This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:29:23+00:00 www.secnews.physaphae.fr WatchGuard - Fabricant Matériel et Logiciels 2025-03-12T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/watchguard-lance-firecloud-internet-access-le-1er-produit-de-la-nouvelle www.secnews.physaphae.fr/article.php?IdArticle=8655277 False Threat,Cloud None 3.0000000000000000 Krebs on Security - Chercheur Américain Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.]]> 2025-03-11T23:53:01+00:00 https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/ www.secnews.physaphae.fr/article.php?IdArticle=8655155 False Vulnerability,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Plus des trois quarts des vulnérabilités couvertes par la mise à jour du patch mensuel du fournisseur est des défauts de haute sévérité.

---

>More than three-quarters of the vulnerabilities covered in the vendor\'s monthly Patch Tuesday update are high-severity flaws. ]]> 2025-03-11T22:48:02+00:00 https://cyberscoop.com/microsoft-patch-tuesday-march-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8655146 False Vulnerability None 2.0000000000000000 HackRead - Chercher Cyber Almost every company nowadays depends on cloud computing since it is a necessary tool in the world of…]]> 2025-03-11T22:25:26+00:00 https://hackread.com/cloud-app-server-secure-data-protection-practices/ www.secnews.physaphae.fr/article.php?IdArticle=8655144 False Tool,Cloud None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Apple a publié mardi des correctifs logiciels d'urgence qui abordent une vulnérabilité de zéro jour nouvellement identifiée dans le moteur de navigateur Web WebKit de la société.  Suivi sous le nom de CVE-2025-24201, un attaquant peut potentiellement échapper aux contraintes de bac à sable de contenu Web de WebKit \\, conduisant potentiellement à des actions non autorisées. Le bac à sable est une fonctionnalité de sécurité qui isole le contenu Web non fiable afin d'éviter […]

---

>Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company\'s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit\'s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent […] ]]> 2025-03-11T21:30:51+00:00 https://cyberscoop.com/apple-zero-day-patch-march-2025-cve-2025-24201/ www.secnews.physaphae.fr/article.php?IdArticle=8655134 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The number of zero-day vulnerabilities getting patched in Microsoft\'s March update is the company\'s second-largest ever.]]> 2025-03-11T21:25:02+00:00 https://www.darkreading.com/application-security/whopping-number-microsoft-zero-days-under-attack www.secnews.physaphae.fr/article.php?IdArticle=8655136 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

Silobreaker expands its data partnership programme with ThreatFabric\'s mobile threat intelligence research Enhanced mobile fraud visibility across web and other digital channels to strengthen organisations\' cyber defences - Business News]]> 2025-03-11T20:58:45+00:00 https://www.globalsecuritymag.fr/silobreaker-has-announced-a-new-partnership-with-threatfabric.html www.secnews.physaphae.fr/article.php?IdArticle=8655118 False Threat,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Fortinet Expands Its OT Security Platform to Strengthen Protection for Critical Infrastructure Updates to the industry\'s most comprehensive Operational Technology Security Platform include enhanced visibility, segmentation, and secure connectivity - Product Reviews]]> 2025-03-11T20:52:23+00:00 https://www.globalsecuritymag.fr/fortinet-expands-its-ot-security-platform.html www.secnews.physaphae.fr/article.php?IdArticle=8655119 False Industrial None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Dans un rappel brutal de la menace croissante posée par les groupes hacktivistes, l'équipe pro-palestinienne Dark Storm a pris le crédit d'une grande attaque de déni de service distribué (DDOS) sur X (anciennement Twitter). Cette attaque souligne la vulnérabilité des plates-formes numériques même les plus bien établies à des cybermenaces sophistiquées et à motivation politique. Avec des plateformes en ligne jouant un rôle de plus en plus crucial dans la communication mondiale, l'attaque contre X fait partie d'une plus grande campagne de cyber-agression ciblant les infrastructures critiques, les agences gouvernementales et les grandes entreprises. Mais qui est l'équipe Dark Storm et pourquoi les organisations du monde entier devraient-elles en prendre note? Qui est la tempête noire […]

---

>In a stark reminder of the growing threat posed by hacktivist groups, the pro-Palestinian Dark Storm Team has taken credit for a major distributed denial-of-service (DDoS) attack on X (formerly Twitter). This attack underscores the vulnerability of even the most well-established digital platforms to sophisticated, politically motivated cyber threats. With online platforms playing an increasingly crucial role in global communication, the attack on X is part of a larger campaign of cyber aggression targeting critical infrastructure, government agencies, and major corporations. But who is the Dark Storm Team, and why should organizations worldwide take notice? Who is the Dark Storm […] ]]> 2025-03-11T20:47:47+00:00 https://blog.checkpoint.com/security/dark-storm-team-claims-responsibility-for-cyber-attack-on-x-platform-what-it-means-for-the-future-of-digital-security/ www.secnews.physaphae.fr/article.php?IdArticle=8655124 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Événements

---

The program committee of the cybersecurity conference C&ESAR is launching a call for papers with a deadline on Wednesday, April 30, 2025. - EVENTS]]> 2025-03-11T20:44:47+00:00 https://www.globalsecuritymag.fr/the-program-committee-of-the-cybersecurity-conference-c-esar-is-launching-a.html www.secnews.physaphae.fr/article.php?IdArticle=8655120 False Conference None 2.0000000000000000 Global Security Mag - Site de news francais Événements]]> 2025-03-11T20:43:19+00:00 https://www.globalsecuritymag.fr/c-esar-2025-partagez-votre-experience-et-proposez-vos-contributions-en-lien.html www.secnews.physaphae.fr/article.php?IdArticle=8655121 False None None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

Immersive Appoints Mark Schmitz as CEO to Usher in New Phase of Growth Schmitz Brings Over 25 Years of Experience Scaling B2B Tech Organizations, including Fortune 500 Companies, and Driving Customer Value Immersive Founder James Hadley Will Remain on its Board and in a Chief Innovation Officer Role, Partnering with Schmitz to Drive the Future of Cyber Drilling and Exercising - Business News]]> 2025-03-11T20:40:35+00:00 https://www.globalsecuritymag.fr/immersive-appoints-mark-schmitz-as-ceo.html www.secnews.physaphae.fr/article.php?IdArticle=8655122 False None None 1.00000000000000000000 Dark Reading - Informationweek Branch Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.]]> 2025-03-11T20:23:49+00:00 https://www.darkreading.com/cybersecurity-operations/trump-sean-plankey-cisa-director www.secnews.physaphae.fr/article.php?IdArticle=8655125 False None None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of]]> 2025-03-11T20:05:00+00:00 https://thehackernews.com/2025/03/blind-eagle-hacks-colombian.html www.secnews.physaphae.fr/article.php?IdArticle=8655078 False Threat APT-C-36 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber X\'s wave of outages resembled a DDoS attack and Dark Storm Team, a prolific threat group specializing in such attacks, claimed responsibility. ]]> 2025-03-11T20:01:42+00:00 https://cyberscoop.com/x-ddos-attack-researchers-elon-musk-dark-storm/ www.secnews.physaphae.fr/article.php?IdArticle=8655109 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A Libya-linked threat actor has resurfaced, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.]]> 2025-03-11T19:38:56+00:00 https://www.darkreading.com/cyberattacks-data-breaches/hot-button-facebook-ads-middle-east-africa-victims www.secnews.physaphae.fr/article.php?IdArticle=8655106 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Researchers at Cato Networks said that during a recent investigation into router vulnerabilities, they discovered a new botnet - which they named Ballista - infecting TP-Link Archer devices.]]> 2025-03-11T19:33:40+00:00 https://therecord.media/ballista-botnet-tp-link-archer-routers www.secnews.physaphae.fr/article.php?IdArticle=8655105 False Vulnerability None 3.0000000000000000 HackRead - Chercher Cyber Scammers use fake Binance wallet emails to lure users with TRUMP Coin, but instead, they install malware that grants hackers full control over victims\' devices.]]> 2025-03-11T19:30:19+00:00 https://hackread.com/fake-binance-wallet-email-trump-coin-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8655110 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Journal

---

12 - 14 January - Dubaï (EAU) Intersec 27rd édition www.intersecexpo.com 20 January - Paris GS Days - Journées Francophones de la Sécurité 16th Edition Contact: Valentin Jangwa Tel.: +33 7 89 65 15 70 e-mail : vj@globalsecuritymag.com Web : www.gsdays.fr 20 January - London (UK) PCI https://akjassociates.com/ 21 - 23 January - Osaka (Japan) Japan IT Week www.japan-it-osaka.jp/en-gb.html 28 January - Helsinky (Finland) e-crime & cybersecurity (...) - Diary]]> 2025-03-11T19:30:00+00:00 https://www.globalsecuritymag.fr/january-2026.html www.secnews.physaphae.fr/article.php?IdArticle=8654974 False Conference None 3.0000000000000000 SecurityWeek - Security News Apple prévient que le bogue Webkit "peut avoir été exploité dans une attaque extrêmement sophistiquée contre des individus ciblés spécifiques."

---

>Apple warns that the WebKIt bug "may have been exploited in an extremely sophisticated attack against specific targeted individuals.” ]]> 2025-03-11T19:11:14+00:00 https://www.securityweek.com/apple-ships-ios-18-3-2-to-fix-already-exploited-webkit-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8655104 False None None 2.0000000000000000 Global Security Mag - Site de news francais Journal

---

4 - 5 February - Paris-La-Défense IT Partners Place: Paris La Défense Arena www.itpartners.fr 4 - 5 February - Bangkok (Thailand) Cybersec asia Queen Sirikit National Convention Centre (QSNCC) https://cybersec-asia.net 10 - 11 February - Perth (Australia) CS4CA ANZ www.cs4ca.com 16 - 18 February - Denvers (USA) Geo Week Geo Week, February 16 - 18 , 2026 in Denver, is the learning and networking nexus of the geospatial and built worlds. It includes collocated user meetings (ASPRS, (...) - Diary]]> 2025-03-11T19:10:00+00:00 https://www.globalsecuritymag.fr/february-2026.html www.secnews.physaphae.fr/article.php?IdArticle=8654975 False Conference None 3.0000000000000000 HackRead - Chercher Cyber Blockchain technology is revolutionizing industries by enabling secure transactions, decentralization, and transparency. At the same time, Blockchain software…]]> 2025-03-11T18:29:40+00:00 https://hackread.com/why-small-medium-businesses-adopt-blockchain-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8655095 False None None 2.0000000000000000 Korben - Bloger francais par l’EFF et baptisé Rayhunter. Il s’agit donc d’un outil open-source permettant de détecter les simulateurs de sites cellulaires (CSS) comme les Stingrays ou IMSI catchers. Ces dispositifs de surveillance trompent les téléphones à proximité qui s’y connectent en les prenant pour des antennes relais légitimes.]]> 2025-03-11T18:25:40+00:00 https://korben.info/rayhunter-detecteur-espionnage-mobile-eff-opensource.html www.secnews.physaphae.fr/article.php?IdArticle=8655107 False Legislation None 2.0000000000000000 CybeReason - Vendor blog Takeways clés Comprendre les attaques de bacs: Les attaques de bacs exploitent les numéros d'identification bancaire (bacs) accessibles au public sur les cartes de paiement aux détails de la carte brute valides, permettant des transactions frauduleuses. L'identification des modèles d'échec des tentatives d'autorisation est essentielle pour la détection précoce. Stratégies d'atténuation efficaces: Mise en œuvre de la limitation des taux, de l'authentification améliorée (par exemple, CAPTCHA, MFA), des pare-feu d'application Web (WAFS), du géofencing et des outils de détection basés sur l'apprentissage automatique peuvent réduire considérablement la probabilité d'attaques de bac à succès. Réponse des incidents collaboratifs: Engagez les processeurs de paiement, les émetteurs de cartes et les équipes de criminalistique numérique pour tracer des attaques, geler les cartes compromises et mettre en œuvre des mesures à long terme comme la tokenisation et la conformité PCI DSS pour renforcer la sécurité des paiements. Les acteurs de menace ayant des motivations financières exploitent souvent des attaques de bacs lors du ciblage des services financiers ou des victimes de commerce électronique. Les attaques de bacs impliquent des acteurs de menace testant systématiquement les numéros de carte résultant d'un numéro d'identification bancaire (BIN) pour trouver des détails de carte valides. Les valeurs de bac sont affectées aux émetteurs de cartes et forment les 6 à 8 premiers chiffres sur les cartes de paiement. Ces valeurs sont publiées auprès des commerçants, des processeurs de paiement et d'autres fournisseurs de services pour faciliter les transactions et sont accessibles au public. Le bac est ensuite suivi d'un ensemble supplémentaire de nombres (le numéro de compte) pour former un complete numéro de compte primaire (pan), ou numéro de carte.

---

KEY TAKEAWAYS Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection. Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks. Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS complianc]]> 2025-03-11T18:06:18+00:00 https://www.cybereason.com/blog/identifying-and-preventing-bin-attacks www.secnews.physaphae.fr/article.php?IdArticle=8655091 False Tool,Threat None 2.0000000000000000 Korben - Bloger francais 2025-03-11T18:00:23+00:00 https://korben.info/lowfi-lecteur-musique-lofi-ligne-commande-sans-distraction.html www.secnews.physaphae.fr/article.php?IdArticle=8655079 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with]]> 2025-03-11T18:00:00+00:00 https://thehackernews.com/2025/03/ballista-botnet-exploits-unpatched-tp.html www.secnews.physaphae.fr/article.php?IdArticle=8654999 False Vulnerability,Technical None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les groupes ont déclaré aux législateurs que le comité et la loi fournissent des protections vitales pour l'échange d'informations sur le cyber-menace.

---

>The groups told lawmakers that both the committee and the law provide vital protections for cyber threat information swapping. ]]> 2025-03-11T17:56:18+00:00 https://cyberscoop.com/cyber-information-sharing-critical-infrastructure-panel-cisa-law-renewal/ www.secnews.physaphae.fr/article.php?IdArticle=8655083 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial U.S. President Donald Trump on Tuesday announced his nomination of Sean Plankey to lead the Cybersecurity and Infrastructure... ]]> 2025-03-11T17:34:13+00:00 https://industrialcyber.co/cisa/trump-nominates-sean-plankey-to-lead-cisa-to-strengthen-national-cyber-defense-amid-rising-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8655074 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Acronis, un fournisseur de solutions de cybersécurité et de protection des données, a annoncé mardi qu'elle continuait de consolider sa position ...

---

>Acronis, a provider of cybersecurity and data protection solutions, announced Tuesday that it continues to solidify its position... ]]> 2025-03-11T17:27:50+00:00 https://industrialcyber.co/news/acronis-strengthens-position-in-ot-cyber-resilience-expands-oem-partnerships/ www.secnews.physaphae.fr/article.php?IdArticle=8655075 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Fortinet, un fournisseur de cybersécurité stimulant la convergence du réseautage et de la sécurité, a annoncé mardi qu'il avait avancé ...

---

>Fortinet, a cybersecurity vendor driving the convergence of networking and security, announced on Tuesday that it has advanced... ]]> 2025-03-11T17:25:14+00:00 https://industrialcyber.co/news/fortinet-updates-its-ot-security-platform-for-critical-infrastructure-protection/ www.secnews.physaphae.fr/article.php?IdArticle=8655076 False Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks]]> 2025-03-11T17:15:00+00:00 https://www.infosecurity-magazine.com/news/blind-eagle-targets-colombian-gov/ www.secnews.physaphae.fr/article.php?IdArticle=8655082 False None APT-C-36 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain L'histoire : le ministère américain de la Justice a annoncé L'indice de 12 personnes chinoises a accusé de plus d'une dérade de piratage sur le monde, de 12 personnes chinoises, y compris à l'abat-t-il de l'administration des personnes chinois de plus d'une déade de piratage sur le monde, de l'administration, de 12 personnes chinoises accusées de plus d'une dérade de piratage sur le monde sur le monde, de 12 personnes chinoises, de l'administration des personnes chinoises, de plus d'une dérade de piratage sur le monde sur le monde, de l'administration, de 12 personnes chinoises, de l'administration de l'administration, y compris de 12 personnes chinoises, de l'administration de la Discus Pour l'entrepreneur I-Soon, deux responsables du ministère chinois de la sécurité publique qui auraient travaillé avec eux, et deux autres pirates présumés qui feraient partie du groupe de pirates chinois APT27, ou Typhoon de soie, qui, selon les procureurs, a été impliqué dans la trésorerie américaine Breach tardif tardif de l'année dernière. […] Selon les procureurs, le groupe dans son ensemble a ciblé les agences d'État et fédérales américaines, les ministères étrangères des pays d'Asie, les dissidents chinois, les médias américains qui ont critiqué le gouvernement chinois et, plus récemment, le Trésor américain, qui a été violé entre septembre et décembre de l'année dernière. Un rapport du Trésor interne ...

---

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year. […] According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media outlets that have criticized the Chinese government, and most recently the US Treasury, which was breached between September and December of last year. An internal Treasury report ...]]> 2025-03-11T17:14:28+00:00 https://www.schneier.com/blog/archives/2025/03/silk-typhoon-hackers-indicted.html www.secnews.physaphae.fr/article.php?IdArticle=8655090 False None APT 27 2.0000000000000000 Korben - Bloger francais CL1 impressionne autant qu’il terrifie puisqu’il fonctionne en plaçant des neurones cultivés (issus de cellules sanguines ou cutanées transformées en cellules souches) sur un réseau de 59 électrodes, puis ces cellules sont maintenues en vie dans une unité de “support vital” comprenant pompes, filtration, réservoirs d’alimentation et mélange gazeux. L’ensemble est ainsi géré par un “Système d’Exploitation d’Intelligence Biologique” (biOS - jeu de moooot !)… et son usage premier c’est bien évidemment l’IA.]]> 2025-03-11T17:10:49+00:00 https://korben.info/bioordinateur-cl1-cortical-labs-neurones-humains.html www.secnews.physaphae.fr/article.php?IdArticle=8655080 False None None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Shutdowns always hamper government operations, but personnel cuts further exacerbate cyber risks, experts say. ]]> 2025-03-11T17:04:44+00:00 https://cyberscoop.com/amid-personnel-turmoil-at-cyber-agencies-a-government-shutdown-could-increase-potential-harm/ www.secnews.physaphae.fr/article.php?IdArticle=8655066 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn\'t equal being secure. As Sun Tzu warned, “Strategy without tactics is]]> 2025-03-11T16:55:00+00:00 https://thehackernews.com/2025/03/your-risk-scores-are-lying-adversarial.html www.secnews.physaphae.fr/article.php?IdArticle=8655000 False Tool,Vulnerability None 2.0000000000000000 Krebs on Security - Chercheur Américain Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.]]> 2025-03-11T16:49:02+00:00 https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/ www.secnews.physaphae.fr/article.php?IdArticle=8655061 False None None 2.0000000000000000 HackRead - Chercher Cyber Disgruntled ex-employee sabotages company systems with malicious code, causing major disruptions and financial losses.  Learn about the case…]]> 2025-03-11T16:34:28+00:00 https://hackread.com/ex-employee-sabotages-company-systems-10-years-prison/ www.secnews.physaphae.fr/article.php?IdArticle=8655064 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine New York sues Allstate over data breach, alleging security failures that exposed the driver\'s license numbers of nearly 200,000 individuals]]> 2025-03-11T16:30:00+00:00 https://www.infosecurity-magazine.com/news/new-york-sues-allstate-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8655063 False Data Breach None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal\'s secret weapon for]]> 2025-03-11T16:00:00+00:00 https://thehackernews.com/2025/03/steganography-explained-how-xworm-hides.html www.secnews.physaphae.fr/article.php?IdArticle=8654987 False Malware None 3.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s March 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1147 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-26633 According to Microsoft, improper neutralization in Microsoft Management Console could allow an unauthorized attacker to bypass a security feature locally. For those unfamiliar with “Improper Neutralization”, it is based on CWE-707, which Microsoft has associated with this vulnerability even though MITRE discourages mapping against it. Readers may better...]]> 2025-03-11T15:24:40+00:00 https://www.tripwire.com/state-of-security/march-2025-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8655117 False Vulnerability None 2.0000000000000000 Korben - Bloger francais une étude qui confirme ce que beaucoup soupçonnaient : l’IA peut atrophier notre cerveau ! Et là, c’est le drame. Pour arriver à cette conclusion, les chercheurs ont sondé 319 professionnels et ont révélé que plus la confiance dans l’IA est élevée, moins on applique d’effort cognitif au travail. En effet, en tant qu’humain, nous aimons toujours prendre le chemin qui est le plus économique pour nous en terme d’énergie. Et notre cerveau est ce qui consomme le plus d’énergie dans notre corps.]]> 2025-03-11T15:17:01+00:00 https://korben.info/ia-pensee-critique-eviter-atrophie-cerebrale.html www.secnews.physaphae.fr/article.php?IdArticle=8655052 False None None 3.0000000000000000 Korben - Bloger francais 150 000 utilisateurs sur Reddit et à indexer plus de 1 000 produits et services made in Europe.]]> 2025-03-11T14:41:29+00:00 https://korben.info/go-european-extension-alternatives-europeennes-tech.html www.secnews.physaphae.fr/article.php?IdArticle=8655014 False None None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Une paire de violations de données à la fin de 2020 et au début de 2021 a exposé le nombre de licences de conducteur de près de 200 000 personnes.

---

>A pair of data breaches in late 2020 and early 2021 exposed driver\'s license numbers of almost 200,000 people. ]]> 2025-03-11T14:25:10+00:00 https://cyberscoop.com/new-york-lawsuit-allstate-national-general-data-privacy/ www.secnews.physaphae.fr/article.php?IdArticle=8655049 False None None 2.0000000000000000 ComputerWeekly - Computer Magazine 2025-03-11T14:11:00+00:00 https://www.computerweekly.com/news/366620595/Musk-claims-of-Ukraine-DDoS-attack-derided-by-cyber-community www.secnews.physaphae.fr/article.php?IdArticle=8655094 False None None 2.0000000000000000 Korben - Bloger francais Chirp” est une application web qui permet la transmission de données via des signaux sonores. Développée par “solst/ICE”, cette application convertit du texte en fréquences audio qui peuvent être émises par des haut-parleurs et captées par un microphone. Pour ce faire, le projet utilise l’API Web Audio pour à la fois générer mais également capter les sons. Ensuite, il les analyse pour effectuer un genre de mapping entre des fréquences spécifiques et des caractères, le tout complété de signatures sonores pour marquer le début et la fin des transmissions.]]> 2025-03-11T14:00:43+00:00 https://korben.info/chirp-transmission-donnees-son-audiomodem-web.html www.secnews.physaphae.fr/article.php?IdArticle=8655015 False None None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé En février 2025, le Federal Bureau of Investigation (FBI), la Cybersecurity and Infrastructure Security Agency (CISA), et le Centre multi-états de partage et d'analyse (MS-ISAC) ont publié un conseiller en cybersécurité pour partager des informations sur la ransomware des fantômes (grin) et ses techniques. Le groupe derrière ce ransomware a commencé ses activités vers 2021 en attaquant les applications orientées publiques en cours d'exécution […]

---

>Summary In February 2025, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published a cybersecurity advisory to share information about the Ghost (Cring) ransomware and its techniques. The group behind this ransomware started its activities around 2021 by attacking public-facing applications running […] ]]> 2025-03-11T14:00:00+00:00 https://www.netskope.com/blog/analyzing-elysium-a-variant-of-the-ghost-cring-ransomware-family www.secnews.physaphae.fr/article.php?IdArticle=8655007 False Ransomware None 2.0000000000000000 Nextron - Blog Secu 2025-03-11T13:59:45+00:00 https://www.nextron-systems.com/2025/03/11/patching-is-not-enough/ www.secnews.physaphae.fr/article.php?IdArticle=8655026 False Patching None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La nomination de Plankey \\ comble le plus grand écart restant parmi les cyber-chefs dans la deuxième administration Trump.

---

>Plankey\'s nomination fills the biggest remaining gap among cyber leaders in the second Trump administration. ]]> 2025-03-11T13:55:23+00:00 https://cyberscoop.com/sean-plankey-cisa-nomination/ www.secnews.physaphae.fr/article.php?IdArticle=8655023 False None None 1.00000000000000000000 Wired Threat Level - Security News Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that\'s not how it works.]]> 2025-03-11T13:42:01+00:00 https://www.wired.com/story/x-ddos-attack-march-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8655008 False None None 2.0000000000000000 Korben - Bloger francais un guide complet sur Github qui vous expliquera étape par étape comment faire pour diffuser le son d’une platine vinyle (ou tout autre source audio RCA) vers un système Sonos en utilisant un Raspberry Pi. Du vinyle au Sonos, sans perdre une miette de ce grain analogique qui vous fait frétiller les tympans et surtout, ça permet de ne pas acheter la solution propriétaire Sonos Port qui fait pareil mais en beaucoup beaucoup plus cher (environ 450 €) .]]> 2025-03-11T13:32:48+00:00 https://korben.info/streaming-vinyle-sonos-raspberry-pi.html www.secnews.physaphae.fr/article.php?IdArticle=8655016 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Sean Plankey, who served in cybersecurity roles in the first Trump administration, has been officially nominated to run the Cybersecurity and Infrastructure Security Agency (CISA), according to posting of nominations.]]> 2025-03-11T13:22:16+00:00 https://therecord.media/plankey-nominated-to-run-cisa www.secnews.physaphae.fr/article.php?IdArticle=8655024 False None None 1.00000000000000000000 HackRead - Chercher Cyber Fake Elon Musk endorsements are used in SMS campaigns to sell bogus energy-saving devices. Learn how to spot…]]> 2025-03-11T13:18:04+00:00 https://hackread.com/sms-scam-elon-musks-sell-fake-energy-devices-usa/ www.secnews.physaphae.fr/article.php?IdArticle=8655013 False None None 3.0000000000000000 Korben - Bloger francais ça pose problème car quand on veut installer l’interface en ligne de commande d’AWS (AWS-CLI) sur un Mac Silicon, pour interagir avec les services d’Amazon WebServices directement depuis son terminal ou ses scripts, c’est relou !]]> 2025-03-11T13:13:36+00:00 https://korben.info/installer-aws-cli-sur-mac-m1-m2-m3-m4-sans-se-prendre-la-tete.html www.secnews.physaphae.fr/article.php?IdArticle=8655017 False Cloud None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2025-03-11T13:11:48+00:00 https://blog.knowbe4.com/cyberheistnews-vol-15-10-heads-up-sophisticated-phishing-attack-uses-new-javascript-obfuscation-trick www.secnews.physaphae.fr/article.php?IdArticle=8655009 False None None 1.00000000000000000000 Checkpoint - Fabricant Materiel Securite Check Point \\ a le dernier index des menaces met en évidence une nouvelle campagne impliquant les logiciels malveillants, Asyncrat, un cheval de Troie d'accès à distance ciblant les systèmes Windows depuis 2019. Le quatrième logiciel malveillant le plus répandu du mois, Asyncrat, permet le vol de données, l'exécution de la commande et le compromis du système. Les dernières attaques ont utilisé des tunnels TryCloudflare et des packages Python malveillants, en commençant par des e-mails de phishing contenant des URL Dropbox. Cela a conduit à une chaîne d'infection en plusieurs étapes impliquant des fichiers LNK, JavaScript et BAT, culminant dans un déploiement de charge utile asyncrat obscurci. Cette campagne reflète une tendance croissante à exploiter des plateformes légitimes comme Dropbox et TryCloudflare pour échapper à la détection et établir la persistance. La menace croissante […]

---

>Check Point\'s latest threat index highlights a new campaign involving the malware, AsyncRAT, a remote access trojan targeting Windows systems since 2019. The fourth most prevalent malware of the month, AsyncRAT, enables data theft, command execution, and system compromise. The latest attacks utilized TryCloudflare tunnels and malicious Python packages, starting with phishing emails that contained Dropbox URLs. This led to a multi-step infection chain involving LNK, JavaScript, and BAT files, culminating in an obfuscated AsyncRAT payload deployment. This campaign reflects a growing trend of exploiting legitimate platforms like Dropbox and TryCloudflare to evade detection and establish persistence. The Increasing Threat […] ]]> 2025-03-11T13:00:30+00:00 https://blog.checkpoint.com/security/february-2025s-malware-spotlight-asyncrat-emerges-targeting-trusted-platforms/ www.secnews.physaphae.fr/article.php?IdArticle=8655004 False Malware,Threat,Prediction None 2.0000000000000000 Fortinet - Fabricant Materiel Securite Fortinet releases significant enhancements to the Fortinet OT Security Platform to support the unique needs of operational technology (OT) environements. Learn more.]]> 2025-03-11T13:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/fortinet-ot-security-platform-innovations-address-critical-ot-challenges www.secnews.physaphae.fr/article.php?IdArticle=8655025 False Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mimecast found that insider threats, credential misuse and user-driven errors were involved in most security incidents last year]]> 2025-03-11T13:00:00+00:00 https://www.infosecurity-magazine.com/news/data-breaches-human-error/ www.secnews.physaphae.fr/article.php?IdArticle=8655005 False None None 2.0000000000000000 Fortinet - Fabricant Materiel Securite The Cyber Threat Alliance introduced its Responsible Vulnerability Communication Policy, laying out guidelines for responsibly handling disclosed vulnerabilities in any product or system in a way that optimizes secure outcomes. Fortinet proudly supports CTA\'s adoption of this policy as part of our ongoing commitment to advancing transparent and responsible vulnerability disclosure to help better protect customers and build trust across the industry.]]> 2025-03-11T13:00:00+00:00 https://www.fortinet.com/blog/psirt-blogs/advancing-responsible-disclosure-efforts-a-qa-with-michael-daniel-of-cta www.secnews.physaphae.fr/article.php?IdArticle=8655065 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape.]]> 2025-03-11T12:57:30+00:00 https://www.darkreading.com/cybersecurity-operations/democratizing-cybersecurity-improve-security-posture www.secnews.physaphae.fr/article.php?IdArticle=8655019 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur Palo Alto Networks annonce que l'unité 42 a géré XSIAM, une solution qui fournit une défense dirigée 24/7 sur chaque surface d'attaque.

---

>Palo Alto Networks announces Unit 42 Managed XSIAM, a solution that provides 24/7 expert-led defense across every attack surface. ]]> 2025-03-11T12:30:16+00:00 https://www.paloaltonetworks.com/blog/2025/03/announcing-unit-42-managed-xsiam/ www.secnews.physaphae.fr/article.php?IdArticle=8655003 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy]]> 2025-03-11T12:30:00+00:00 https://thehackernews.com/2025/03/sidewinder-apt-targets-maritime-nuclear.html www.secnews.physaphae.fr/article.php?IdArticle=8654953 False Threat APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their]]> 2025-03-11T12:15:00+00:00 https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8654954 False Vulnerability None 3.0000000000000000 Bleeping Computer - Magazine Américain A newly discovered clipboard hijacking operation dubbed \'MassJacker\' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. [...]]]> 2025-03-11T12:06:36+00:00 https://www.bleepingcomputer.com/news/security/massjacker-malware-uses-778-000-wallets-to-steal-cryptocurrency/ www.secnews.physaphae.fr/article.php?IdArticle=8655051 False Malware None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Part 2/4: Darktrace releases insights on the State of AI in cybersecurity. This blog discusses AI\'s impact on the cyber threat landscape.]]> 2025-03-11T12:00:02+00:00 https://darktrace.com/blog/survey-findings-ai-cyber-threats-are-a-reality-the-people-are-acting-now www.secnews.physaphae.fr/article.php?IdArticle=8654985 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Vulnérabilités]]> 2025-03-11T12:00:00+00:00 https://www.globalsecuritymag.fr/panorama-de-la-cybermenace-2024-11-mars-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8654976 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog]]> 2025-03-11T12:00:00+00:00 https://www.infosecurity-magazine.com/news/cisa-kev-ivanti-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8654994 False Vulnerability None 2.0000000000000000 Cisco - Security Firm Blog See how Cisco Secure Firewall excelled in the SE Labs test, blocking advanced attacks with innovative threat intelligence and encryption capabilities.]]> 2025-03-11T12:00:00+00:00 https://blogs.cisco.com/security/unyielding-defense-cisco-firewall-achieves-aaa-rating-from-se-labs/ www.secnews.physaphae.fr/article.php?IdArticle=8654995 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Vulnérabilités]]> 2025-03-11T12:00:00+00:00 https://www.globalsecuritymag.fr/%F0%9F%87%AC%F0%9F%87%A7-cyber-threat-overview-2024-11-mars-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8654977 False None None 1.00000000000000000000 SecurityWeek - Security News South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. ]]> 2025-03-11T11:59:42+00:00 https://www.securityweek.com/1600-victims-hit-by-south-american-apts-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8654986 False Malware APT-C-36 2.0000000000000000 HackRead - Chercher Cyber Elon Musk has confirmed a massive cyberattack on his social media platform, X (once Twitter), causing widespread technical…]]> 2025-03-11T11:59:28+00:00 https://hackread.com/musk-x-twitter-cyberattack-ukraine-involvement/ www.secnews.physaphae.fr/article.php?IdArticle=8654993 False None None 2.0000000000000000 Korben - Bloger francais Hayden James qui présente l’optimisation de la durée de vie de la batterie sur les ordinateurs portables Linux grâce à TLP. Avec sa config aux petits oignons, Hayden a donc réussi à augmenter l’autonomie de son ThinkPad de 6-8h à plus de 10h et en suivant ses explications vous allez pouvoir en faire de même.]]> 2025-03-11T11:46:43+00:00 https://korben.info/comment-augmenter-lautonomie-de-votre-pc-portable-linux-en-moins-de-10-minutes.html www.secnews.physaphae.fr/article.php?IdArticle=8654996 False None None 3.0000000000000000 Dark Reading - Informationweek Branch An email campaign luring users with offers of free President Trump meme coins can lead to computer takeover via the ConnectWise RAT, in less than 2 minutes.]]> 2025-03-11T11:24:11+00:00 https://www.darkreading.com/cyberattacks-data-breaches/binance-spoofers-compromise-pcs-trump-crypto-scam www.secnews.physaphae.fr/article.php?IdArticle=8655054 False None None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-11T11:15:48+00:00 https://cyble.com/blog/how-abu-dhabis-expand-while-managing-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8654988 False Ransomware,Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine More than 14,500 girls from across the UK took part in this year\'s CyberFirst Girls competition]]> 2025-03-11T11:00:00+00:00 https://www.infosecurity-magazine.com/news/record-number-girls-compete/ www.secnews.physaphae.fr/article.php?IdArticle=8654984 False None None 3.0000000000000000 ComputerWeekly - Computer Magazine 2025-03-11T11:00:00+00:00 https://www.computerweekly.com/news/366620361/UK-government-under-prepared-for-catastrophic-cyber-attack-hears-PAC www.secnews.physaphae.fr/article.php?IdArticle=8655027 False None None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2025-03-11T10:30:54+00:00 https://www.globalsecuritymag.fr/etude-mimecast-69-des-decideurs-francais-s-attendent-a-une-hausse-des-pertes-de.html www.secnews.physaphae.fr/article.php?IdArticle=8654978 False Tool None 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2025-03-11T10:16:32+00:00 https://www.globalsecuritymag.fr/almond-s-allie-a-qevlar-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8654979 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain Cybercriminals are using AI for help in planning and conducting cyberattacks-but cybersecurity vendors are fighting back. Learn from Acronis Threat Research Unit about how AI-powered security solutions are closing the gap in the battle against AI-driven cyber threats. [...]]]> 2025-03-11T10:05:33+00:00 https://www.bleepingcomputer.com/news/security/the-ai-race-dark-ai-is-in-the-lead-but-good-ai-is-catching-up/ www.secnews.physaphae.fr/article.php?IdArticle=8655010 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats.]]> 2025-03-11T10:00:13+00:00 https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/ www.secnews.physaphae.fr/article.php?IdArticle=8654965 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Pro-Palestine Dark Storm Team group claims responsibility for major DDoS attacks on X]]> 2025-03-11T10:00:00+00:00 https://www.infosecurity-magazine.com/news/ddos-blamed-x-suffers-multiple/ www.secnews.physaphae.fr/article.php?IdArticle=8654970 False None None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow]]> 2025-03-11T10:00:00+00:00 https://www.welivesecurity.com/en/cybersecurity/cybercriminals-steal-spotify-account/ www.secnews.physaphae.fr/article.php?IdArticle=8661307 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le Suisse National Cyber ​​Security Center (NCSC) a introduit une exigence de rapport obligatoire pour les cyberattaques ciblant l'infrastructure critique, ...

---

>The Switzerland National Cyber Security Centre (NCSC) has introduced a mandatory reporting requirement for cyberattacks targeting critical infrastructure,... ]]> 2025-03-11T09:44:15+00:00 https://industrialcyber.co/regulation-standards-and-compliance/switzerland-mandates-24-hour-cyberattack-reporting-for-critical-infrastructure-operators-from-april/ www.secnews.physaphae.fr/article.php?IdArticle=8654971 False None None 4.0000000000000000 Bleeping Computer - Magazine Américain PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. [...]]]> 2025-03-11T09:42:53+00:00 https://www.bleepingcomputer.com/news/security/powerschool-previously-hacked-in-august-months-before-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8655011 False Data Breach None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Microsoft published a new white paper that shares insights gained over the past year, focusing on the current... ]]> 2025-03-11T09:39:03+00:00 https://industrialcyber.co/medical/microsoft-highlights-cybersecurity-crisis-in-rural-hospitals-urges-enhanced-measures-to-bolster-healthcare-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8654972 False Medical None 3.0000000000000000 Global Security Mag - Site de news francais Calendrier ]]> 2025-03-11T09:30:22+00:00 https://www.globalsecuritymag.fr/fevrier-2026.html www.secnews.physaphae.fr/article.php?IdArticle=8654963 False Conference None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore]]> 2025-03-11T09:28:00+00:00 https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8654945 False Vulnerability None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cyberark and Device Authority, en collaboration avec Microsoft, a lancé une solution qui renforce et évolue le périphérique connecté ...

---

>CyberArk and Device Authority, in collaboration with Microsoft, have launched a solution that strengthens and scales connected device... ]]> 2025-03-11T09:26:44+00:00 https://industrialcyber.co/news/cyberark-and-device-authority-join-microsoft-to-deliver-secure-device-authentication-for-manufacturers/ www.secnews.physaphae.fr/article.php?IdArticle=8654973 False None None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

BITS\'s Heather Hogsett Testifies on Streamlining Duplicative Cybersecurity Regulations - Business News]]> 2025-03-11T09:20:50+00:00 https://www.globalsecuritymag.fr/bits-s-heather-hogsett-testifies-on-streamlining-duplicative-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8654964 False None None 2.0000000000000000 Korben - Bloger francais 2025-03-11T09:13:25+00:00 https://korben.info/wokwi-le-simulateur-arduino-et-electronique-pour-vos-prototypes.html www.secnews.physaphae.fr/article.php?IdArticle=8654968 False None None 2.0000000000000000 The Register - Site journalistique Anglais 2025-03-11T08:37:10+00:00 https://go.theregister.com/feed/www.theregister.com/2025/03/11/minja_attack_poisons_ai_model_memory/ www.secnews.physaphae.fr/article.php?IdArticle=8654958 False None None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2025-03-11T08:27:59+00:00 https://www.globalsecuritymag.fr/vertiv-presente-le-vertiv-tm-coolloop-trim-cooler.html www.secnews.physaphae.fr/article.php?IdArticle=8654959 False None None 3.0000000000000000 ANSSI - Flux Étatique Francais anssiadm mar 11/03/2025 - 08:10 Le panorama de la cybermenace 2024 dresse le bilan d'une année marquée par une pression désormais constante pesant tant sur l'écosystème national que sur les systèmes d'information les plus critiques. Pour faire face, l'ensemble des acteurs cyber français sont enjoints à maintenir leur mobilisation et leur vigilance de tous les instants. Au cours de l'année 2024, l'ANSSI a traité, avec différents niveaux de mobilisation, 4 386 événements de sécurité1, soit une augmentation de 15 % par rapport à l'année précédente. Ainsi, 3 004 signalements2 et 1 361 incidents3 ont été portés à la connaissance de l'Agence. Trois principales menaces : cybercriminels, attaquants réputés liés à la Russie et attaquants réputés liées à la chine La menace portée par l'écosystème cybercriminel - principalement caractérisée par des attaques visant l'extorsion de rançons, via des fuites de données et des attaques par rançongiciel – s'est imposée comme un risque global et quotidien pour toutes les organisations françaises. Parmi les victimes de rançongiciels connues de l'ANSSI, les PME/TPE/ETI (37 %), les collectivités territoriales (17 %), ainsi que les établissements d'enseignement supérieur (12 %) et les entreprises stratégiques (12 %) ont été plus particulièrement touchés, avec des conséquences souvent très graves sur leur fonctionnement, leur réputation et leur continuité d'activité. Une hausse des attaques à but de déstabilisation a également été observée, généralement menées par des groupes dits " hacktivistes " cherchant à attirer l'attention en mettant en œuvre des attaques de faible technicité mais à forte visibilité. Par exemple, les attaques par déni de service (DDoS) contre des cibles françaises ont doublé par rapport à 2023, avec une recrudescence pendant la période des Jeux. Malgré les conséquences limitées de ces dernières, le sabotage de petites installations industrielles a aussi été relevé. Ces a]]> 2025-03-11T08:10:19+00:00 https://cyber.gouv.fr/actualites/panorama-de-la-cybermenace-2024-mobilisation-et-vigilance-face-aux-attaquants www.secnews.physaphae.fr/article.php?IdArticle=8654983 False Threat,Legislation None 4.0000000000000000 Cyble - CyberSecurity Firm Les capteurs de pot de miel cyble ont également détecté des tentatives d'attaque sur les vulnérabilités connues pour être ciblées par les groupes APT. Présentation Les capteurs de pot de miel Cyble ont détecté des dizaines de vulnérabilités ciblées dans les tentatives d'attaque ces dernières semaines, y compris certains connus pour être ciblés par des groupes avancés de menace persistante (APT). wordpress plugins , les appareils de réseau et les feux de file le Cyble Reports ont également examiné les attaques persistantes contre les systèmes liux et les appareils de réseau et IoT alors que les acteurs de menace continuent de scanner des appareils vulnérables pour ransomware attaque et pour ajouter à ddos ​​ et les botneaux de mine du crypto. Les rapports ont également examiné les logiciels malveillants bancaires, les attaques par force brute, les ports vulnérables et phishing campagnes. Voici quelques-unes des campagnes d'attaque récentes couvertes dans les rapports de capteurs Cyble. Les utilisateurs pourraient être vulnérables aux attaques si les versions du produit affectées ne sont pas corrigées et atténuées. Tentatives d'attaque du plugin wordpress ]]> 2025-03-11T07:42:54+00:00 https://cyble.com/blog/cyble-sensors-wordpress-plugins-network-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8654957 False Malware,Vulnerability,Threat,Patching,Mobile,Cloud None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2025 is set to be a massive year for MSPs, the latest MSP Horizons 2025 Report from N-able suggests. Fuelled by robust cybersecurity investments, AI-driven automation, and a surge in M&A activity, the industry is poised for significant growth, with new revenue opportunities abounding.   A Market on the Upswing  The report reveals that global managed [...]]]> 2025-03-11T05:50:19+00:00 https://informationsecuritybuzz.com/ai-and-ma-driving-msp-growth-in-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8654946 False None None 3.0000000000000000 The State of Security - Magazine Américain A critical aspect of manufacturing, energy, and transportation is Industrial Control Systems (ICS) and Operational Technologies (OT). The rapid pace of digital growth makes these systems susceptible to cyberattacks. OT and ICS system security is important, making penetration testing an essential activity. This tactic makes it possible to mitigate weaknesses so they are no longer vulnerabilities. It is an effective measure of asset protection. Penetration testing can ease the challenges of protecting OT and ICS systems. Understanding OT and ICS Security From power grids to assembly lines...]]> 2025-03-11T04:19:25+00:00 https://www.tripwire.com/state-of-security/growing-importance-penetration-testing-ot-and-ics-security www.secnews.physaphae.fr/article.php?IdArticle=8654962 False Vulnerability,Industrial None 3.0000000000000000 Fortinet Vunerability - Fortinet Vunerability An improper neutralization of input during web page generation (\'Cross-site Scripting\') vulnerability [CWE-79] in FortiADC GUI may allow an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests. Revised on 2025-03-11 00:00:00]]> 2025-03-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-216 www.secnews.physaphae.fr/article.php?IdArticle=8655047 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A cross site request forgery vulnerability [CWE-352] in FortiNDR may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. Revised on 2025-03-11 00:00:00]]> 2025-03-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-353 www.secnews.physaphae.fr/article.php?IdArticle=8655034 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A stack-buffer overflow vulnerability [CWE-121] in FortiMail CLI may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands. Revised on 2025-03-11 00:00:00]]> 2025-03-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-331 www.secnews.physaphae.fr/article.php?IdArticle=8655044 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability 2025-03-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-25-166 www.secnews.physaphae.fr/article.php?IdArticle=8655031 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability A client-side enforcement of server-side security vulnerability [CWE-602] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. Revised on 2025-03-11 00:00:00]]> 2025-03-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-305 www.secnews.physaphae.fr/article.php?IdArticle=8658837 False Vulnerability,Legislation None None