This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-19T00:17:59+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch The security update comes just weeks after the release of iOS 17.4, but Apple has not included CVEs or information about the fixes.]]> 2024-03-22T18:40:14+00:00 https://www.darkreading.com/vulnerabilities-threats/apple-is-sparse-with-details-in-latest-ios-update www.secnews.physaphae.fr/article.php?IdArticle=8468636 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week the availability of the Repository for Software... ]]> 2024-03-22T18:31:09+00:00 https://industrialcyber.co/cisa/cisa-publishes-repository-for-software-attestation-and-artifacts-to-reduce-federal-government-cyber-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8468637 False None None 2.0000000000000000 HackRead - Chercher Cyber Par waqas en utilisant un site Web WordPress?Recherchez des logiciels malveillants Sign1! Ceci est un article de HackRead.com Lire le post original: Des milliers de sites Web WordPress piratés avec de nouveaux logiciels malveillants Sign1

---

>By Waqas Using a Wordpress website? Lookout for Sign1 malware! This is a post from HackRead.com Read the original post: Thousands of WordPress Websites Hacked with New Sign1 Malware]]> 2024-03-22T18:04:29+00:00 https://www.hackread.com/wordpress-websites-hacked-new-sign1-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8468609 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-03-22T17:44:37+00:00 https://www.globalsecuritymag.fr/les-hackers-de-synacktiv-piratent-la-tesla-et-remportent-200-000-de-prime-et.html www.secnews.physaphae.fr/article.php?IdArticle=8468612 False None None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le groupe a peut-être cherché des informations sur le changement de sentiments européens sur l'Ukraine, suggèrent les analystes de menaces.

---

>The group may have been seeking insights on shifting European sentiments on Ukraine, threat analysts suggest. ]]> 2024-03-22T17:44:37+00:00 https://cyberscoop.com/cozy-bear-russia-spearphishing-germany/ www.secnews.physaphae.fr/article.php?IdArticle=8468608 False Threat None 4.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage lié au service de renseignement étranger de la Russie (SVR) vise les partis politiques allemands, selon une alerte de la société de cybersécurité Mandiant.L'Allemagne, qui a fourni un soutien militaire substantiel à l'Ukraine, a dû faire face à des menaces d'espionnage persistantes de la Russie depuis le début de l'invasion de l'Ukraine.Cette semaine, procureurs allemands

---

A hacking group linked to Russia\'s Foreign Intelligence Service (SVR) is targeting German political parties, according to an alert from cybersecurity company Mandiant. Germany, which has provided a substantial amount of military support to Ukraine, has faced persistent espionage threats from Russia since the beginning of the invasion of Ukraine. This week German prosecutors]]> 2024-03-22T17:03:47+00:00 https://therecord.media/german-political-parties-russia-espionage-svr www.secnews.physaphae.fr/article.php?IdArticle=8468583 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Uteus or Uetus), describing it as a "former]]> 2024-03-22T16:58:00+00:00 https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8468470 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than 2,500 sites over the past two months alone, Sucuri said in a report published this week. The attacks entail injecting rogue]]> 2024-03-22T16:57:00+00:00 https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html www.secnews.physaphae.fr/article.php?IdArticle=8468471 False Malware None 2.0000000000000000 Recorded Future - FLux Recorded Future La décision de Meta \\ de fermer sa division Crowdtangle - un outil qui suit le contenu sur les réseaux sociaux - a augmenté la colère de plus de 100 groupes de recherche et de défense qui disent qu'il rendra plus difficile la lutte contre la désinformation.Des groupes tels que la Fondation Mozilla, le Center for Democracy and Technology and Access maintenant envoyés

---

Meta\'s decision to close its CrowdTangle division - a tool that tracks content across social media - has raised the ire of more than 100 research and advocacy groups who say it will make it harder to fight disinformation. Groups including the Mozilla Foundation, the Center for Democracy and Technology and Access Now sent]]> 2024-03-22T16:46:46+00:00 https://therecord.media/meta-to-shutter-crowdtangle-disinformation-tracking-tool-before-election www.secnews.physaphae.fr/article.php?IdArticle=8468584 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error. With the capabilities of the]]> 2024-03-22T16:45:00+00:00 https://thehackernews.com/2024/03/implementing-zero-trust-controls-for.html www.secnews.physaphae.fr/article.php?IdArticle=8468437 False Malware None 2.0000000000000000 Recorded Future - FLux Recorded Future Un comté de l'Illinois à la frontière avec l'Iowa est le dernier gouvernement local aux États-Unis à être victime d'une attaque de ransomware.Le comté de Henry est confronté à une large cyberattaque depuis le 18 mars, Mat Schnepple, directeur du bureau de gestion des urgences (OEM) dans le comté d'Henry, a confirmé les futures nouvelles enregistrées.Le comté \\ s

---

An Illinois county on the border with Iowa is the latest local government in the U.S. to fall victim to a ransomware attack. Henry County has been dealing with a wide-ranging cyberattack since March 18, Mat Schnepple, director of the Emergency Management (OEM) office in Henry County, confirmed to Recorded Future News. The county\'s]]> 2024-03-22T16:22:27+00:00 https://therecord.media/illinois-county-gov-college-hit-with-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8468585 False Ransomware None 2.0000000000000000 Silicon - Site de News Francais 2024-03-22T16:14:20+00:00 https://www.silicon.fr/strategie-nationale-cloud-iaas-477076.html www.secnews.physaphae.fr/article.php?IdArticle=8468581 False Cloud None 2.0000000000000000 SonarSource - Blog Sécu et Codage Leveraging Sonar solutions to ensure code security by design]]> 2024-03-22T16:00:00+00:00 https://www.sonarsource.com/blog/dora-compliance-for-financial-entities www.secnews.physaphae.fr/article.php?IdArticle=8468313 False None None 2.0000000000000000 IT Security Guru - Blog Sécurité 2024-03-22T15:58:04+00:00 https://www.itsecurityguru.org/2024/03/22/miwic2024-chelsea-jarvie-ciso-and-director-at-neon-circle/?utm_source=rss&utm_medium=rss&utm_campaign=miwic2024-chelsea-jarvie-ciso-and-director-at-neon-circle www.secnews.physaphae.fr/article.php?IdArticle=8468553 True None None 2.0000000000000000 Bleeping Computer - Magazine Américain Researchers are warning that a notorious hacking group linked to Russia\'s Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. [...]]]> 2024-03-22T15:27:56+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-target-german-political-parties-with-wineloader-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8468661 False Malware None 2.0000000000000000 Recorded Future - FLux Recorded Future Les plus grandes frappes aériennes de la Russie sur les infrastructures critiques ukrainiennes ont laissé près de 1,5 million de personnes sans pouvoir pendant la nuit et vendredi. & NBSP;La Russie a tiré un total de 150 missiles et drones, endommageant les installations énergétiques à travers le pays, dont plusieurs centrales thermiques et la plus grande centrale hydroélectrique de l'Ukraine. & NBSP;La connectivité Internet dans le pays a également été affectée

---

Russia\'s largest air strikes yet on Ukrainian critical infrastructure left nearly 1.5 million people without power overnight and into Friday.  Russia fired a total of 150 missiles and drones, damaging energy facilities across the country, including several thermal power plants and Ukraine\'s largest hydroelectric power station.  Internet connectivity in the country was also affected]]> 2024-03-22T15:27:09+00:00 https://therecord.media/massive-missile-russian-barrage-internet-outages-blackouts www.secnews.physaphae.fr/article.php?IdArticle=8468554 False None None 3.0000000000000000 Nextron - Blog Secu 2024-03-22T15:25:02+00:00 https://www.nextron-systems.com/2024/03/22/unveiling-kamikakabot-malware-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8468550 False Malware None 3.0000000000000000 SecurityWeek - Security News Le Rhysida Ransomware Group a pris le crédit de la cyberattaque sur Marinemax et propose de vendre des données volées pour 15 Bitcoin.

---

>The Rhysida ransomware group has taken credit for the cyberattack on MarineMax and is offering to sell stolen data for 15 bitcoin. ]]> 2024-03-22T15:20:41+00:00 https://www.securityweek.com/ransomware-group-takes-credit-for-attack-on-boat-dealer-marinemax/ www.secnews.physaphae.fr/article.php?IdArticle=8468555 False Ransomware None 2.0000000000000000 The Register - Site journalistique Anglais Short of rearchitecting hardware, the fix will seriously degrade performance Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. …]]> 2024-03-22T15:03:26+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/22/hardwarelevel_apple_silicon_vulnerability_can/ www.secnews.physaphae.fr/article.php?IdArticle=8468523 False Vulnerability None 2.0000000000000000 Fortinet - Fabricant Materiel Securite Read how ZTNA as a key component of SASE provides a much higher level of cybersecurity and reduces risks for WFA users and their organizations.]]> 2024-03-22T15:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/sase-delivered-zero-trust-is-a-must-for-hybrid-workforce www.secnews.physaphae.fr/article.php?IdArticle=8468570 False None None 2.0000000000000000 Fortinet - Fabricant Materiel Securite To strengthen cyber resiliency, the federal government should work effectively with the private sector and share information. Read more.]]> 2024-03-22T15:00:00+00:00 https://www.fortinet.com/blog/ciso-collective/strengthening-cyber-resiliency-through-collaboration www.secnews.physaphae.fr/article.php?IdArticle=8468571 False None None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-03-22T14:59:14+00:00 https://www.globalsecuritymag.fr/secuserve-et-avant-de-cliquer-unissent-leurs-forces-pour-repondre-aux-besoins.html www.secnews.physaphae.fr/article.php?IdArticle=8468529 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le département américain de la sécurité intérieure (DHS) et la Direction générale des communications, les réseaux, le contenu et ... de la Commission européenne \ \ \ la Commission européenne pour les communications, les réseaux, le contenu et ...

---

>The U.S. Department of Homeland Security (DHS) and the European Commission\'s Directorate General for Communications, Networks, Content, and... ]]> 2024-03-22T14:32:49+00:00 https://industrialcyber.co/news/us-eu-collaborate-on-comparative-analysis-of-cyber-incident-reporting-for-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8468526 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-03-22T14:32:38+00:00 https://www.silicon.fr/avis-expert/les-paquets-de-donnees-pilier-fondamental-de-la-cybersecurite www.secnews.physaphae.fr/article.php?IdArticle=8468528 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le Centre américain de partage et d'analyse de l'information sur la santé (Santé-ISAC) et l'Australian Critical Infrastructure & # 8211;Partage d'informations et ...

---

>The U.S. Health Information Sharing and Analysis Center (Health-ISAC) and the Australian Critical Infrastructure – Information Sharing and... ]]> 2024-03-22T14:32:35+00:00 https://industrialcyber.co/medical/us-australian-healthcare-agencies-sign-mou-to-collaborate-during-cyber-threats-for-australian-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8468527 False Medical None 2.0000000000000000 The Register - Site journalistique Anglais In wake of Post Office Horizon scandal, global execs set new profit target, and Irish ops fell short Exclusive  Fujitsu is effectively shuttering business operations in the Republic of Ireland and opening consultations with employee representatives before the majority of the workforce is made redundant.…]]> 2024-03-22T14:30:09+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/22/fujitsu_to_cease_operations_in_ireland/ www.secnews.physaphae.fr/article.php?IdArticle=8468524 False None None 2.0000000000000000 Dark Reading - Informationweek Branch Strong code-signing best practices are an invaluable way to build trust in the development process and enable a more secure software supply chain.]]> 2024-03-22T14:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/8-strategies-enhancing-code-signing-security www.secnews.physaphae.fr/article.php?IdArticle=8468497 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SentinelLabs researchers identified the malware as a new variant of AcidRain, which shut down thousands of Viasat satellites in Ukraine and Western Europe in 2022]]> 2024-03-22T13:45:00+00:00 https://www.infosecurity-magazine.com/news/acidpour-wiper-linux-ukraine/ www.secnews.physaphae.fr/article.php?IdArticle=8468496 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch Beleaguered social media platform now faces scrutiny by the Kenyan government over cybersecurity and data privacy.]]> 2024-03-22T13:22:43+00:00 https://www.darkreading.com/cyber-risk/kenya-to-tiktok-prove-compliance-with-our-privacy-laws www.secnews.physaphae.fr/article.php?IdArticle=8468498 False None None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La mise en œuvre d'une posture de sécurité zéro fiducie est une meilleure pratique attendue, mais les plates-formes peuvent différer considérablement en matière d'efficacité de sécurité, de facilité d'utilisation et d'étendue des capacités.Miercom, une principale société de tests de réseau indépendante et de sécurité, a évalué les cinq principales plates-formes de sécurité pour comparer les performances de chaque fournisseur pour les cas d'utilisation de la fiducie Zero Trust.Le point de contrôle a obtenu les notes supérieures dans toutes les catégories de l'évaluation de la plate-forme Zero Trust.Axe x: admin & # 38;Expérience utilisateur / axe Y: Tailles de cercle des fournisseurs d'efficacité de sécurité reflète l'exhaustivité de la plate-forme & # 38;Étendue par rapport aux autres fournisseurs Qu'est-ce que Zero Trust?Une architecture de sécurité zéro fiducie est conçue pour réduire la cybersécurité [& # 8230;]

---

>Implementing a Zero Trust security posture is an expected best practice, but platforms can differ considerably in security effectiveness, ease-of-use, and breadth of capabilities. Miercom, a leading independent network and security testing firm, evaluated the top five security platforms to compare each vendor\'s performance for common Zero Trust enterprise use cases. Check Point achieved top ratings across all categories in the Zero Trust Platform Assessment. X-axis: Admin & User Experience / Y-axis: Security Efficacy Vendor circle sizes reflect platform Completeness & Breadth relative to other vendors What is Zero Trust? A Zero Trust security architecture is designed to reduce cybersecurity […] ]]> 2024-03-22T13:00:04+00:00 https://blog.checkpoint.com/security/top-zero-trust-platforms-evaluated-by-miercom-check-point-ranks-1/ www.secnews.physaphae.fr/article.php?IdArticle=8468463 False None None 2.0000000000000000 SecurityWeek - Security News Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. ]]> 2024-03-22T13:00:02+00:00 https://www.securityweek.com/39000-websites-infected-in-sign1-malware-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8468495 False Malware None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope est fier d'annoncer les lauréats du prix du partenaire de l'année de cette année.Nos partenaires sont essentiels à notre succès, et nous sommes ravis de reconnaître leurs contributions incroyables. & # 160;Cette année, le programme de récompenses de \\ célèbre les partenaires qui vont au-delà pour aider les organisations à adopter le pouvoir de la sase et à sécuriser leur parcours cloud.[& # 8230;]

---

>Netskope is proud to announce this year\'s Global Partner of the Year award winners. Our partners are essential to our success, and we are thrilled to recognize their incredible contributions.  This year\'s awards program celebrates partners who are going above and beyond to help organizations embrace the power of SASE and secure their cloud journey. […] ]]> 2024-03-22T13:00:00+00:00 https://www.netskope.com/blog/congratulations-to-the-netskope-2024-global-partner-award-winners www.secnews.physaphae.fr/article.php?IdArticle=8468464 False Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Scammers now use AI to instantly whip up SEO-friendly bereavement scams, and it\'s never been easier to swindle mourners or use them to get to their employers.]]> 2024-03-22T13:00:00+00:00 https://www.darkreading.com/threat-intelligence/why-ai-obituary-scams-cyber-risk-businesses www.secnews.physaphae.fr/article.php?IdArticle=8468468 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-03-22T12:52:19+00:00 https://www.silicon.fr/redis-change-licence-477072.html www.secnews.physaphae.fr/article.php?IdArticle=8468494 False None None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT]]> 2024-03-22T12:21:34+00:00 https://www.welivesecurity.com/en/videos/acecryptor-attacks-europe-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8469364 False Spam,Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The joint advisory sets out how to mitigate and respond to DDoS attacks, limiting disruption to critical services]]> 2024-03-22T12:20:00+00:00 https://www.infosecurity-magazine.com/news/us-ddos-attack-guidance-public/ www.secnews.physaphae.fr/article.php?IdArticle=8468466 False None None 2.0000000000000000 Cisco - Security Firm Blog Delve into the world of Cisco XDR Playbooks, enhancing security operations with strategic guides and automation for robust incident response.]]> 2024-03-22T12:00:34+00:00 https://feedpress.me/link/23535/16628302/introducing-cisco-xdr-playbooks www.secnews.physaphae.fr/article.php?IdArticle=8468434 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates russes soutenus par l'État sont probablement à l'origine d'attaques récentes contre quatre petits fournisseurs d'Internet ukrainiens, perturbant leurs opérations pendant plus d'une semaine.Un groupe connu sous le nom de Solntsepek a revendiqué la responsabilité des incidents sur sa chaîne Telegram la semaine dernière.Des responsables ukrainiens ont déclaré à Future News que les preuves impliquaient le groupe, qui est également censé

---

Russian state-backed hackers are likely behind recent attacks on four small Ukrainian internet providers, disrupting their operations for more than a week. A group known as Solntsepek claimed responsibility for the incidents on its Telegram channel last week. Ukrainian officials told Recorded Future News that evidence implicates the group, which is also believed to]]> 2024-03-22T11:59:36+00:00 https://therecord.media/ukraine-isps-attacks-solntsepek-sandworm-gru www.secnews.physaphae.fr/article.php?IdArticle=8468467 False None None 2.0000000000000000 IT Security Guru - Blog Sécurité Cybaverse lance une nouvelle plate-forme pour rationaliser la gestion de la cybersécurité pour les organisations et les MSP apparu pour la première fois sur gourou de la sécurité informatique .

---

Cybaverse, a cyber security services provide based in the south of England, has launched two new platforms to help end-user organisations and MSPs manage security more efficiently. Cybaverse.ai  has been designed to streamline cyber security management, offering end-users with the ability to manage all their security efforts in one place, while MSPs can integrate the […] The post Cybaverse launches new platform to streamline cyber security management for organisations and MSPs first appeared on IT Security Guru. ]]> 2024-03-22T11:47:46+00:00 https://www.itsecurityguru.org/2024/03/22/cybaverse-launches-new-platform-to-streamline-cyber-security-management-for-organisations-and-msps/?utm_source=rss&utm_medium=rss&utm_campaign=cybaverse-launches-new-platform-to-streamline-cyber-security-management-for-organisations-and-msps www.secnews.physaphae.fr/article.php?IdArticle=8468436 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among others, security and privacy of users when messaging non-iPhone users. "Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive]]> 2024-03-22T11:44:00+00:00 https://thehackernews.com/2024/03/us-justice-department-sues-apple-over.html www.secnews.physaphae.fr/article.php?IdArticle=8468337 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU\'s cache. [...]]]> 2024-03-22T11:01:56+00:00 https://www.bleepingcomputer.com/news/security/new-gofetch-attack-on-apple-silicon-cpus-can-steal-crypto-keys/ www.secnews.physaphae.fr/article.php?IdArticle=8468525 False None None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Détails .Il est de 2 millions de dollars de moins qu'en 2022, mais il est encore beaucoup beaucoup. La récompense la plus élevée pour un rapport de vulnérabilité en 2023 était de 113 337 $, tandis que le décompte total depuis le lancement du programme en 2010 a atteint 59 millions de dollars. Pour Android, le système d'exploitation mobile le plus populaire et le plus largement utilisé, le programme a accordé plus de 3,4 millions de dollars. Google a également augmenté le montant maximal de récompense pour les vulnérabilités critiques concernant Android à 15 000 $, ce qui a augmenté les rapports communautaires. Au cours des conférences de sécurité comme ESCAL8 et Hardwea.io, Google a attribué 70 000 $ pour 20 découvertes critiques dans le système d'exploitation Android et Android Automotive et 116 000 $ pour 50 rapports concernant les problèmes dans Nest, Fitbit et Wearables ...

---

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables...]]> 2024-03-22T11:01:39+00:00 https://www.schneier.com/blog/archives/2024/03/google-pays-10m-in-bug-bounties-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8468408 False Vulnerability,Studies,Mobile None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Executive SummaryIn late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties with a CDU-themed lure.  This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the typical targeting of diplomatic missions.Based on the SVR\'s responsibility to collect political intelligence and this APT29 cluster\'s historical targeting patterns, we judge this activity to present a broad threat to European and other Western political parties from across the political]]> 2024-03-22T11:00:00+00:00 https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties www.secnews.physaphae.fr/article.php?IdArticle=8469994 False Threat APT 29 2.0000000000000000 SecurityWeek - Security News Researchers detail GoFetch, a new side-channel attack impacting Apple CPUs that could allow an attacker to obtain secret keys. ]]> 2024-03-22T10:42:36+00:00 https://www.securityweek.com/new-gofetch-apple-cpu-attack-exposes-crypto-keys/ www.secnews.physaphae.fr/article.php?IdArticle=8468435 False Vulnerability None 4.0000000000000000 Global Security Mag - Site de news francais Interviews / INCYBER 2024]]> 2024-03-22T10:36:22+00:00 https://www.globalsecuritymag.fr/morgan-follier-ilex-cybersecurity-inetum-software-l-innovation-est-le-principal.html www.secnews.physaphae.fr/article.php?IdArticle=8468410 False None None 3.0000000000000000 Korben - Bloger francais 2024-03-22T10:22:40+00:00 https://korben.info/faille-securite-bluetooth-enregistrement-lecture-audio-non-autorises.html www.secnews.physaphae.fr/article.php?IdArticle=8468438 False None None 3.0000000000000000 Silicon - Site de News Francais 2024-03-22T10:08:11+00:00 https://www.silicon.fr/surface-pro-10-477060.html www.secnews.physaphae.fr/article.php?IdArticle=8468409 False None None 2.0000000000000000 Korben - Bloger francais 2024-03-22T10:06:12+00:00 https://korben.info/pinokio-automatiser-scripter-ia-un-clic.html www.secnews.physaphae.fr/article.php?IdArticle=8468439 False None None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / INCYBER 2024]]> 2024-03-22T10:05:20+00:00 https://www.globalsecuritymag.fr/nicolas-groh-rubrik-les-rssi-doivent-adopter-une-bonne-posture-face-aux.html www.secnews.physaphae.fr/article.php?IdArticle=8468411 False None None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-03-22T09:25:39+00:00 https://www.globalsecuritymag.fr/keeper-security-ameliore-la-gestion-des-mots-de-passe-et-des-acces-privilegies.html www.secnews.physaphae.fr/article.php?IdArticle=8468385 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour\'s expanded capabilities would enable it to better]]> 2024-03-22T08:36:00+00:00 https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html www.secnews.physaphae.fr/article.php?IdArticle=8468270 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / INCYBER 2024]]> 2024-03-22T08:23:40+00:00 https://www.globalsecuritymag.fr/frederic-laurent-snowpack-grace-a-l-invisibilite-nous-apportons-un-changement.html www.secnews.physaphae.fr/article.php?IdArticle=8468361 False None None 3.0000000000000000 Korben - Bloger francais 2024-03-22T08:00:00+00:00 https://korben.info/creez-jeux-retro-game-boy-facilement-avec-gb-studio.html www.secnews.physaphae.fr/article.php?IdArticle=8468360 False None None 2.0000000000000000 ProofPoint - Cyber Firms 2024-03-22T06:00:42+00:00 https://www.proofpoint.com/us/blog/information-protection/defend-data-with-human-centric-solution www.secnews.physaphae.fr/article.php?IdArticle=8468465 False Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 Korben - Bloger francais 2024-03-22T06:00:16+00:00 https://korben.info/failles-securite-serrures-hotel-saflok-technique-unsaflok-revelee.html www.secnews.physaphae.fr/article.php?IdArticle=8468314 False Hack,Vulnerability None 4.0000000000000000 Resecurity - cyber risk firms 2024-03-22T00:00:00+00:00 https://www.resecurity.com/blog/article/cybercriminals-accelerate-online-scams-during-ramadan-and-eid-fitr www.secnews.physaphae.fr/article.php?IdArticle=8469476 False None None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary In late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties with a CDU-themed lure.   This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the typical targeting of diplomatic missions. Based on the SVR\'s responsibility to collect political intelligence and this APT29 cluster\'s historical targeting patterns, we judge this activity to present a broad threat to European and other Western political parties from across the political spectrum. Please see the Technical Annex for technical details and MITRE ATT&CK techniques, (T1543.003, T1012, T1082, T1134, T1057, T1007, T1027, T1070.004, T1055.003 and T1083) Threat Detail In late February 2024, Mandiant identified APT29 - a Russian Federation backed threat group linked by multiple governments to Russia\'s Foreign Intelligence Service (SVR) - conducting a phishing campaign targeting German political parties. Consistent with APT29 operations extending back to 2021, this operation leveraged APT29\'s mainstay first-stage payload ROOTSAW (aka EnvyScout) to deliver a new backdoor variant publicly tracked as WINELOADER.  Notably, this activity represents a departure from this APT29 initial access cluster\'s typical remit of targeting governments, foreign embassies, and other diplomatic missions, and is the first time Mandiant has seen an operational interest in political parties from this APT29 subcluster. Additionally, while APT29 has previously used lure documents bearing the logo of German government organizations, this is the first instance where we have seen the group use German-language lure content - a possible artifact of the targeting differences (i.e. domestic vs. foreign) between the two operations.  Phishing emails were sent to victims purporting to be an invite to a dinner reception on 01 March bearing a logo from the Christian Democratic Union (CDU), a major political party in Germany (see Figure 1).  The German-language lure document contains a phishing link directing victims to a malicious ZIP file containing a ROOTSAW dropper hosted on an actor-controlled compromised website “https://waterforvoiceless[.]org/invite.php”.  ROOTSAW delivered a second-stage CDU-themed lure document and a next stage WINELOADER payload retrieved from “waterforvoiceless[.]org/util.php”.  WINELOADER was first observed in operational use in late January 2024 in an operation targeting likely diplomatic entities in Czechia, Germany, India, Italy, Latvia, and Peru.  The backdoor contains several features and functions that overlap with several known APT29 malware families including BURNTBATTER, MUSKYBEAT and BEATDROP, indicating they are likely created by a common developer (see Technical Annex for additional details). ]]> 2024-03-22T00:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties/ www.secnews.physaphae.fr/article.php?IdArticle=8500402 False Malware,Threat,Cloud,Technical APT 29 3.0000000000000000 Global Security Mag - Site de news francais opinion / / prime time

---

H1: Handling Your Cyber Security With SOCaaS - Opinion / primetime]]> 2024-03-21T23:30:00+00:00 https://www.globalsecuritymag.fr/h1-handling-your-cyber-security-with-socaas.html www.secnews.physaphae.fr/article.php?IdArticle=8467808 False None None 2.0000000000000000 Dark Reading - Informationweek Branch The Microsoft Identity Cookbook is a collection of orchestration recipes to help organizations adopt cloud-based identity providers.]]> 2024-03-21T22:45:23+00:00 https://www.darkreading.com/identity-access-management-security/strata-identity-releases-new-authentication-recipes www.secnews.physaphae.fr/article.php?IdArticle=8468469 False None None 2.0000000000000000 Dark Reading - Informationweek Branch Zero Day Initiative awarded a total of $732,000 to researchers who found 19 unique cybersecurity vulnerabilities during the first day of Pwn2Own.]]> 2024-03-21T22:32:49+00:00 https://www.darkreading.com/threat-intelligence/team-s-tesla-hack-wins-them-200k-and-a-new-car www.secnews.physaphae.fr/article.php?IdArticle=8468149 False Hack,Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber Par uzair amir Avec l'adoption massive de Microsoft 365, rencontrer des environnements complexes impliquant plusieurs locataires devient de plus en plus courant. Ceci est un article de HackRead.com Lire le post original: Cross LocantMicrosoft 365 Migration

---

>By Uzair Amir With the massive adoption of Microsoft 365, encountering complex environments involving multiple tenants is becoming increasingly common. This is a post from HackRead.com Read the original post: Cross Tenant Microsoft 365 Migration]]> 2024-03-21T22:32:31+00:00 https://www.hackread.com/cross-tenant-microsoft-365-migration/ www.secnews.physaphae.fr/article.php?IdArticle=8468148 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Forgepoint Capital\'s Alberto Yépez discusses how the concept of identity is changing: It doesn\'t just mean "us" anymore.]]> 2024-03-21T22:04:35+00:00 https://www.darkreading.com/cybersecurity-operations/changing-concepts-identity-perfect-storm-cyber-risk www.secnews.physaphae.fr/article.php?IdArticle=8468126 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco]]> 2024-03-21T21:33:00+00:00 https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html www.secnews.physaphae.fr/article.php?IdArticle=8468001 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Since the beginning of this year, the company has disclosed some seven critical bugs so far, almost all of which attackers have quickly exploited in mass attacks.]]> 2024-03-21T21:22:06+00:00 https://www.darkreading.com/vulnerabilities-threats/ivanti-security-teams-scrambling-2-vulns www.secnews.physaphae.fr/article.php?IdArticle=8468127 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Une mesure pour aborder la vente des données américaines ne va pas assez loin pour freiner l'industrie du courtier de données, selon les défenseurs.

---

>A measure to address the sale of Americans\' data doesn\'t go far enough to rein in the data broker industry, advocates argue. ]]> 2024-03-21T21:10:51+00:00 https://cyberscoop.com/house-passed-data-privacy-bill-doesnt-thrill-privacy-groups/ www.secnews.physaphae.fr/article.php?IdArticle=8468125 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Un pirate serait lié à la République de Chine du peuple a exploité deux vulnérabilités populaires pour attaquer les entrepreneurs de la défense américaine, les entités et les institutions gouvernementales du Royaume-Uni en Asie. & NBSP;Un nouveau rapport de la société de sécurité appartenant à Google Mandiant a mis en lumière le travail d'un acteur de menace qu'ils appellent UNC5174.Les chercheurs pensent que l'UNC5174 est un ancien membre

---

A hacker allegedly connected to the People\'s Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.  A new report from Google-owned security firm Mandiant spotlighted the work of a threat actor they call UNC5174. The researchers believe UNC5174 is a former member]]> 2024-03-21T20:38:56+00:00 https://therecord.media/chinese-government-hacker-exploiting-bugs-to-target-defense-government-sectors www.secnews.physaphae.fr/article.php?IdArticle=8468102 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Le président Joe Biden a annoncé jeudi qu'il avait l'intention de nommer Michael Sulmeyer, le principal conseiller de l'armée américaine de l'armée américaine, pour être le premier chef de politique numérique du Pentagone.Recordé Future News l'année dernière a rapporté l'an dernier que Sulmeyer - qui a occupé divers postes de senior au Conseil de sécurité nationale, au cyber commandement américain et au National

---

President Joe Biden on Thursday announced he intends to nominate Michael Sulmeyer, the U.S. Army\'s principal cyber advisor, to be the Pentagon\'s first digital policy chief. Recorded Future News first reported last year that Sulmeyer - who has served in various senior roles at the National Security Council, U.S. Cyber Command and the National]]> 2024-03-21T20:33:16+00:00 https://therecord.media/biden-taps-cyber-policy-veteran-for-new-pentagon-post www.secnews.physaphae.fr/article.php?IdArticle=8468103 False None None 2.0000000000000000 Dark Reading - Informationweek Branch NVD may be in peril, and while alternatives exist, enterprise security managers will need to plan accordingly to stay on top of new threats.]]> 2024-03-21T20:24:59+00:00 https://www.darkreading.com/cybersecurity-operations/nist-vuln-database-downshifts-prompting-questions-about-its-future www.secnews.physaphae.fr/article.php?IdArticle=8468101 False None None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) [Consultez la rédaction de Microsoft \\ sur CVE-2023-46604 - Apache ActiveMQ ici.] (Https://sip.security.microsoft.com/intel-profiles/cve-2023-46604) #### URL de référence (s) 1. https://www.cybereason.com/blog/beware-of-the-messengers-expoiting-activemq-vulnerabilité #### Date de publication 13 mars 2024 #### Auteurs) Équipe de services de sécurité de la cyberéasie

---

#### Description Cybereason Security Services has issued a Threat Analysis Report on an incident involving a Linux server that saw malicious shell executions from a Java process running Apache ActiveMQ. The ActiveMQ service is an open-source message broker used to bridge communications from separate servers running different components and/or written in different languages. The activity is strongly assessed to have leveraged a Remote Code Execution (RCE) vulnerability CVE-2023-46604. The observed shell executions include attempts to download additional payloads such as executables of Mirai Botnet, HelloKitty Ransomware, SparkRAT executables, and coinminers including XMRig. The deployment methodologies mainly employ automation; however, one initial foothold is dependent on an interactive session via Netcat reverse shells. > [Check out Microsoft\'s write-up on CVE-2023-46604 - Apache ActiveMQ here.](https://sip.security.microsoft.com/intel-profiles/CVE-2023-46604) #### Reference URL(s) 1. https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability #### Publication Date March 13, 2024 #### Author(s) Cybereason Security Services Team ]]> 2024-03-21T20:17:15+00:00 https://community.riskiq.com/article/9b8f807f www.secnews.physaphae.fr/article.php?IdArticle=8468115 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code. "It\'s an actual threat since]]> 2024-03-21T19:56:00+00:00 https://thehackernews.com/2024/03/over-800-npm-packages-found-with.html www.secnews.physaphae.fr/article.php?IdArticle=8467951 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Le ministère des Transports (DOT) examinera les pratiques de collecte de données pour les 10 plus grandes compagnies aériennes du pays dans le but d'améliorer les protections de la vie privée des passagers, a déclaré le secrétaire Pete Buttigieg jeudi. & NBSP;Le ministère a déclaré qu'il examinerait les politiques aériennes et la formation à la gestion des passagers sensibles personnels et s'assurera qu'il n'est «pas mal monétisé

---

The Department of Transportation (DOT) will review data collection practices for the country\'s 10 largest airlines in a bid to improve passenger privacy protections, Secretary Pete Buttigieg said on Thursday.  The department said it will examine airline policies and training in handling passengers\' sensitive personal data and will ensure it is “not improperly monetized]]> 2024-03-21T19:49:19+00:00 https://therecord.media/airlines-airports-dot-passenger-data-privacy-review www.secnews.physaphae.fr/article.php?IdArticle=8468079 False None None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) [Consultez la rédaction de Microsoft \\ sur les voleurs d'informations ici.] (Https://sip.security.microsoft.com/intel-Profils / 2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?) #### URL de référence (s) 1. https://www.rewterz.com/rewterz-news/rewterz-threat-lert-formbook-malware-active-iocs-98 #### Date de publication 21 mars 2024 #### Auteurs) Rewterz

---

#### Description FormBook, an information stealer (infostealer) malware discovered in 2016, has various capabilities such as tracking keystrokes, accessing files, capturing screenshots, and stealing passwords from web browsers. It can execute additional malware as directed by a command-and-control server and is adept at evading detection through techniques like code obfuscation and encryption. FormBook\'s flexibility allows customization for specific targets and its obfuscation methods make removal challenging. Cybercriminals distribute FormBook through email attachments like PDFs and Office Documents, with notable use during the 2022 Russia-Ukraine conflict. FormBook\'s successor, XLoader, is currently active. > [Check out Microsoft\'s write-up on information stealers here.](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?) #### Reference URL(s) 1. https://www.rewterz.com/rewterz-news/rewterz-threat-alert-formbook-malware-active-iocs-98 #### Publication Date March 21, 2024 #### Author(s) Rewterz]]> 2024-03-21T19:45:35+00:00 https://community.riskiq.com/article/7b321c6c www.secnews.physaphae.fr/article.php?IdArticle=8468091 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch The ready-made access IABs offer has become an integral part of the ransomware ecosystem. Here\'s how to stop them before they can profit from your assets.]]> 2024-03-21T19:05:00+00:00 https://www.darkreading.com/threat-intelligence/how-to-reduce-threats-from-the-initial-access-brokers-market www.secnews.physaphae.fr/article.php?IdArticle=8468057 False Ransomware None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Votre organisation utilise-t-elle Zephyr OS?Patcher et le mettre à jour vers la dernière version maintenant! Ceci est un article de HackRead.com Lire la publication originale: Zephyr OS non corrigé Expose des périphériques aux attaques DOS via l'usurpation IP

---

>By Waqas Is your organisation using Zephyr OS? Patch and update it to the latest version now! This is a post from HackRead.com Read the original post: Unpatched Zephyr OS Expose Devices to DoS Attacks via IP Spoofing]]> 2024-03-21T18:51:55+00:00 https://www.hackread.com/unpatched-zephyr-os-dos-attacks-ip-spoofing/ www.secnews.physaphae.fr/article.php?IdArticle=8468056 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial L'Agence américaine de sécurité de cybersécurité et d'infrastructure (CISA), le Federal Bureau of Investigation (FBI) et les informations multi-états ...

---

>The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information... ]]> 2024-03-21T18:51:31+00:00 https://industrialcyber.co/cisa/us-agencies-release-updated-guide-on-defending-against-ddos-attacks-for-critical-infrastructure-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8468052 False None None 2.0000000000000000 Global Security Mag - Site de news francais enisa

---

New chapter begins as ENISA celebrates 20 years of strengthening cybersecurity Greek Minster of Digital Governance, Dimitrios Papastergiou joined the European Union Agency for Cybersecurity (ENISA) on the occasion of celebrating the 20 years since its establishment and the ENISA Management Board voted to extend a second mandate to Executive Director, Juhan Lepassaar. - ENISA]]> 2024-03-21T18:43:28+00:00 https://www.globalsecuritymag.fr/new-chapter-begins-as-enisa-celebrates-20-years-of-strengthening-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8468053 False None None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Keeper Security Bolsters Administrative Control Over Passwords and Privileged Access Management With UI Updates and Streamlined Onboarding Enhanced visibility, strengthened Two-Factor Authentication (2FA) enforcement and improved security measures combine to create an effortless management experience - Product Reviews]]> 2024-03-21T18:37:05+00:00 https://www.globalsecuritymag.fr/keeper-security-announces-significant-improvements-to-its-admin-console-user.html www.secnews.physaphae.fr/article.php?IdArticle=8468054 False Legislation None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Google still isn\'t letting Play Store apps use RCS, though.]]> 2024-03-21T18:34:13+00:00 https://arstechnica.com/?p=2011931 www.secnews.physaphae.fr/article.php?IdArticle=8468050 False Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-03-21T18:31:51+00:00 https://www.globalsecuritymag.fr/vade-rejoint-intercert-france.html www.secnews.physaphae.fr/article.php?IdArticle=8468055 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP]]> 2024-03-21T18:18:00+00:00 https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html www.secnews.physaphae.fr/article.php?IdArticle=8467923 False Malware,Tool,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers can create a self-perpetuating, infinite scenario in such a way that volumes of traffic overwhelm network resources indefinitely.]]> 2024-03-21T18:17:06+00:00 https://www.darkreading.com/cloud-security/300k-internet-hosts-at-risk-for-devastating-loop-dos-attack www.secnews.physaphae.fr/article.php?IdArticle=8468058 False None None 2.0000000000000000 RedCanary - Red Canary Tax season springs financially-themed phishing lures on users, and vulnerabilities continue to sprout in this month\'s Intelligence Insights]]> 2024-03-21T17:43:12+00:00 https://redcanary.com/blog/intelligence-insights-march-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8468029 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Des milliers de personnes ont eu leurs informations accessibles par des pirates à la suite d'attaques contre plusieurs États et gouvernements locaux ces derniers mois, selon de nouveaux documents réglementaires.Le gouvernement de la ville de Jacksonville Beach n'était que le dernier à signaler un tel incident, Divulosing & NBSP;Mercredi soir que 48 949 personnes avaient des informations personnelles accessibles en janvier

---

Thousands of people have had their information accessed by hackers following attacks on multiple state and local governments in recent months, according to new regulatory filings. The city government of Jacksonville Beach was just the latest to report such an incident, disclosing  Wednesday evening that 48,949 people had personal information accessed during a January]]> 2024-03-21T17:26:38+00:00 https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8468027 False None None 3.0000000000000000 Dark Reading - Informationweek Branch A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of the top cloud services.]]> 2024-03-21T17:13:23+00:00 https://www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk www.secnews.physaphae.fr/article.php?IdArticle=8468025 False Cloud None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed pwn2own est de retour! Ceci est un article de HackRead.com Lire la publication originale: PWN2OWN 2024 récompense 700k $ en tant que pirates pwned Tesla, navigateurs et plus

---

>By Deeba Ahmed Pwn2Own is back! This is a post from HackRead.com Read the original post: Pwn2Own 2024 Awards $700k as Hackers Pwned Tesla, Browsers, and More]]> 2024-03-21T17:06:13+00:00 https://www.hackread.com/pwn2own-2024-awards-hackers-pwn-tesla-browsers/ www.secnews.physaphae.fr/article.php?IdArticle=8468000 False None None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That\'s why effective vendor risk management (VRM) is a]]> 2024-03-21T17:00:00+00:00 https://thehackernews.com/2024/03/how-to-accelerate-vendor-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8467864 False Vulnerability,Cloud None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our vulnerability researchers discovered critical vulnerabilities in Erxes with the help of SonarCloud. Learn about the details and how to triage such issues in your own code!]]> 2024-03-21T17:00:00+00:00 https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices www.secnews.physaphae.fr/article.php?IdArticle=8467999 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The campaign notably included attempts to impersonate legitimate media outlets]]> 2024-03-21T17:00:00+00:00 https://www.infosecurity-magazine.com/news/us-targets-russia-cyber-influence/ www.secnews.physaphae.fr/article.php?IdArticle=8468003 False None None 2.0000000000000000 CrowdStrike - CTI Society The increase in cloud adoption has been met with a corresponding rise in cybersecurity threats. Cloud intrusions escalated by a staggering 75% in 2023, with cloud-conscious cases increasing by 110%. Amid this surge, eCrime adversaries have become the top threat actors targeting the cloud, accounting for 84% of adversary-attributed cloud-conscious intrusions.  For large enterprises that […]]]> 2024-03-21T16:54:15+00:00 https://www.crowdstrike.com/blog/crowdstrike-enhances-cdr-capabilities-for-cicd-pipeline/ www.secnews.physaphae.fr/article.php?IdArticle=8468502 False Threat,Cloud None 3.0000000000000000 Korben - Bloger francais Suite]]> 2024-03-21T16:45:23+00:00 https://korben.info/test-sagres-jeu-pc-avis.html www.secnews.physaphae.fr/article.php?IdArticle=8468026 False None None 2.0000000000000000 Silicon - Site de News Francais 2024-03-21T16:16:55+00:00 https://www.silicon.fr/cispe-broadcom-vmware-477043.html www.secnews.physaphae.fr/article.php?IdArticle=8468002 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US House of Representatives approved the new bill with an overwhelming vote of 414-0]]> 2024-03-21T16:00:00+00:00 https://www.infosecurity-magazine.com/news/us-targets-data-sharing-foreign/ www.secnews.physaphae.fr/article.php?IdArticle=8467976 False Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GitHub on Wednesday announced that it\'s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and]]> 2024-03-21T16:00:00+00:00 https://thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html www.secnews.physaphae.fr/article.php?IdArticle=8467865 False Tool,Patching None 2.0000000000000000 Recorded Future - FLux Recorded Future L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) recevrait 2,8 milliards de dollars dans le cadre d'un forfait de financement gouvernemental que les législateurs américains ont dévoilé jeudi.Ce montant, une partie d'un ensemble total de 1,2 billion de dollars, est de 35 millions de dollars de moins que la CISA reçue au cours de l'exercice 2023. Il est également de 180 millions de dollars en vertu de la demande de budget de l'administration de Biden \\ pour l'exercice

---

The Cybersecurity and Infrastructure Security Agency (CISA) would receive $2.8 billion under a government funding package U.S. lawmakers unveiled on Thursday. That amount, part of a total $1.2 trillion package, is $35 million less than CISA received in fiscal year 2023. It is also $180 million under Biden\'s administration\'s budget request for fiscal year]]> 2024-03-21T15:51:50+00:00 https://therecord.media/government-funding-bill-makes-modest-cisa-cuts www.secnews.physaphae.fr/article.php?IdArticle=8467978 False None None 3.0000000000000000 knowbe4 - cybersecurity services Les paragraphes suivants ont été cités directement de mon récent article mettant en évidence Social Engineering . " ingénierie sociale et phishing sont impliqués dans 70% à 90% de tous Attaques de cybersécurité réussies. Aucune autre cause de piratage racine initiale se rapproche.

---

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.]]> 2024-03-21T15:37:14+00:00 https://blog.knowbe4.com/did-you-notice-how-much-fbi-other-crime-is-really-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8467972 False None None 3.0000000000000000 Korben - Bloger francais 2024-03-21T15:09:09+00:00 https://korben.info/brewintosh-ordinateur-macintosh-reinvente-3d-open-source.html www.secnews.physaphae.fr/article.php?IdArticle=8467975 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future La police allemande a déclaré avoir saisi l'infrastructure du populaire marché illégal de DarkNet connu sous le nom de Némesis et a abattu son site Web.Les visiteurs du site Web de la cybercriminalité ont été accueillis jeudi avec une bannière rouge annonçant la prise de contrôle.En bas, la police a placé un vaisseau spatial animé rappelant un jeu vidéo des années 1990 appelé Némesis.

---

German police said they seized the infrastructure of the popular illegal darknet marketplace known as Nemesis and took its website down. Visitors to the cybercrime website were greeted on Thursday with a red banner announcing the takeover. At the bottom, the police placed an animated spaceship reminiscent of a 1990s video game called Nemesis.]]> 2024-03-21T15:01:04+00:00 https://therecord.media/nemesis-cybercrime-market-takedown-germany www.secnews.physaphae.fr/article.php?IdArticle=8467950 False Legislation None 2.0000000000000000 BHconsulting - Consulting Conseils, conseils, apprentissage et tendances organisés en cybersécurité et en vie privée, tels que choisis par nos consultants.Les titres mondiaux de la saisie des cyber-risques rampants ne cessent de nous rappeler le fort lien entre un incident de cybersécurité et une perte financière.CNN rapporte que les victimes de ransomwares dans le secteur américain de la santé disent qu'ils «sont« de l'argent avec l'hémorragage », car les perturbations affectent leurs opérations quotidiennes.Certains ...

---

>Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. Creeping cyber risk grabbing global headlines Ransomware keeps reminding us of the strong connection between a cybersecurity incident and financial loss. CNN reports that ransomware victims in the US healthcare sector say they\'re “haemorrhaging money”, as disruption affects their daily operations. Some ... ]]> 2024-03-21T14:55:04+00:00 https://bhconsulting.ie/security-roundup-march-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8470788 False Ransomware,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) When you read reports about cyber-attacks affecting operational technology (OT), it\'s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the]]> 2024-03-21T14:53:00+00:00 https://thehackernews.com/2024/03/making-sense-of-operational-technology.html www.secnews.physaphae.fr/article.php?IdArticle=8467812 False Industrial None 3.0000000000000000 Silicon - Site de News Francais 2024-03-21T14:15:36+00:00 https://www.silicon.fr/amf-dsi-cour-des-comptes-477036.html www.secnews.physaphae.fr/article.php?IdArticle=8467973 False None None 2.0000000000000000