This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:26:00+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch 2025-03-18T20:42:43+00:00 https://www.darkreading.com/cybersecurity-operations/duke-university-gcf-partner-advancing-women-in-cyber www.secnews.physaphae.fr/article.php?IdArticle=8656545 False None None 2.0000000000000000 Dark Reading - Informationweek Branch The all-cash deal offers a path for Google to better support cloud customers who have assets spread across public environments, including Azure and others.]]> 2025-03-18T20:16:44+00:00 https://www.darkreading.com/cloud-security/google-acquire-wiz-32b-multicloud-security-play www.secnews.physaphae.fr/article.php?IdArticle=8656546 False Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future The Zero Day Initiative measured the prevalence of manipulated Windows shortcut files in campaigns attributed to nation-state hacking groups - finding at least 11 exploited a bug that allows malicious use of the files.]]> 2025-03-18T20:12:34+00:00 https://therecord.media/windows-lnk-files-nation-state-hacking-campaigns www.secnews.physaphae.fr/article.php?IdArticle=8656541 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro\'s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden]]> 2025-03-18T19:39:00+00:00 https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8656478 False Vulnerability,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is]]> 2025-03-18T19:30:00+00:00 https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html www.secnews.physaphae.fr/article.php?IdArticle=8656479 False Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft.]]> 2025-03-18T19:29:44+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-sounds-warning-on-multifunctional-stilachirat www.secnews.physaphae.fr/article.php?IdArticle=8656532 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security vulnerability has been disclosed in AMI\'s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the]]> 2025-03-18T19:01:00+00:00 https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8656480 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Cyberattacks on public entities across the U.S. - from police stations to school districts and courts - are causing wide-ranging issues for residents and public employees.]]> 2025-03-18T18:54:57+00:00 https://therecord.media/municipalities-struggling-cyberattacks-services www.secnews.physaphae.fr/article.php?IdArticle=8656523 False Legislation None 2.0000000000000000 Bleeping Computer - Magazine Américain US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers\' personal information. [...]]]> 2025-03-18T18:53:25+00:00 https://www.bleepingcomputer.com/news/security/sperm-donation-giant-california-cryobank-warns-of-a-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8656568 False Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with]]> 2025-03-18T18:41:00+00:00 https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8656457 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members according, to the shared messages.]]> 2025-03-18T18:05:23+00:00 https://www.darkreading.com/threat-intelligence/black-basta-league-russian-officials-chat-logs www.secnews.physaphae.fr/article.php?IdArticle=8656533 False None None 3.0000000000000000 HackRead - Chercher Cyber Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats.]]> 2025-03-18T18:05:18+00:00 https://hackread.com/scammers-ad-fraud-apps-google-play-60m-downloads/ www.secnews.physaphae.fr/article.php?IdArticle=8656513 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Phoenix-based Western Alliance Bank filed data breach notices saying about 22,000 people were affected by an incident involving file transfer software.]]> 2025-03-18T17:59:02+00:00 https://therecord.media/western-alliance-bank-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8656514 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face.]]> 2025-03-18T17:42:19+00:00 https://www.darkreading.com/cyberattacks-data-breaches/ransomware-crew-leak-snowden-extortion-tactic www.secnews.physaphae.fr/article.php?IdArticle=8656516 False Ransomware None 3.0000000000000000 ComputerWeekly - Computer Magazine 2025-03-18T17:32:00+00:00 https://www.computerweekly.com/news/366621040/Largest-ever-cyber-deal-reflects-Googles-CNAPP-ambitions www.secnews.physaphae.fr/article.php?IdArticle=8656561 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future A previously unreported remote access trojan that Microsoft researchers dubbed StilachiRAT is designed to steal a wide range of data, including information about cryptocurrency wallet extensions for Google\'s Chrome browser.]]> 2025-03-18T17:25:46+00:00 https://therecord.media/stilachirat-new-remote-access-trojan-crypto-wallets www.secnews.physaphae.fr/article.php?IdArticle=8656515 False None None 2.0000000000000000 ProofPoint - Firm Security 2025-03-18T17:13:59+00:00 https://www.proofpoint.com/us/newsroom/news/proofpoint-enhances-cybersecurity-expanding-partnership-microsoft-azure www.secnews.physaphae.fr/article.php?IdArticle=8657665 False None None 2.0000000000000000 ProofPoint - Firm Security 2025-03-18T17:05:14+00:00 https://www.proofpoint.com/us/newsroom/news/msft-strengthens-cybersecurity-partnership-proofpoint www.secnews.physaphae.fr/article.php?IdArticle=8657666 False None None 2.0000000000000000 ProofPoint - Firm Security 2025-03-18T16:59:56+00:00 https://www.proofpoint.com/us/newsroom/news/darren-lee-evp-gm-proofpoint-joins-live-nyse-tv www.secnews.physaphae.fr/article.php?IdArticle=8657667 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial A member of the U.S. House Committee on Homeland Security has reached out to the federal government, urging... ]]> 2025-03-18T16:42:34+00:00 https://industrialcyber.co/critical-infrastructure/garbarino-urges-federal-review-of-biden-era-cyber-safety-review-board-amid-transparency-efficacy-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8656502 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this]]> 2025-03-18T16:30:00+00:00 https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html www.secnews.physaphae.fr/article.php?IdArticle=8656436 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]]]> 2025-03-18T16:03:50+00:00 https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8656530 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in]]> 2025-03-18T15:54:00+00:00 https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html www.secnews.physaphae.fr/article.php?IdArticle=8656437 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor\'s secure file transfer software was breached. [...]]]> 2025-03-18T15:50:25+00:00 https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8656531 False Data Breach None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET The group\'s Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure]]> 2025-03-18T15:45:18+00:00 https://www.welivesecurity.com/en/videos/mirrorface-updates-toolset-expands-reach-europe/ www.secnews.physaphae.fr/article.php?IdArticle=8661303 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in]]> 2025-03-18T15:31:00+00:00 https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html www.secnews.physaphae.fr/article.php?IdArticle=8656438 False Threat,Mobile Satori 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware]]> 2025-03-18T15:30:00+00:00 https://www.infosecurity-magazine.com/news/security-researcher-llm/ www.secnews.physaphae.fr/article.php?IdArticle=8656495 False Malware,Tool None 3.0000000000000000 Dark Reading - Informationweek Branch A server-side request forgery vulnerability in OpenAI\'s chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.]]> 2025-03-18T15:28:52+00:00 https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk www.secnews.physaphae.fr/article.php?IdArticle=8656493 False Vulnerability,Threat ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch The data loss prevention company emerges from stealth with an AI-powered platform to help organizations distinguish between legitimate and risky activity.]]> 2025-03-18T15:27:06+00:00 https://www.darkreading.com/insider-threats/orion-security-startup-minimize-insider-threats www.secnews.physaphae.fr/article.php?IdArticle=8656494 False None None 3.0000000000000000 The Register - Site journalistique Anglais \'Only\' a local access bug but important part of N Korea, Russia, and China attack picture An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there\'s no sign of a fix from Microsoft, which apparently considers this a low priority.…]]> 2025-03-18T15:13:08+00:00 https://go.theregister.com/feed/www.theregister.com/2025/03/18/microsoft_trend_flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8656492 False Threat,Prediction None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Learn how FortiEndpoint unified FortiEDR\'s endpoint protection and FortiClient\'s network security capabilities to deliver a more cohesive, automated defense against modern threats.]]> 2025-03-18T15:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/revolutionizing-endpoint-security-with-fortiedr-and-a-unified-client www.secnews.physaphae.fr/article.php?IdArticle=8656489 False None None 2.0000000000000000 RedCanary - Red Canary Our annual analysis brings you a year\'s worth of security operations and intelligence insights, with actionable guidance on every page.]]> 2025-03-18T14:59:14+00:00 https://redcanary.com/blog/threat-detection/2025-threat-detection-report/ www.secnews.physaphae.fr/article.php?IdArticle=8656474 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Report reveals common password use in RDP attacks, highlighting weak credentials remain a major security flaw]]> 2025-03-18T14:45:00+00:00 https://www.infosecurity-magazine.com/news/common-passwords-rdp-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8656481 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le co-fondateur de Wiz, Asaaf Rappaport, a déclaré que la société restera concentrée sur la protection d'un large éventail de services cloud.

---

>Wiz co-founder Asaaf Rappaport said the company will remain focused on protecting a wide range of cloud services. ]]> 2025-03-18T14:30:52+00:00 https://cyberscoop.com/google-acquires-wiz-for-32-billion/ www.secnews.physaphae.fr/article.php?IdArticle=8656488 False Cloud None 3.0000000000000000 Recorded Future - FLux Recorded Future In a rare move, China\'s state security ministry released the names and photos of four alleged hackers within Taiwan\'s defense ministry.]]> 2025-03-18T14:29:02+00:00 https://therecord.media/china-taiwan-hacks-identify-cyber www.secnews.physaphae.fr/article.php?IdArticle=8656487 False None None 3.0000000000000000 knowbe4 - cybersecurity services Mes deux publications récentes précédentes sur l'IA ont couvert «]]> 2025-03-18T14:27:16+00:00 https://blog.knowbe4.com/emergent-agentic-ai-defense www.secnews.physaphae.fr/article.php?IdArticle=8656476 False None None 2.0000000000000000 Dark Reading - Informationweek Branch For candidates with a cybersecurity background who want to stay competitive, now is the time to invest in obtaining AI skills.]]> 2025-03-18T14:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/3-ai-driven-roles-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8656465 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Leaked chat logs have exposed connections between the BlackBasta ransomware group and Russian authorities, according to new analysis by Trellix]]> 2025-03-18T14:00:00+00:00 https://www.infosecurity-magazine.com/news/blackbasta-ransomwares-ties-russia/ www.secnews.physaphae.fr/article.php?IdArticle=8656460 False Ransomware None 3.0000000000000000 Recorded Future - FLux Recorded Future The purchase is the biggest such deal in Google\'s history and also the largest corporate acquisition overall this year.]]> 2025-03-18T13:56:04+00:00 https://therecord.media/google-buys-cloud-security-provider-wiz www.secnews.physaphae.fr/article.php?IdArticle=8656471 False Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...]]]> 2025-03-18T13:52:53+00:00 https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/ www.secnews.physaphae.fr/article.php?IdArticle=8656511 False Mobile None 3.0000000000000000 HackRead - Chercher Cyber Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.]]> 2025-03-18T13:51:25+00:00 https://hackread.com/analyze-mobile-threats-any-run-android-os-sandbox/ www.secnews.physaphae.fr/article.php?IdArticle=8656458 False Mobile None 4.0000000000000000 Cyble - CyberSecurity Firm Overview Zimbra Collaboration Suite (ZCS) is a widely used email and collaboration platform. Security remains a top priority for administrators and users who rely on Zimbra for business communication. Recently, Zimbra has addressed several critical security issues, including stored cross-site scripting (XSS), SQL injection (SQLi), and server-side request forgery (SSRF). This article provides a detailed technical breakdown of these vulnerabilities, their potential impact, and recommended actions. Below is an in-depth analysis of these vulnerabilities. 1. Stored Cross-Site Scripting (XSS) - CVE-2025-27915 Affected Versions: ZCS 9.0, 10.0, and 10.1 (before patches 44, 10.0.13, and 10.1.5) Patch Availability: Fixed in the latest patches Description: This vulnerability resides in the Classic Web Client due to insufficient sanitization of HTML content in ICS calendar invite files. Attackers can embed malicious JavaScript inside an ICS file, which executes when a victim opens an email containing the ICS entry. Exploitation allows unauthorized actions within the victim\'s session, such as modifying email filters to redirect messages to an attacker\'s inbox. ]]> 2025-03-18T13:50:51+00:00 https://cyble.com/blog/breaking-down-zimbras-latest-security-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8656463 False Vulnerability,Industrial,Technical None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google is set to acquire Wiz, a cloud security platform founded in 2020, for $32bn in an all-cash deal]]> 2025-03-18T13:45:00+00:00 https://www.infosecurity-magazine.com/news/google-buys-wiz-32bn-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8656461 False Cloud None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Two bipartisan bills aimed at supporting rural water systems have been reintroduced in the U.S. Senate, offering enhanced... ]]> 2025-03-18T13:41:27+00:00 https://industrialcyber.co/utilities-energy-power-water-waste/senators-reintroduce-bipartisan-bills-to-fortify-rural-water-systems-with-enhanced-cybersecurity-measures/ www.secnews.physaphae.fr/article.php?IdArticle=8656472 False None None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-03-18T13:33:57+00:00 https://cyble.com/blog/it-vulnerability-report-for-apple-php-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8656464 False Vulnerability,Threat,Patching None 2.0000000000000000 Security Through Education - Security Through Education Many of us don\'t realize just how much we share about ourselves on the internet. Social media provides us with […]]]> 2025-03-18T13:30:02+00:00 https://www.social-engineer.org/general-blog/how-to-take-control-of-your-online-presence/ www.secnews.physaphae.fr/article.php?IdArticle=8659470 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Flashpoint data points to a surge in data breaches fueled by compromised credentials, ransomware and exploits]]> 2025-03-18T13:30:00+00:00 https://www.infosecurity-magazine.com/news/168-billion-records-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=8656462 False Ransomware None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La nouvelle recherche sur les traces de bits-tight a identifié des cyber-menaces cachées dans les chaînes d'approvisionnement mondiales, mettant en évidence les risques des fournisseurs liés à l'étranger ...

---

>New Bitsight TRACE research has identified hidden cyber threats in global supply chains, highlighting risks from foreign-linked providers... ]]> 2025-03-18T13:17:19+00:00 https://industrialcyber.co/supply-chain-security/bitsight-trace-reports-cyber-risks-in-us-supply-chains-due-to-foreign-providers/ www.secnews.physaphae.fr/article.php?IdArticle=8656473 False None None 2.0000000000000000 HackRead - Chercher Cyber Cybercriminals exploit AI hype with SEO poisoning, tricking users into downloading malware disguised as DeepSeek software, warns McAfee Labs in a new report.]]> 2025-03-18T13:16:45+00:00 https://hackread.com/fake-deepseek-ai-installers-websites-apps-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8656459 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]]]> 2025-03-18T13:11:24+00:00 https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/ www.secnews.physaphae.fr/article.php?IdArticle=8656512 False Vulnerability,Threat None 2.0000000000000000 The Register - Site journalistique Anglais 2025-03-18T13:02:18+00:00 https://go.theregister.com/feed/www.theregister.com/2025/03/18/wiz_github_supply_chain/ www.secnews.physaphae.fr/article.php?IdArticle=8656447 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur Apprenez comment la détection de l'IA et du cloud-natif révolutionne les SOC en OPS de sécurité autonome. Clay Brothers of Unit 42 met en garde contre les méthodes traditionnelles.

---

>Learn how AI and cloud-native detection are revolutionizing SOCs into autonomous security ops. Clay Brothers of Unit 42 warns against traditional methods. ]]> 2025-03-18T13:00:51+00:00 https://www.paloaltonetworks.com/blog/2025/03/autonomous-security-changing-the-game/ www.secnews.physaphae.fr/article.php?IdArticle=8656446 False None None 2.0000000000000000 HackRead - Chercher Cyber Palo Alto, USA, 18th March 2025, CyberNewsWire]]> 2025-03-18T13:00:40+00:00 https://hackread.com/squarex-launches-year-of-browser-bugs-yobb-to-expose-critical-security-blind-spots/ www.secnews.physaphae.fr/article.php?IdArticle=8656448 False None None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La numérisation a considérablement modifié la fabrication au cours des 25 dernières années. Les avantages comprennent la réduction des coûts des stocks et des temps d'arrêt de la machine, et une augmentation de la précision du débit et des prévisions. Mais à mesure que la numérisation a augmenté dans la prévalence, les défis de sécurité sont également confrontés aux fabricants. Cela comprend le ransomware, les systèmes hérités difficiles à corriger et les risques tiers, entre autres types de menaces. Au tournant du 21e siècle, les installations de production utilisaient des logiciels dans divers domaines, mais ces systèmes étaient rarement intégrés et les départements fonctionnaient souvent dans des silos. Les lignes d'assemblage robotiques étaient déjà bien établies - principalement dans l'industrie automobile - mais étaient […]

---

>Digitization has significantly changed manufacturing over the past 25 years. The benefits include reducing inventory costs and machine downtime, and boosting throughput and forecasting accuracy. But as digitization has grown in prevalence, so have the security challenges facing manufacturers. This includes ransomware, legacy systems that are hard to patch, and third-party risk, among other types of threats. At the turn of the 21st century, production facilities were using software in various areas, but these systems were rarely integrated, and departments often operated in silos. Robotic assembly lines were already well established – primarily in the automotive industry – but were […] ]]> 2025-03-18T13:00:07+00:00 https://blog.checkpoint.com/security/how-manufacturers-can-turn-security-into-a-competitive-advantage/ www.secnews.physaphae.fr/article.php?IdArticle=8656455 False Ransomware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Bitdefender said the malicious app campaign has resulted in more than 60 million downloads of malicious apps from the Google Play Store]]> 2025-03-18T13:00:00+00:00 https://www.infosecurity-magazine.com/news/malicious-app-bypass-android/ www.secnews.physaphae.fr/article.php?IdArticle=8656449 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored]]> 2025-03-18T12:30:00+00:00 https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html www.secnews.physaphae.fr/article.php?IdArticle=8656408 False Malware None 3.0000000000000000 Cisco - Security Firm Blog Cisco is bringing Secure Workload, Secure Access, and AI Defense into Security Cloud control, enhancing its capabilities and providing comprehensive management.]]> 2025-03-18T12:00:00+00:00 https://blogs.cisco.com/security/redefining-security-management-in-a-hyperconnected-world/ www.secnews.physaphae.fr/article.php?IdArticle=8656509 False Cloud None 2.0000000000000000 SecurityWeek - Security News Les informations personnelles de 22 000 clients de la Western Alliance Bank ont ​​été volées dans une violation de données liée au piratage de l'outil de transfert de fichiers CLEO. par CL0P.

---

>The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p\'s hacking of the Cleo file transfer tool. ]]> 2025-03-18T11:45:18+00:00 https://www.securityweek.com/western-alliance-bank-discloses-data-breach-linked-to-cleo-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8656435 False Data Breach,Hack,Tool None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain À quel point la recherche de confidentialité et de sécurité utilisable est-elle bizarre? " By By By ByAyako A. Hasegawa Daisuke Inoue et Mitsuaki Akiyama: Résumé : Dans les domaines des facteurs humains tels que l'interaction humaine-ordinateur (HCI) et la psychologie, les chercheurs craignaient que les participants proviennent principalement de pays étranges (occidentaux, éduqués, industrialisés, riches et démocratiques). Ce biais étrange peut entraver la compréhension de diverses populations et de leurs différences culturelles. Le domaine utilisable de la confidentialité et de la sécurité (UPS) a hérité de nombreuses méthodologies de recherche à partir de recherches sur les domaines des facteurs humains. Nous avons effectué une revue de la littérature pour comprendre dans quelle mesure les échantillons des participants dans les articles UPS provenaient de pays étranges et les caractéristiques des méthodologies et des sujets de recherche dans chaque étude utilisateur recrutant les participants occidentaux ou non occidentaux. Nous avons constaté que le biais envers les pays étranges en UPS est supérieur à celui de HCI. Les barrières géographiques et linguistiques dans les méthodes d'étude et les méthodes de recrutement peuvent amener les chercheurs à mener des études utilisateur localement. De plus, de nombreux articles n'ont pas signalé la démographie des participants, ce qui pourrait entraver la réplication des études rapportées, conduisant à une faible reproductibilité. Pour améliorer la diversité géographique, nous fournissons les suggestions, notamment en facilitant les études de réplication, abordons les problèmes géographiques et linguistiques des méthodes d'étude / de recrutement, et faciliter la recherche sur les sujets des populations non Web ...

---

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations...]]> 2025-03-18T11:10:08+00:00 https://www.schneier.com/blog/archives/2025/03/is-security-human-factors-research-skewed-towards-western-ideas-and-habits.html www.secnews.physaphae.fr/article.php?IdArticle=8656444 False Studies,Conference None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection In 2024, Darktrace identified a cluster of intrusions involving the state-linked malware, ShadowPad. This blog will detail ShadowPad and the associated activities detected by Darktrace.]]> 2025-03-18T11:01:06+00:00 https://www.darktrace.com/blog/darktrace-detection-of-state-linked-shadowpad-malware www.secnews.physaphae.fr/article.php?IdArticle=8657148 False Malware None 2.0000000000000000 Korben - Bloger francais 2025-03-18T10:38:53+00:00 https://korben.info/sommes-nous-devenus-trop-cons-declin-cognitif-ere-numerique.html www.secnews.physaphae.fr/article.php?IdArticle=8656422 False None None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor]]> 2025-03-18T10:00:00+00:00 https://www.welivesecurity.com/en/eset-research/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8661309 False None None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-03-18T09:48:33+00:00 https://www.zataz.com/securite-nationale-et-vie-privee-la-proposition-de-loi-narcotrafic-au-coeur-dun-debat-brulant/ www.secnews.physaphae.fr/article.php?IdArticle=8656424 False Legislation None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Bitsight reveals that UK companies are more exposed to cyber risk than global peers via their digital supply chains]]> 2025-03-18T09:45:00+00:00 https://www.infosecurity-magazine.com/news/third-uk-supply-chain-relies/ www.secnews.physaphae.fr/article.php?IdArticle=8656423 False None None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2025-03-18T09:27:10+00:00 https://www.globalsecuritymag.fr/ransomwares-la-menace-la-plus-probable-en-2025-selon-une-etude-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8656416 False None None 2.0000000000000000 Zataz - Magazine Francais de secu 2025-03-18T09:09:02+00:00 https://www.zataz.com/piratage-massif-de-facebook-un-pirate-russophone-met-en-vente-une-base-de-donnees-de-712-millions-de-comptes/ www.secnews.physaphae.fr/article.php?IdArticle=8656425 False None None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness.  The issue mainly affects Internet of Things (IoT) devices but could impact any system using improperly generated RSA keys, arising from poor random [...]]]> 2025-03-18T07:18:58+00:00 https://informationsecuritybuzz.com/rsa-encryption-flaw-expose-iot-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8656402 False None None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Over 23,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action, say researchers at StepSecurity.    GitHub Actions is a CI/CD service that allows developers to automate software builds and testing. Workflows run in response to specific events, such as committing new code to a repository. With adoption in over 23,000 [...]]]> 2025-03-18T06:22:39+00:00 https://informationsecuritybuzz.com/github-leak-software-supply-chain-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8656395 False None None 3.0000000000000000 The State of Security - Magazine Américain Most countries have some sort of government agency dedicated to protecting digital infrastructure and promoting cybersecurity awareness. In the English-speaking world alone, the UK has the National Cyber Security Center (NCSC), the US has the National Institute of Standards and Technology ( NIST), and Canada has the Canadian Centre for Cyber Security; chances are you\'re already aware of them. However, cybersecurity knows no borders. Expanding our knowledge beyond the anglosphere is crucial to working effectively in the modern world. With this in mind, let\'s look at one of the most important...]]> 2025-03-18T06:05:37+00:00 https://www.tripwire.com/state-of-security/what-is-bundesamt-fur-sicherheit-in-der-informationstechnik-bsi www.secnews.physaphae.fr/article.php?IdArticle=8656433 False None None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC L'enquête de sécurité 2023 , 78% des décideurs de sécurité ont estimé les données sensibles de leur organisation. La récupération des violations de données peut entraîner des coûts élevés et un temps et des efforts considérables. Dans le Les principales menaces de cybersécurité en 2024 Rapport par Forrester, la moitié des répondants à un niveau de cyber a estimé que le coût du cu]]> 2025-03-18T06:00:00+00:00 https://levelblue.com/blogs/security-essentials/levelblue-compliance-without-complexity www.secnews.physaphae.fr/article.php?IdArticle=8656386 False Ransomware,Tool,Vulnerability,Legislation,Medical None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The latest threat landscape report from ReliaQuest has unearthed some concerning findings regarding the critical threats faced by the hospitality and recreation sector. These include identifying a 43% increase in ransomware attacks, the discovery that 44% of phishing emails contained credential harvesters, and a staggering 433% increase in external remote services abuse.  The reporting period [...]]]> 2025-03-18T05:36:32+00:00 https://informationsecuritybuzz.com/insight-reliaquest-criti-cyber-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8656388 False Ransomware,Threat None 2.0000000000000000 ProofPoint - Firm Security 2025-03-18T05:00:00+00:00 https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-establishes-global-strategic-alliance-microsoft-build-azure-and www.secnews.physaphae.fr/article.php?IdArticle=8656591 False None None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The next generation of artificial intelligence (AI), known as “agents,” may open the door to new cyber threats, experts are warning.  AI agents are advanced tools that can carry out tasks on their own, such as browsing the internet, writing emails, or even interacting with websites. While they are designed to help people automate mundane [...]]]> 2025-03-18T04:08:08+00:00 https://informationsecuritybuzz.com/new-ai-agents-could-help-bad-actors-launch-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8656379 False Tool None 3.0000000000000000 The Register - Site journalistique Anglais One PUT request, one poisoned session file, and the server\'s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.…]]> 2025-03-18T00:44:39+00:00 https://go.theregister.com/feed/www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8656351 False None None 2.0000000000000000 HackRead - Chercher Cyber Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting…]]> 2025-03-18T00:23:19+00:00 https://hackread.com/how-to-permanently-securely-delete-photos-from-an-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8656357 False Mobile None 3.0000000000000000 TrendLabs Security - Editeur Antivirus Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution.]]> 2025-03-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8656475 False Vulnerability,Threat,Prediction None 2.0000000000000000 TrendMicro - Security Firm Blog Trend Research analyzed SocGholish\'s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.]]> 2025-03-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/c/socgholishs-intrusion-techniques-facilitate-distribution-of-rans.html www.secnews.physaphae.fr/article.php?IdArticle=8655664 False Ransomware,Prediction None 3.0000000000000000 Silicon - Site de News Francais 2025-03-18T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/cybersecurite-parlons-danger-gestion-risques-469050.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8656427 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future OKX said it detected a coordinated effort by one of North Korea\'s most prolific hacking outfits to misuse its decentralized finance (DeFi) services.]]> 2025-03-17T23:24:41+00:00 https://therecord.media/crypto-okx-shuts-down-exchange www.secnews.physaphae.fr/article.php?IdArticle=8656349 False Tool None 3.0000000000000000 TechRepublic - Security News US This breakthrough will finally allow secure, encrypted messaging between different mobile platforms.]]> 2025-03-17T22:59:47+00:00 https://www.techrepublic.com/article/news-iphone-android-encrypted-messaging/ www.secnews.physaphae.fr/article.php?IdArticle=8656715 False Mobile None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-03-17T22:59:10+00:00 https://www.zataz.com/lia-fantome-une-menace-silencieuse-qui-pourrait-provoquer-une-crise-de-securite-mondiale/ www.secnews.physaphae.fr/article.php?IdArticle=8656344 False Tool None 2.0000000000000000 Zataz - Magazine Francais de secu 2025-03-17T22:38:52+00:00 https://www.zataz.com/8-jours-de-prison-pour-diffusion-de-fake-news/ www.secnews.physaphae.fr/article.php?IdArticle=8656345 False Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It concerns a]]> 2025-03-17T22:38:00+00:00 https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html www.secnews.physaphae.fr/article.php?IdArticle=8656287 False Vulnerability None 3.0000000000000000 Data Security Breach - Site de news Francais 2025-03-17T22:22:50+00:00 https://www.datasecuritybreach.fr/creer-un-inventaire-des-actifs-dia-une-necessite-strategique-pour-la-securite-et-la-conformite/ www.secnews.physaphae.fr/article.php?IdArticle=8656346 False None None 3.0000000000000000 Data Security Breach - Site de news Francais Continue reading Un outil gratuit pour vaincre le ransomware Akira sur Linux]]> 2025-03-17T22:09:45+00:00 https://www.datasecuritybreach.fr/un-outil-gratuit-pour-vaincre-le-ransomware-akira-sur-linux/ www.secnews.physaphae.fr/article.php?IdArticle=8656347 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch In a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites.]]> 2025-03-17T21:53:27+00:00 https://www.darkreading.com/application-security/oauth-attacks-target-microsoft-365-github www.secnews.physaphae.fr/article.php?IdArticle=8656325 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch The ClickFix attack tactic seems to be gaining traction among threat actors.]]> 2025-03-17T21:49:37+00:00 https://www.darkreading.com/cyberattacks-data-breaches/compromised-car-dealership-websites-clickfix-breach www.secnews.physaphae.fr/article.php?IdArticle=8656326 False Threat None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-03-17T21:42:39+00:00 https://www.zataz.com/un-developpeur-de-lockbit-extrade-disrael-et-inculpe-aux-etats-unis/ www.secnews.physaphae.fr/article.php?IdArticle=8656336 False Ransomware,Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2025-03-17T21:34:09+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lexmark-expands-print-security-services-worldwide www.secnews.physaphae.fr/article.php?IdArticle=8656327 False None None 2.0000000000000000 HackRead - Chercher Cyber In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT…]]> 2025-03-17T21:26:03+00:00 https://hackread.com/hackers-exploit-chatgpt-cve-2024-27564-10000-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8656335 False Vulnerability,Threat ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch 2025-03-17T21:20:55+00:00 https://www.darkreading.com/application-security/varonis-acquires-cyral-to-reinvent-database-activity-monitoring www.secnews.physaphae.fr/article.php?IdArticle=8656328 False None None 2.0000000000000000 Data Security Breach - Site de news Francais 2025-03-17T21:17:13+00:00 https://www.datasecuritybreach.fr/mora_001-une-nouvelle-menace-ransomware-exploite-des-failles-fortinet/ www.secnews.physaphae.fr/article.php?IdArticle=8656337 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years.]]> 2025-03-17T21:14:26+00:00 https://www.darkreading.com/threat-intelligence/denmark-warns-increased-cyber-espionage-telecom-sector www.secnews.physaphae.fr/article.php?IdArticle=8656329 False Threat None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-03-17T21:06:33+00:00 https://www.zataz.com/des-pirates-exploitent-une-fausse-annonce-de-deces-pour-diffuser-un-logiciel-espion/ www.secnews.physaphae.fr/article.php?IdArticle=8656323 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future GitHub was forced to take action this weekend to help users after a threat actor compromised a popular open source package used by more than 23,000 organizations.]]> 2025-03-17T20:36:44+00:00 https://therecord.media/github-restores-code-malicious-tj-actions-changes www.secnews.physaphae.fr/article.php?IdArticle=8656315 False Tool,Threat None 3.0000000000000000 HackRead - Chercher Cyber StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures.]]> 2025-03-17T20:17:53+00:00 https://hackread.com/stilachirat-exploits-chrome-crypto-wallets-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8656322 False Malware None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La dernière arnaque de smiming suit un processus familier en tant qu'industrie que l'industrie a connue au cours de la dernière décennie.

---

>The latest smishing scam follows a familiar process as ones the industry has seen over the past decade. ]]> 2025-03-17T20:14:39+00:00 https://cyberscoop.com/toll-road-text-message-scam-swells-nationwide-how-to-stop/ www.secnews.physaphae.fr/article.php?IdArticle=8656316 False None None 3.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Francfort, Allemagne, 17 mars 2025, CyberNewswire - Les cyberattaques ne sont plus une menace abstraite - elles dominent la planification des risques pour les entreprises du monde entier. le dernier link11 Le rapport de cyber européen montre une tendance alarmante: le nombre d'attaques DDOS a plus que… (plus…) Le message News Alert: Link11 \'s Research Shows DDOS est plus ciblé - A et doublé - an-an-an-année href = "https://www.lastwatchdog.com"> Le dernier chien de garde .

---

>Frankfurt, Germany, Mar. 17, 2025, CyberNewswire — Cyberattacks are no longer an abstract threat – they dominate risk planning for companies worldwide. The latest Link11 European Cyber Report shows an alarming trend: the number of DDoS attacks has more than … (more…) The post News alert: Link11\'s research shows DDoS attacks are more targeted - and doubled - year-over-year first appeared on The Last Watchdog.]]> 2025-03-17T19:59:44+00:00 https://www.lastwatchdog.com/news-alert-link11s-research-shows-ddos-attacks-are-more-targeted-and-doubled-year-over-year/ www.secnews.physaphae.fr/article.php?IdArticle=8656306 False Threat,Prediction None 3.0000000000000000 HackRead - Chercher Cyber ChatGPT Down: Users report "Gateway time-out" errors. OpenAI\'s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption.]]> 2025-03-17T19:57:16+00:00 https://hackread.com/chatgpt-down-as-users-report-gateway-time-out-error/ www.secnews.physaphae.fr/article.php?IdArticle=8656313 False None ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.]]> 2025-03-17T18:52:23+00:00 https://www.darkreading.com/vulnerabilities-threats/apache-tomcat-rce-vulnerability-exploit www.secnews.physaphae.fr/article.php?IdArticle=8656299 False Vulnerability,Threat None 3.0000000000000000