www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T18:20:36+00:00 www.secnews.physaphae.fr SecurityWeek - Security News HPE Says Personal Information Stolen in 2023 Russian Hack HPE is notifying an unknown number of individuals that Russian hackers accessed their personal information in a December 2023 attack.

>HPE is notifying an unknown number of individuals that Russian hackers accessed their personal information in a December 2023 attack. ]]> 2025-02-10T12:00:00+00:00 https://www.securityweek.com/hpe-says-personal-information-stolen-in-2023-russian-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8647835 False Hack None 3.0000000000000000 HackRead - Chercher Cyber Scammers Use Fake Facebook Copyright Notices to Hijack Accounts A new phishing campaign is targeting businesses with fake Facebook copyright notices. Learn how to spot the signs and keep your Facebook account secure.]]> 2025-02-10T11:30:14+00:00 https://hackread.com/scammers-use-fake-facebook-copyright-notices-to-hijack-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8647838 False None None 3.0000000000000000 SecurityWeek - Security News Information of 120,000 Stolen in Ransomware Attack on Georgia Hospital Memorial Hospital and Manor says 120,000 people had their personal information stolen in a November 2024 ransomware attack.

>Memorial Hospital and Manor says 120,000 people had their personal information stolen in a November 2024 ransomware attack. ]]> 2025-02-10T11:20:00+00:00 https://www.securityweek.com/information-of-120000-stolen-in-ransomware-attack-on-georgia-hospital/ www.secnews.physaphae.fr/article.php?IdArticle=8647836 False Ransomware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine UK Military Fast-Tracks Cybersecurity Recruitment The UK MoD has announced it is fast-tracking the recruitment of specialist cybersecurity roles, with recruits offered a starting salary of above £40,000]]> 2025-02-10T11:15:00+00:00 https://www.infosecurity-magazine.com/news/uk-military-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8647840 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime]]> 2025-02-10T10:44:00+00:00 https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8647796 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Experts Dismayed at UK\\'s Apple Decryption Demands Security and privacy experts have questioned a new demand from the UK Home Office on Apple\'s encrypted iCloud service]]> 2025-02-10T10:30:00+00:00 https://www.infosecurity-magazine.com/news/experts-dismayed-uk-apple/ www.secnews.physaphae.fr/article.php?IdArticle=8647828 False None None 3.0000000000000000 Cyble - CyberSecurity Firm Man-in-the-Middle Attack Risk: Veeam Urges Urgent Patching for CVE-2025-23114 Overview Veeam has issued a security update to address a critical vulnerability (CVE-2025-23114) affecting its Veeam Updater component. This flaw allows attackers to execute arbitrary code remotely by leveraging a Man-in-the-Middle (MitM) attack. The vulnerability has a CVSS v3.1 score of 9.0, indicating a severe security risk. Users and administrators of affected products should update their software immediately to mitigate potential threats. Technical Details The vulnerability exists due to improper Transport Layer Security (TLS) certificate validation in the Veeam Updater component. Attackers can intercept and modify communication between the Veeam Backup server and update sources, enabling them to execute arbitrary code with root privileges. Given the high severity of this flaw, exploitation could lead to complete system compromise, data loss, or ransomware attacks. Affected Products The following Veeam Backup products contain the vulnerable Veeam Updater component: Current Releases: Veeam Backup for Salesforce - Version 3.1 and older Previous Releases: Veeam Ba]]> 2025-02-10T10:12:05+00:00 https://cyble.com/blog/cve-2025-23114-veeam-users-urged-to-patch-now/ www.secnews.physaphae.fr/article.php?IdArticle=8647827 False Ransomware,Tool,Vulnerability,Patching None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft raises rewards for Copilot AI bug bounty program Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...]]]> 2025-02-10T10:00:34+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/ www.secnews.physaphae.fr/article.php?IdArticle=8647869 False Vulnerability None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Neil Lawrence: What makes us unique in the age of AI | Starmus highlights As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?]]> 2025-02-10T10:00:00+00:00 https://www.welivesecurity.com/en/we-live-science/neil-lawrence-what-makes-us-unique-age-ai-starmus-highlights/ www.secnews.physaphae.fr/article.php?IdArticle=8648697 False None None 2.0000000000000000 HackRead - Chercher Cyber AI\\'s Role in Cutting Costs and Cybersecurity Threats in Logistics Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…]]> 2025-02-10T10:00:00+00:00 https://hackread.com/ai-role-cutting-costs-cybersecurity-threats-logistics/ www.secnews.physaphae.fr/article.php?IdArticle=8647839 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Europol Warns Financial Sector of “Imminent” Quantum Threat Europol has urged the financial sector to prioritize quantum-safe cryptography]]> 2025-02-10T09:45:00+00:00 https://www.infosecurity-magazine.com/news/europol-warns-financial-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8647817 False Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité Most Inspiring Women in Cyber Awards 2025: Q&A with Lorilee Ressler, Senior Cybersecurity Solutions Architect at Certes Cybersecurity is evolving at an unprecedented pace, and women are playing a crucial role in shaping its future. As part of the Most Inspiring Women in Cyber Awards 2025, Lorilee Ressler, Senior Cybersecurity Solutions Architect at Certes discussed her journey in the field, the challenges she has faced, and her role in helping organisations protect […] ]]> 2025-02-10T09:31:42+00:00 https://www.itsecurityguru.org/2025/02/10/most-inspiring-women-in-cyber-awards-2025-qa-with-lorilee-ressler-senior-cybersecurity-solutions-architect-at-certes/?utm_source=rss&utm_medium=rss&utm_campaign=most-inspiring-women-in-cyber-awards-2025-qa-with-lorilee-ressler-senior-cybersecurity-solutions-architect-at-certes www.secnews.physaphae.fr/article.php?IdArticle=8647911 False None None 3.0000000000000000 The Register - Site journalistique Anglais UK armed forces fast-tracking cyber warriors to defend digital front lines High starting salaries promised after public sector infosec pay criticized The UK\'s Ministry of Defence (MoD) is fast-tracking cybersecurity specialists in a bid to fortify its protection against increasing attacks.…]]> 2025-02-10T09:30:13+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/10/uk_armed_forces_cyber_hires/ www.secnews.physaphae.fr/article.php?IdArticle=8647819 False None None 3.0000000000000000 Zataz - Magazine Francais de secu GRASP : Une réponse aux défis cybersécurité de l\'IA ? L\'intelligence artificielle progresse rapidement, soulevant des enjeux de sécurité cruciaux. GRASP vise à cartographier ces risques et proposer des solutions adaptées pour une IA plus sûre et maîtrisée....]]> 2025-02-10T09:22:18+00:00 https://www.zataz.com/grasp-une-reponse-aux-defis-cybersecurite-de-lia/ www.secnews.physaphae.fr/article.php?IdArticle=8647818 False None None 3.0000000000000000 Data Security Breach - Site de news Francais GRASP : Une plateforme mondiale pour anticiper les risques de l\'intelligence artificielle L\'intelligence artificielle soulève des défis en matière de sécurité et de gouvernance. Pour répondre à ces enjeux, GRASP (Global Risk and AI Safety Preparedness) cartographie les risques liés à l\'IA.]]> 2025-02-10T09:11:57+00:00 https://www.datasecuritybreach.fr/global-risk-and-ai-safety-preparedness-grasp/ www.secnews.physaphae.fr/article.php?IdArticle=8647816 False None None 3.0000000000000000 Global Security Mag - Site de news francais Développer une approche proactive de l\'IA pour mieux maîtriser les risques financiers – 3 questions à Christophe Gaultier, Directeur OpenText Cybersecurity France & Belux Points de Vue

Développer une approche proactive de l\'IA pour mieux maîtriser les risques financiers – 3 questions à Christophe Gaultier, Directeur OpenText Cybersecurity France & Belux - Points de Vue]]> 2025-02-10T09:09:16+00:00 https://www.globalsecuritymag.fr/developper-une-approche-proactive-de-l-ia-pour-mieux-maitriser-les-risques.html www.secnews.physaphae.fr/article.php?IdArticle=8647820 False None None 3.0000000000000000 Global Security Mag - Site de news francais La Centrale d\'Achat de l\'Informatique Hospitalière (C.A.I.H.) choisit un groupement indépendant et 100% français Marchés

La Centrale d\'Achat de l\'Informatique Hospitalière (C.A.I.H.) choisit un groupement indépendant et 100% français CYBERSECURITÉ ET GESTION DE CRISE HOSPITALIÈRE - Marchés]]> 2025-02-10T09:02:42+00:00 https://www.globalsecuritymag.fr/la-centrale-d-achat-de-l-informatique.html www.secnews.physaphae.fr/article.php?IdArticle=8647810 False None None 3.0000000000000000 Korben - Bloger francais Ghostty - Le terminal natif ultra-rapide Ghostty vient briser ce dilemme en proposant une approche radicalement différente.

Vous cherchez un terminal qui ne vous force pas à choisir entre performance, fonctionnalités avancées et interface native ? Alors voici un nouveau venu dans le paysage qui pourrait bien changer vos habitudes. Traditionnellement, les développeurs devaient faire un choix cornélien : opter pour un terminal rapide mais minimaliste, ou se tourner vers une solution riche en fonctionnalités mais plus lourde. Ghostty vient briser ce dilemme en proposant une approche radicalement différente.]]> 2025-02-10T09:00:00+00:00 https://korben.info/ghostty-terminal-natif-rapide-personnalisable.html www.secnews.physaphae.fr/article.php?IdArticle=8647809 False None None 3.0000000000000000 ProofPoint - Cyber Firms GenAI Tools Were Putting a Retailer\\'s Data at Risk-Here\\'s How Proofpoint Helped 2025-02-10T05:55:21+00:00 https://www.proofpoint.com/us/blog/information-protection/retailer-used-proofpoint-to-securely-adopt-genai www.secnews.physaphae.fr/article.php?IdArticle=8647971 False Tool ChatGPT 3.0000000000000000 The State of Security - Magazine Américain “Quishing” - The Emerging Threat of Fake QR Codes QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere - however, their widespread use has made them a prime target for scammers. The corruption QR codes leaves everyone vulnerable. However, there are simple methods to protect against this threat. What Is “Quishing”? In quishing attacks, scammers use fake QR codes to redirect people to fraudulent websites when the code is scanned. This enables the criminal to download information and profiles from the...]]> 2025-02-10T03:03:17+00:00 https://www.tripwire.com/state-of-security/quishing-emerging-threat-fake-qr-codes www.secnews.physaphae.fr/article.php?IdArticle=8647807 False Threat None 3.0000000000000000 The State of Security - Magazine Américain Key Takeaways from the NCSC Annual Review 2024 In early December 2024, the UK\'s National Cyber Security Center (NCSC) released its eighth Annual Review. While the report\'s primary focus is to recap the NCSC\'s activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we\'ll look at a few of its key takeaways. UK in "A Contest for Cyberspace" The overarching theme of the NCSC Annual Review 2024 is the enormous scale of the cyber threat to the UK and the government\'s increasingly serious attitude towards it. This is best exemplified in the foreword by the...]]> 2025-02-10T03:03:16+00:00 https://www.tripwire.com/state-of-security/key-takeaways-ncsc-annual-review-2024 www.secnews.physaphae.fr/article.php?IdArticle=8647808 False Threat None 3.0000000000000000 The Register - Site journalistique Anglais DeepSeek\\'s iOS app is a security nightmare, and that\\'s before you consider its TikTok links PLUS: Spanish cops think they\'ve bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Infosec In Brief DeepSeek\'s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app infosec platform vendor NowSecure.…]]> 2025-02-10T02:30:15+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/10/infosec_in_brief/ www.secnews.physaphae.fr/article.php?IdArticle=8647775 False Data Breach,Mobile None 3.0000000000000000 ProofPoint - Cyber Firms AI in Cybersecurity: the Good, the Bad and the Ugly 2025-02-10T01:58:04+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/ai-cybersecurity-revolutionizing-protection-strategies www.secnews.physaphae.fr/article.php?IdArticle=8648557 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Vigilance.fr - Nanopb: memory leak via PB_ENABLE_MALLOC, analyzed on 09/12/2024 Security Vulnerability

An attacker can create a memory leak of Nanopb, via PB_ENABLE_MALLOC, in order to trigger a denial of service. - Security Vulnerability]]> 2025-02-09T15:38:30+00:00 https://www.globalsecuritymag.fr/vigilance-fr-nanopb-memory-leak-via-pb_enable_malloc-analyzed-on-09-12-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8647724 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial S4x25 and BSidesICS: Where industrial cybersecurity experts converge to foster collaboration and innovation As the industrial cybersecurity community converges in Tampa, Florida for the upcoming S4x25 and BSidesICS events, there is... ]]> 2025-02-09T14:43:38+00:00 https://industrialcyber.co/features/s4x25-and-bsidesics-where-industrial-cybersecurity-experts-converge-to-foster-collaboration-and-innovation/ www.secnews.physaphae.fr/article.php?IdArticle=8647718 False Industrial None 3.0000000000000000 Korben - Bloger francais Toujours des petits trous... Remouk (DansTonChat) – Merci à lui - Aujourd’hui je vais vous parler d’un jeu au concept aussi débile que débile : creuser un trou. Muni d’une pelle, on creuse. Puis on creuse, on creuse, à la recherche d’un grand trésor… Bienvenue dans A Game About Digging A Hole dispo sur PC (Steam) ! Non vraiment, je ne déconne pas, vous allez passer votre temps à creuser. :D Tout débute avec l’achat d’une maison. Dans l’annonce, il est précisé que le jardin abrite un trésor… À vous de le dénicher !

- Article rédigé par l\'ami Remouk (DansTonChat) – Merci à lui - Aujourd’hui je vais vous parler d’un jeu au concept aussi débile que débile : creuser un trou. Muni d’une pelle, on creuse. Puis on creuse, on creuse, à la recherche d’un grand trésor… Bienvenue dans A Game About Digging A Hole dispo sur PC (Steam) ! Non vraiment, je ne déconne pas, vous allez passer votre temps à creuser. :D Tout débute avec l’achat d’une maison. Dans l’annonce, il est précisé que le jardin abrite un trésor… À vous de le dénicher !]]> 2025-02-09T14:02:00+00:00 https://korben.info/toujours-des-petits-trous.html www.secnews.physaphae.fr/article.php?IdArticle=8647712 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Piratage chez King Jouet : plus de 4 millions de données compromises Un hacker malveillant revendique le piratage de King Jouet et met en vente plus de 4 millions de données clients. Le pirate affiche son passage sur le site de l\'enseigne de grande distribution....]]> 2025-02-09T09:18:35+00:00 https://www.zataz.com/un-piratage-dampleur-frappe-king-jouet-plus-de-4-millions-de-donnees-compromises/ www.secnews.physaphae.fr/article.php?IdArticle=8647690 False None None 3.0000000000000000 Korben - Bloger francais Sentinel - L\'assistant malin pour gérer Gatekeeper sur macOS Heureusement, un développeur très cool a créé Sentinel, une interface graphique qui vous permet de reprendre le contrôle sur Gatekeeper, comme ça, fini les manipulations obscures en ligne de commande pour débloquer les apps mises en quarantaine.

Les joies de macOS et de son gardien un peu trop zélé, Gatekeeper ! Si vou utilisez sur matos Apple, vous connaissez sûrement cette petite boîte de dialogue agaçante qui vous empêche d’installer certaines applications sous prétexte qu’elles ne proviennent pas de l’App Store ou d’un développeur identifié. Bien sûr, c’est pour notre sécurité… mais parfois, ça devient franchement pénible quand on sait ce qu’on fait !

Heureusement, un développeur très cool a créé Sentinel, une interface graphique qui vous permet de reprendre le contrôle sur Gatekeeper, comme ça, fini les manipulations obscures en ligne de commande pour débloquer les apps mises en quarantaine.]]> 2025-02-09T09:00:00+00:00 https://korben.info/sentinel-assistant-gestion-gatekeeper-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8647691 False None None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC LevelBlue Earns Prestigious MSS Award from Frost & Sullivan 2025-02-09T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/levelblue-earns-prestigious-mss-award-from-frost-sullivan www.secnews.physaphae.fr/article.php?IdArticle=8647673 False Vulnerability,Cloud None 3.0000000000000000 HackRead - Chercher Cyber PlayStation Network Down; Outage Leaves Gamers Frustrated PlayStation Network Down: PSN is experiencing a major outage, affecting account login, online gaming, PlayStation Store, and more.…]]> 2025-02-08T22:53:29+00:00 https://hackread.com/playstation-network-down-outage-gamers-frustrated/ www.secnews.physaphae.fr/article.php?IdArticle=8647637 False None None 2.0000000000000000 Techworm - News DeepSeek Sending Unprotected Sensitive User Data To TikTok\\'s Parent ByteDance “When a user first launches the DeepSeek iOS app, it communicates with the DeepSeek\'s backend infrastructure to configure the application, register the device and establish a device profile mechanism. Even when the network is configured to actively attack the mobile app (via a MITM attack), the app still executes these steps which enables both passive and active attacks against the data,” the company wrote in a blog post published on Thursday. Modern apps use data encryption to safeguard confidentiality and integrity, which requires proper implementation to protect user data. However, the app relies on an insecure symmetric encryption algorithm (3DES), reuses initialization vectors, and hardcodes encryption keys, violating best security practices. Additionally, the DeepSeek iOS app insecurely stores usernames, passwords, and encryption keys, increasing the risk of credential theft. The app also collects user and device data that can be used for tracking and de-anonymization. Moreover, the app uses tens of data points, including organization ID, device OS version, and the language selected in the configuration. NowSecure notes that user data is sent to servers by Volcengine, a cloud service platform released by ByteDance in 2021. Since ByteDance is governed by Chinese laws, it may be compelled to share the data it collects with the Chinese government, raising major surveillance and compliance concerns for enterprises and governments utilizing the app. “The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels. Since this protection is disabled, the app can (and does) send unencrypted data over the internet,” N]]> 2025-02-08T20:50:19+00:00 https://www.techworm.net/2025/02/deepseek-send-unprotected-data-tiktok-bytedance.html www.secnews.physaphae.fr/article.php?IdArticle=8647596 False Mobile,Cloud None 3.0000000000000000 HackRead - Chercher Cyber Hackers Monetize LLMjacking, Selling Stolen AI Access for $30 per Month LLMjacking attacks target DeepSeek, racking up huge cloud costs. Sysdig reveals a black market for LLM access has…]]> 2025-02-08T19:43:45+00:00 https://hackread.com/hackers-monetize-llmjacking-selling-stolen-ai-access/ www.secnews.physaphae.fr/article.php?IdArticle=8647621 False Cloud None 3.0000000000000000 Hacking Articles - Blog de Raj Chandel Abusing AD Weak Permission Pre2K Compatibility Pre2K (short for “Pre-Windows 2000”) Active Directory misconfigurations often stem from overlooked legacy settings in Windows environments. Common issues include enabling NTLM or SMBv1 for

>Pre2K (short for “Pre-Windows 2000”) Active Directory misconfigurations often stem from overlooked legacy settings in Windows environments. Common issues include enabling NTLM or SMBv1 for ]]> 2025-02-08T19:37:24+00:00 https://www.hackingarticles.in/abusing-ad-weak-permission-pre2k-compatibility/ www.secnews.physaphae.fr/article.php?IdArticle=8647620 False None None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain UK is Ordering Apple to Break its Own Encryption reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring them to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by critics as the Snoopers\' Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment...

The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring them to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by critics as the Snoopers\' Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment...]]> 2025-02-08T15:56:32+00:00 https://www.schneier.com/blog/archives/2025/02/uk-is-ordering-apple-to-break-its-own-encryption.html www.secnews.physaphae.fr/article.php?IdArticle=8647597 False Legislation,Technical None 3.0000000000000000 Korben - Bloger francais Robot basket ! Remouk (DansTonChat) – Merci à lui - - Contient des liens affiliés Amazon - Oubliez le basket traditionnel et préparez-vous à une bonne dose de chaos robotique avec RoboDunk, développé et édité par Jollypunch Games (qui, à priori, est un studio composé d’une seule personne !). Ce titre propose un mélange déjanté de basket arcade et de combat, où seuls les dunks comptent et où tous les coups sont permis. Très inspiré de NBA Jam et de Mario Strikers Charged, et peut-être même, pour les connaisseurs, de Punkshot (jeu bien débile sur lequel j’ai écris une chanson :D). Accrochez-vous, ça va dunker sévère !

- Article rédigé par l\'ami Remouk (DansTonChat) – Merci à lui - - Contient des liens affiliés Amazon - Oubliez le basket traditionnel et préparez-vous à une bonne dose de chaos robotique avec RoboDunk, développé et édité par Jollypunch Games (qui, à priori, est un studio composé d’une seule personne !). Ce titre propose un mélange déjanté de basket arcade et de combat, où seuls les dunks comptent et où tous les coups sont permis. Très inspiré de NBA Jam et de Mario Strikers Charged, et peut-être même, pour les connaisseurs, de Punkshot (jeu bien débile sur lequel j’ai écris une chanson :D). Accrochez-vous, ça va dunker sévère !]]> 2025-02-08T15:37:06+00:00 https://korben.info/test-robo-dunk-avis.html www.secnews.physaphae.fr/article.php?IdArticle=8647603 False None None 3.0000000000000000 Techworm - News Critical Microsoft Outlook RCE Bug Actively Exploited In Attacks CVE-2024–21413 (CVSS score 9.8). This flaw results from improper input validation, which can trigger code execution when opening emails with malicious links using a vulnerable Microsoft Outlook version. Successful exploitation of this vulnerability would allow a threat actor to bypass the Office Protected View and open malicious files in editing mode rather than protected mode. It could also grant the threat actor elevated privileges, including the ability to read, write, and delete data. Microsoft addressed the CVE-2024–21413 vulnerability a year ago, cautioning that the Preview Pane could itself be an attack vector. As a result, simply viewing a malicious email within Outlook might be enough to trigger the exploit, making it exceptionally dangerous. According to Check Point, attackers exploit the vulnerability dubbed Moniker Link, a method that tricks Outlook into opening unsafe files. This allows the threat actors to bypass built-in Outlook protections for malicious links embedded in emails using the file:// protocol. The attackers can manipulate Outlook to treat malicious files as trusted resources by appending an exclamation mark followed by arbitrary text to a file URL. By inserting this exclamation mark immediately after the file extension in URLs pointing to attacker-controlled servers, along with some random text, they can deceive the system and execute malicious payloads. For example, an attacker might craft a link as shown below: CLICK ME When a victim clicks on the link, Outlook retrieves the file from the attacker’s server and runs it with elevated privileges, granting the attacker control over the system. The CVE-2024-21413 vulnerability has affected multiple Microsoft Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. In response to the active exploitation of this vulnerability, CISA has added CVE-2024-21413 to its Known Exploited Vulnerabilities (KEV) Catalog. As per the November 2021 Binding Operational Directive (BOD) 22-01, the federal agencies have been given time until February 27, 2025, to patch their systems and protect their networks against potential threats. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned on Thursday. With active exploitation in the wild, CVE-2024-21413 presents a severe security risk to Outlook users. Hence, private organizations are advised to immediately apply patches and reinforce cybersecurity defenses to prevent potential breaches.

Cybersecurity firm Check Point has discovered a critical remote code execution (RCE) vulnerability in Microsoft Outlook, which is currently being exploited in active cyberattacks, posing a significant threat to organizations worldwide. This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to warn]]> 2025-02-08T14:43:36+00:00 https://www.techworm.net/2025/02/microsoft-outlook-rce-bug-exploited-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8647563 False Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber Teen Hacker “Natohub” Caught for NATO, UN, and US Army Breaches A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a “dangerous hacker” suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally.]]> 2025-02-08T12:49:10+00:00 https://hackread.com/teen-hacker-natohub-caught-nato-un-us-army-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8647580 False Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "]]> 2025-02-08T11:47:00+00:00 https://thehackernews.com/2025/02/malicious-ml-models-found-on-hugging.html www.secnews.physaphae.fr/article.php?IdArticle=8647546 False None None 3.0000000000000000 Wired Threat Level - Security News UK Secret Order Demands That Apple Give Access to Users\\' Encrypted Data Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more.]]> 2025-02-08T11:30:00+00:00 https://www.wired.com/story/uk-secret-order-apple-users-encrypted-data/ www.secnews.physaphae.fr/article.php?IdArticle=8647574 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain Massive brute force attack uses 2.8 million IPs to target VPN devices A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall. [...]]]> 2025-02-08T10:15:25+00:00 https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8647609 False None None 3.0000000000000000 Korben - Bloger francais Garage - Le stockage S3 open source taillé pour l\'auto-hébergement Garage, une alternative open source particulièrement intéressante pour gérer vos données de manière distribuée et sécurisée comme vous le feriez sur un bon vieux service S3. Bah oui parce que dans ce monde où les géants du cloud comme Amazon, Google et Microsoft règnent en maîtres sur nos données, il devient crucial de reprendre le contrôle.

Vous cherchez une solution de stockage S3 performante et facile à héberger vous-même ? Alors préparez-vous à découvrir Garage, une alternative open source particulièrement intéressante pour gérer vos données de manière distribuée et sécurisée comme vous le feriez sur un bon vieux service S3. Bah oui parce que dans ce monde où les géants du cloud comme Amazon, Google et Microsoft règnent en maîtres sur nos données, il devient crucial de reprendre le contrôle.]]> 2025-02-08T09:00:00+00:00 https://korben.info/garage-stockage-s3-open-source-auto-hebergement.html www.secnews.physaphae.fr/article.php?IdArticle=8647557 False Cloud None 3.0000000000000000 Krebs on Security - Chercheur Américain Teen on Musk\\'s DOGE Team Graduated from \\'The Com\\' Wired reported this week that a 19-year-old working for Elon Musk\'s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today\'s story explores, the DOGE teen is a former denizen of \'The Com,\' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.]]> 2025-02-08T00:32:53+00:00 https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-graduated-from-the-com/ www.secnews.physaphae.fr/article.php?IdArticle=8647515 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Hackers exploiting bug in popular Trimble Cityworks tool used by local gov\\'ts Federal civilian agencies have been ordered to patch a vulnerability impacting Trimble Cityworks - a popular tool used by many governments to manage public infrastructure.]]> 2025-02-07T22:17:56+00:00 https://therecord.media/hackers-exploiting-trimble-cityworks-bug-used-by-local-govs www.secnews.physaphae.fr/article.php?IdArticle=8647508 False Tool,Vulnerability None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Friday Squid Blogging: The Colossal Squid Long article on the colossal squid. Blog moderation policy.

Long article on the colossal squid. Blog moderation policy.]]> 2025-02-07T22:02:37+00:00 https://www.schneier.com/blog/archives/2025/02/friday-squid-blogging-the-colossal-squid.html www.secnews.physaphae.fr/article.php?IdArticle=8647500 False None None 2.0000000000000000 knowbe4 - cybersecurity services From Madison Avenue to Malware

In the bustling world of 1960s Madison Avenue, a young advertising executive named Lester Wunderman was about to revolutionize the industry.

In the bustling world of 1960s Madison Avenue, a young advertising executive named Lester Wunderman was about to revolutionize the industry. ]]> 2025-02-07T21:39:50+00:00 https://blog.knowbe4.com/from-madison-avenue-to-malware www.secnews.physaphae.fr/article.php?IdArticle=8647499 False Malware None 3.0000000000000000 HackRead - Chercher Cyber ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…]]> 2025-02-07T21:35:43+00:00 https://hackread.com/asp-net-vulnerability-hackers-servers-inject-malicious-code/ www.secnews.physaphae.fr/article.php?IdArticle=8647501 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Label maker Avery says ransomware investigation also found credit-card scraper An investigation into a ransomware attack led label-maker Avery Products to also find malware that was skimming credit card details from transactions on its website, according to a data breach notification by the company.]]> 2025-02-07T20:43:54+00:00 https://therecord.media/avery-products-ransomware-data-breach-notification www.secnews.physaphae.fr/article.php?IdArticle=8647490 False Ransomware,Data Breach,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) DeepSeek App Transmits Sensitive User and Device Data Without Encryption A new audit of DeepSeek\'s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and]]> 2025-02-07T20:28:00+00:00 https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html www.secnews.physaphae.fr/article.php?IdArticle=8647447 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch LLM Hijackers Quickly Incorporate DeepSeek API Keys The secret use of other people\'s generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.]]> 2025-02-07T20:27:54+00:00 https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys www.secnews.physaphae.fr/article.php?IdArticle=8647497 False None None 2.0000000000000000 SecureMac - Security focused on MAC Checklist 410: OCR Malware and Grubhub Date Theft Grubhub and App Store breaches expose user data. Hackers target crypto wallets via malware and leak personal info.

>Grubhub and App Store breaches expose user data. Hackers target crypto wallets via malware and leak personal info. ]]> 2025-02-07T20:15:20+00:00 https://www.securemac.com/checklist/checklist-410-ocr-malware-and-grubhub-date-theft www.secnews.physaphae.fr/article.php?IdArticle=8647489 False Malware None 3.0000000000000000 Recorded Future - FLux Recorded Future Student group sues Education Department over reported DOGE access to financial aid databases The University of California Student Association - which serves all of the system\'s campuses statewide - is suing the Department of Education over reported access by Elon Musk\'s DOGE workers to federal student aid databases.]]> 2025-02-07T20:06:32+00:00 https://therecord.media/university-of-california-students-sue-education-department-doge www.secnews.physaphae.fr/article.php?IdArticle=8647491 False None None 3.0000000000000000 Dark Reading - Informationweek Branch SolarWinds to Go Private for $4.4B Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.]]> 2025-02-07T19:49:48+00:00 https://www.darkreading.com/cybersecurity-operations/solarwinds-private-billions www.secnews.physaphae.fr/article.php?IdArticle=8647498 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.]]> 2025-02-07T19:39:55+00:00 https://www.darkreading.com/remote-workforce/microsoft-public-asp-net-keys-web-server-rce www.secnews.physaphae.fr/article.php?IdArticle=8647488 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Phones, email, classes disrupted in University of The Bahamas ransomware attack The University of the Bahamas, which serves thousands of students and is one of the Caribbean nation\'s biggest employers, said several systems went offline after a ransomware attack.]]> 2025-02-07T19:23:52+00:00 https://therecord.media/bahamas-university-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8647481 False Ransomware None 2.0000000000000000 TechRepublic - Security News US IT Teams Worry About Increasing Cost of Cyber Tools From AI Features, While Criminals Barely Use Them Most IT leaders believe generative AI will increase the cost of their security tools, according to Sophos research. But, by the looks of cyber crime forums, hackers are barely using AI.]]> 2025-02-07T19:08:09+00:00 https://www.techrepublic.com/article/ai-cybersecurity-costs/ www.secnews.physaphae.fr/article.php?IdArticle=8647480 False Tool None 3.0000000000000000 HackRead - Chercher Cyber Best Practices for Preparing and Automating Security Questionnaires Security questionnaires serve as essential tools for building connections and trust in the digital realm. They help in…]]> 2025-02-07T18:22:20+00:00 https://hackread.com/best-practices-preparing-automating-security-questionnaires/ www.secnews.physaphae.fr/article.php?IdArticle=8647471 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could]]> 2025-02-07T18:22:00+00:00 https://thehackernews.com/2025/02/cisa-warns-of-active-exploitation-in.html www.secnews.physaphae.fr/article.php?IdArticle=8647417 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Canadian Man Charged in $65M Cryptocurrency Hacking Schemes 2025-02-07T18:09:42+00:00 https://www.darkreading.com/cyberattacks-data-breaches/canadian-man-charged-in-65m-cryptocurrency-hacking-schemes www.secnews.physaphae.fr/article.php?IdArticle=8647473 False None None 3.0000000000000000 Dark Reading - Informationweek Branch 2024 Breaks Records With Highest Ever Ransomware Attacks 2025-02-07T18:06:24+00:00 https://www.darkreading.com/threat-intelligence/2024-breaks-records-with-highest-ever-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8647474 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch Databarracks Launches Air Gap Recover 2025-02-07T17:57:45+00:00 https://www.darkreading.com/cloud-security/databarracks-launches-air-gap-recover www.secnews.physaphae.fr/article.php?IdArticle=8647465 False None None 3.0000000000000000 SecurityWeek - Security News ThreatMate Raises $3.2 Million for Attack Surface Management Platform ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs.

>ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs. ]]> 2025-02-07T17:35:28+00:00 https://www.securityweek.com/threatmate-raises-3-2-million-for-attack-surface-management-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8647464 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Google\\'s DMARC Push Pays Off, but Email Security Challenges Remain A year after Google and Yahoo started requiring DMARC, the adoption rate of the email authentication specification has doubled; and yet, 87% of domains remain unprotected.]]> 2025-02-07T17:00:04+00:00 https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges www.secnews.physaphae.fr/article.php?IdArticle=8647458 False None Yahoo 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) AI-Powered Social Engineering: Reinvented Threats The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It\'s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:]]> 2025-02-07T16:40:00+00:00 https://thehackernews.com/2025/02/ai-powered-social-engineering.html www.secnews.physaphae.fr/article.php?IdArticle=8647403 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers\' pathway. The tech giant\'s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET]]> 2025-02-07T16:31:00+00:00 https://thehackernews.com/2025/02/microsoft-identifies-3000-publicly.html www.secnews.physaphae.fr/article.php?IdArticle=8647404 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) India\\'s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud India\'s central bank, the Reserve Bank of India (RBI), said it\'s introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a]]> 2025-02-07T16:02:00+00:00 https://thehackernews.com/2025/02/indias-rbi-introduces-exclusive-bankin.html www.secnews.physaphae.fr/article.php?IdArticle=8647394 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 27 UK public sector organizations faced ICO enforcement actions in 2024, with three fines issued, according to URM Consulting]]> 2025-02-07T16:00:00+00:00 https://www.infosecurity-magazine.com/news/uk-gdpr-enforcement-public-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8647450 False Legislation None 3.0000000000000000 Fortinet - Fabricant Materiel Securite What\\'s Next for Operational Technology Security? Get insights into OT cybersecurity predictions and trends for 2025. Learn more.]]> 2025-02-07T16:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/what-is-next-for-ot-security www.secnews.physaphae.fr/article.php?IdArticle=8647456 False Industrial None 2.0000000000000000 HackRead - Chercher Cyber 7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved.]]> 2025-02-07T15:50:14+00:00 https://hackread.com/exposed-ollama-apis-leave-deepseek-ai-models-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8647446 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future States prepare privacy lawsuit against DOGE over access to federal data More than a dozen state attorneys general say they plan to sue the Trump administration over the actions of Elon Musk\'s DOGE team, including its access to private data federal payment systems.]]> 2025-02-07T15:32:25+00:00 https://therecord.media/doge-privacy-lawsuit-state-attorneys-general www.secnews.physaphae.fr/article.php?IdArticle=8647448 False None None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Screenshot-Reading Malware reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.” That’s a tactic I have not heard of before.

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.” That’s a tactic I have not heard of before.]]> 2025-02-07T15:26:11+00:00 https://www.schneier.com/blog/archives/2025/02/screenshot-reading-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8647444 False Malware None 2.0000000000000000 TechRepublic - Security News US Cyber Attack Severity Rating System Established in UK The U.K.\'s new cyberattack rating system ranks incidents from 1 to 5, but experts warn businesses must go beyond awareness and strengthen their defences.]]> 2025-02-07T15:16:32+00:00 https://www.techrepublic.com/article/uk-cyber-attack-severity-rating/ www.secnews.physaphae.fr/article.php?IdArticle=8647445 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Behavioral Analytics in Cybersecurity: Who Benefits Most? As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.]]> 2025-02-07T15:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/behavioral-analytics-cybersecurity-who-benefits-most www.secnews.physaphae.fr/article.php?IdArticle=8647449 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial UK Cyber Monitoring Centre starts categorizing cyber events, conveys impact of systemic cyber events The Cyber Monitoring Centre (CMC) announced Thursday it will officially categorize cyber events impacting U.K. organizations, with immediate...

>The Cyber Monitoring Centre (CMC) announced Thursday it will officially categorize cyber events impacting U.K. organizations, with immediate... ]]> 2025-02-07T14:34:10+00:00 https://industrialcyber.co/news/uk-cyber-monitoring-centre-starts-categorizing-cyber-events-conveys-impact-of-systemic-cyber-events/ www.secnews.physaphae.fr/article.php?IdArticle=8647434 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial US House Committee on Homeland Security holds hearing to tackle cybersecurity workforce shortage amid rising threats The U.S. House Committee on Homeland Security convened a full committee hearing on Wednesday to address strategies for... ]]> 2025-02-07T14:29:30+00:00 https://industrialcyber.co/training-development/us-house-committee-on-homeland-security-holds-hearing-to-tackle-cybersecurity-workforce-shortage-amid-rising-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8647435 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial UTSI International joins ThreatGEN partner program to boost cybersecurity preparedness for critical infrastructure UTSI International Corporation, vendor of Industrial Control System (ICS) cybersecurity and critical infrastructure protection, has joined the ThreatGEN...

>UTSI International Corporation, vendor of Industrial Control System (ICS) cybersecurity and critical infrastructure protection, has joined the ThreatGEN... ]]> 2025-02-07T14:24:04+00:00 https://industrialcyber.co/vendors/utsi-international-joins-threatgen-partner-program-to-boost-cybersecurity-preparedness-for-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8647436 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Ampyx Cyber appoints Andrew Luccitti as chief revenue officer to push growth, innovation in industrial cybersecurity Ampyx Cyber, a consulting firm specializing in industrial control systems (ICS) and operational technology (OT) security, announced on... ]]> 2025-02-07T14:22:49+00:00 https://industrialcyber.co/news/ampyx-cyber-appoints-andrew-luccitti-as-chief-revenue-officer-to-push-growth-innovation-in-industrial-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8647437 False Industrial None 2.0000000000000000 Bleeping Computer - Magazine Américain HPE notifies employees of data breach after Russian Office 365 hack Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company\'s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. [...]]]> 2025-02-07T14:21:16+00:00 https://www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8647482 False Data Breach,Hack None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Phone number generators: types, uses, and how to choose 2025-02-07T14:14:28+00:00 https://blog.incogni.com/phone-number-generators/ www.secnews.physaphae.fr/article.php?IdArticle=8647438 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Malicious AI Models on Hugging Face Exploit Novel Attack Technique The technique, called nullifAI, allows the models to bypass Hugging Face\'s protective measures against malicious AI models]]> 2025-02-07T14:00:00+00:00 https://www.infosecurity-magazine.com/news/malicious-ai-models-hugging-face/ www.secnews.physaphae.fr/article.php?IdArticle=8647428 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future UK reportedly demands secret \\'back door\\' to Apple users\\' iCloud accounts The British government has reportedly issued a secret legal demand to Apple to allow access to encrypted iCloud accounts.]]> 2025-02-07T13:53:14+00:00 https://therecord.media/uk-government-reportedly-demands-backdoor-apple-icloud www.secnews.physaphae.fr/article.php?IdArticle=8647425 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]]]> 2025-02-07T13:42:44+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-cityworks-rce-bug-to-breach-microsoft-iis-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8647472 False Vulnerability,Threat None 3.0000000000000000 CyberSecurityVentures - cybersecurity services Who\\'s Who In Cybersecurity: Kara Sprague, CEO at HackerOne This week in cybersecurity from the editors at Cybercrime Magazine –Listen to Our Podcast Sausalito, Calif. – Feb. 7, 2025 Kara Sprague was named CEO at San Francisco-based cybersecurity company HackerOne last last year. HackerOne offers bug bounty, pentesting, code security audits, spot checks, and AI ]]> 2025-02-07T13:38:42+00:00 https://cybersecurityventures.com/whos-who-in-cybersecurity-kara-sprague-ceo-at-hackerone/ www.secnews.physaphae.fr/article.php?IdArticle=8647423 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Le protocole d\'alerte ZATAZ : version 2025 La cybersécurité est cruciale dans un monde connecté. Le protocole d\'alerte ZATAZ évolue après 25 ans pour mieux contrer les menaces, avec alertes en temps réel....]]> 2025-02-07T13:35:46+00:00 https://www.zataz.com/le-protocole-dalerte-zataz-version-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8647424 False Threat None 3.0000000000000000 SecurityWeek - Security News Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.

>Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack. ]]> 2025-02-07T13:08:09+00:00 https://www.securityweek.com/information-of-883000-stolen-in-crippling-attack-on-hospital-sisters-health-system/ www.secnews.physaphae.fr/article.php?IdArticle=8647414 False None None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point Helps Gentera Secure the Financial Future of Millions Gentera is built on the vision of eradicating financial exclusion and serves over 3.2 million clients across its subsidiaries in Mexico, Guatemala, and Peru. To help empower those with fewer financial resources, Gentera provides counseling and services around credit, insurance, payment methods, remittances, and financial education. Carlos Bravo serves as the Chief Information Security Officer at Gentera, where he is responsible for securing the organization\'s broad, geographically distributed customer base and salesforce as well as modernizing IT to meet the demands of mobile-first customers and partners who cannot compromise on securing their smart devices and trusted users. The organization needed […]

>Gentera is built on the vision of eradicating financial exclusion and serves over 3.2 million clients across its subsidiaries in Mexico, Guatemala, and Peru. To help empower those with fewer financial resources, Gentera provides counseling and services around credit, insurance, payment methods, remittances, and financial education. Carlos Bravo serves as the Chief Information Security Officer at Gentera, where he is responsible for securing the organization\'s broad, geographically distributed customer base and salesforce as well as modernizing IT to meet the demands of mobile-first customers and partners who cannot compromise on securing their smart devices and trusted users. The organization needed […] ]]> 2025-02-07T13:00:15+00:00 https://blog.checkpoint.com/customer-stories/check-point-helps-gentera-secure-the-financial-future-of-millions/ www.secnews.physaphae.fr/article.php?IdArticle=8647412 False None None 2.0000000000000000 Cyble - CyberSecurity Firm Open Graph Spoofing Toolkit: Old Exploitation Techniques Still in Use to Lure Social Media Users into Phishing Attacks The current digital landscape necessitates an approach to sharing content on social media for significant user engagement and click-through rates. This is where the Open Graph Protocol (OGP) comes into play. Developed by Facebook, Open Graph allows web developers to control how their web pages appear when shared across various platforms. Developers use specific meta tags in a webpage\'s HTML to define essential elements such as the title, description, and image that accompany shared links. Attackers have long exploited the Open Graph Protocol for malicious activities. Recently, Cyble Research and Intelligence Labs (CRIL) also observed a threat actor on a Russian underground offering a toolkit dubbed \'OG Spoof\' for similar operations. The toolkit was designed for phishing campaigns, aiming to mislead users and artificially inflate click-through rates by exploiting flaws in the Open Graph protocol. Overview The importance of Open Graph (OG) tags cannot be overstated. The OG tags enhance the visibility of content, making it appealing to a broader base of potential viewers and more likely to garner views and clicks. Figure 1: OG tags used in header

Figure 1: OG tags used in the header Several content management systems (CMS), such as WordPress and Magento, come equipped with built-in functionalities or plugins that automatically generate these tags based on the post\'s content. This automation ensures that when links are shared, they are presented in an engaging manner while accurately previewing their content. The TA released the \'OG Spoof\' kit for sale in October 2024 at a staggering USD 2,500 price and claimed that it was initially designed for their own fraudulent operations. However, as they developed advanced methods, the toolk]]> 2025-02-07T12:57:51+00:00 https://cyble.com/blog/open-graph-spoofing-toolkit/ www.secnews.physaphae.fr/article.php?IdArticle=8647415 False Malware,Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Ransomware payments are falling; Actfore CEO offers possible reasons WHY Opinion

Ransomware payments are falling; Christian Geyer, founder and CEO, Actfore offers possible reasons WHY - Opinion]]> 2025-02-07T12:54:45+00:00 https://www.globalsecuritymag.fr/ransomware-payments-are-falling-actfore-ceo-offers-possible-reasons-why.html www.secnews.physaphae.fr/article.php?IdArticle=8647413 False Ransomware None 3.0000000000000000 Korben - Bloger francais Ce casque audio à 60 balles fait (presque) tout comme un casque haut de gamme ! SoundForm Isolate. Un casque sans fil avec réduction de bruit active pour moins 60 € ? Oui, clairement, le prix pose question, alors j\'en ai commandé un, je l\'ai testé, et punaise, à ce prix là, c\'est impressionnant ! (dispo en noir et beige)

– Article rédigé par Vincent Lautier, contient des liens affiliés Amazon – Belkin débarque sur le marché des casques audio avec un modèle qui risque d\'intéresser pas mal de monde : leSoundForm Isolate. Un casque sans fil avec réduction de bruit active pour moins 60 € ? Oui, clairement, le prix pose question, alors j\'en ai commandé un, je l\'ai testé, et punaise, à ce prix là, c\'est impressionnant ! (dispo en noir et beige)]]> 2025-02-07T12:17:32+00:00 https://korben.info/ce-casque-audio-a-60-balles-fait-presque-tout-comme-un-casque-haut-de-gamme.html www.secnews.physaphae.fr/article.php?IdArticle=8647416 False None None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé What can someone do with your phone number 2025-02-07T12:13:19+00:00 https://blog.incogni.com/what-can-someone-do-with-your-phone-number/ www.secnews.physaphae.fr/article.php?IdArticle=8647411 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain US health system notifies 882,000 patients of August 2023 breach Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. [...]]]> 2025-02-07T11:44:32+00:00 https://www.bleepingcomputer.com/news/security/us-health-system-notifies-882-000-patients-of-august-2023-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8647457 False Data Breach None 2.0000000000000000 Cyble - CyberSecurity Firm Critical Vulnerabilities Reported in Cyble\\'s Weekly Vulnerability Insights Overview Cyble Research & Intelligence Labs (CRIL) published their Weekly Vulnerability Insights Report to clients, covering key vulnerabilities reported from January 29 to February 4, 2025. The analysis highlights critical security flaws that have posed cyber threats to various IT infrastructures globally. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added five vulnerabilities to the Known Exploited Vulnerability (KEV) catalog. This report highlights vulnerabilities in several widely used software products and services, including Paessler PRTG Network Monitor, Microsoft .NET Framework, and Zyxel DSL devices. These vulnerabilities could impact a range of industries that rely on these systems to monitor, manage, and protect critical infrastructure. Incorporation of Vulnerabilities into the KEV Catalog CISA\'s inclusion of vulnerabilities in the KEV catalog is an important step in highlighting serious risks associated with widely deployed software. During this period, CISA added five vulnerabilities, including two dating back to 2018, that have been actively exploited and affect major IT infrastructure tools like Paessler PRTG Network Monitor. These vulnerabilities were assessed for their active exploitation and listed accordingly to ensure better protection for organizations globally. Among the newly added vulnerabilities, CVE-2018-19410 and ]]> 2025-02-07T11:44:32+00:00 https://cyble.com/blog/cybles-weekly-vulnerability-kev-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8647402 False Tool,Vulnerability,Threat,Patching,Mobile None 3.0000000000000000 IT Security Guru - Blog Sécurité Shortlist Revealed For Most Inspiring Women in Cyber Awards 2025 After Record Breaking Number of Entries Eskenzi PR, the dedicated global cybersecurity PR agency, are proud to announce the shortlist for the 2025 Most Inspiring Women in Cyber Awards. This year the organisers received the highest number of nominations since the awards started in 2020, with over 250 nominations. For the first time ever, a shortlist has been announced ahead of […] ]]> 2025-02-07T11:35:36+00:00 https://www.itsecurityguru.org/2025/02/07/shortlist-revealed-for-most-inspiring-women-in-cyber-awards-2025-after-record-breaking-number-of-entries/?utm_source=rss&utm_medium=rss&utm_campaign=shortlist-revealed-for-most-inspiring-women-in-cyber-awards-2025-after-record-breaking-number-of-entries www.secnews.physaphae.fr/article.php?IdArticle=8647514 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Third-Party Risk Management Failures Expose UK Finance Sector Orange Cyberdefense found that over half of UK financial firms suffered at least one third-party attack in 2024, linked to significant gaps in risk management strategies]]> 2025-02-07T11:20:00+00:00 https://www.infosecurity-magazine.com/news/third-party-risk-failures-uk/ www.secnews.physaphae.fr/article.php?IdArticle=8647401 False None None 3.0000000000000000 Korben - Bloger francais Du Toyota C-HR au Hyundai Ioniq 5 - Mon virage vers le tout électrique Vous ne le savez surement pas, mais actuellement, je conduis une voiture hybride Toyota C-HR de 2022. J’en suis très content, car ça m’a permis de faire un peu d’open source dessus (je vous en parlerai peut-être un jour), mais comme elle est peu petite pour transporter mon bordel et qu’en plus, faut encore mettre de l’essence dedans, j’ai pris la décision de passer dans les mois qui viennent sur un véhicule 100% électrique.]]> 2025-02-07T11:03:15+00:00 https://korben.info/du-toyota-c-hr-au-hyundai-ioniq-5-mon-virage-vers-le-tout-electrique.html www.secnews.physaphae.fr/article.php?IdArticle=8647405 False None None 3.0000000000000000 Cyble - CyberSecurity Firm U.S. Ransomware Attacks Surge to Start 2025 Overview According to an analysis of Cyble threat intelligence data, U.S. ransomware attacks have surged to the start of 2025, up nearly 150% from the first five weeks of 2024. Ransomware attacks on U.S. targets have been climbing since a few organizations paid ransoms to attackers in highly publicized cases last year, making the country a more attractive target for ransomware groups. That\'s likely the main reason for the increase. Regardless of the timeframe or changes in the most active ransomware groups, U.S. ransomware attacks have increased substantially in the last year and have been climbing steadily since the fall. We\'ll examine the changing ransomware landscape in the U.S. and other frequently attacked countries and consider what changes may be in store as we approach 2025. The Effect of Ransomware Payments In the first five weeks of 2024, Cyble documented 152 ransomware attacks on U.S. targets, in line with late 2023 trends. In the first five weeks of 2025, that number soared to 378 attacks on U.S. targets, a 149% year-over-year increase. Compared to the end of 2024, attacks are up a still significant 29% so far in 2025, up from 282 in the last five weeks of the year. Perhaps owing to geographical proximity, Canada has also seen a significant increase in ransomware attacks, up from 14 in the year-ago period to 28 at the end of 2024, and nearly doubling again to 46 to start 2025. Even as North American ransomware attacks have soared, the next-most attacked regions have stayed relatively stable. France, for example, had 18 attacks to start in 2024 and has seen 19 thus far in 2025 (chart below). ]]> 2025-02-07T10:55:33+00:00 https://cyble.com/blog/u-s-ransomware-attacks-surge-to-start-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8647393 False Ransomware,Tool,Vulnerability,Threat,Legislation,Prediction,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a]]> 2025-02-07T10:49:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8647359 False Ransomware,Vulnerability,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais JFrog Security Research : Les principales découvertes en 2024 Tribune – Vous trouverez ci-dessous le récapitulatif des principales découvertes réalisées par les équipes de JFrog Security Research en 2024 : L’année dernière, nous pensions que le chiffre de 29 000 CVE (Common Vulnerabilities and Exposures) était énorme. Cette année, selon Cyber Press : " Plus de 40 000 CVE publiés en 2024, marquant une augmentation de 38 % […] The post JFrog Security Research : Les principales découvertes en 2024 first appeared on UnderNews.

>Tribune – Vous trouverez ci-dessous le récapitulatif des principales découvertes réalisées par les équipes de JFrog Security Research en 2024 : L’année dernière, nous pensions que le chiffre de 29 000 CVE (Common Vulnerabilities and Exposures) était énorme. Cette année, selon Cyber Press : " Plus de 40 000 CVE publiés en 2024, marquant une augmentation de 38 % […] The post JFrog Security Research : Les principales découvertes en 2024 first appeared on UnderNews.]]> 2025-02-07T10:25:24+00:00 https://www.undernews.fr/reseau-securite/jfrog-security-research-les-principales-decouvertes-en-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8647392 False Vulnerability None 4.0000000000000000 Korben - Bloger francais Le Chat par Mistral AI - Un nouvel assistant qui défie ChatGPT Le Chat, son assistant conversationnel qui va certainement vous plaire et dont tout le monde risque de parler lors du Sommet de l’IA. Première chose qui frappe quand on lance Le Chat c’est sa rapidité hallucinante. L’appli vous balance du texte à une vitesse stratosphérique grâce à sa technologie Flash Answers. En gros, c’est du 1000 mots par seconde ! Il cause plus vite que moi quand je suis stressé. C’est fou ! Pour ceux qui codent avec les IA, c’est du bonheur !

Tiens donc, on dirait bien que nos amis de Mistral AI ont décidé de pimenter sérieusement la bataille des assistants virtuels ! La startup française vient en effet de dégainer Le Chat, son assistant conversationnel qui va certainement vous plaire et dont tout le monde risque de parler lors du Sommet de l’IA. Première chose qui frappe quand on lance Le Chat c’est sa rapidité hallucinante. L’appli vous balance du texte à une vitesse stratosphérique grâce à sa technologie Flash Answers. En gros, c’est du 1000 mots par seconde ! Il cause plus vite que moi quand je suis stressé. C’est fou ! Pour ceux qui codent avec les IA, c’est du bonheur !]]> 2025-02-07T10:01:00+00:00 https://korben.info/le-chat-mistral-ai-assistant-ia-francais.html www.secnews.physaphae.fr/article.php?IdArticle=8647395 False None ChatGPT 3.0000000000000000 SecurityWeek - Security News Trimble Cityworks Customers Warned of Zero-Day Exploitation Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.

>Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. ]]> 2025-02-07T09:55:00+00:00 https://www.securityweek.com/trimble-cityworks-customers-warned-of-zero-day-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8647385 False Malware,Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Cyber-IA Expo 2025, retour sur un évènement clé pour l\'avenir de l\'IA et de la Cybersécurité Événements

Cyber-IA Expo. Cette journée unique dresse un bilan prometteur pour la suite de l\'évènement organisé en prélude au Sommet pour l\'action sur l\'IA. Elle a réuni au Palais des congrès, experts et décideurs autour des enjeux de l\'intelligence artificielle appliquée à la cybersécurité. - Événements]]> 2025-02-07T09:41:00+00:00 https://www.globalsecuritymag.fr/cyber-ia-expo-2025-retour-sur-un-evenement-cle-pour-l-avenir-de-l-ia-et-de-la.html www.secnews.physaphae.fr/article.php?IdArticle=8647689 False None None 3.0000000000000000