www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T18:24:17+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine DDoS Attack Volume and Magnitude Continues to Soar Gcore reported a 56% year-over-year rise in DDoS attacks in H2 2024, highlighting a steep long-term growth tend for the attack technique]]> 2025-02-11T15:00:00+00:00 https://www.infosecurity-magazine.com/news/ddos-attack-volume-magnitude/ www.secnews.physaphae.fr/article.php?IdArticle=8648078 False None None 3.0000000000000000 Dark Reading - Informationweek Branch DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.]]> 2025-02-11T14:56:58+00:00 https://www.darkreading.com/cyber-risk/deepseek-fails-multiple-security-tests-business-use www.secnews.physaphae.fr/article.php?IdArticle=8648063 False Malware None 3.0000000000000000 MitnickSecurity - Former Hacker Services The Importance of Cyber Security in Fintech fintech in cybersecurity

Most people have ditched their cash for debit cards, Apple Pay, and other digital payment platforms for managing their money. The convenience of going cashless is undeniable, but so are the security risks.]]> 2025-02-11T14:36:45+00:00 https://www.mitnicksecurity.com/blog/fintech-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8648055 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain Windows 10 KB5051974 update force installs new Microsoft Outlook app Microsoft has released the KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windows app and fixes a memory leak bug. [...]]]> 2025-02-11T14:32:57+00:00 https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5051974-update-force-installs-new-microsoft-outlook-app/ www.secnews.physaphae.fr/article.php?IdArticle=8648113 False None None 3.0000000000000000 The State of Security - Magazine Américain VERT Threat Alert: February 2025 Patch Tuesday Analysis Today\'s VERT Alert addresses Microsoft\'s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21391 A vulnerability in Windows Storage could lead to elevation of privilege, however, it is important to note that this would not give complete access to the file system. Instead, it only allows attackers to delete files they wouldn\'t otherwise have permission to remove. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21418 A...]]> 2025-02-11T14:28:37+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-february-2025-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8648118 False Vulnerability,Threat None 3.0000000000000000 Detection At Scale - Blog de reverseur Des journaux au contexte: évolution de SIEM avec l'intelligence des actifs<br>From Logs to Context: Evolving SIEM with Asset Intelligence How to build intelligent detections through asset context and infrastructure intelligence]]> 2025-02-11T14:23:15+00:00 https://www.detectionatscale.com/p/contextualizing-logs www.secnews.physaphae.fr/article.php?IdArticle=8654614 False None None 3.0000000000000000 UnderNews - Site de news "pirate" francais Cyber résilience : la nécessité d\'une collaboration étroite entre les équipes réseaux et sécurité Alors que les cybermenaces et les infrastructures réseaux se complexifient, les entreprises peinent à maintenir un niveau de sécurité IT optimal. La séparation historique entre les équipes chargées du réseau et de la sécurité devient en effet un obstacle majeur. Ainsi, le développement d’une plateforme de gestion centralisée, offrant une visibilité accrue sur les activités […] The post Cyber résilience : la nécessité d\'une collaboration étroite entre les équipes réseaux et sécurité first appeared on UnderNews.

>Alors que les cybermenaces et les infrastructures réseaux se complexifient, les entreprises peinent à maintenir un niveau de sécurité IT optimal. La séparation historique entre les équipes chargées du réseau et de la sécurité devient en effet un obstacle majeur. Ainsi, le développement d’une plateforme de gestion centralisée, offrant une visibilité accrue sur les activités […] The post Cyber résilience : la nécessité d\'une collaboration étroite entre les équipes réseaux et sécurité first appeared on UnderNews.]]> 2025-02-11T14:15:14+00:00 https://www.undernews.fr/reseau-securite/cyber-resilience-la-necessite-dune-collaboration-etroite-entre-les-equipes-reseaux-et-securite.html www.secnews.physaphae.fr/article.php?IdArticle=8648056 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks Ransomware groups are adopting agile techniques in a quantity-over-quality approach, according to a new report from Huntress]]> 2025-02-11T14:00:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-gangs-prioritize-speed/ www.secnews.physaphae.fr/article.php?IdArticle=8648048 False Ransomware None 3.0000000000000000 Bleeping Computer - Magazine Américain Fortinet warns of new zero-day exploited to hijack firewalls Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]]]> 2025-02-11T13:56:13+00:00 https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/ www.secnews.physaphae.fr/article.php?IdArticle=8648107 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Ransomware Groups Made Less Money in 2024 Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.]]> 2025-02-11T13:25:19+00:00 https://www.darkreading.com/cybersecurity-operations/ransomware-groups-made-less-money-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8648054 False Ransomware None 3.0000000000000000 Sekoia - Cyber Firms RATatouille: Cooking Up Chaos in the I2P Kitchen This article was originally distributed as a private FLINT report to our customers on 29 January 2025. Introduction During our daily tracking and analysis routine at TDR (Threat Detection & Research), we have been monitoring a technique known as ClickFix12. One of the payloads dropped in a campaign starting from November 2024 drew our attention […] La publication suivante RATatouille: Cooking Up Chaos in the I2P Kitchen est un article de Sekoia.io Blog.

>This article was originally distributed as a private FLINT report to our customers on 29 January 2025. Introduction During our daily tracking and analysis routine at TDR (Threat Detection & Research), we have been monitoring a technique known as ClickFix12. One of the payloads dropped in a campaign starting from November 2024 drew our attention […] La publication suivante RATatouille: Cooking Up Chaos in the I2P Kitchen est un article de Sekoia.io Blog.]]> 2025-02-11T13:13:35+00:00 https://blog.sekoia.io/ratatouille-cooking-up-chaos-in-the-i2p-kitchen/ www.secnews.physaphae.fr/article.php?IdArticle=8648045 False None None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Breaking (Fire)Walls & Glass Ceilings: Women Leading Digital Revolution and Cyber Security\'s Next Frontier Cyber security is at the heart of today's digital revolution, yet it remains one of the most male-dominated sectors in science and technology. Data from Zippia shows that while women hold 48% of roles in the broader workforce, they represent only 24% of the cyber security workforce. In leadership, the numbers are similar -just 16% of cyber security industry vice presidents are women, yet some companies, like Check Point, have exceeded this by reaching 20% female VPs globally. This disparity isn't just a pipeline problem-it's also a perception problem. Girls and young women often don't see cyber security as an […] ]]> 2025-02-11T13:00:28+00:00 https://blog.checkpoint.com/company-and-culture/breaking-firewalls-glass-ceilings-women-leading-digital-revolution-and-cyber-securitys-next-frontier/ www.secnews.physaphae.fr/article.php?IdArticle=8648033 False None None 3.0000000000000000 HackRead - Chercher Cyber SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers 2025-02-11T13:00:08+00:00 https://hackread.com/systembc-rat-targets-linux-ransomware-infostealers/ www.secnews.physaphae.fr/article.php?IdArticle=8648034 False None None 3.0000000000000000 Dragos - CTI Society Dragos Industrial Ransomware Analysis: Q4 2024 In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024 first appeared on Dragos.

>In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024 first appeared on Dragos.]]> 2025-02-11T13:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q4-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8648046 False Ransomware,Threat,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products Overview The Cyber Security Agency of Singapore (CSA) has recently issued a warning regarding the active exploitation of a zero-day vulnerability (CVE-2025-24200) in a range of Apple products. This critical vulnerability is being actively targeted, and Apple has released timely security updates to address the issue. If exploited, the vulnerability could allow attackers to bypass certain security features and gain unauthorized access to sensitive data through USB connections. The vulnerability, identified as CVE-2025-24200, affects various Apple devices, including iPhones and iPads. Specifically, the issue lies in the USB Restricted Mode, a security feature designed to prevent unauthorized access to a device\'s data when it is locked. A successful attack could disable this mode, allowing an unauthenticated attacker to access the device\'s data via a USB connection, even if the device is locked. This flaw has been dubbed a "zero-day vulnerability," as it was discovered and actively exploited before a patch or security fix was made available. Apple has moved quickly to resolve the issue with new security updates released on February 10, 2025. Affected Apple Products ]]> 2025-02-11T12:46:32+00:00 https://cyble.com/blog/csa-alerts-users-of-cve-2025-24200/ www.secnews.physaphae.fr/article.php?IdArticle=8648036 False Vulnerability,Threat,Mobile None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial GCSB report reveals sophisticated attacks, boosts cyber resilience amid rising espionage and ransomware The New Zealand\'s National Cyber Security Centre (NCSC), a part of the Government Communications Security Bureau (GCSB) revealed... ]]> 2025-02-11T12:44:05+00:00 https://industrialcyber.co/reports/gcsb-report-reveals-sophisticated-attacks-boosts-cyber-resilience-amid-rising-espionage-and-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8648042 False Ransomware None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Silobreaker, Health-ISAC partner; offer members free trial access to its threat intelligence platform Silobreaker announced on Tuesday its partnership with Health Information Sharing and Analysis Center (Health-ISAC) as a Community Services...

>Silobreaker announced on Tuesday its partnership with Health Information Sharing and Analysis Center (Health-ISAC) as a Community Services... ]]> 2025-02-11T12:41:56+00:00 https://industrialcyber.co/news/silobreaker-health-isac-partner-offer-members-free-trial-access-to-its-threat-intelligence-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8648043 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 8Base Ransomware Site Seized, Phobos Suspects Arrested in Thailand 2025-02-11T12:40:00+00:00 https://www.infosecurity-magazine.com/news/8base-ransomware-phobos-arrested/ www.secnews.physaphae.fr/article.php?IdArticle=8648035 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor]]> 2025-02-11T12:33:00+00:00 https://thehackernews.com/2025/02/8base-ransomware-data-leak-sites-seized.html www.secnews.physaphae.fr/article.php?IdArticle=8647989 False Ransomware,Legislation None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Trusted Encryption Environments survey of Trusted Encryption Environments (TEEs.)

Really good—and detailed—survey of Trusted Encryption Environments (TEEs.)]]> 2025-02-11T12:08:36+00:00 https://www.schneier.com/blog/archives/2025/02/trusted-encryption-environments.html www.secnews.physaphae.fr/article.php?IdArticle=8648044 False None None 3.0000000000000000 SecurityWeek - Security News US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave Staffers at the nation\'s cybersecurity agency whose job is to ensure the security of US elections have been placed on administrative leave.

>Staffers at the nation\'s cybersecurity agency whose job is to ensure the security of US elections have been placed on administrative leave. ]]> 2025-02-11T11:42:21+00:00 https://www.securityweek.com/us-cyber-agency-puts-election-security-staffers-who-worked-with-the-states-on-leave/ www.secnews.physaphae.fr/article.php?IdArticle=8648032 False None None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Apple Hide My Email settings 2025-02-11T11:34:08+00:00 https://blog.incogni.com/apple-hide-my-email-settings/ www.secnews.physaphae.fr/article.php?IdArticle=8648023 False None None 2.0000000000000000 Cyble - CyberSecurity Firm EFCC Witness Exposes Shocking Details of Cyber Terrorism and Internet Fraud Scheme Overview In a highly anticipated trial on February 7, 2025, Rowland Turaki, a former employee of the accused, Xiao Hong Will, a Chinese national, took the stand as the first prosecution witness in the ongoing case concerning alleged cyber terrorism and internet fraud. The trial, which is being heard at the Federal High Court in Ikoyi, Lagos, is centered on Xiao Hong Will and his company, Genting International Co. Limited, both facing serious charges related to cybercrimes, identity theft, and fraud. The witness, who was studying cybersecurity at the time, described in vivid detail how his employers instructed him to disguise himself as a woman to gain the trust of potential clients for fraudulent schemes. According to Turaki, he was employed by Genting International, a company allegedly linked to a network of cybercriminals engaged in elaborate internet fraud operations. The company is accused of using deceptive tactics, including employing Nigerian youths for identity theft and cyber-terrorism activities aimed at destabilizing Nigeria\'s constitutional structure. The Arrest of Xiao Hong Will Xiao Hong Will, arrested during the EFCC\'s "Eagle Flush Operation" in Lagos on December 19, 2024, is charged with a series of crimes under the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (As Amended, 2024). He and his company allegedly facilitated the exploitation of victims by using fraudulent identities and cryptocurrency schemes to gain financial advantage. The prosecution has charged Hong Will and Genting International with using Nigerian youths to create fake personas, potential]]> 2025-02-11T11:23:25+00:00 https://cyble.com/blog/efcc-witness-details-cyber-terrorism/ www.secnews.physaphae.fr/article.php?IdArticle=8648026 False Threat,Legislation,Medical,Technical None 3.0000000000000000 Global Security Mag - Site de news francais Threat Landscape Almond : la menace cyber franchit un nouveau cap Investigations]]> 2025-02-11T11:07:51+00:00 https://www.globalsecuritymag.fr/threat-landscape-almond-la-menace-cyber-franchit-un-nouveau-cap.html www.secnews.physaphae.fr/article.php?IdArticle=8648014 False Threat None 3.0000000000000000 SecurityWeek - Security News OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials A hacker recently offered to sell 20 million OpenAI credentials, but the data likely comes from information stealers, not the AI firm\'s systems.

>A hacker recently offered to sell 20 million OpenAI credentials, but the data likely comes from information stealers, not the AI firm\'s systems. ]]> 2025-02-11T11:05:00+00:00 https://www.securityweek.com/openai-finds-no-evidence-of-breach-after-hacker-offers-to-sell-20m-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8648020 False None None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection NIS2 Compliance: Interpreting \\'State-of-the-Art\\' for Organisations This blog explores key technical factors that define state-of-the-art cybersecurity. Drawing on expertise from our business, academia, and national security standards, outlining five essential criteria.]]> 2025-02-11T10:55:42+00:00 https://darktrace.com/blog/nis2-compliance-interpreting-state-of-the-art-for-organisations www.secnews.physaphae.fr/article.php?IdArticle=8648011 False Technical None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Apple Mitigates “Extremely Sophisticated” Zero-Day Exploit Apple has patched a zero-day vulnerability being exploited in targeted attacks]]> 2025-02-11T10:30:00+00:00 https://www.infosecurity-magazine.com/news/apple-update-extremely/ www.secnews.physaphae.fr/article.php?IdArticle=8648021 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This]]> 2025-02-11T10:02:00+00:00 https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html www.secnews.physaphae.fr/article.php?IdArticle=8647977 False Vulnerability,Threat None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET How AI-driven identify fraud is causing havoc Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here\'s how to fight back]]> 2025-02-11T10:00:00+00:00 https://www.welivesecurity.com/en/cybersecurity/ai-driven-identify-fraud-havoc/ www.secnews.physaphae.fr/article.php?IdArticle=8648698 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine OpenAI Was Not Breached, Say Researchers Kela researchers explain that infostealers are to blame for compromised OpenAI logins]]> 2025-02-11T09:45:00+00:00 https://www.infosecurity-magazine.com/news/openai-was-not-breached-say/ www.secnews.physaphae.fr/article.php?IdArticle=8648010 False None None 3.0000000000000000 Global Security Mag - Site de news francais Hexnode Extends UEM Support to Linux, ChromeOS, and visionOS for Unified Device Security Product Reviews

Hexnode Extends UEM Support to Linux, ChromeOS, and visionOS for Unified Device Security - Product Reviews]]> 2025-02-11T09:34:38+00:00 https://www.globalsecuritymag.fr/hexnode-extends-uem-support-to-linux-chromeos-and-visionos-for-unified-device.html www.secnews.physaphae.fr/article.php?IdArticle=8648003 False None None 3.0000000000000000 Global Security Mag - Site de news francais Sécurité des applications web et API : une étude révèle les vulnérabilités face à l\'évolution des cybermenaces Investigations

Sécurité des applications web et API : une étude révèle les vulnérabilités face à l\'évolution des cybermenaces • Les organisations peinent à suivre l\'expansion rapide des APIs malgré l\'adoption généralisée de solutions de sécurité • Les défis du multi-cloud complexifient la gestion de la sécurité à grande échelle • La sophistication croissante des cyberattaques souligne un besoin urgent de solutions de défense consolidées et automatisées - Investigations]]> 2025-02-11T09:29:01+00:00 https://www.globalsecuritymag.fr/securite-des-applications-web-et-api-une-etude-revele-les-vulnerabilites-face-a.html www.secnews.physaphae.fr/article.php?IdArticle=8648004 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain US sanctions LockBit ransomware\\'s bulletproof hosting provider The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. [...]]]> 2025-02-11T09:24:43+00:00 https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/ www.secnews.physaphae.fr/article.php?IdArticle=8648057 False Ransomware None 2.0000000000000000 Korben - Bloger francais Transformez le monde réel en map Minecraft avec Arnis Arnis, un projet open source vraiment très cool. Développé en Rust, Arnis fait le pont entre notre bonne vieille Terre et l’univers cubique de Minecraft en exploitant tout simplement la puissance d’OpenStreetMap. Pour rappel, c’est une formidable base de données cartographique collaborative qui recense routes, bâtiments et points d’intérêt du monde entier.

Amis crafteurs, préparez-vous à voir votre monde d’une toute nouvelle façon car il est désormais possible de recréer votre ville, votre quartier ou même la Cathédrale de Clermont-Ferrand dans Minecraft avec une précision chirurgicale. C’est ce que permet de faire Arnis, un projet open source vraiment très cool. Développé en Rust, Arnis fait le pont entre notre bonne vieille Terre et l’univers cubique de Minecraft en exploitant tout simplement la puissance d’OpenStreetMap. Pour rappel, c’est une formidable base de données cartographique collaborative qui recense routes, bâtiments et points d’intérêt du monde entier.]]> 2025-02-11T09:00:00+00:00 https://korben.info/transformez-monde-reel-minecraft-arnis.html www.secnews.physaphae.fr/article.php?IdArticle=8648001 False None None 3.0000000000000000 Cisco - Security Firm Blog Fusing Security Into the Network Fabric: From Hybrid Mesh Firewalls to Universal ZTNA In the changing landscape of network security, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense.]]> 2025-02-11T08:51:00+00:00 https://blogs.cisco.com/security/fusing-security-into-the-network-fabric-from-hybrid-mesh-firewalls-to-universal-ztna/ www.secnews.physaphae.fr/article.php?IdArticle=8647995 False None None 3.0000000000000000 HackRead - Chercher Cyber Gcore Radar report reveals 56% year-on-year increase in DDoS attacks Luxembourg, Luxembourg, 11th February 2025, CyberNewsWire]]> 2025-02-11T07:00:28+00:00 https://hackread.com/gcore-radar-report-reveals-56-year-on-year-increase-in-ddos-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8647988 False Studies None 4.0000000000000000 The State of Security - Magazine Américain Building a Vulnerability Management Program from Scratch Building a vulnerability management (VM) program from the ground up is no small feat. It requires technical expertise, organizational buy-in, and a clear roadmap. In recent months, I\'ve been working with a client who had to discard their legacy approach and start afresh. We came to realize just how many components have to come together to get a decent start on a VM project while also showing value along the way. I am confident that sharing this experience can help others succeed in building a vulnerability management program. The ”Why” question It may seem odd to define VM for those in the...]]> 2025-02-11T02:39:20+00:00 https://www.tripwire.com/state-of-security/building-vulnerability-management-program-scratch www.secnews.physaphae.fr/article.php?IdArticle=8648002 False Vulnerability,Technical None 3.0000000000000000 Fortinet Vunerability - Fortinet Vunerability Stack buffer overflow in fabric service A stack-based buffer overflow [CWE-121] vulnerability in FortiOS CAPWAP control may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-160 www.secnews.physaphae.fr/article.php?IdArticle=8648091 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Use of Hard-coded Cryptographic Key to encrypt sensitive data A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager may allow an attacker with JSON API access permissions to decrypt some secrets even if the \'private-data-encryption\' setting is enabled. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-094 www.secnews.physaphae.fr/article.php?IdArticle=8648092 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Off-by-slash vulnerability in Nginx config An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-25-015 www.secnews.physaphae.fr/article.php?IdArticle=8648088 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability OS command injection in external connector An improper neutralization of special elements used in an OS command (\'OS Command Injection\') vulnerability [CWE-78] in FortiAnalyzer, FortiManager, FortiAnalyzer BigData, FortiAnalyzer Cloud and FortiManager Cloud GUI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted HTTPS or HTTP requests. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-220 www.secnews.physaphae.fr/article.php?IdArticle=8648087 False Vulnerability,Cloud None None Fortinet Vunerability - Fortinet Vunerability FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands A use of externally-controlled format string vulnerability [CWE-134] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager CLI may allow a privileged attacker to execute arbitrary code or commands via specially crafted requests. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-261 www.secnews.physaphae.fr/article.php?IdArticle=8648080 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Improper access control to FortiSslvpnNamedPipe An Improper Access Control vulnerability [CWE-284] in FortiClient Windows may allow a local user to escalate their privileges via FortiSSLVPNd service pipe. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-23-279 www.secnews.physaphae.fr/article.php?IdArticle=8648082 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Improper Authentication in FortiMonitor Agent An Improper Authentication vulnerability [CWE-287] for FortiClientMac may allow an unauthenticated attacker with local access to the MacOS device to login without a password as a standard user. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-300 www.secnews.physaphae.fr/article.php?IdArticle=8648081 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Insertion of sensitive information into Event log An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiAnalyzer and FortiManager eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-311 www.secnews.physaphae.fr/article.php?IdArticle=8648083 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability OS Command Injections An Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') [CWE-78] in FortiWeb API endpoints may allow an authenticated attacker with admin privileges to execute arbitrary code or commands on the underlying system via crafted requests. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-438 www.secnews.physaphae.fr/article.php?IdArticle=8648086 False None None None Fortinet Vunerability - Fortinet Vunerability Multiple arbitrary file deletion in the CLI An improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability [CWE-22] in FortiManager and FortiAnalyzer CLI may allow any authenticated admin user with diagnose privileges to delete any file on the system. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-147 www.secnews.physaphae.fr/article.php?IdArticle=8648085 False Vulnerability None None Silicon - Site de News Francais { Tribune Expert } - Quel est l\'impact de DORA pour les utilisateurs de Java du secteur financier ? Les institutions financières doivent s\'assurer que leur empreinte Java, et celle de leurs prestataires ou services tiers, est bien conforme à la réglementation DORA.]]> 2025-02-11T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/tribune-expert-quel-impact-dora-utilisateurs-java-secteur-467570.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8648022 False None None 3.0000000000000000 Fortinet Vunerability - Fortinet Vunerability Permission escalation due to an Improper Privilege Management An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-302 www.secnews.physaphae.fr/article.php?IdArticle=8648089 False Vulnerability None None Fortinet Vunerability - Fortinet Vunerability Disclosure of Logs of Devices not belonging to the Current ADOM from Log View An Exposure of Sensitive Information to an Unauthorized Actor [CWE-200] in the Log View component of FortiAnalyzer may allow a local authenticated user with admin privileges to view logs of devices not belonging to the current ADOM Revised on 2025-02-11 00:00:00]]> 2025-02-11T00:00:00+00:00 https://fortiguard.fortinet.com/psirt/FG-IR-24-422 www.secnews.physaphae.fr/article.php?IdArticle=8648079 False None None None Dark Reading - Informationweek Branch XE Group Shifts From Card Skimming to Supply Chain Attacks The likely Vietnam-based threat actor has been using two zero-days in VeraCore\'s warehouse management software in some of its latest cyberattacks.]]> 2025-02-10T21:58:30+00:00 https://www.darkreading.com/cyber-risk/xe-group-shifts-card-skimming-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=8647943 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Vigilance.fr - Ivanti Sentry : élévation de privilèges via Application Components, analysé le 10/12/2024 Vulnérabilités

Un attaquant peut contourner les restrictions de Ivanti Sentry, via Application Components, afin d\'élever ses privilèges. - Vulnérabilités]]> 2025-02-10T21:56:55+00:00 https://www.globalsecuritymag.fr/vigilance-fr-ivanti-sentry-elevation-de-privileges-via-application-components.html www.secnews.physaphae.fr/article.php?IdArticle=8647942 False None None 2.0000000000000000 Global Security Mag - Site de news francais Vigilance.fr - Ivanti Sentry: privilege escalation via Application Components, analyzed on 10/12/2024 Security Vulnerability

An attacker can bypass restrictions of Ivanti Sentry, via Application Components, in order to escalate his privileges. - Security Vulnerability]]> 2025-02-10T21:56:55+00:00 https://www.globalsecuritymag.fr/vigilance-fr-ivanti-sentry-privilege-escalation-via-application-components.html www.secnews.physaphae.fr/article.php?IdArticle=8647933 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Hacker who hijacked SEC\\'s X account pleads guilty, faces maximum five-year sentence Alabama native Eric Council Jr. confessed to taking over the Securities and Exchange Commission\'s account and posting false information that caused the price of bitcoin to swing wildly.]]> 2025-02-10T21:54:42+00:00 https://therecord.media/hacker-hijacked-sec-account-maximum www.secnews.physaphae.fr/article.php?IdArticle=8647936 False None None 3.0000000000000000 Dark Reading - Informationweek Branch 120K Victims Compromised in Memorial Hospital Ransomware Attack After claiming responsibility for the ransomware attack in 2024, the "Embargo" ransomware group posted 1.15 terabytes of stolen data to its public Tor site.]]> 2025-02-10T21:34:29+00:00 https://www.darkreading.com/cyber-risk/120k-victims-compromised-memorial-hospital-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8647934 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch Guilty Plea in Hacking of the SEC\\'s X Account That Caused Bitcoin Value Spike 2025-02-10T21:18:11+00:00 https://www.darkreading.com/cyber-risk/guilty-plea-in-hacking-of-the-sec-s-x-account-that-caused-bitcoin-value-spike www.secnews.physaphae.fr/article.php?IdArticle=8647935 False None None 2.0000000000000000 McAfee Labs - Editeur Logiciel McAfee Named #1 Antivirus and Security Software Brand in TIME\\'s 2024 World\\'s Best Brands

McAfee has been named the top brand in the Antivirus and Security Software category in TIME and Statista\'s 2024 World\'s...

McAfee has been named the top brand in the Antivirus and Security Software category in TIME and Statista\'s 2024 World\'s... ]]> 2025-02-10T20:54:07+00:00 https://www.mcafee.com/blogs/mcafee-news/mcafee-named-1-antivirus-and-security-software-brand-in-times-2024-worlds-best-brands/ www.secnews.physaphae.fr/article.php?IdArticle=8647925 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future 8Base ransomware site taken down as Thai authorities arrest 4 connected to operation The leak site for the 8Base ransomware gang was taken down Monday and replaced with a banner by multiple law enforcement agencies.]]> 2025-02-10T20:46:21+00:00 https://therecord.media/8base-ransomware-site-taken-down-4-arrested www.secnews.physaphae.fr/article.php?IdArticle=8647926 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent]]> 2025-02-10T20:46:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html www.secnews.physaphae.fr/article.php?IdArticle=8647894 False Malware,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Thai authorities detain four Europeans in ransomware crackdown The multi-national law enforcement operation targeted the 8base ransomware gang.

>The multi-national law enforcement operation targeted the 8base ransomware gang. ]]> 2025-02-10T20:32:47+00:00 https://cyberscoop.com/8base-ransomware-arrests-thailand-domain-seizure/ www.secnews.physaphae.fr/article.php?IdArticle=8647927 False Ransomware,Legislation None 3.0000000000000000 SecurityWeek - Security News Apple Confirms USB Restricted Mode Exploited in \\'Extremely Sophisticated\\' Attack Cupertino\'s security response team said the flaw was used in “an extremely sophisticated attack against specific targeted individuals.”

>Cupertino\'s security response team said the flaw was used in “an extremely sophisticated attack against specific targeted individuals.” ]]> 2025-02-10T19:58:53+00:00 https://www.securityweek.com/apple-confirms-usb-restricted-mode-exploited-in-extremely-sophisticated-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8647912 False None None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial BSidesICS 2025: Fireside chat with Rob Lee and Mike Holcomb Following Robert Lee’s keynote address at BSidesICS 2025 in Tampa, the conference transitioned into an engaging fireside chat,...

>Following Robert Lee’s keynote address at BSidesICS 2025 in Tampa, the conference transitioned into an engaging fireside chat,... ]]> 2025-02-10T19:47:26+00:00 https://industrialcyber.co/events/bsidesics-2025-fireside-chat-with-rob-lee-and-mike-holcomb/ www.secnews.physaphae.fr/article.php?IdArticle=8647916 False Conference None 2.0000000000000000 Dark Reading - Informationweek Branch Newspaper Giant Lee Enterprises Reels From Cyberattack The newspaper company expects the investigation to take some time, but said in an SEC filing that it has not yet identified any material impact.]]> 2025-02-10T19:42:00+00:00 https://www.darkreading.com/cyber-risk/newspaper-giant-lee-enterprise-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8647913 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial BSidesICS 2025: Rob Lee\\'s opening keynote sets tone for future of ICS security Robert M. Lee, CEO and co-founder of industrial cybersecurity firm Dragos, delivered a compelling opening keynote at BSidesICS... ]]> 2025-02-10T19:41:48+00:00 https://industrialcyber.co/control-device-security/bsidesics-2025-rob-lees-opening-keynote-sets-tone-for-future-of-ics-security/ www.secnews.physaphae.fr/article.php?IdArticle=8647917 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Xona Systems, Nozomi Networks boost critical infrastructure security with access management, threat detection Xona Systems, provider of secure access management solutions for critical infrastructure, announced on Monday the integration of the... ]]> 2025-02-10T19:41:42+00:00 https://industrialcyber.co/news/xona-systems-nozomi-networks-boost-critical-infrastructure-security-with-access-management-threat-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8647918 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Students suing Education Department worry data DOGE has accessed could be used for immigration enforcement California students suing the Department of Education allege that the agency has potentially put their families at risk by allowing the Department of Government Efficiency (DOGE) to obtain information that could reveal they have undocumented family members.]]> 2025-02-10T19:27:46+00:00 https://therecord.media/students-suing-doe-fear-doge-access-to-immigration-data www.secnews.physaphae.fr/article.php?IdArticle=8647915 False Legislation None 3.0000000000000000 HackRead - Chercher Cyber 4 Arrested as Police Dismantle 8Base Ransomware, Seize Dark Web Sites In a coordinated international security operation, authorities have seized four dark web sites linked to the 8Base ransomware group and arrested four suspects.]]> 2025-02-10T19:18:00+00:00 https://hackread.com/police-dismantle-8base-ransomware-seize-dark-web-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8647919 False Ransomware,Legislation None 3.0000000000000000 Recorded Future - FLux Recorded Future Newspaper conglomerate Lee Enterprises says cyberattack disrupting print editions The cyberattack has impacted operations at newspapers nationwide, including the St. Louis Post-Dispatch.]]> 2025-02-10T18:32:43+00:00 https://therecord.media/lee-enterprises-cyberattack-newspapers-priinting www.secnews.physaphae.fr/article.php?IdArticle=8647905 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber CISA election, disinformation officials placed on administrative leave, sources say The moves happened Thursday and Friday last week, per a source. ]]> 2025-02-10T17:57:25+00:00 https://cyberscoop.com/cisa-misinformation-disinformation-administrative-leave/ www.secnews.physaphae.fr/article.php?IdArticle=8647897 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) [10 February] In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket-each one seems minor until it becomes the entry point for an attack. This week, we\'ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question]]> 2025-02-10T17:43:00+00:00 https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity_10.html www.secnews.physaphae.fr/article.php?IdArticle=8647855 False Tool,Cloud None 3.0000000000000000 TechRepublic - Security News US Australians Hit With One Cyber Attack Every Second in 2024 Australia saw a record surge in cyber attacks in 2024, with data breaches escalating. Experts warn of rising risks as hackers may exploit AI-driven tactics.]]> 2025-02-10T17:33:44+00:00 https://www.techrepublic.com/article/australia-one-cyber-attack-every-second/ www.secnews.physaphae.fr/article.php?IdArticle=8647895 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Congressional leaders given access to surveillance court in bid for more transparency A select group will be allowed to observe proceedings at the secretive Foreign Intelligence Surveillance Court in-person for the first time starting this week.]]> 2025-02-10T17:25:35+00:00 https://therecord.media/congressional-leaders-given-access-fisa www.secnews.physaphae.fr/article.php?IdArticle=8647896 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine BadIIS Malware Exploits IIS Servers for SEO Fraud Trend Micro uncovers BadIIS malware exploiting IIS servers for SEO fraud and malicious redirects]]> 2025-02-10T17:15:00+00:00 https://www.infosecurity-magazine.com/news/badiis-malware-iis-servers-seo/ www.secnews.physaphae.fr/article.php?IdArticle=8647903 False Malware,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Rançongiciels : quand cybercriminalité et espionnage d\'État se confondent Points de Vue

Rançongiciels : quand cybercriminalité et espionnage d\'État se confondent Benoit Grünemwald, expert cybersécurité chez ESET - Points de Vue]]> 2025-02-10T16:52:09+00:00 https://www.globalsecuritymag.fr/rancongiciels-quand-cybercriminalite-et-espionnage-d-etat-se-confondent.html www.secnews.physaphae.fr/article.php?IdArticle=8647884 False None None 3.0000000000000000 Global Security Mag - Site de news francais La Métropole du Grand Paris renforce la cybersécurité de ses communes avec CYBIAH ! Marchés

La Métropole du Grand Paris renforce la cybersécurité de ses communes avec CYBIAH ! - Marchés]]> 2025-02-10T16:39:04+00:00 https://www.globalsecuritymag.fr/la-metropole-du-grand-paris-renforce-la-cybersecurite-de-ses-communes-avec.html www.secnews.physaphae.fr/article.php?IdArticle=8647885 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Georgia Hospital Alerts 120,000 Individuals of Data Breach Memorial Hospital and Manor, located in Bainbridge, Georgia, has alerted 120,000 individuals that their data was breached following a ransomware attack last November]]> 2025-02-10T16:30:00+00:00 https://www.infosecurity-magazine.com/news/georgia-hospital-120000-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8647892 False Ransomware,Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Don\\'t Overlook These 6 Critical Okta Security Configurations Given Okta\'s role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for]]> 2025-02-10T16:30:00+00:00 https://thehackernews.com/2025/02/dont-overlook-these-6-critical-okta.html www.secnews.physaphae.fr/article.php?IdArticle=8647846 False None None 3.0000000000000000 HackRead - Chercher Cyber Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications.]]> 2025-02-10T16:21:55+00:00 https://hackread.com/handala-hackers-israeli-police-breach-data-leak/ www.secnews.physaphae.fr/article.php?IdArticle=8647886 False Data Breach,Hack,Legislation None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection From Hype to Reality: How AI is Transforming Cybersecurity Practices AI hype is everywhere, but not many vendors are getting specific. Darktrace\'s multi-layered AI combines various machine learning techniques for behavioral analytics, real-time threat detection, investigation, and autonomous response.]]> 2025-02-10T16:06:31+00:00 https://darktrace.com/blog/how-ai-is-transforming-cybersecurity-practices www.secnews.physaphae.fr/article.php?IdArticle=8647876 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Magecart Attackers Abuse Google Ad Tool to Steal Data Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.]]> 2025-02-10T15:19:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/magecart-attackers-abuse-google-ad-tool-steal-data www.secnews.physaphae.fr/article.php?IdArticle=8647877 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and]]> 2025-02-10T15:14:00+00:00 https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8647834 False Malware,Threat,Prediction None 3.0000000000000000 Recorded Future - FLux Recorded Future Out of 6,000 requests, Apple provided UK with iCloud data only four times since 2020 The figures suggest a potential motivation behind the British government\'s reported legal order to require Apple to be capable of providing iCloud content upon receipt of a valid warrant.]]> 2025-02-10T15:06:39+00:00 https://therecord.media/requests-apple-provided-four-times www.secnews.physaphae.fr/article.php?IdArticle=8647878 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Analyst Burnout Is an Advanced Persistent Threat For too long, we\'ve treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It\'s time to revolutionize security operations.]]> 2025-02-10T15:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/analyst-burnout-is-advanced-persistent-threat www.secnews.physaphae.fr/article.php?IdArticle=8647914 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting]]> 2025-02-10T14:39:00+00:00 https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html www.secnews.physaphae.fr/article.php?IdArticle=8647826 False Vulnerability None 3.0000000000000000 The Register - Site journalistique Anglais The biggest microcode attack in our history is underway When your state machines are vulnerable, all bets are off Opinion All malicious attacks on digital systems have one common aim: taking control. Mostly, that means getting a CPU somewhere to turn traitor, running code that silently steals or scrambles your data. That code can ride into the system in a whole spectrum of ways, but usually it has to be in memory somewhere at some time, making it amenable to counter-attack.…]]> 2025-02-10T14:36:06+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/10/microcode_attack_trump_musk/ www.secnews.physaphae.fr/article.php?IdArticle=8647870 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Projecting the next decade of software supply chain security A 2035 vision includes a shift that combines security and innovation. ]]> 2025-02-10T14:03:04+00:00 https://cyberscoop.com/projecting-the-next-decade-of-software-supply-chain-security/ www.secnews.physaphae.fr/article.php?IdArticle=8647856 False None None 2.0000000000000000 Fortinet - Fabricant Materiel Securite Fortinet Named a 2025 Gartner Peer Insights™ Customers\\' Choice for Security Orchestration, Automation, and Response Fortinet FortiSOAR now joins FortiSIEM security information and event management as a Gartner Peer Insights Customers\' Choice recipient, demonstrating the value of the overall Fortinet SOC platform. Read more.]]> 2025-02-10T14:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/fortinet-named-a-gartner-peer-insights-customer-choice-for-soar www.secnews.physaphae.fr/article.php?IdArticle=8647868 False None None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 10th February – Threat Intelligence Report For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider\'s account. The incident exposed personal details of customers, drivers, […]

>For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider\'s account. The incident exposed personal details of customers, drivers, […] ]]> 2025-02-10T13:53:25+00:00 https://research.checkpoint.com/2025/10th-february-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8647861 False Data Breach,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Hacker pleads guilty to SIM swap attack on US SEC X account Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack. [...]]]> 2025-02-10T13:46:43+00:00 https://www.bleepingcomputer.com/news/security/hacker-pleads-guilty-to-sim-swap-attack-on-us-sec-x-account/ www.secnews.physaphae.fr/article.php?IdArticle=8647904 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine US: Man Gets 20 Years for $37m Crypto Heist A US resident based in Indiana was charged with cyber intrusion and cryptocurrency theft conspiracies]]> 2025-02-10T13:45:00+00:00 https://www.infosecurity-magazine.com/news/us-man-20-years-37m-dollars-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8647893 False None None 3.0000000000000000 Cyble - CyberSecurity Firm Cyble Warns of Patient Monitor Risk in ICS Vulnerability Report Cyble\'s weekly industrial control system (ICS) vulnerability report to clients included a warning about a severe vulnerability in a patient monitor that could potentially compromise patient safety. In all, the report covered 36 ICS, operational technology (OT) and Supervisory Control and Data Acquisition (SCADA) vulnerabilities, 31 of which affect critical manufacturing and energy systems. Ten of the 36 vulnerabilities were rated “critical” and 17 carried high-risk ratings. Patient Monitor Vulnerability Carries a 9.8 Risk Rating The patient monitor vulnerability, CVE-2024-12248, was one of three flaws in Contec Health CMS8000 Patient Monitors that were addressed in a January 30 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA said the vulnerabilities were reported to the agency anonymously. The Food and Drug Administration (FDA) also issued an alert about the vulnerabilities the same day. The FDA said the flaws “may put patients at risk after being connected to the internet,” but added that the agency “is not aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time.” The FDA advisory contained recommendations for patients and caregivers for mitigating the risk that included the following advice: “If your health c]]> 2025-02-10T13:34:05+00:00 https://cyble.com/blog/cyble-warns-risk-in-ics-vulnerability-report/ www.secnews.physaphae.fr/article.php?IdArticle=8647860 False Tool,Vulnerability,Patching,Industrial,Medical None 2.0000000000000000 ProofPoint - Cyber Firms Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags 2025-02-10T13:21:52+00:00 https://www.proofpoint.com/us/blog/threat-insight/emerging-threats-updates-improve-metadata-including-mitre-attck-tags www.secnews.physaphae.fr/article.php?IdArticle=8647970 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure.]]> 2025-02-10T13:19:34+00:00 https://hackread.com/how-decentralized-ai-solutions-secure-disruptive-industry/ www.secnews.physaphae.fr/article.php?IdArticle=8647859 False None None 3.0000000000000000 Zataz - Magazine Francais de secu SUMUP : quand le social engineering sert l\'hameçonnage Les escrocs du web redoublent d\'inventivité pour tromper leurs victimes, et le cas récemment mis en lumière par ZATAZ en est un exemple frappant. Une campagne d\'hameçonnage finement travaillée vise les clients de SumUp....]]> 2025-02-10T13:15:29+00:00 https://www.zataz.com/sumup-quand-le-social-engineering-sert-lhameconnage/ www.secnews.physaphae.fr/article.php?IdArticle=8647862 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future British military drops basic training to fast track recruitment of \\'cyber warriors\\' The British government is dropping the traditional fitness and weapons training for specialist cyber military recruits in order to address a cyber skills shortage within His Majesty\'s Armed Forces, including in its arm for offensive operations in the National Cyber Force.]]> 2025-02-10T13:15:09+00:00 https://therecord.media/british-military-drops-basic-training-to-fast-track-cyber-recruits www.secnews.physaphae.fr/article.php?IdArticle=8647858 False None None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite How Electric AI Strengthened Its Cloud Security with AI-Powered Solutions Electric AI, a New York-based IT platform provider serving nearly 1,000 customers and over 55,000 end-users, faced the critical challenge of securing not only their own infrastructure but also protecting sensitive data across multiple industries. As a managed security provider (MSP), they needed a solution that would meet stringent regulatory compliance requirements while maintaining robust security measures. The Search for Comprehensive Security “The security of our customers is our business, and that makes our goal keeping ourselves as secure as possible. That requires us to identify and procure the best security technologies we can find,” says Andrew Tynan, a director […]

>Electric AI, a New York-based IT platform provider serving nearly 1,000 customers and over 55,000 end-users, faced the critical challenge of securing not only their own infrastructure but also protecting sensitive data across multiple industries. As a managed security provider (MSP), they needed a solution that would meet stringent regulatory compliance requirements while maintaining robust security measures. The Search for Comprehensive Security “The security of our customers is our business, and that makes our goal keeping ourselves as secure as possible. That requires us to identify and procure the best security technologies we can find,” says Andrew Tynan, a director […] ]]> 2025-02-10T13:00:10+00:00 https://blog.checkpoint.com/security/how-electric-ai-strengthened-its-cloud-security-with-ai-powered-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8647857 False Cloud None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cybersecurity guidance for AI systems, supply chains highlight risks of poisoning, extraction, evasion attacks Canadian and French cybersecurity agencies have jointly released comprehensive guidance advocating for a risk-based strategy to foster trusted...

>Canadian and French cybersecurity agencies have jointly released comprehensive guidance advocating for a risk-based strategy to foster trusted... ]]> 2025-02-10T12:44:49+00:00 https://industrialcyber.co/ai/cybersecurity-guidance-for-ai-systems-supply-chains-highlight-risks-of-poisoning-extraction-evasion-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8647847 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial DHS warns Chinese-made internet cameras pose espionage threat to US critical infrastructure The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in...

>The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in... ]]> 2025-02-10T12:41:21+00:00 https://industrialcyber.co/cisa/dhs-warns-chinese-made-internet-cameras-pose-espionage-threat-to-us-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8647848 False Threat None 3.0000000000000000 SecurityWeek - Security News Microsoft Expands Copilot Bug Bounty Program, Increases Payouts Microsoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities.

>Microsoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities. ]]> 2025-02-10T12:34:11+00:00 https://www.securityweek.com/microsoft-expands-copilot-bug-bounty-program-increases-payouts/ www.secnews.physaphae.fr/article.php?IdArticle=8647849 True Vulnerability None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Pairwise Authentication of Humans easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open this page; They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”; The page will generate two TOTP QR codes, one for Alice and one for Bob; ...

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open this page; They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”; The page will generate two TOTP QR codes, one for Alice and one for Bob; ...]]> 2025-02-10T12:00:41+00:00 https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html www.secnews.physaphae.fr/article.php?IdArticle=8647837 False None None 3.0000000000000000