This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:30:29+00:00 www.secnews.physaphae.fr McAfee Labs - Editeur Logiciel Rédigé par Dexter Shin Résumé Les cybercriminels évoluent constamment leurs techniques pour contourner les mesures de sécurité. Récemment, la recherche mobile McAfee ...

---

> Authored by Dexter Shin  Summary  Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile Research... ]]> 2025-03-25T04:01:31+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/ www.secnews.physaphae.fr/article.php?IdArticle=8657994 False Malware,Mobile None 3.0000000000000000 McAfee Labs - Editeur Logiciel Les cybercriminels deviennent plus intelligents. Ils utilisent maintenant une boîte à outils de développement appelée .net Maui pour créer de fausses applications qui ressemblent et ...

---

> Cybercriminals are getting smarter. They\'re now using a development toolkit called .NET MAUI to create fake apps that look and... ]]> 2025-03-25T04:01:12+00:00 https://www.mcafee.com/blogs/mobile-security/new-android-malware-sneaks-past-security-by-pretending-to-be-real-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8657995 False Malware,Mobile None 2.0000000000000000 The State of Security - Magazine Américain Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number. What is data masking? Data masking replaces sensitive columns in the source data with realistic test data. A data breach remediation strategy is primarily used to address areas of risk. By preserving the integrity and usability of the...]]> 2025-03-25T03:52:33+00:00 https://www.tripwire.com/state-of-security/introduction-data-masking-privacy-engineering www.secnews.physaphae.fr/article.php?IdArticle=8658041 False Data Breach None 2.0000000000000000 The State of Security - Magazine Américain The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include: Notice on Technology Risk Management (FSM N21) Notice on Cyber Hygiene (FSM N22) Notice on Management of Outsourced Relevant Services for Banks (MAS Notice 658) and Merchant Banks (MAS Notice 1121) The MAS Technology and Risk Management (TRM) Guidelines offer best practice standards that provide...]]> 2025-03-25T03:52:30+00:00 https://www.tripwire.com/state-of-security/mas-compliance-key-regulations-financial-institutions-singapore www.secnews.physaphae.fr/article.php?IdArticle=8658042 False None None 2.0000000000000000 HackRead - Chercher Cyber In-game skins are more than just cosmetic upgrades, they\'re a core part of gaming culture. Whether you\'re looking…]]> 2025-03-25T01:20:18+00:00 https://hackread.com/staying-safe-in-game-skins-how-to-avoid-scams-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8657979 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of]]> 2025-03-25T00:25:00+00:00 https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html www.secnews.physaphae.fr/article.php?IdArticle=8657920 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future South Africa\'s largest chicken producer lost more than $1 million due to a recent cyberattack that caused delivery delays and other issues.]]> 2025-03-25T00:23:10+00:00 https://therecord.media/cyberattack-delays-south-african-chicken-producer www.secnews.physaphae.fr/article.php?IdArticle=8657970 False None None 3.0000000000000000 Intigrity - Blog So, you\'ve found a valid security vulnerability in one of your bug bounty programs, now it\'s time to write the report. Finding the vulnerability was half the story. Writing effective reports is also an essential phase in bug bounty. Clear, well-written, and to-the-point bug bounty reports often get triaged faster and have more chance of getting well received by companies. In th…]]> 2025-03-25T00:00:00+00:00 https://www.intigriti.com/researchers/blog/hacking-tools/writing-effective-bug-bounty-reports www.secnews.physaphae.fr/article.php?IdArticle=8658343 False Vulnerability None 2.0000000000000000 Silicon - Site de News Francais 2025-03-25T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/cybersecurite-ia-chevet-secteur-sante-469319.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8658594 False None None 3.0000000000000000 Intigrity - Blog The Intigriti team have recently observed an abuse scenario, trending across the industry, where malicious actors are posing as legitimate white-hat hackers, deceiving targeted companies into believing their actions are carried out in good faith. Bad actors will always try to exploit the system, in any industry, for personal gain. At Intigriti, we help customers navigate this l…]]> 2025-03-25T00:00:00+00:00 https://www.intigriti.com/blog/business-insights/intigriti-insights-into-latest-beg-bounty-scam www.secnews.physaphae.fr/article.php?IdArticle=8658123 False Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data.]]> 2025-03-25T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html www.secnews.physaphae.fr/article.php?IdArticle=8658115 False Vulnerability,Threat,Prediction None 3.0000000000000000 Silicon - Site de News Francais 2025-03-25T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/securite-cnrs-face-organisation-deconcentree-469337.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8658593 False None None 3.0000000000000000 Resecurity - cyber risk firms 2025-03-25T00:00:00+00:00 https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8658158 False Ransomware,Threat None 2.0000000000000000 Cyber Skills - Podcast Cyber On the 5th of March, Munster Technological University Cork became the focal point for cybersecurity students and industry personnel. As Cyber Futures supported by Research Ireland and in collaboration with Cyber Ireland and Road2Cyber hosted the first ever National Cybersecurity Careers Fair.     This pivotal event drew nearly 500 attendees from across Ireland and featured a range of exhibitors such as Blue Voyant, McKesson, Berkley Group and many more, that provided numerous opportunities for students and early-career professionals in the cybersecurity field.   The fair provided a unique platform for third and fourth-year university students, as well as postgraduates from institutions like the University of Limerick, Technological University Dublin, MTU, and Atlantic Technological University to engage directly with industry leaders. This direct interaction allowed students to gain insights into entry-level roles, placement opportunities, and graduate programs, aligning their academic pursuits with industry needs.    The aim of the careers fair was to bridge the gap between industry and academia. With Ireland\'s cybersecurity job market booming, employment at 100% and with a projected annual growth rate of 7.91% through 2025, this market has a growing demand for cybersecurity professionals. The cybersecurity talent market is under extreme pressure to meet the demand for these skilled professionals.    Another significant highlight of the event was the official launch of the Ireland chapter of Women4Cyber. With 31 chapters across Europe, Women4Cyber is dedicated to promoting the role of women in]]> 2025-03-25T00:00:00+00:00 https://www.cyberskills.ie/explore/news/cyber-futures-celebrates-huge-success-at-inaugural-national-cybersecurity-career-fair.html www.secnews.physaphae.fr/article.php?IdArticle=8658059 False None None 2.0000000000000000 Silicon - Site de News Francais 2025-03-25T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/campus-cyber-joffrey-celestin-urbain-elu-president-469307.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8658062 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur Les systèmes fédéraux se déplacent vers le cloud, nous aidons à développer des solutions de sécurité aussi robustes que les outils sur site. Nous avons développé le seul CNApp. autorisé Fedramp High Autorisé

---

>Federal systems shift to the cloud, we aid in developing security solutions as robust as on-prem tools. We developed the only FedRAMP High authorized CNAPP. ]]> 2025-03-24T23:47:39+00:00 https://www.paloaltonetworks.com/blog/2025/03/making-every-dollar-count-federal-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8657962 False Tool,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Upgrading the organization\'s Windows 10 systems to Windows 11 could potentially introduce vulnerabilities into the environment through misconfigured hardware.]]> 2025-03-24T22:29:30+00:00 https://www.darkreading.com/endpoint-security/windows-10-end-of-life-puts-smb-at-risk www.secnews.physaphae.fr/article.php?IdArticle=8658099 False Vulnerability None 2.0000000000000000 Korben - Bloger francais 2025-03-24T21:59:16+00:00 https://korben.info/chatgpt-dependance-emotionnelle-etude-openai-mit.html www.secnews.physaphae.fr/article.php?IdArticle=8657944 False None ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to]]> 2025-03-24T21:49:00+00:00 https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8657857 False None ChatGPT 2.0000000000000000 HackRead - Chercher Cyber Oracle is caught up in a cybersecurity mess right now, with claims about a massive data breach affecting…]]> 2025-03-24T21:33:50+00:00 https://hackread.com/cloudsek-disputes-oracle-data-breach-denial-evidence/ www.secnews.physaphae.fr/article.php?IdArticle=8657945 False Data Breach None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le défaut du logiciel dans le cadre JavaScript open source largement utilisé permet aux attaquants de contourner l'autorisation basée sur le middleware.

---

>The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization. ]]> 2025-03-24T21:26:45+00:00 https://cyberscoop.com/nextjs-critical-vulnerability-open-source-vercel/ www.secnews.physaphae.fr/article.php?IdArticle=8657946 False Vulnerability None 2.0000000000000000 Vuln AWS - FLux Vuln AWS Les contrôleurs ingéniers sont des applications dans un cluster Kubernetes qui permettent ]]> 2025-03-24T21:14:44+00:00 https://aws.amazon.com/security/security-bulletins/AWS-2025-006/ www.secnews.physaphae.fr/article.php?IdArticle=8657943 False None None None Dark Reading - Informationweek Branch New agentic AI capabilities in Microsoft Security Copilot will allow agents to triage threats and provide recommendations.]]> 2025-03-24T21:14:36+00:00 https://www.darkreading.com/cybersecurity-operations/microsoft-gives-security-copilot-autonomy www.secnews.physaphae.fr/article.php?IdArticle=8658084 False None None 3.0000000000000000 Dragos - CTI Society À une époque où les cyber-menaces contre les infrastructures critiques augmentent, le secteur de l'énergie australien fait face à des défis uniques dans la sauvegarde ... Le message forteforning ot Security: Aligning with the Australian Energy Sector Framework (aescSsf) href = "https://www.dragos.com"> dragos .

---

>In an era where cyber threats to critical infrastructure are escalating, the Australian energy sector faces unique challenges in safeguarding... The post Strengthening OT Security: Aligning with the Australian Energy Sector Cyber Security Framework (AESCSF)  first appeared on Dragos.]]> 2025-03-24T21:00:00+00:00 https://www.dragos.com/blog/strengthening-ot-security-aligning-with-the-australian-energy-sector-cyber-security-framework-aescsf/ www.secnews.physaphae.fr/article.php?IdArticle=8657939 False Industrial None 3.0000000000000000 Recorded Future - FLux Recorded Future The hackers compromised home routers made by Zyxel to gain entry into a “major” telecommunications company\'s environment.]]> 2025-03-24T20:52:29+00:00 https://therecord.media/chinese-hackers-spent-years-telco www.secnews.physaphae.fr/article.php?IdArticle=8657931 False None None 3.0000000000000000 TroyHunt - Blog Security "Shocking recklessness" in leak of detailed Yemen bombing plan in Signal chat.]]> 2025-03-24T20:43:05+00:00 https://arstechnica.com/tech-policy/2025/03/trump-administration-accidentally-texted-secret-bombing-plans-to-a-reporter/ www.secnews.physaphae.fr/article.php?IdArticle=8657940 False None None 3.0000000000000000 The Register - Site journalistique Anglais Ex-US Air Force officer says companies shouldn\'t wait for govt mandates Interview  Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?" …]]> 2025-03-24T20:32:11+00:00 https://go.theregister.com/feed/www.theregister.com/2025/03/24/nation_state_supply_chain_attack/ www.secnews.physaphae.fr/article.php?IdArticle=8657930 False Threat None 2.0000000000000000 HackRead - Chercher Cyber When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…]]> 2025-03-24T20:28:47+00:00 https://hackread.com/unexpected-devices-you-didnt-know-spread-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8657932 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more.]]> 2025-03-24T20:17:03+00:00 https://www.darkreading.com/cyberattacks-data-breaches/chinese-espionage-hacker-group-isoon-apt-operation www.secnews.physaphae.fr/article.php?IdArticle=8657933 False None None 3.0000000000000000 McAfee Labs - Editeur Logiciel L'effondrement du géant des tests génétiques 23andMe a soulevé de graves problèmes de confidentialité pour des millions de personnes qui partageaient leur ADN ...

---

> The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA... ]]> 2025-03-24T19:48:32+00:00 https://www.mcafee.com/blogs/tips-tricks/how-to-delete-your-data-from-23andme-and-protect-your-privacy/ www.secnews.physaphae.fr/article.php?IdArticle=8657908 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Phoenix Contact USA has announced a partnership with Xona, a provider of secure access solutions for critical infrastructure... ]]> 2025-03-24T19:43:28+00:00 https://industrialcyber.co/news/phoenix-contact-and-xona-bridge-industrial-networking-ot-cybersecurity-with-zero-trust-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8657919 False Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch The FBI\'s Denver field office says the tools will convert documents while also dropping malware and scraping users\' systems for sensitive data.]]> 2025-03-24T19:36:04+00:00 https://www.darkreading.com/cyberattacks-data-breaches/fbi-document-converter-tools-scam www.secnews.physaphae.fr/article.php?IdArticle=8657921 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend]]> 2025-03-24T19:36:00+00:00 https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html www.secnews.physaphae.fr/article.php?IdArticle=8657832 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Thai law enforcement on Saturday reportedly confiscated 38 Starlink satellite internet transmitters allegedly intended to be used in scam compounds in Myanmar.]]> 2025-03-24T19:34:27+00:00 https://therecord.media/thai-officers-intercept-starlink-transmitters-myanmar-cyber-scam-compounds www.secnews.physaphae.fr/article.php?IdArticle=8657918 False Legislation None 3.0000000000000000 Dark Reading - Informationweek Branch More than 40% of all Internet-facing container orchestration clusters are at risk.]]> 2025-03-24T19:10:05+00:00 https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments www.secnews.physaphae.fr/article.php?IdArticle=8657922 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'entreprise de tests génétiques affirme que la confidentialité des utilisateurs sera une «considération importante» car elle recherche un acheteur.

---

>The genetic testing business says user privacy will be an “important consideration” as it searches for a buyer. ]]> 2025-03-24T18:42:43+00:00 https://cyberscoop.com/23andme-bankruptcy-dna-privacy-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8657900 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future The government of Union County in central Pennsylvania said a recent ransomware attack exposed information related to law enforcement and other government business.]]> 2025-03-24T18:34:06+00:00 https://therecord.media/union-county-pennsylvania-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8657899 False Ransomware,Legislation None 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2025-03-24T18:32:55+00:00 https://www.globalsecuritymag.fr/joffrey-celestin-urbain-nouveau-president-du-campus-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8657890 False None None 3.0000000000000000 Dark Reading - Informationweek Branch The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.]]> 2025-03-24T18:16:34+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-nexus-apt-weaver-ant-caught-yearslong-web-shell-attack www.secnews.physaphae.fr/article.php?IdArticle=8657901 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Connor Moucka, un homme de 26 ans arrêté à la demande des autorités américaines en octobre à Kitchener, en Ontario, fait face à 20 accusations fédérales.

---

>Connor Moucka, a 26-year-old arrested at the behest of U.S. authorities in October in Kitchener, Ontario, faces 20 federal charges. ]]> 2025-03-24T18:04:27+00:00 https://cyberscoop.com/connor-moucka-snowflake-hacker-extradition-us/ www.secnews.physaphae.fr/article.php?IdArticle=8657881 False None None 3.0000000000000000 HackRead - Chercher Cyber LayerX Labs reports a sophisticated macOS phishing campaign, evading security measures. Learn how attackers adapt and steal credentials from Mac users.]]> 2025-03-24T17:43:11+00:00 https://hackread.com/new-phishing-campaign-targeted-at-mac-users/ www.secnews.physaphae.fr/article.php?IdArticle=8657879 False None None 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform 2025-03-24T17:32:18+00:00 https://cloud.google.com/support/bulletins/index#gcp-2025-013 www.secnews.physaphae.fr/article.php?IdArticle=8657910 False Cloud None None HackRead - Chercher Cyber Cary, NC, 24th March 2025, CyberNewsWire]]> 2025-03-24T17:28:33+00:00 https://hackread.com/cyber-guardians-ine-security-champions-cybersecurity-training-during-national-physicians-week-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8657880 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Law enforcement agencies in seven African countries arrested over 300 suspected cybercriminals involved in mobile banking, investment and messaging app scams, according to a statement on Monday by Interpol.]]> 2025-03-24T17:23:02+00:00 https://therecord.media/300-arrested-africa-crackdown-cyber-scams www.secnews.physaphae.fr/article.php?IdArticle=8657877 False Legislation,Mobile None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine VanHelsingRaaS, a new ransomware-as-a-service program, infected three victims within two weeks of release, demanding ransoms of $500,000]]> 2025-03-24T17:15:00+00:00 https://www.infosecurity-magazine.com/news/vanhelsing-raas-expands-rapidly/ www.secnews.physaphae.fr/article.php?IdArticle=8657878 False None None 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Lasso Launches Automated Red Teaming for Generative AI Security Fully automated solution continuously tests and secures LLM-based applications against evolving threats - Product Reviews]]> 2025-03-24T17:05:40+00:00 https://www.globalsecuritymag.fr/lasso-launches-automated-red-teaming-for-generative-ai-security.html www.secnews.physaphae.fr/article.php?IdArticle=8657844 False None None 3.0000000000000000 Korben - Bloger francais 2025-03-24T17:05:24+00:00 https://korben.info/cr-mac-helper-outil-gratuit-nettoyage-optimisation-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8657856 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad]]> 2025-03-24T17:05:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html www.secnews.physaphae.fr/article.php?IdArticle=8657756 False Malware,Tool,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Commentaires

---

Datensicherheit neu gedacht: KI als Booster, um Speicher wirklich cyber-resistent zu machen Von Paul Speciale, CMO, Scality - Kommentare]]> 2025-03-24T17:00:53+00:00 https://www.globalsecuritymag.fr/datensicherheit-neu-gedacht-ki-als-booster-um-speicher-wirklich-cyber-resistent.html www.secnews.physaphae.fr/article.php?IdArticle=8657845 False None None 3.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

vSOC Assure launched to holistically assess cyber risk and improve resilience New platform streamlines cyber risk assessments, delivering meaningful improvement roadmaps for c-level and technical teams - Product Reviews]]> 2025-03-24T16:54:29+00:00 https://www.globalsecuritymag.fr/data-connect-announced-the-launch-of-vsoc-assure.html www.secnews.physaphae.fr/article.php?IdArticle=8657846 False Technical None 3.0000000000000000 Dark Reading - Informationweek Branch Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.]]> 2025-03-24T16:41:38+00:00 https://www.darkreading.com/threat-intelligence/us-weakens-disinformation-defenses-russia-china-ramp-up www.secnews.physaphae.fr/article.php?IdArticle=8657859 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that\'s under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that\'s designed to invoke a]]> 2025-03-24T16:40:00+00:00 https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html www.secnews.physaphae.fr/article.php?IdArticle=8657757 False Ransomware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ukraine\'s national railway company has suffered a “large-scale” cyber-attack, disrupting online services and operations]]> 2025-03-24T16:30:00+00:00 https://www.infosecurity-magazine.com/news/ukraine-railway-systems-targeted/ www.secnews.physaphae.fr/article.php?IdArticle=8657858 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don\'t prioritize strong password security. However, balancing security and usability doesn\'t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article]]> 2025-03-24T16:30:00+00:00 https://thehackernews.com/2025/03/how-to-balance-password-security.html www.secnews.physaphae.fr/article.php?IdArticle=8657758 False Tool None 3.0000000000000000 Recorded Future - FLux Recorded Future The company\'s Chapter 11 announcement is alarming regulators and privacy advocates who are warning customers to delete the genetic information retained by 23andMe.]]> 2025-03-24T16:15:49+00:00 https://therecord.media/bankruptcy-proceedings-genetic-testing-company www.secnews.physaphae.fr/article.php?IdArticle=8657847 False None None 3.0000000000000000 Korben - Bloger francais BlinkMoreFree qui va vous permettre de ne plu s vous retrouver avec des yeux tout secs et figés dans le vide, typiques d'un psychopathe narcissique.]]> 2025-03-24T16:08:48+00:00 https://korben.info/blinkmorefree-app-macos-clignement-yeux-fatigue-oculaire.html www.secnews.physaphae.fr/article.php?IdArticle=8657830 False None None 3.0000000000000000 SecurityWeek - Security News Oracle a nié que les systèmes cloud ont été violés après qu'un pirate a affirmé avoir volé des millions de dossiers.

---

>Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records. ]]> 2025-03-24T15:51:02+00:00 https://www.securityweek.com/oracle-denies-cloud-breach-after-hacker-offers-to-sell-data/ www.secnews.physaphae.fr/article.php?IdArticle=8657820 False Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch FCC chairman warns these companies may still be operating in the US because they don\'t believe that being added to its "Covered List" poses any serious risk.]]> 2025-03-24T15:36:33+00:00 https://www.darkreading.com/cybersecurity-operations/fcc-investigates-chinese-telecom-providers-evading-operations-ban www.secnews.physaphae.fr/article.php?IdArticle=8657860 False None None 2.0000000000000000 Korben - Bloger francais 2025-03-24T15:32:58+00:00 https://korben.info/cellules-souches-reparent-moelle-epiniere-paralysie-traitement-japonais.html www.secnews.physaphae.fr/article.php?IdArticle=8657831 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Authorities in seven African countries have arrested 306 suspects and seized 1842 devices in Operation Red Card]]> 2025-03-24T15:30:00+00:00 https://www.infosecurity-magazine.com/news/interpol-seize-1842-devices-africa/ www.secnews.physaphae.fr/article.php?IdArticle=8657833 False None None 4.0000000000000000 Dark Reading - Informationweek Branch A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.]]> 2025-03-24T15:29:40+00:00 https://www.darkreading.com/cyberattacks-data-breaches/oracle-denies-claim-oracle-cloud-breach-6m-records www.secnews.physaphae.fr/article.php?IdArticle=8657835 False Vulnerability,Threat,Cloud None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite VanHelsing Raas est une plate-forme en plein essor de Ransomware-as-a-Service (RAAS) qui a été lancée le 7 mars 2025. Les participants, des pirates chevronnés aux débutants, peuvent se joindre à un dépôt de 5 000 $. Les affiliés conservent 80% des paiements de rançon, tandis que les opérateurs de base prennent 20%. La seule stipulation est d'éviter de cibler le Commonwealth des États indépendants (CIS). Les recherches sur les points de contrôle ont découvert deux variantes des ransomwares de vanhels ciblant les fenêtres. Cependant, comme mentionné dans sa publicité, le Ransomware-as-a-Service (RAAS) offre également des fonctionnalités supplémentaires qui ciblent les systèmes Linux, BSD, ARM et ESXi. Le programme fournit un panneau de commande intuitif qui simplifie les attaques de ransomware de fonctionnement. La recherche sur le point de contrôle a obtenu deux […]

---

>VanHelsing RaaS is a burgeoning ransomware-as-a-service (RaaS) platform that launched on March 7, 2025. Participants, from seasoned hackers to beginners, can join with a $5,000 deposit. Affiliates retain 80% of ransom payments, while core operators take 20%. The only stipulation is to avoid targeting the Commonwealth of Independent States (CIS). Check Point Research discovered two variants of the VanHelsing ransomware targeting Windows. However, as mentioned in its advertisement, the ransomware-as-a-service (RaaS) also offers additional functionalities that target Linux, BSD, ARM, and ESXi systems. The program provides an intuitive control panel that simplifies operating ransomware attacks. Check Point Research obtained two […] ]]> 2025-03-24T15:23:21+00:00 https://blog.checkpoint.com/research/the-rise-of-vanhelsing-raas-a-new-player-in-the-ransomware-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8657829 False Ransomware None 3.0000000000000000 Fortinet - Fabricant Materiel Securite With Fortinet Unified SASE, a customs agency has modernized its network, enhancing security, efficiency, and workforce productivity while significantly reducing costs.]]> 2025-03-24T15:00:00+00:00 https://www.fortinet.com/blog/customer-stories/customs-agency-enhances-security-and-cuts-costs-with-fortinet-unified-sase www.secnews.physaphae.fr/article.php?IdArticle=8657843 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an]]> 2025-03-24T14:47:00+00:00 https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html www.secnews.physaphae.fr/article.php?IdArticle=8657743 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2025-03-24T14:22:58+00:00 https://therecord.media/ukraine-railway-ukrzaliznytsia-cyberattack-online-ticket-system www.secnews.physaphae.fr/article.php?IdArticle=8657803 False None None 3.0000000000000000 The Register - Site journalistique Anglais CEO steps down after multiple failed attempts to take the DNA testing company private Beleaguered DNA testing biz 23andMe - hit by a massive cyber attack in 2023 - is filing for bankruptcy protection in the US following years of financial uncertainty.…]]> 2025-03-24T14:01:09+00:00 https://go.theregister.com/feed/www.theregister.com/2025/03/24/23andme_bankruptcy_protection/ www.secnews.physaphae.fr/article.php?IdArticle=8657793 False None None 3.0000000000000000 Cyble - CyberSecurity Firm La montée en puissance de AI-Generated Deepfakes href = "https://cyble.com/knowledge-hub/what-are-cyber-stathes/" cible = "_ blank" rel = "noreferrer noopener"> cyber menace .  Que la fraude Deepfake frappe les consommateurs, les comptes commerciaux ou les institutions financières elles-mêmes, les organisations du secteur des services bancaires et financiers auront besoin de nouveaux processus et Cybersecurity   Un nouveau rapport Cyble - adresser les risques defake Deepfake dans BFSI - examine un large éventail de défauts financiers Deepfake ces nouvelles menaces.  Voici quelques-unes des conclusions du rapport. Il est disponible en téléchargement gratuit avec d'autres Cyble Research Reports .  Même les employés financiers se font dupe par Deepfakes Ces nouvelles menaces Deepfake deviennent si réalistes qu'elles trompent même des professionnels financiers dans certains cas.  Dans un incident alarmant, un employé financier d'une société de conception et d'ingénierie renommée était ]]> 2025-03-24T13:55:11+00:00 https://cyble.com/blog/stopping-deepfakes-in-finance-new-processes-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8657794 False Spam,Hack,Tool,Cloud,Commercial None 3.0000000000000000 Bleeping Computer - Magazine Américain A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.  [...]]]> 2025-03-24T13:53:27+00:00 https://www.bleepingcomputer.com/news/security/chinese-weaver-ant-hackers-spied-on-telco-network-for-4-years/ www.secnews.physaphae.fr/article.php?IdArticle=8657882 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2025-03-24T13:07:27+00:00 https://www.globalsecuritymag.fr/proteger-ses-comptes-privilegies-grace-aux-cles-de-securite-fido2.html www.secnews.physaphae.fr/article.php?IdArticle=8657770 False None None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2025-03-24T13:05:07+00:00 https://www.globalsecuritymag.fr/barometre-de-la-cybersecurite-2024-face-a-la-forte-hausse-des-cyberattaques-la.html www.secnews.physaphae.fr/article.php?IdArticle=8657771 False None None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Julio, pouvez-vous nous parler un peu de vous? Je m'appelle Julio Lemus et je suis du Guatemala, mais je vis actuellement à Panamá. Je fais partie de l'équipe de point de contrôle pour Latam, couvrant le territoire de Panamá, du Venezuela et du Honduras, travaillant en étroite collaboration avec l'ingénierie et le marketing. Je suis passionné par la technologie, la connexion avec les gens et le partage des connaissances! J'adore collaborer avec les clients et les partenaires pour les aider à réussir dans leurs projets de sécurité. Qu'est-ce qui a conduit à votre décision de rejoindre Check Point? Le point de contrôle a toujours représenté l'innovation, le leadership et la confiance dans la cybersécurité. Je cherchais un endroit […]

---

>Julio, can you tell us a bit about yourself? My name is Julio Lemus and I\'m from Guatemala, but am currently living in Panamá. I\'m part of the Check Point team for LATAM, covering the territory of Panamá, Venezuela, and Honduras, working closely with both engineering and marketing. I\'m passionate about technology, connecting with people, and sharing knowledge! I love collaborating with customers and partners to help them achieve success in their security projects. What led to your decision to join Check Point? Check Point has always represented innovation, leadership, and trust in cyber security. I was looking for a place […] ]]> 2025-03-24T13:00:20+00:00 https://blog.checkpoint.com/company-and-culture/getting-to-know-julio-lemus/ www.secnews.physaphae.fr/article.php?IdArticle=8657769 False None None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2025-03-24T12:55:38+00:00 https://www.globalsecuritymag.fr/la-cybersecurite-au-service-de-l-efficacite-et-de-la-modernisation-industrielle.html www.secnews.physaphae.fr/article.php?IdArticle=8657772 False Industrial None 3.0000000000000000 UnderNews - Site de news "pirate" francais Docaposte, spécialiste de la confiance numérique en France, et Cyblex Consulting, cabinet de conseil et d'audit en cybersécurité, présentent la deuxième édition du baromètre de la cybersécurité qui a vocation à évaluer année après année la maturité des entreprises et organisations publiques, leur compréhension des risques cyber et l'évaluation des actions mises en place. Parmi […] The post Baromètre de la cybersécurité 2024 : Face à la forte hausse des cyberattaques, la prise de conscience progresse first appeared on UnderNews.]]> 2025-03-24T12:42:47+00:00 https://www.undernews.fr/reseau-securite/barometre-de-la-cybersecurite-2024-face-a-la-forte-hausse-des-cyberattaques-la-prise-de-conscience-progresse.html www.secnews.physaphae.fr/article.php?IdArticle=8657767 False None None 3.0000000000000000 Sygnia - CyberSecurity Firm Une violation signalée dans le système d'authentification d'Oracle Cloud \\ peut avoir un impact sur des milliers d'organisations. Alors qu'Oracle conteste la réclamation, l'intelligence suggère une exposition potentielle. Ce conseil décrit les actions clés pour évaluer les risques, sécuriser les identités et atténuer les menaces.

---

>A reported breach in Oracle Cloud\'s authentication system may impact thousands of organizations. While Oracle disputes the claim, intelligence suggests potential exposure. This advisory outlines key actions to assess risk, secure identities, and mitigate threats. ]]> 2025-03-24T12:36:25+00:00 https://www.sygnia.co/threat-reports-and-advisories/oracle-cloud-event-federated-sso-incident/ www.secnews.physaphae.fr/article.php?IdArticle=8657834 False Cloud None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Australian government reinforced its dedication to safeguarding the nation’s cyber environment and critical infrastructure by declaring an... ]]> 2025-03-24T12:17:57+00:00 https://industrialcyber.co/critical-infrastructure/australia-expands-cybersecurity-coverage-with-systems-of-national-significance-designation-boosts-cyber-defenses/ www.secnews.physaphae.fr/article.php?IdArticle=8657774 False None None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyber Les principales attaques et violation des municipalités dans quatre États américains ont connu des cyberattaques qui ont perturbé les services pour les bureaux du comté, les tribunaux et les écoles. La cour municipale de Cleveland a été frappée par l'attaque de Qilin Ransomware, forçant les employés hors ligne et retardant les procès, tandis que […]

---

>For the latest discoveries in cyber research for the week of 24th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Municipalities in four US states experienced cyberattacks that disrupted services for county offices, courts, and schools. Cleveland Municipal Court was hit by Qilin ransomware attack, forcing employees offline and delaying trials, while […] ]]> 2025-03-24T12:12:13+00:00 https://research.checkpoint.com/2025/24th-march-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8657773 False Ransomware,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Following a social media post last week on the active planning of a coordinated, multi-city terrorist attack on... ]]> 2025-03-24T12:11:35+00:00 https://industrialcyber.co/medical/fbi-healthcare-agencies-warn-of-credible-threat-against-hospitals-after-multi-city-social-media-terror-plot-alert/ www.secnews.physaphae.fr/article.php?IdArticle=8657775 False Threat,Medical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial L'organisation à but non lucratif Mitre et NVIDIA collaborent sur des outils de simulation pour mieux concevoir et optimiser les systèmes d'imagerie quantique ....

---

>Non-profit organization MITRE and NVIDIA are collaborating on simulation tools to better design and optimize quantum imaging systems.... ]]> 2025-03-24T12:08:31+00:00 https://industrialcyber.co/news/mitre-and-nvidia-join-forces-to-revolutionize-quantum-imaging-with-walsh-imaging-technology/ www.secnews.physaphae.fr/article.php?IdArticle=8657776 False Tool None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Darktrace Federal a annoncé qu'elle avait réalisé son programme fédéral de gestion des risques et de l'autorisation (Fedramp) High Agency Authority ...

---

>Darktrace Federal announced that it has achieved its Federal Risk and Authorization Management Program (FedRAMP) High Agency Authority... ]]> 2025-03-24T12:04:07+00:00 https://industrialcyber.co/ai/darktrace-federal-secures-fedramp-high-authority-to-operate-for-its-ai-powered-cybersecurity-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8657754 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les organisations européennes de normalisation (ESO) CEN, CENELEC, ETSI, avec Eisa, l'Agence européenne pour la cybersécurité, ont co-organisé le ...

---

>The European Standardisation Organisations (ESOs) CEN, CENELEC, ETSI, together with ENISA, the EU Agency for Cybersecurity, co-hosted the... ]]> 2025-03-24T12:01:35+00:00 https://industrialcyber.co/news/eu-cybersecurity-legislation-takes-center-stage-at-9th-standardisation-conference/ www.secnews.physaphae.fr/article.php?IdArticle=8657755 False Legislation,Conference None 3.0000000000000000 Cisco - Security Firm Blog Cisco and the UK AI Security Institute partnered with NIST to release the latest update to the Adversarial Machine Learning Taxonomy.]]> 2025-03-24T12:00:00+00:00 https://blogs.cisco.com/security/cisco-co-authors-update-to-nist-adversarial-machine-learning-taxonomy/ www.secnews.physaphae.fr/article.php?IdArticle=8657819 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe.]]> 2025-03-24T12:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/access-broker-russian-state-cybercrime www.secnews.physaphae.fr/article.php?IdArticle=8658085 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two years after a data breach that compromised almost seven million customers, 23andMe\'s CEO has resigned as the company files for bankruptcy]]> 2025-03-24T11:30:00+00:00 https://www.infosecurity-magazine.com/news/california-23andme-data-rights/ www.secnews.physaphae.fr/article.php?IdArticle=8657759 False Data Breach None 4.0000000000000000 HackRead - Chercher Cyber Cloak ransomware group claims attack on Virginia attorney general\'s office, demands ransom for stolen data. Investigation underway. Find out the impact and what\'s being done.]]> 2025-03-24T11:15:29+00:00 https://hackread.com/cloak-ransomware-virginia-attorney-generals-office/ www.secnews.physaphae.fr/article.php?IdArticle=8657760 False Ransomware None 3.0000000000000000 Cyble - CyberSecurity Firm Social Engineering Campagne contre les développeurs de dissociation en déguisé malin github . À l'aide d'un faux test de recrutement nommé " FizzBuzz ", le TA tourne les victimes de télécharger un fichier ISO contenant un apparemment inoffensif javascript Exercice et un LNK malivet shortcut]]> 2025-03-24T11:09:37+00:00 https://cyble.com/blog/fake-coding-challenges-steal-sensitive-data-via-fogdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8657753 False Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Korben - Bloger francais 2025-03-24T10:53:06+00:00 https://korben.info/whispernote-transcription-vocale-gratuite-ia-openai.html www.secnews.physaphae.fr/article.php?IdArticle=8657734 False None ChatGPT 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain a écrit sur Le Royaume-Uni forçant Apple pour briser son encluption de protection des données avancé dans iCloud. Plus récemment, les deux Suède Et FRANCE sont des coiffures de dos contemplating. Les deux initiatives tentent de effrayer les gens pour soutenir les portes, qui sont - de cours ]]> 2025-03-24T10:38:58+00:00 https://www.schneier.com/blog/archives/2025/03/more-countries-are-demanding-back-doors-to-encrypted-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8657742 False None None 3.0000000000000000 HackRead - Chercher Cyber Paris, France, 24th March 2025, CyberNewsWire]]> 2025-03-24T10:31:10+00:00 https://hackread.com/arsen-introduces-ai-powered-phishing-tests-to-improve-social-engineering-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8657744 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s National Crime Agency has launched a new campaign designed to raise awareness of sextortion among teenage boys]]> 2025-03-24T10:15:00+00:00 https://www.infosecurity-magazine.com/news/teen-boys-risk-sextortion-74-lack/ www.secnews.physaphae.fr/article.php?IdArticle=8657745 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data-demonstrating how built-in security isn\'t always enough. Don\'t let threats persist in your cloud data. Strengthen your defenses. [...]]]> 2025-03-24T10:01:11+00:00 https://www.bleepingcomputer.com/news/security/hidden-threats-how-microsoft-365-backups-store-risks-for-future-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8657861 False Malware,Threat,Cloud None 3.0000000000000000 Korben - Bloger francais 2025-03-24T09:30:00+00:00 https://korben.info/securisez-vos-demos-de-code-avec-camouflage-le-protecteur-de-secrets-pour-vs-code.html www.secnews.physaphae.fr/article.php?IdArticle=8657724 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are looking to compromise Google accounts to further malvertising and data theft]]> 2025-03-24T09:30:00+00:00 https://www.infosecurity-magazine.com/news/google-hijackers-target-victims/ www.secnews.physaphae.fr/article.php?IdArticle=8657733 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber En 1999, Dave Mann et Steve Christey, deux chercheurs de la société à but non lucratif de R&D Corporation, ont débuté un concept pour les vulnérabilités de sécurité qui ont jeté les bases du cadre de vulnérabilité et d'expositions communs (CVE) qui organise des informations sur les vulnérabilités informatiques. Vingt-cinq ans plus tard, le programme CVE, qui attribue un enregistrement unique à chaque vulnérabilité signalée, est […]

---

>In 1999, Dave Mann and Steve Christey, two researchers from the nonprofit R&D corporation MITRE,  debuted a concept for security vulnerabilities that laid the groundwork for the common vulnerability and exposures framework (CVE) that organizes information around computer vulnerabilities. Twenty-five years later, the CVE program, which assigns a unique record to each reported vulnerability, is […] ]]> 2025-03-24T09:00:00+00:00 https://cyberscoop.com/cve-program-history-mitre-nist-1999-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8657725 False Vulnerability None 3.0000000000000000 ANSSI - Flux Étatique Francais anssiadm lun 24/03/2025 - 08:36 Afin d'enrichir le référentiel d'exigences applicables aux prestataires de réponse aux incidents de sécurité (PRIS), l'ANSSI propose l'intégration d'une activité de " gestion de crise ". Afin de compléter la labellisation de prestataires compétents sur la préparation à la gestion de crise d'origine cyber au travers des prestataires d'accompagnement et de conseil en sécurité des systèmes d'information (PACS), l'ANSSI souhaite intégrer une activité de gestion de crise au sein du référentiel d'exigences applicables aux prestataires de réponse aux incidents de sécurité (PRIS). L'activité de gestion de crise est nécessaire dans le cas de situations graves ou complexes, notamment par l'ampleur et les impacts de l'incident vis-à-vis des activités métiers du bénéficiaire et sur besoin capacitaire ou d'expertise relative à la gestion de crise. Elle peut aussi être essentielle si le bénéficiaire n'a pas effectué de préparation à la gestion de crise. Ainsi, elle vise à : apporter une assistance en situation de crise afin de limiter les impacts de l'incident. limiter les impacts d'une crise cyber en apportant une capacité de réponse et de soutien adéquate afin de préserver les intérêts du bénéficiaire ou du commanditaire (réputation, continuité des activités, rétablissement des capacités opérationnelles, etc.). Sur proposition de cette version, les PRIS de gestion de crise seront capables notamment : de contribuer à la mise en place d'un dispositif de gestion de crise en situation d'urgence , d'établir un plan d'action de gestion de crise, et d'assurer une cohérence d'ensemble de gestion de crise, d'apporter un premier niveau de conseil à la communication de crise, et connaissances des enjeux cyber et juridiques. NB : les PRIS ne se substitueront pas aux différents organes du bénéficiaire (juridique, communication, etc.), ni à leurs responsabilités. Cette nouvelle activité est mise en ligne aujourd'hui dans le cadre d'un appel pu]]> 2025-03-24T08:36:22+00:00 https://cyber.gouv.fr/actualites/appel-commentaires-sur-lajout-dun-volet-gestion-de-crise-au-referentiel-pris www.secnews.physaphae.fr/article.php?IdArticle=8657722 False None None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-03-24T08:00:56+00:00 https://www.zataz.com/quels-sont-les-criteres-pour-selectionner-une-entreprise-de-pentest/ www.secnews.physaphae.fr/article.php?IdArticle=8657714 False None None 2.0000000000000000 Sygnia - CyberSecurity Firm Leader de la réponse aux incidents révèle que les routeurs domestiques à effet de tisserands de tisserand pour cibler la meilleure entreprise de télécommunications et collecter des informations sensibles.

---

>Incident Response leader reveals Weaver Ant leveraged home routers to target top telecoms company and collect sensitive information. ]]> 2025-03-24T07:59:21+00:00 https://www.sygnia.co/press-release/sygnia-discovers-new-active-china-nexus-threat-actor-weaver-ant/ www.secnews.physaphae.fr/article.php?IdArticle=8657711 False Threat None 3.0000000000000000 Sygnia - CyberSecurity Firm Sygnia détaille Weaver Ant, un acteur de menace de Chine-Nexus infiltrant un grand fournisseur de télécommunications. À l'aide de coquilles Web et de tunnels, les attaquants ont maintenu la persistance et facilité le cyber-espionnage. Ce blog explore leurs tactiques et fournit des stratégies de défense clés contre les menaces parrainées par l'État.

---

>Sygnia details Weaver Ant, a China-nexus threat actor infiltrating a major telecom provider. Using web shells and tunneling, the attackers maintained persistence and facilitated cyber espionage. This blog explores their tactics and provides key defense strategies against state-sponsored threats. ]]> 2025-03-24T07:58:09+00:00 https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/ www.secnews.physaphae.fr/article.php?IdArticle=8657712 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process.]]> 2025-03-24T06:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/middle-easts-race-digitize-threat-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8657697 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2025-03-24T06:00:00+00:00 https://levelblue.com/blogs/security-essentials/levelblues-partner-program-for-msps-and-mssps www.secnews.physaphae.fr/article.php?IdArticle=8657696 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks concerning cross-border data compliance. Beyond security, privacy, freedom of information, and other legal and ethical factors are also important considerations. How National Security Concerns Have Shaped...]]> 2025-03-24T04:04:21+00:00 https://www.tripwire.com/state-of-security/cross-border-data-compliance-navigating-public-security-regulations-connected www.secnews.physaphae.fr/article.php?IdArticle=8657723 False Vulnerability None 2.0000000000000000