www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T18:24:22+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch Introducing enQase for Quantum-Safe Security 2025-02-18T14:08:52+00:00 https://www.darkreading.com/endpoint-security/introducing-enqase-for-quantum-safe-security www.secnews.physaphae.fr/article.php?IdArticle=8648872 False None None 3.0000000000000000 Detection At Scale - Blog de reverseur La nouvelle économie d'un SIEM propulsé par l'IA<br>The New Economics of an AI-Powered SIEM Breaking down traditional SIEM costs and how AI agents enable scalable security operations]]> 2025-02-18T14:07:52+00:00 https://www.detectionatscale.com/p/ai-siem-economics www.secnews.physaphae.fr/article.php?IdArticle=8654612 False None None 3.0000000000000000 Security Through Education - Security Through Education Protégez-vous des escroqueries personnelles et ciblées<br>Protect Yourself from Personal, Targeted Scams Many times, we tend to think of scams as affecting businesses and companies, rather than individuals. However, with the ease […]]]> 2025-02-18T14:00:46+00:00 https://www.social-engineer.org/general-blog/protect-yourself-from-personal-targeted-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8656359 False None None 2.0000000000000000 HackRead - Chercher Cyber Intruder Enhances Free Vulnerability Intelligence Platform \\'Intel\\' with AI-Generated CVE Descriptions London, United Kingdom, 18th February 2025, CyberNewsWire]]> 2025-02-18T14:00:23+00:00 https://hackread.com/intruder-enhances-free-vulnerability-intelligence-platform-intel-with-ai-generated-cve-descriptions/ www.secnews.physaphae.fr/article.php?IdArticle=8648869 False Vulnerability None 3.0000000000000000 Fortinet - Fabricant Materiel Securite FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant Explore how FortiSandbox 5.0 detected this malware, the behavioral indicators it leveraged for identification, and Snake Keylogger\'s technique to evade detection and analysis.]]> 2025-02-18T14:00:00+00:00 https://www.fortinet.com/blog/threat-research/fortisandbox-detects-evolving-snake-keylogger-variant www.secnews.physaphae.fr/article.php?IdArticle=8648871 False Malware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Evolving Snake Keylogger Variant Targets Windows Users A new Snake Keylogger variant, responsible for over 280 million blocked infection attempts worldwide, has been identified targeting Windows users]]> 2025-02-18T14:00:00+00:00 https://www.infosecurity-magazine.com/news/snake-keylogger-targets-windows/ www.secnews.physaphae.fr/article.php?IdArticle=8648865 False None None 3.0000000000000000 CyberSecurityVentures - cybersecurity services 5 Ways Companies Safeguard Their Crown Jewels Of Data This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Forbes Sausalito, Calif. – Feb. 18, 2025 Data loss is becoming a bigger danger for businesses, both financially and numerically. According to an IBM report, the average data breach now often
>This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Forbes Sausalito, Calif. – Feb. 18, 2025 Data loss is becoming a bigger danger for businesses, both financially and numerically. According to an IBM report, the average data breach now often ]]> 2025-02-18T13:45:04+00:00 https://cybersecurityventures.com/5-ways-companies-safeguard-their-crown-jewels-of-data/ www.secnews.physaphae.fr/article.php?IdArticle=8648860 False Data Breach None 3.0000000000000000 SecurityWeek - Security News Finastra Starts Notifying People Impacted by Recent Data Breach Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach.
>Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach. ]]> 2025-02-18T13:36:28+00:00 https://www.securityweek.com/finastra-starts-notifying-people-impacted-by-recent-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8648863 False Data Breach None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Microsoft details Russia-linked cyberattacks by Storm-2372 targeting governments, NGOs, critical infrastructure Researchers from Microsoft have detected cyberattacks being launched by a group, called Storm-2372, which it assesses with medium... ]]> 2025-02-18T13:15:40+00:00 https://industrialcyber.co/ransomware/microsoft-details-russia-linked-cyberattacks-by-storm-2372-targeting-governments-ngos-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8648862 False None None 3.0000000000000000 Cyble - CyberSecurity Firm CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch Overview A critical security vulnerability has been identified in PHP, one of the most widely used server-side scripting languages for web development. The vulnerability, tracked as CVE-2022-31631, affects multiple versions of PHP and poses a significant risk to websites and applications relying on the PHP Data Objects (PDO) extension for SQLite database interactions. The flaw, which stems from an integer overflow issue in the PDO::quote() function, has the potential to allow SQL injection attacks, leading to unauthorized access, data breaches, and system compromise. Key Details CVE ID: CVE-2022-31631 CVSS Base Score: 9.1 (Critical) Affected Component: PDO::quote() function when used with SQLite databases Impact: SQL injection vulnerability due to improper string sanitization Published Date: February 12, 2025 Last Modified: February 13, 2025 Source: PHP Group Severity Level: Critical Affected PHP Versions The vulnerability affects the following versions of PHP: ]]> 2025-02-18T13:09:49+00:00 https://cyble.com/blog/cve-2022-31631-vulnerability-immediate-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8648866 False Vulnerability None 3.0000000000000000 Palo Alto Network - Site Constructeur Curb Healthcare Costs - Can Cybersecurity Platformization Help? A platformized approach to cybersecurity can help organizations navigate challenges while strengthening resilience, boosting efficiency and managing costs.
>A platformized approach to cybersecurity can help organizations navigate challenges while strengthening resilience, boosting efficiency and managing costs. ]]> 2025-02-18T13:00:47+00:00 https://www.paloaltonetworks.com/blog/2025/02/curb-healthcare-costs-can-cybersecurity-platformization-help/ www.secnews.physaphae.fr/article.php?IdArticle=8648931 False Medical None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Strengthening Authentication in the AI Era: How Harmony SASE Aligns with CISA\\'s Secure by Design Pledge For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […]
For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […] ]]> 2025-02-18T13:00:13+00:00 https://blog.checkpoint.com/harmony-sase/strengthening-authentication-in-the-ai-era-how-harmony-sase-aligns-with-cisas-secure-by-design-pledge/ www.secnews.physaphae.fr/article.php?IdArticle=8648858 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine BlackLock On Track to Be 2025\\'s Most Prolific Ransomware Group The BlackLock or Eldorado ransomware gang could be the year\'s fastest-growing ransomware-as-a-service group]]> 2025-02-18T13:00:00+00:00 https://www.infosecurity-magazine.com/news/blacklock-2025s-most-prolific/ www.secnews.physaphae.fr/article.php?IdArticle=8648855 False Ransomware None 3.0000000000000000 Wired Threat Level - Security News Google Calendar Malware Is on the Rise. Here\\'s How To Stay Safe A simple calendar can\'t be a security risk, right? Wrong.]]> 2025-02-18T13:00:00+00:00 https://www.wired.com/story/google-calendar-malware-is-on-the-rise-heres-how-to-stay-safe/ www.secnews.physaphae.fr/article.php?IdArticle=8648852 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP\'s configuration and cause the MFP]]> 2025-02-18T12:34:00+00:00 https://thehackernews.com/2025/02/new-xerox-printer-flaws-could-let.html www.secnews.physaphae.fr/article.php?IdArticle=8648820 False Vulnerability None 3.0000000000000000 Bleeping Computer - Magazine Américain New OpenSSH flaws expose SSH servers to MiTM and DoS attacks OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...]]]> 2025-02-18T12:07:56+00:00 https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8648887 False Vulnerability None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Story About Medical Device Security relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right.
Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right.]]> 2025-02-18T12:06:07+00:00 https://www.schneier.com/blog/archives/2025/02/story-about-medical-device-security.html www.secnews.physaphae.fr/article.php?IdArticle=8648848 False Medical None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727]]> 2025-02-18T12:00:00+00:00 https://www.infosecurity-magazine.com/news/proofpoint-frigidstealer-new-mac/ www.secnews.physaphae.fr/article.php?IdArticle=8648845 False Threat None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Banner 2025-02-18T11:50:29+00:00 https://blog.incogni.com/test-scanner-2/ www.secnews.physaphae.fr/article.php?IdArticle=8648849 False None None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé test scanner 2025-02-18T11:48:49+00:00 https://blog.incogni.com/test-scanner/ www.secnews.physaphae.fr/article.php?IdArticle=8648850 False None None 2.0000000000000000 SecurityWeek - Security News Microsoft Warns of Improved XCSSET macOS Malware Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users.
>Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users. ]]> 2025-02-18T11:28:43+00:00 https://www.securityweek.com/microsoft-warns-of-improvements-to-xcsset-macos-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8648842 False Malware None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé How to call a no caller ID back 2025-02-18T11:15:52+00:00 https://blog.incogni.com/how-to-call-a-no-caller-id-back/ www.secnews.physaphae.fr/article.php?IdArticle=8648851 False None None 3.0000000000000000 ProofPoint - Cyber Firms Phishing Beyond Email: How Proofpoint Collab Protection Secures Messaging and Collaboration Apps 2025-02-18T11:14:41+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-collab-secures-messaging-collaboration-apps www.secnews.physaphae.fr/article.php?IdArticle=8648936 False Data Breach,Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to]]> 2025-02-18T10:56:00+00:00 https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648815 False Malware,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial New Industrial Defender 8.0 features redesigned risk dashboard to boost OT cybersecurity, compliance management Industrial Defender, vendor of OT asset management and cybersecurity compliance solutions, has announced the release of its latest... ]]> 2025-02-18T10:28:32+00:00 https://industrialcyber.co/news/new-industrial-defender-8-0-features-redesigned-risk-dashboard-to-boost-ot-cybersecurity-compliance-management/ www.secnews.physaphae.fr/article.php?IdArticle=8648836 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Dream secures $100 million to revolutionize national cybersecurity with AI-powered resilience solutions Dream, an AI company providing cyber resilience for nations and critical infrastructure, today announced a $100 million Series... ]]> 2025-02-18T10:25:10+00:00 https://industrialcyber.co/news/dream-secures-100-million-to-revolutionize-national-cybersecurity-with-ai-powered-resilience-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8648837 False None None 3.0000000000000000 Global Security Mag - Site de news francais Vigilance.fr - Elasticsearch: information disclosure via Document Level Security, analyzed on 18/12/2024 Security Vulnerability
An attacker can bypass access restrictions to data of Elasticsearch, via Document Level Security, in order to read sensitive information. - Security Vulnerability]]> 2025-02-18T10:10:06+00:00 https://www.globalsecuritymag.fr/vigilance-fr-elasticsearch-information-disclosure-via-document-level-security.html www.secnews.physaphae.fr/article.php?IdArticle=8648830 False None None 2.0000000000000000 Global Security Mag - Site de news francais Vigilance.fr - Elasticsearch : obtention d\'information via Document Level Security, analysé le 18/12/2024 Vulnérabilités
Un attaquant peut contourner les restrictions d\'accès aux données de Elasticsearch, via Document Level Security, afin d\'obtenir des informations sensibles. - Vulnérabilités]]> 2025-02-18T10:10:06+00:00 https://www.globalsecuritymag.fr/vigilance-fr-elasticsearch-obtention-d-information-via-document-level-security.html www.secnews.physaphae.fr/article.php?IdArticle=8648831 False None None 2.0000000000000000 Global Security Mag - Site de news francais Appdome announced it is extending its Account Takeover Protection suite Product Reviews
Appdome Stops AI-Deep Fakes at the Mobile Doorstep Unveils 30 Groundbreaking Deep Fake Detection Plugins to Strengthen ATO Protection inside Android & iOS Apps - Product Reviews]]> 2025-02-18T10:08:47+00:00 https://www.globalsecuritymag.fr/appdome-announced-it-is-extending-its-account-takeover-protection-suite.html www.secnews.physaphae.fr/article.php?IdArticle=8648832 False Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Proofpoint identifie deux nouveaux acteurs cybercriminels et un nouveau malware pour Mac Malwares
Proofpoint identifie deux nouveaux acteurs cybercriminels et un nouveau malware pour Mac - Malwares]]> 2025-02-18T10:06:13+00:00 https://www.globalsecuritymag.fr/proofpoint-identifie-deux-nouveaux-acteurs-cybercriminels-et-un-nouveau-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8648833 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain Fintech giant Finastra notifies victims of October data breach Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. [...]]]> 2025-02-18T10:01:27+00:00 https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-notifies-victims-of-october-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8648874 False Data Breach None 3.0000000000000000 Kaspersky - Kaspersky Research blog StaryDobry ruins New Year\\'s Eve, delivering miner instead of presents StaryDobry campaign targets gamers with XMRig miner]]> 2025-02-18T10:00:49+00:00 https://securelist.com/starydobry-campaign-spreads-xmrig-miner-via-torrents/115509/ www.secnews.physaphae.fr/article.php?IdArticle=8648825 False None None 2.0000000000000000 TechRepublic - Security News US New Mac Malware Poses as Browser Updates Researchers warn of rising macOS-targeted attacks as hackers exploit fake updates to bypass security. FrigidStealer malware highlights growing enterprise risks.]]> 2025-02-18T10:00:38+00:00 https://www.techrepublic.com/article/mac-malware-web-inject-proofpoint/ www.secnews.physaphae.fr/article.php?IdArticle=8648870 False Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Zacks Investment Research Breach Hits 12 Million A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts]]> 2025-02-18T10:00:00+00:00 https://www.infosecurity-magazine.com/news/zacks-investment-research-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8648828 False Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET No, you\\'re not fired – but beware of job termination scams Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff]]> 2025-02-18T10:00:00+00:00 https://www.welivesecurity.com/en/scams/no-youre-not-fired-beware-job-termination-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8649067 False None None 3.0000000000000000 Korben - Bloger francais Maybe Finance - Une solution open source pour gérer son argent Maybe Finance a une histoire intéressante. À l’origine, c’était une startup classique qui proposait une application de gestion de patrimoine avec des fonctionnalités premium comme l’accès à des conseillers financiers. Et après avoir investi près d’un million de dollars dans le développement, l’équipe a dû mettre la clé sous la porte mi-2023. Sniiiif. Mais plutôt que de laisser mourir le projet, ils ont décidé de le transformer en logiciel libre accessible à tous !
Le projet Maybe Finance a une histoire intéressante. À l’origine, c’était une startup classique qui proposait une application de gestion de patrimoine avec des fonctionnalités premium comme l’accès à des conseillers financiers. Et après avoir investi près d’un million de dollars dans le développement, l’équipe a dû mettre la clé sous la porte mi-2023. Sniiiif. Mais plutôt que de laisser mourir le projet, ils ont décidé de le transformer en logiciel libre accessible à tous !]]> 2025-02-18T09:00:00+00:00 https://korben.info/maybe-finance-solution-open-source-gestion-patrimoine.html www.secnews.physaphae.fr/article.php?IdArticle=8648829 False None None 3.0000000000000000 Detectify - Detectify Labs 2024 Détectifier les prix Crowdsource: Rencontrez les gagnants<br>2024 Detectify Crowdsource Awards: Meet the Winners C'est encore cette période de l'année! Chez Detectify, nous sommes ravis de célébrer le talent et le dévouement de nos membres de la communauté de Crowdsource avec notre ... annuel ...
>It’s that time of year again! Here at Detectify, we’re excited to celebrate the talent and dedication of our Crowdsource community members with our annual ... ]]> 2025-02-18T08:36:29+00:00 https://labs.detectify.com/crowdsource-community/2024-detectify-crowdsource-awards-meet-the-winners/ www.secnews.physaphae.fr/article.php?IdArticle=8661128 False None None 3.0000000000000000 ComputerWeekly - Computer Magazine Cyber Monitoring Centre develops hurricane scale to count cost of cyber attacks 2025-02-18T08:30:00+00:00 https://www.computerweekly.com/news/366619267/Cyber-Monitoring-Centre-develops-hurricane-scale-to-count-cost-of-cyber-attacks www.secnews.physaphae.fr/article.php?IdArticle=8648859 False None None 3.0000000000000000 ProofPoint - Cyber Firms An Update on Fake Updates: Two New Actors, and New Mac Malware 2025-02-18T08:18:48+00:00 https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malware www.secnews.physaphae.fr/article.php?IdArticle=8648935 False Ransomware,Malware,Tool,Threat,Mobile None 3.0000000000000000 ProofPoint - Cyber Firms New Email Security Insights: Proofpoint Ranked No. 1 in 4 out of 5 Gartner Use Cases 2025-02-18T07:57:54+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-scores-high-gartner-capabilities-use-cases www.secnews.physaphae.fr/article.php?IdArticle=8648937 False Tool,Threat,Cloud,Technical,Commercial None 3.0000000000000000 Bleeping Computer - Magazine Américain Lee Enterprises newspaper disruptions caused by ransomware attack Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group\'s operations for over two weeks. [...]]]> 2025-02-18T07:35:35+00:00 https://www.bleepingcomputer.com/news/security/lee-enterprises-newspaper-disruptions-caused-by-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8648853 False Ransomware None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Enhancing Accessibility and Managing Access Control for a Hybrid Workforce 2025-02-18T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/enhancing-accessibility-and-managing-access-control-for-a-hybrid-workforce www.secnews.physaphae.fr/article.php?IdArticle=8648817 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Microsoft Uncovers Enhanced macOS Malware Targeting Xcode Projects Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects. While the latest variant has only been observed in limited attacks, security researchers warn that its enhanced capabilities make it a significant threat to macOS users and developers. A Persistent Threat Since 2020 [...]]]> 2025-02-18T05:48:15+00:00 https://informationsecuritybuzz.com/microsoft-macos-malware-xcode-projects/ www.secnews.physaphae.fr/article.php?IdArticle=8648816 False Malware,Threat None 3.0000000000000000 The State of Security - Magazine Américain Monitoring Applications vs. Operating Systems: Why It Matters In today\'s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra\'s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets. When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating systems, or both? In order to help you answer this question, I will unpack the distinctions between monitoring applications and operating systems and explain why both are essential to a comprehensive...]]> 2025-02-18T04:21:13+00:00 https://www.tripwire.com/state-of-security/monitoring-applications-vs-operating-systems-why-it-matters www.secnews.physaphae.fr/article.php?IdArticle=8648838 False Tool None 3.0000000000000000 The State of Security - Magazine Américain Ransomware: The $270 Billion Beast Shaping Cybersecurity-Insights from Cyentia\\'s Latest Report Ransomware has evolved into one of the most devastating cyber threats of modern times, creating previously unimaginable financial and operational hardships for entities in every sector. As malicious actors employ increasingly sophisticated tools, honing their tactics and spreading their tentacles, understanding the key trends, targeted industries, and financial impact is at the heart of successfully mitigating risks. With this in mind, the Cyentia Institute, a data-driven cybersecurity research company, has released its Information Risk Insights Study on Ransomware, which offers a \'detailed...]]> 2025-02-18T04:21:11+00:00 https://www.tripwire.com/state-of-security/ransomware-270-billion-beast-shaping-cybersecurity-insights-cyentias-latest www.secnews.physaphae.fr/article.php?IdArticle=8648839 False Ransomware,Tool,Studies None 3.0000000000000000 The State of Security - Magazine Américain Got a Microsoft Teams invite? Storm-2372 Gang Exploit Device Codes in Global Phishing Attacks Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. What makes the campaign particularly notable is the way that it attempts to lure unsuspecting victims through the use of device codes from WhatsApp and Microsoft Teams. As explained on the...]]> 2025-02-18T04:21:09+00:00 https://www.tripwire.com/state-of-security/microsoft-teams-storm-2372-exploit-device-codes www.secnews.physaphae.fr/article.php?IdArticle=8648840 False Threat None 3.0000000000000000 Silicon - Site de News Francais { Tribune Expert } - L\'essentiel sur la stratégie Zéro Privilège Permanent Le modèle Zero Trust, préconisé par l\'ANSSI, est de plus en plus utilisé par les entreprises en lieu et place de réseaux privés virtuels. Ce mécanisme de contrôle, à la fois efficace et simple à comprendre, n\'entraîne aucune modification des pratiques de travail des employés. Cette orientation répond à un intérêt croissant des clients pour des systèmes de contrôle de sécurité des identités natifs et évolutifs.]]> 2025-02-18T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/l-essentiel-strategie-zero-privilege-permanent-467838.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8648841 False None None 2.0000000000000000 TrendMicro - Security Firm Blog Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection Our Threat Hunting team discusses Earth Preta\'s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems.]]> 2025-02-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8648802 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…]]> 2025-02-17T23:28:05+00:00 https://hackread.com/duo-bug-bounty-supply-chain-flaw-newly-acquired-firm/ www.secnews.physaphae.fr/article.php?IdArticle=8648801 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to]]> 2025-02-17T22:00:00+00:00 https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8648781 False Malware,Threat None 2.0000000000000000 HackRead - Chercher Cyber Holiverse Makes NASA\\'s Latest Achievements Accessible to Everyone People around the world learned about the latest advancements in the American space industry! This was made possible…]]> 2025-02-17T20:45:01+00:00 https://hackread.com/holiverse-nasa-latest-achievement-accessible-everyone/ www.secnews.physaphae.fr/article.php?IdArticle=8648794 False None None 2.0000000000000000 MitnickSecurity - Former Hacker Services The Main Types of Ransomware & How to Detect an Attack Educating your team on the main types of ransomware and how to spot the difference between them is more important than ever. Ransomware Attacks: A Growing Threat to Businesses  
Educating your team on the main types of ransomware and how to spot the difference between them is more important than ever. Ransomware Attacks: A Growing Threat to Businesses  ]]> 2025-02-17T19:18:30+00:00 https://www.mitnicksecurity.com/blog/types-of-ransomware-differences www.secnews.physaphae.fr/article.php?IdArticle=8648791 False Ransomware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Pro-Russia Hackers NoName057(16) Hit Italian Banks and Airports Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks]]> 2025-02-17T17:15:00+00:00 https://www.infosecurity-magazine.com/news/noname05716-hit-italian-banks/ www.secnews.physaphae.fr/article.php?IdArticle=8648786 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) South Korea Suspends DeepSeek AI Downloads Over Privacy Violations South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains]]> 2025-02-17T17:06:00+00:00 https://thehackernews.com/2025/02/south-korea-suspends-deepseek-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8648761 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Plus de la moitié des personnes interrogées dans le cadre de l\'enquête annuelle de KnowBe4 sur l\'Afrique craignent des pertes financières dues à la cybercriminalité Investigations
Plus de la moitié des personnes interrogées dans le cadre de l\'enquête annuelle de KnowBe4 sur l\'Afrique craignent des pertes financières dues à la cybercriminalité L\'une des principales conclusions de l\'enquête est que les Africains sont plus préoccupés par la cybercriminalité qu\'ils ne l\'étaient auparavant il y a deux ans Accéder au contenu multimédia - Investigations]]> 2025-02-17T16:40:08+00:00 https://www.globalsecuritymag.fr/plus-de-la-moitie-des-personnes-interrogees-dans-le-cadre-de-l-enquete-annuelle.html www.secnews.physaphae.fr/article.php?IdArticle=8648779 False None None 3.0000000000000000 Global Security Mag - Site de news francais Westcon-Comstor renforce les démonstrations de cybersécurité multi-fournisseurs avec des intégrations AWS Business
Westcon-Comstor renforce les démonstrations de cybersécurité multi-fournisseurs avec des intégrations AWS L\'évolution du 3D Lab du distributeur met en valeur l\'intérêt de déployer des solutions sur AWS - Business]]> 2025-02-17T16:36:42+00:00 https://www.globalsecuritymag.fr/westcon-comstor-renforce-les-demonstrations-de-cybersecurite-multi-fournisseurs.html www.secnews.physaphae.fr/article.php?IdArticle=8648780 False None None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Atlas of Surveillance Atlas of Surveillance, which documents police surveillance technology across the US.
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US.]]> 2025-02-17T16:35:59+00:00 https://www.schneier.com/blog/archives/2025/02/atlas-of-surveillance.html www.secnews.physaphae.fr/article.php?IdArticle=8648778 False Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CISO\\'s Expert Guide To CTEM And Why It Matters Cyber threats evolve-has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM\'s comprehensive approach is the best overall strategy for shoring up a business\'s cyber defenses in the face of evolving attacks. It also]]> 2025-02-17T16:30:00+00:00 https://thehackernews.com/2025/02/cisos-expert-guide-to-ctem-and-why-it.html www.secnews.physaphae.fr/article.php?IdArticle=8648747 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine South Korea Suspends Downloads of AI Chatbot DeepSeek South Korea\'s Personal Information Protection Commission is blocking DeepSeek AI downloads over privacy concerns]]> 2025-02-17T16:30:00+00:00 https://www.infosecurity-magazine.com/news/south-korea-suspends-deepseek/ www.secnews.physaphae.fr/article.php?IdArticle=8648782 False None None 2.0000000000000000 ANSSI - Flux Étatique Francais Sommet pour l\\'action sur l\\'intelligence artificielle : retour sur les travaux de l\\'ANSSI anssiadm lun 17/02/2025 - 15:34 Dans le cadre du Sommet pour l\'action sur l\'IA, organisé à Paris du 6 au 11 février 2025, l\'ANSSI a piloté, au sein de l\'axe " IA de confiance ", les travaux menés ces derniers mois sur la cybersécurité. L\'occasion de promouvoir son approche visant à privilégier une meilleure prise en compte des risques cyber pour développer la confiance dans l\'IA. L\'ANSSI a organisé un exercice de crise cyber lors du Sommet de l\'IA L\'expertise de l\'ANSSI au service d\'une meilleure appréhension des risques cyber de l\'IA En tant qu\'autorité nationale en matière de cyberdéfense et de cybersécurité, l\'ANSSI a travaillé à l\'identification et la bonne compréhension des risques cyber des systèmes d\'intelligence artificielle (SIA), en collaboration avec ses partenaires nationaux et internationaux, également réunis à Paris à l\'occasion du Sommet pour l\'action sur l\'IA. Des systèmes d\'information qui posent de nouveaux défis à la cybersécurité Dans les travaux qu\'elle a menés, l\'ANSSI souligne en premier lieu que les systèmes intégrant une IA (SIA) demeurent fondamentalement des systèmes logiciels, soumis en tout état de cause aux mêmes vulnérabilités que des systèmes plus classiques, comme le détournement de comptes utilisateurs ou administr]]> 2025-02-17T15:34:05+00:00 https://cyber.gouv.fr/actualites/sommet-pour-laction-sur-lintelligence-artificielle-retour-sur-les-travaux-de-lanssi www.secnews.physaphae.fr/article.php?IdArticle=8648774 False Mobile None 2.0000000000000000 Korben - Bloger francais Nouvelles offres d\'hébergement o2switch - Découvrez Grow, Cloud, et Pro mon précédent article au sujet d’o2switch, je vous retrouve à nouveau pour vous parler d’un truc qui va vraiment vous emballer : leurs toutes nouvelles offres d’hébergement ! Vous connaissez déjà l’ADN d\'o2switch… C’est du 100% français, ils ont leurs propres datacenters, un espace disque illimité en NVMe et ce fameux serveur “PowerBoost” qui file des ailes à vos sites. Mais là, ils ont repensé leur offre pour répondre aux différents besoins de tous leurs clients.
– Article en partenariat avec o2switch – Hello tout le monde ! Après mon précédent article au sujet d’o2switch, je vous retrouve à nouveau pour vous parler d’un truc qui va vraiment vous emballer : leurs toutes nouvelles offres d’hébergement ! Vous connaissez déjà l’ADN d\'o2switch… C’est du 100% français, ils ont leurs propres datacenters, un espace disque illimité en NVMe et ce fameux serveur “PowerBoost” qui file des ailes à vos sites. Mais là, ils ont repensé leur offre pour répondre aux différents besoins de tous leurs clients.]]> 2025-02-17T15:00:00+00:00 https://korben.info/nouvelles-offres-dhebergement-o2switch-decouvrez-grow-cloud-et-pro.html www.secnews.physaphae.fr/article.php?IdArticle=8648773 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack]]> 2025-02-17T14:49:00+00:00 https://thehackernews.com/2025/02/thn-weekly-recap-google-secrets-stolen.html www.secnews.physaphae.fr/article.php?IdArticle=8648690 False Hack,Threat,Cloud,Technical None 2.0000000000000000 HackRead - Chercher Cyber Hackers Exploit Telegram API to Spread New Golang Backdoor The new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for…]]> 2025-02-17T14:36:37+00:00 https://hackread.com/hackers-exploit-telegram-api-spread-golang-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8648769 False Malware,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm CVE-2025-21415 & CVE-2025-21396: Microsoft Addresses Critical Security Risks Cloud-based platforms and AI-driven services continue to remain in the crosshairs of rapidly evolving malware. Recently, Microsoft released a security advisory addressing two critical vulnerabilities affecting Azure AI Face Service (CVE-2025-21415) and Microsoft Account (CVE-2025-21396). These flaws could allow attackers to escalate privileges under specific conditions, leading to unauthorized access and system compromise. Given the increasing reliance on AI and cloud technologies, understanding these vulnerabilities and their implications is crucial for organizations and security professionals. Overview of the Vulnerabilities Microsoft identified and patched two security vulnerabilities that could have led to privilege escalation: 1. CVE-2025-21396 (Microsoft Account Elevation of Privilege Vulnerability) Severity Score: 7.5 (CVSS) Cause: Missing authorization checks in Microsoft Accounts. Risk: An unauthorized attacker could exploit this flaw to elevate privileges over a network. Discovery: Reported by security researcher Sugobet. 2. CVE-2025-21415 (Azure AI Face Service Elevation of Privilege Vulnerability) Severity Score: 9.9 (CVSS) ]]> 2025-02-17T14:35:56+00:00 https://cyble.com/blog/cve-2025-21415-microsoft-critical-security-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8648770 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis]]> 2025-02-17T14:34:00+00:00 https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html www.secnews.physaphae.fr/article.php?IdArticle=8648691 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft Detects New XCSSET MacOS Malware Variant Microsoft has observed a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects]]> 2025-02-17T14:30:00+00:00 https://www.infosecurity-magazine.com/news/new-xcsset-macos-malware-variant/ www.secnews.physaphae.fr/article.php?IdArticle=8648783 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there\'s a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…]]> 2025-02-17T13:43:08+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/17/macos_xcsset_malware_returns/ www.secnews.physaphae.fr/article.php?IdArticle=8648764 False Malware None 2.0000000000000000 HackRead - Chercher Cyber 10 Key SOC Challenges and How AI Addresses Them SOC challenges like alert fatigue, skill shortages and slow response impact cybersecurity. AI-driven solutions enhance SOC efficiency, automation…]]> 2025-02-17T13:42:13+00:00 https://hackread.com/10-key-soc-challenges-and-how-ai-addresses-them/ www.secnews.physaphae.fr/article.php?IdArticle=8648766 False None None 3.0000000000000000 SecurityWeek - Security News New FinalDraft Malware Spotted in Espionage Campaign A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
>A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API. ]]> 2025-02-17T13:39:02+00:00 https://www.securityweek.com/new-finaldraft-malware-spotted-in-espionage-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8648765 False Malware None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities Recorded Future\'s Insikt Group uncovered a Chinese state-sponsored threat group identified by Insikt Group as RedMike, which corresponds...
>Recorded Future\'s Insikt Group uncovered a Chinese state-sponsored threat group identified by Insikt Group as RedMike, which corresponds... ]]> 2025-02-17T13:01:03+00:00 https://industrialcyber.co/threats-attacks/insikt-group-details-redmike-cyber-espionage-campaign-on-telecom-providers-using-cisco-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648758 False Vulnerability,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point\\'s SASE Tops Scores for Threat Prevention Known malware is dangerous, but the real risk lies in never-before-seen zero day threats that slip past defenses. For companies adopting the SASE security model, effective threat prevention is non-negotiable. That\'s why Check Point delivers industry-leading protection for SASE and SSE environments-especially when it matters most. Check Point\'s Harmony SASE blocks 99% of malware including Zero+1 Day threats, according to a recent Miercom report. Other vendors in the report left significant gaps, with some blocking as little as 74% of threats during testing. Even a 90% block rate leaves the door open to hundreds of costly attacks, leading to data […]
>Known malware is dangerous, but the real risk lies in never-before-seen zero day threats that slip past defenses. For companies adopting the SASE security model, effective threat prevention is non-negotiable. That\'s why Check Point delivers industry-leading protection for SASE and SSE environments-especially when it matters most. Check Point\'s Harmony SASE blocks 99% of malware including Zero+1 Day threats, according to a recent Miercom report. Other vendors in the report left significant gaps, with some blocking as little as 74% of threats during testing. Even a 90% block rate leaves the door open to hundreds of costly attacks, leading to data […] ]]> 2025-02-17T13:00:25+00:00 https://blog.checkpoint.com/harmony-sase/check-points-sase-tops-scores-for-threat-prevention/ www.secnews.physaphae.fr/article.php?IdArticle=8648756 False Malware,Threat None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé How to stop Medicare calls 2025-02-17T12:59:44+00:00 https://blog.incogni.com/how-to-stop-medicare-calls/ www.secnews.physaphae.fr/article.php?IdArticle=8648760 False None None 2.0000000000000000 HackRead - Chercher Cyber HashFlare Fraud: Two Estonians Admit to Running $577M Crypto Scam Two Estonian nationals plead guilty to a $577M cryptocurrency Ponzi scheme through HashFlare, defrauding hundreds of thousands globally.…]]> 2025-02-17T12:56:30+00:00 https://hackread.com/hashflare-fraud-two-estonians-running-crypto-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8648757 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial GAO report flags gaps in maritime cybersecurity, urges Coast Guard to boost defenses against global threats The U.S. Government Accountability Office (GAO) published last week a report on progress in protecting the maritime transportation... ]]> 2025-02-17T12:53:05+00:00 https://industrialcyber.co/transport/gao-report-flags-gaps-in-maritime-cybersecurity-urges-coast-guard-to-boost-defenses-against-global-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8648759 False None None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 17th February – Threat Intelligence Report For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […]
>For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […] ]]> 2025-02-17T12:02:40+00:00 https://research.checkpoint.com/2025/17th-february-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8648749 False Ransomware,Threat None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 5 Things to Do If Your Email Is Found on the Dark Web 2025-02-17T12:01:27+00:00 https://blog.incogni.com/things-to-do-when-you-find-your-email-on-the-dark-web/ www.secnews.physaphae.fr/article.php?IdArticle=8648745 False None None 2.0000000000000000 Cyble - CyberSecurity Firm IT Vulnerability Report: Ivanti, Apple Fixes Urged by Cyble Overview Cyble\'s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products. The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures. Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA\'s Known Exploited Vulnerabilities catalog. Cyble\'s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack. The Top IT Vulnerabilities Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure ]]> 2025-02-17T11:56:58+00:00 https://cyble.com/blog/it-vulnerability-ivanti-apple-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8648746 False Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 Korben - Bloger francais J\'ai testé le nouveau Civilization VII de Sid Meier Civilization VII de Sid Meier, qui était, je crois très attendu par les fans et amateurs de ce qu’on appelle je crois, le genre 4X pour eXplore, eXpand, eXploit, eXterminate. Sorti en 1991 chez MicroProse, Civilization a été le pilier fondateur de ce genre et malgré les challengers qui sont venus jouer dans la cour des jeux de stratégie tour par tour, Civilization a su se renouveler et rester au sommet toutes ces années. Bref, la barre est haute, les attentes des fans nombreuses et y’en a même qui ont posé des jours de congé pour s’y remettre.
Je suis content, on m’a demandé de tester le nouveau Civilization VII de Sid Meier, qui était, je crois très attendu par les fans et amateurs de ce qu’on appelle je crois, le genre 4X pour eXplore, eXpand, eXploit, eXterminate. Sorti en 1991 chez MicroProse, Civilization a été le pilier fondateur de ce genre et malgré les challengers qui sont venus jouer dans la cour des jeux de stratégie tour par tour, Civilization a su se renouveler et rester au sommet toutes ces années. Bref, la barre est haute, les attentes des fans nombreuses et y’en a même qui ont posé des jours de congé pour s’y remettre.]]> 2025-02-17T11:47:33+00:00 https://korben.info/meilleur-test-civilization-vii-sid-meier.html www.secnews.physaphae.fr/article.php?IdArticle=8648752 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Massive Data Exposure at Mars Hydro Highlights IoT Security Risks Jeremiah Fowler, an experienced cybersecurity researcher at vpnMentor and co-founder of Security Discovery, has uncovered a massive data exposure involving nearly 2.7 billion records linked to Mars Hydro, a China-based manufacturer of IoT-enabled grow lights.   The breach, which included sensitive Wi-Fi credentials, IP addresses, and device details, underscores ongoing concerns about IoT security and data [...]]]> 2025-02-17T11:35:09+00:00 https://informationsecuritybuzz.com/data-exposure-at-mars-hydro-highli-iot/ www.secnews.physaphae.fr/article.php?IdArticle=8648753 False None None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite eSentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms eSentire\'s Threat Response Unit (TRU) has uncovered a new cyber espionage campaign leveraging a legitimate Adobe executable to sideload the EarthKapre/RedCurl loader. The attack specifically targeted a firm in the Legal Services industry, highlighting the group\'s persistent focus on corporate espionage.  A Sophisticated Attack Chain  The TRU team said the initial foothold was gained through [...]]]> 2025-02-17T11:18:40+00:00 https://informationsecuritybuzz.com/esentire-unc-earthkapre-redcurl-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8648754 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Telegram Used as C2 Channel for New Golang Malware A Golang backdoor is using Telegram as its command and control (C2) channel, an approach that makes detection harder for defenders, according to Netskope researchers]]> 2025-02-17T11:15:00+00:00 https://www.infosecurity-magazine.com/news/telegram-c2-channel-golang-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8648748 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft spots XCSSET macOS malware variant used for crypto theft A new variant of the XCSSET macOS modular malware has emerged in attacks that target users\' sensitive information, including digital wallets and data from the legitimate Notes app. [...]]]> 2025-02-17T11:04:51+00:00 https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8648775 False Malware None 2.0000000000000000 SecurityWeek - Security News Xerox Versalink Printer Vulnerabilities Enable Lateral Movement Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers.
>Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers. ]]> 2025-02-17T11:00:00+00:00 https://www.securityweek.com/xerox-versalink-printer-vulnerabilities-enable-lateral-movement/ www.secnews.physaphae.fr/article.php?IdArticle=8648689 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme Two Estonian nationals have pleaded guilty to running a cryptocurrency-related Ponzi scheme]]> 2025-02-17T10:15:00+00:00 https://www.infosecurity-magazine.com/news/estonian-duo-guilty-577m-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8648692 False None None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Katharine Hayhoe: The most important climate equation | Starmus highlights The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action]]> 2025-02-17T10:00:00+00:00 https://www.welivesecurity.com/en/we-live-science/katharine-hayhoe-most-important-climate-equation-starmus-highlights/ www.secnews.physaphae.fr/article.php?IdArticle=8648902 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto Networks and SonicWall Firewalls Under Attack Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation]]> 2025-02-17T09:30:00+00:00 https://www.infosecurity-magazine.com/news/palo-alto-networks-sonicwall/ www.secnews.physaphae.fr/article.php?IdArticle=8648686 False Vulnerability None 2.0000000000000000 Korben - Bloger francais Khoj - Un assistant IA privé qui vous accompagne au quotidien Khoj, et c’est un projet open source très prometteur qui permet de disposer d’un assistant capable de discuter naturellement avec vous de n’importe quel sujet, tout en s’appuyant sur vos propres documents quand c’est pertinent.
Vous rêvez d’un assistant personnel intelligent qui comprenne vraiment vos besoins, fouille efficacement dans vos documents et vous aide à être plus productif alors j’ai peut-être trouvé la solution qu’il vous faut ! Ça s’apelle Khoj, et c’est un projet open source très prometteur qui permet de disposer d’un assistant capable de discuter naturellement avec vous de n’importe quel sujet, tout en s’appuyant sur vos propres documents quand c’est pertinent.]]> 2025-02-17T09:00:00+00:00 https://korben.info/khoj-assistant-ia-prive-productivite.html www.secnews.physaphae.fr/article.php?IdArticle=8648681 False None None 3.0000000000000000 Cisco - Security Firm Blog Meet the Cybersecurity Defender of 2025 for EMEA Cisco\'s 2025 EMEA Cybersecurity Defender of the Year award goes to the team at SAP Enterprise Cloud Services, who raised the bar for overall security posture.]]> 2025-02-17T08:30:00+00:00 https://blogs.cisco.com/security/meet-the-cybersecurity-defender-of-2025-for-emea/ www.secnews.physaphae.fr/article.php?IdArticle=8648680 False Cloud None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Lessons Learned from Being a Single Mum that Relate to Cyber Security Two years ago this summer, I became a single mum. It was a bit of a hectic time. I was pregnant with my second child, and my toddler was full of energy. I needed to quickly learn how to balance the little bit of energy I did have, to ensure both children were happy and [...]]]> 2025-02-17T05:38:18+00:00 https://informationsecuritybuzz.com/lesson-learned-from-being-a-single-mum/ www.secnews.physaphae.fr/article.php?IdArticle=8648673 False None None 2.0000000000000000 The State of Security - Magazine Américain Advanced Ransomware Evasion Techniques in 2025 Ransomware has become more than a threat-it\'s a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn\'t an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks. The best way to combat the threat is to dive into cutting-edge techniques for ransomware evasion and the strategies needed to stay one step ahead. The State of Ransomware in 2024 2024 marked a turning point in the...]]> 2025-02-17T03:10:22+00:00 https://www.tripwire.com/state-of-security/advanced-ransomware-evasion-techniques www.secnews.physaphae.fr/article.php?IdArticle=8648684 False Ransomware,Threat None 3.0000000000000000 The State of Security - Magazine Américain #TripwireBookClub - Black Hat Bash: Creative Scripting for Hackers and Pentesters Up Next from #TripwireBookClub is Black Hat Bash: Creative Scripting for Hackers and Pentesters by Dolev Farhi and Nick Aleks. This duo previously published Black Hat GraphQL, which we reviewed in March 2024. This book did not disappoint. I think that my favourite aspect of the book is the way that it uses stepping stones to get you through the book. Although I don\'t teach anymore, I always think about the possibility of using a book as a textbook. This one would be fantastic for teaching an introduction to Bash course or even for use in an intro to Linux course. I think that first-year...]]> 2025-02-17T03:10:16+00:00 https://www.tripwire.com/state-of-security/tripwirebookclub-black-hat-bash-creative-scripting-hackers-and-pentesters www.secnews.physaphae.fr/article.php?IdArticle=8648685 False None None 2.0000000000000000 The Register - Site journalistique Anglais Twin Google flaws allowed attacker to get from YouTube ID to Gmail address in a few easy steps PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief  A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn\'t good because the search and ads giant promised not to do that.…]]> 2025-02-17T02:25:06+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/17/infosec_news_in_brief/ www.secnews.physaphae.fr/article.php?IdArticle=8648666 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Estonian spy chief: \\'Hybrid schmybrid, what\\'s happening is attacks\\' In a late panel discussion on Saturday at the Munich Security Conference, Kaupo Rosin protested the use of the word which has been applied to a range of hostile activities that are deemed to be deniable or below the threshold justifying an armed response.]]> 2025-02-17T00:33:07+00:00 https://therecord.media/estonian-spy-chief-russia-hybrid-attacks-are-real-attacks www.secnews.physaphae.fr/article.php?IdArticle=8648661 False Conference None 2.0000000000000000 Cyber Skills - Podcast Cyber The Growing Threat of Phishing Attacks and How to Protect Yourself Phishing remains the most common type of cybercrime, evolving into a sophisticated threat that preys on human psychology and advanced technology. Traditional phishing involves attackers sending fake, malicious links disguised as legitimate messages to trick victims into revealing sensitive information or installing malware. However, phishing attacks have become increasingly advanced, introducing what experts call "phishing 2.0" and psychological phishing.  Phishing 2.0 leverages AI to analyse publicly available data, such as social media profiles and public records, to craft highly personalized and convincing messages. These tailored attacks significantly increase the likelihood of success. Psychological manipulation also plays a role in phishing schemes. Attackers exploit emotions like fear and trust, often creating a sense of urgency to pressure victims into acting impulsively. By impersonating trusted entities, such as banks or employers, they pressure victims into following instructions without hesitation.  AI has further amplified the efficiency and scale of phishing attacks. Cybercriminals use AI tools to generate convincing scam messages rapidly, launch automated campaigns and target thousands of individuals within minutes. Tools like ChatGPT, when misused in “DAN mode”, can bypass ethical restrictions to craft grammatically correct and compelling messages, aiding attackers who lack English fluency.  ]]> 2025-02-17T00:00:00+00:00 https://www.cyberskills.ie/explore/news/the-growing-threat-of-phishing-attacks-and-how-to-protect-yourself--.html www.secnews.physaphae.fr/article.php?IdArticle=8648755 False Malware,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 Intigrity - Blog Software industry: Top vulnerabilities in 2024 and what to watch for in 2025 The software industry continues to evolve rapidly, driven by the adoption of cloud services, increasingly complex SaaS ecosystems, and the reliance on open-source components. But with innovation comes risk: vulnerabilities are being exploited at an alarming rate, threatening billions of dollars in operations, data, and trust.    In 2024, the software industry was rocked by cybe…]]> 2025-02-17T00:00:00+00:00 https://www.intigriti.com/blog/business-insights/software-industry-top-vulnerabilities-in-2024-and-what-to-watch-for-in-2025 www.secnews.physaphae.fr/article.php?IdArticle=8648516 False Vulnerability,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain New FinalDraft malware abuses Outlook mail service for stealthy comms A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. [...]]]> 2025-02-16T10:15:30+00:00 https://www.bleepingcomputer.com/news/security/new-finaldraft-malware-abuses-outlook-mail-service-for-stealthy-comms/ www.secnews.physaphae.fr/article.php?IdArticle=8648660 False Malware None 2.0000000000000000 Korben - Bloger francais Imprimez vos contributions GitHub en 3D avec Skyline gh-skyline, une extension pour GitHub CLI qui transforme votre graphique de contributions en un modèle 3D imprimable. Avec gh-skyline, chacune de vos contributions se matérialise donc en relief, créant une véritable skyline urbaine qui racontera votre histoire de dev… Et plus vous contribuez, plus les “buildings” s’élèvent, formant un paysage unique qui représente votre activité sur la plateforme.
Vous pensez tout savoir de votre activité sur GitHub ? Alors attendez de découvrir cet outil qui va vous permettre de tenir dans vos mains une représentation physique et tangible de votre travail de développeur. C’est ce que propose gh-skyline, une extension pour GitHub CLI qui transforme votre graphique de contributions en un modèle 3D imprimable. Avec gh-skyline, chacune de vos contributions se matérialise donc en relief, créant une véritable skyline urbaine qui racontera votre histoire de dev… Et plus vous contribuez, plus les “buildings” s’élèvent, formant un paysage unique qui représente votre activité sur la plateforme.]]> 2025-02-16T09:00:00+00:00 https://korben.info/imprimer-contributions-github-3d-skyline.html www.secnews.physaphae.fr/article.php?IdArticle=8648630 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Roping in cyber risk quantification across industrial networks to safeguard OT asset owners amid rising threats With the changing threat environment, industrial and operational environments are under greater pressure than ever to reconcile operational... ]]> 2025-02-16T03:03:45+00:00 https://industrialcyber.co/risk-management/roping-in-cyber-risk-quantification-across-industrial-networks-to-safeguard-ot-asset-owners-amid-rising-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8648617 False Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Android\\'s New Feature Blocks Fraudsters from Sideloading Apps During Calls Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt]]> 2025-02-15T15:56:00+00:00 https://thehackernews.com/2025/02/androids-new-feature-blocks-fraudsters.html www.secnews.physaphae.fr/article.php?IdArticle=8648580 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Sweden\\'s PM on suspected cable sabotage: \\'We don\\'t believe random things suddenly happen quite often\\' Sweden\'s Prime Minister Ulf Kristersson told the Munich Security Conference on Saturday that the country didn\'t believe a series of submarine cable cuts in the Baltic Sea were simply coincidental.]]> 2025-02-15T15:08:36+00:00 https://therecord.media/sweden-pm-on-suspected-russian-cable-breaks-not-an-accident www.secnews.physaphae.fr/article.php?IdArticle=8648595 False Conference None 3.0000000000000000