]]> 2024-03-28T14:03:45+00:00 https://www.bleepingcomputer.com/news/security/pypi-suspends-new-user-registration-to-block-malware-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8472148 False Malware None 3.0000000000000000 HackRead - Chercher Cyber Par uzair amir Singapour, 28 mars 2024 & # 8211;Goplus Labs, le principal fournisseur d'infrastructures de sécurité Web3, a dévoilé un rapport révolutionnaire & # 8230; Ceci est un article de HackRead.com Lire la publication originale: Rapport GOPLUS: Réseaux de blockchain utilisant des données de sécurité API pour atténuer les menaces web3

---

>By Uzair Amir Singapore, 28 March 2024 – GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report… This is a post from HackRead.com Read the original post: GoPlus Report: Blockchain Networks Using API Security Data to Mitigate Web3 Threats]]> 2024-03-28T14:02:37+00:00 https://www.hackread.com/goplus-blockchain-network-api-security-mitigate-web3-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8472025 False None None 2.0000000000000000 Dark Reading - Informationweek Branch To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques.]]> 2024-03-28T14:00:00+00:00 https://www.darkreading.com/cyber-risk/3-strategies-to-future-proof-data-privacy www.secnews.physaphae.fr/article.php?IdArticle=8472038 False None None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-03-28T13:55:52+00:00 https://www.globalsecuritymag.fr/repenser-la-sauvegarde-des-donnees.html www.secnews.physaphae.fr/article.php?IdArticle=8472053 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future]]> 2024-03-28T13:55:00+00:00 https://www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/ www.secnews.physaphae.fr/article.php?IdArticle=8472040 False Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

SydeLabs Raises $2.5m to Solve Security and Risk Management for Generative AI SydeLabs Raises $2.5m seed funding in a round led by RTP Global. The company offers a comprehensive AI security and Risk Management platform, with funding to be used to develop the suite further. The announcement comes at a time when policymakers and business executives globally are increasingly concerned about AI safety. - Business News]]> 2024-03-28T13:53:06+00:00 https://www.globalsecuritymag.fr/sydelabs-raises-2-5m.html www.secnews.physaphae.fr/article.php?IdArticle=8472054 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends\' email addresses in exchange for free pizza. "Whereas people say they care about privacy, they are willing to relinquish private data quite easily when]]> 2024-03-28T13:37:00+00:00 https://thehackernews.com/2024/03/telegram-offers-premium-subscription-in.html www.secnews.physaphae.fr/article.php?IdArticle=8471887 False None None 3.0000000000000000 McAfee Labs - Editeur Logiciel Vous avez un \\ 'rizz \'?Avez-vous tué ce dîner?Le \\ 'cozzie vivs \' vous stresse-t-il?Si vous ne comprenez pas, ...

---

> Got any \'rizz\'? Did you \'slay\' that dinner? Is the \'cozzie livs\' stressing you out?  If you do not comprehendo,... ]]> 2024-03-28T13:35:19+00:00 https://www.mcafee.com/blogs/family-safety/teen-slang-what-you-need-to-know-to-understand-your-teen/ www.secnews.physaphae.fr/article.php?IdArticle=8472018 False None None 3.0000000000000000 The Register - Site journalistique Anglais 2024-03-28T13:30:06+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/28/critical_infrastructure_cyberattack_reporting/ www.secnews.physaphae.fr/article.php?IdArticle=8472036 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Acknowledging the role of the oil and natural gas (ONG) subsector in ensuring shared security and prosperity, more... ]]> 2024-03-28T13:26:26+00:00 https://industrialcyber.co/mining-oil-gas/cisas-jcdc-initiative-launches-2023-pipelines-cyber-defense-planning-effort-to-safeguard-ong-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8472029 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-03-28T13:23:57+00:00 https://www.silicon.fr/quels-impacts-de-l-ia-generative-sur-le-monde-de-la-cybersecurite-regards-croises-entre-onepoint-wavestone-et-fortinet-477283.html www.secnews.physaphae.fr/article.php?IdArticle=8472039 False None None 3.0000000000000000 HackRead - Chercher Cyber cyber nowswire C2A Security \'s EVSEC Gestion et plate-forme d'automatisation des risques gagnent du terrain dans l'industrie automobile alors que les entreprises cherchent à répondre efficacement aux exigences réglementaires. Ceci est un article de HackRead.com Lire la publication originale: C2A Security & # 8217; s plateforme EVSEC gagne la traction de l'industrie automobile pour la conformité

---

By Cyber Newswire C2A Security\'s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements. This is a post from HackRead.com Read the original post: C2A Security’s EVSec Platform Gains Automotive Industry Traction for Compliance]]> 2024-03-28T13:23:18+00:00 https://www.hackread.com/c2a-securitys-evsec-risk-management-automation-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8472026 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Wavelink announced a new distribution agreement with Garland Technology, provider of Network Test Access Points (TAPs), data diodes,... ]]> 2024-03-28T13:21:56+00:00 https://industrialcyber.co/news/wavelink-garland-technology-announce-distribution-agreement-to-help-critical-infrastructures-optimize-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8472030 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Airbus Defence and Space a accepté d'acquérir des Infodas, une entreprise allemande basée à Cologne qui fournit de la cybersécurité et de l'informatique ...

---

>Airbus Defence and Space has agreed to acquire INFODAS, a Cologne-based, German company that provides cybersecurity and IT ... ]]> 2024-03-28T13:20:44+00:00 https://industrialcyber.co/news/airbus-to-acquire-german-company-infodas-strengthen-its-cybersecurity-portfolio/ www.secnews.physaphae.fr/article.php?IdArticle=8472031 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Finite State, vendor of comprehensive software risk management for the connected world, recently announced that it raised a... ]]> 2024-03-28T13:19:20+00:00 https://industrialcyber.co/news/finite-state-raises-20-million-growth-round-to-secure-critical-infrastructure-software-supply-chains/ www.secnews.physaphae.fr/article.php?IdArticle=8472032 False None None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Des centaines de milliers de dossiers d'étudiants britanniques exposés dans les noms de fuite de serveurs de la société de logiciels, les notes, les notes et les photos à risque - en savoir plus sur la violation des logiciels scolaires et comment protéger les informations de votre enfant. By Waqas Hundreds of thousands of UK student records exposed in software firm\'s server leak putting names, grades, and photos at risk - Learn more about the school software breach and how to protect your child\'s information. This is a post from HackRead.com Read the original post: Trove of UK Student Records Exposed in School Software Server Leak]]> 2024-03-28T13:19:04+00:00 https://www.hackread.com/uk-student-records-leak-school-software-server/ www.secnews.physaphae.fr/article.php?IdArticle=8472027 False None None 3.0000000000000000 SecurityWeek - Security News Cisco a publié des correctifs pour plusieurs vulnérabilités de logiciels iOS et iOS XE menant au déni de service (DOS).

---

>Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). ]]> 2024-03-28T13:08:17+00:00 https://www.securityweek.com/cisco-patches-dos-vulnerabilities-in-networking-products/ www.secnews.physaphae.fr/article.php?IdArticle=8472035 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Des chercheurs en sécurité russe ont déclaré avoir découvert un nouveau groupe de cyber-espionnage avec des liens avec l'Ukraine qui fonctionnait depuis au moins janvier de cette année.Ils ont nommé le groupe Phantomcore et ont étiqueté les attaquants \\ 'non décrits auparavant malveillants à distance comme Phantomrat.Lors des attaques contre des entreprises russes sans nom, les pirates ont exploité un connu

---

Russian security researchers said they have discovered a new cyber-espionage group with links to Ukraine that has been operating since at least January of this year. They named the group PhantomCore and labeled the attackers\' previously undescribed remote access malware as PhantomRAT. During the attacks on unnamed Russian companies, the hackers exploited a known]]> 2024-03-28T13:06:10+00:00 https://therecord.media/russian-researchers-winrar-bug-ukraine-espionage www.secnews.physaphae.fr/article.php?IdArticle=8472028 False Malware None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Emma Pember est consultante principale sur les services professionnels de l'équipe Global Services d'ANZ Infinity, basée à Perth, en Australie.Elle travaille avec des clients dans la région de l'APAC, spécialisée dans les déploiements Maestro et VSX.Emma est avec Check Point PS depuis près de 14 ans.Avant le point de contrôle, elle a travaillé pour plusieurs partenaires de point de contrôle.Avant de y travailler, elle a appris la construction de set et d'accessoires pour le théâtre et le cinéma, et a joué divers rôles soutenant des spectacles de théâtre locaux et en tournée et des festivals de musique.Emma, comment avez-vous commencé dans l'industrie de la cybersécurité?Je me suis lancé par hasard & # 8211;A [& # 8230;]

---

>Emma Pember is a Lead Professional Services Consultant in the ANZ Infinity Global Services team, based in Perth, Australia. She works with customers in the APAC region, specializing in Maestro and VSX deployments. Emma has been with Check Point PS for nearly 14 years. Prior to Check Point, she worked for several Check Point partners. Before working in IT, she learned set and prop construction for theatre and film, and worked various roles supporting local and touring theatre shows and music festivals. Emma, how did you get started in the cybersecurity industry? I got into it by chance – a […] ]]> 2024-03-28T13:00:58+00:00 https://blog.checkpoint.com/company-and-culture/getting-to-know-emma-pember/ www.secnews.physaphae.fr/article.php?IdArticle=8472024 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.]]> 2024-03-28T13:00:51+00:00 https://securelist.com/dinodasrat-linux-implant/112284/ www.secnews.physaphae.fr/article.php?IdArticle=8471988 False None None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Unifying detection and response efforts improves response times while enhancing SOC productivity. Read more.]]> 2024-03-28T13:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/unifying-detection-and-response-efforts www.secnews.physaphae.fr/article.php?IdArticle=8472021 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance.]]> 2024-03-28T13:00:00+00:00 https://www.darkreading.com/cyber-risk/study-corporations-with-cyber-governance-create-almost-4x-more-value www.secnews.physaphae.fr/article.php?IdArticle=8471992 False None None 4.0000000000000000 Security Intelligence - Site de news Américain Un changement majeur dans la façon dont les travaux de cyber-assurance ont commencé par une attaque contre le géant pharmaceutique Merck.Ou a-t-il commencé ailleurs?En juin 2017, l'incident de NotPetya a frappé quelque 40 000 ordinateurs Merck, détruisant des données et forçant un processus de récupération de plusieurs mois.L'attaque a affecté des milliers de sociétés multinationales, dont Mondel & # 275; Z et Maersk.Au total, [& # 8230;]

---

>A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else? In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, […] ]]> 2024-03-28T13:00:00+00:00 https://securityintelligence.com/articles/merck-settlement-affect-insurance-industry/ www.secnews.physaphae.fr/article.php?IdArticle=8472020 False None NotPetya 2.0000000000000000 Korben - Bloger francais 2024-03-28T12:52:10+00:00 https://korben.info/fdn-lance-vpn-public-gratuit-internet-libre.html www.secnews.physaphae.fr/article.php?IdArticle=8472034 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-03-28T12:49:35+00:00 https://www.silicon.fr/avis-expert/du-ransomware-au-ransomware-as-a-service-comment-aller-plus-loin-dans-la-lutte-a-lheure-de-lintelligence-artificielle www.secnews.physaphae.fr/article.php?IdArticle=8471995 False Ransomware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase]]> 2024-03-28T12:15:00+00:00 https://www.infosecurity-magazine.com/news/personal-records-exposed-data/ www.secnews.physaphae.fr/article.php?IdArticle=8471996 False Ransomware None 3.0000000000000000 ComputerWeekly - Computer Magazine 2024-03-28T11:46:00+00:00 https://www.computerweekly.com/news/366575814/UK-plc-going-backwards-on-cyber-maturity-Cisco-report-claims www.secnews.physaphae.fr/article.php?IdArticle=8472179 False None None 3.0000000000000000 ComputerWeekly - Computer Magazine 2024-03-28T11:28:00+00:00 https://www.computerweekly.com/news/366575852/Sellafield-to-be-prosecuted-over-alleged-cyber-compliance-failure www.secnews.physaphae.fr/article.php?IdArticle=8472097 False None None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Attaque du canal latéral matériel: La menace réside dans le préfetcher dépendant de la mémoire des données, une optimisation matérielle qui prédit les adresses mémoire des données à laquelle le code exécutif est susceptible d'accéder dans un avenir proche.En chargeant le contenu dans le cache CPU avant qu'il soit réellement nécessaire, le DMP, comme la fonctionnalité est abrégée, réduit la latence entre la mémoire principale et le CPU, un goulot d'étranglement commun dans l'informatique moderne.Les DMP sont un phénomène relativement nouveau trouvé uniquement dans les puces de la série M et la microarchitecture du lac Raptor de 13217;

---

It’s yet another hardware side-channel attack: The threat resides in the chips\' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it\'s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years...]]> 2024-03-28T11:05:01+00:00 https://www.schneier.com/blog/archives/2024/03/hardware-vulnerability-in-apples-m-series-chips.html www.secnews.physaphae.fr/article.php?IdArticle=8471938 False Vulnerability,Threat None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity]]> 2024-03-28T10:30:00+00:00 https://www.welivesecurity.com/en/cybercrime/cybercriminals-play-dirty-10-cyber-hits-sporting-world/ www.secnews.physaphae.fr/article.php?IdArticle=8472404 False None None 2.0000000000000000 The Register - Site journalistique Anglais Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total NHS Scotland says it managed to contain a ransomware group\'s malware to a regional branch, preventing the spread of infection across the entire institution.…]]> 2024-03-28T10:27:12+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/28/nhs_scotland_cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8471940 False Ransomware,Malware None 2.0000000000000000 ProofPoint - Cyber Firms 2024-03-28T10:21:02+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/security-awareness-program-enhancements-winter-release www.secnews.physaphae.fr/article.php?IdArticle=8471991 False Vulnerability,Threat,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Beaming research reveals that nearly half of UK SMEs have lost data since 2019, costing billions]]> 2024-03-28T10:15:00+00:00 https://www.infosecurity-magazine.com/news/british-smes-lost-data-five-years/ www.secnews.physaphae.fr/article.php?IdArticle=8471941 False None None 3.0000000000000000 ProofPoint - Firm Security 2024-03-28T10:13:07+00:00 https://www.proofpoint.com/us/newsroom/news/thread-hijacking-phishes-prey-your-curiosity www.secnews.physaphae.fr/article.php?IdArticle=8476719 False None None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog The US National Institute of Standards and Technology (NIST) has almost completely stopped analyzing new vulnerabilities (CVEs) listed in its National Vulnerability Database (NVD). Through the first six weeks of 2024, NIST analyzed over 3,500 CVEs with only 34 CVEs awaiting analysis.1 Since February 13th, however, nearly half (48%) of the 7,200 CVEs received this year by the NVD are still awaiting analysis.2 The number of CVEs analyzed has dropped nearly 80% to less than 750 CVEs analyzed. Other than a vague reference to establishing a consortium, the reasons behind this disruption remain a mystery.  Thankfully, Veracode customers need not worry about this disruption because they have access to Veracode\'s proprietary database. Since the notice on February 13th, Veracode has released over 300 CVEs. Of these 300+, NVD has analyzed less than 15 of these CVEs. Read on to learn how Veracode SCA operates without NVD providing CVE analysis.     NVD Analysis …]]> 2024-03-28T10:05:47+00:00 https://www.veracode.com/blog/research/veracode-customers-shielded-nvd-disruptions www.secnews.physaphae.fr/article.php?IdArticle=8472023 False Vulnerability None 3.0000000000000000 SecurityWeek - Security News Bien que l'attaque de la bibliothèque nationale du Royaume-Uni se soit produite il y a cinq mois, l'infrastructure de la bibliothèque \\ n'a pas été reconstruite jusqu'à la mi-avril 2024, puis la restauration complète des systèmes et des données peut commencer.

---

>Although the attack on the national library of the UK occurred five months ago, the Library\'s infrastructure won\'t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin. ]]> 2024-03-28T10:00:00+00:00 https://www.securityweek.com/details-and-lessons-learned-from-the-ransomware-attack-on-the-british-library/ www.secnews.physaphae.fr/article.php?IdArticle=8471912 False Ransomware None 3.0000000000000000 Silicon - Site de News Francais 2024-03-28T09:59:47+00:00 https://www.silicon.fr/serveurs-ia-cyberattaques-ray-477251.html www.secnews.physaphae.fr/article.php?IdArticle=8471915 False None None 3.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

An attacker can create a memory leak of libLAS, in order to trigger a denial of service. - Security Vulnerability]]> 2024-03-28T09:43:29+00:00 https://www.globalsecuritymag.fr/vigilance-vulnerability-alerts-liblas-memory-leak-analyzed-on-13-03-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8471899 False Vulnerability None 3.0000000000000000 SecurityWeek - Security News La CISA demande des commentaires sur la mise en œuvre de Circia, qui coûtera 2,6 milliards de dollars et aura un impact sur 316 000 entités.

---

>CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. ]]> 2024-03-28T09:43:02+00:00 https://www.securityweek.com/cisa-moving-forward-with-cyber-incident-reporting-rules-impacting-316000-entities/ www.secnews.physaphae.fr/article.php?IdArticle=8471913 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A rising volume of calls to the Scottish Cyber and Fraud Centre highlights surging threat levels]]> 2024-03-28T09:30:00+00:00 https://www.infosecurity-magazine.com/news/calls-incident-response-helpline/ www.secnews.physaphae.fr/article.php?IdArticle=8471914 False Threat None 3.0000000000000000 Korben - Bloger francais Suite]]> 2024-03-28T08:33:12+00:00 https://korben.info/applis-android-incogni.html www.secnews.physaphae.fr/article.php?IdArticle=8471885 False Mobile None 3.0000000000000000 Korben - Bloger francais 2024-03-28T08:00:00+00:00 https://korben.info/outil-terminal-toolong-suivi-fichiers-journalisation-jsonl.html www.secnews.physaphae.fr/article.php?IdArticle=8471886 False Tool None 3.0000000000000000