www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-11T03:06:56+00:00 www.secnews.physaphae.fr Bleeping Computer - Magazine Américain Panda Restaurants révèle la violation des données après le piratage des systèmes d'entreprise Panda Restaurants discloses data breach after corporate systems hack Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. [...]]]> 2024-05-01T13:35:03+00:00 https://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8491959 False Data Breach,Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future Se remettre des attaques de ransomwares pourrait coûter au conseil écossais éloigné & Pound; 500 000 Recovering from ransomware attack could cost remote Scottish council £500,000 2024-05-01T13:14:15+00:00 https://therecord.media/ransomware-attack-costing-scottish-commune-million www.secnews.physaphae.fr/article.php?IdArticle=8491838 False Ransomware None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Prolonger la protection des sases au navigateur Extending SASE Protection Into the Browser Si vous souhaitez protéger vos travailleurs distants, l'un des meilleurs endroits pour démarrer est le navigateur Web.C'est le portail principal vers notre journée de travail pour accéder à tout, des fichiers aux applications SaaS ou simplement à parcourir le Web.C'est pourquoi nous avons récemment ajouté une protection significative de navigateur à l'accès à l'harmonie sur Internet.Que vous cherchiez à empêcher les attaques de phishing, la réutilisation des mots de passe d'entreprise ou des fuites numériques, nous vous sommes couverts.Soutenu par ThreatCloud AI, la technologie de prévention des menaces de Check Point \\, la sécurité du navigateur d'accès Internet, la sécurité des navigateurs améliore la sécurité de votre main-d'œuvre à distance et à bureau.Fonctionnalités principales de sécurité du navigateur Prise en charge de la sécurité du navigateur [& # 8230;]

>If you want to protect your remote workers one of the best places to start is the web browser. It\'s the primary portal to our workday for accessing everything from files to SaaS applications or just browsing the web. That\'s why we recently added significant browser protection to Harmony SASE Internet Access. Whether you\'re looking to prevent phishing attacks, reuse of corporate passwords, or digital leaks, we\'ve got you covered. Backed by ThreatCloud AI, Check Point\'s industry-leading threat prevention technology, Internet Access Browser Security improves the security of your remote and in-office workforce. Browser Security Main Features Browser Security supports […] ]]> 2024-05-01T13:00:45+00:00 https://blog.checkpoint.com/security/extending-sase-protection-into-the-browser/ www.secnews.physaphae.fr/article.php?IdArticle=8491809 False Threat,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Déballage des nouvelles directives du DHS pour obtenir des infrastructures critiques à partir des menaces liées à l'IA Unpacking the New DHS Guidelines for Securing Critical Infrastructure from AI-related Threats En vertu du décret du président Biden \\ concernant le développement et l'utilisation de l'intelligence artificielle, le ministère de la Sécurité intérieure a publié de nouvelles directives sur la façon de garantir les infrastructures critiques des menaces liées à l'IA.Les directives sont axées sur trois catégories clés.Le premier est les attaques à l'aide de l'IA;Cela fait référence à l'utilisation de l'IA pour planifier et effectuer des attaques physiques ou cyber-attaques contre des infrastructures clés.La seconde est les attaques ciblant les systèmes d'IA;Cela fait référence aux attaques contre les systèmes d'IA lui-même qui soutiennent les infrastructures critiques.Et le troisième est les échecs dans la conception de l'IA;Cela fait référence à toute carence en planification [& # 8230;]

>Under President Biden\'s Executive Order regarding the safe development and use of Artificial Intelligence, the Department of Homeland Security published new guidelines about how to secure critical infrastructure from AI-related threats. The guidelines are focused on three key categories. The first is attacks using AI; this refers to the use of AI to plan and carry out either physical or cyber attacks on key infrastructure. The second is attacks targeting AI systems; this refers to attacks on the AI systems itself that support critical infrastructure. And third is failures in AI design; this refers to any deficiency in the planning […] ]]> 2024-05-01T13:00:34+00:00 https://blog.checkpoint.com/security/unpacking-the-new-dhs-guidelines-for-securing-critical-infrastructure-from-ai-related-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8491810 False None None 2.0000000000000000 TechRepublic - Security News US Adobe ajoute Firefly et AI Watermarking to Bug Bounty Program Adobe Adds Firefly and AI Watermarking to Bug Bounty Program Researchers can earn up to $10,000 for critical vulnerabilities in the generative AI products.]]> 2024-05-01T13:00:31+00:00 https://www.techrepublic.com/article/adobe-ai-bug-bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8491837 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 1 sur 5 US Ransomware Attacks déclenche un procès 1 in 5 US Ransomware Attacks Triggers Lawsuit Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful]]> 2024-05-01T13:00:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-attacks-trigger-lawsuit/ www.secnews.physaphae.fr/article.php?IdArticle=8491815 False Ransomware None 2.0000000000000000 Bleeping Computer - Magazine Américain French hospital CHC-SV refuses to pay LockBit extortion demand The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. [...]]]> 2024-05-01T12:38:04+00:00 https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/ www.secnews.physaphae.fr/article.php?IdArticle=8491932 False Ransomware None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le livre de jeu WEF aborde la cyber-résilience dans les chaînes de fabrication et d'approvisionnement, fournit trois principes directeurs WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles The World Economic Forum (WEF) published a playbook that outlines three guiding principles to support manufacturing and supply... ]]> 2024-05-01T12:32:30+00:00 https://industrialcyber.co/manufacturing/wef-playbook-addresses-cyber-resilience-in-manufacturing-and-supply-chains-provides-three-guiding-principles/ www.secnews.physaphae.fr/article.php?IdArticle=8491813 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain CISA dit que le bug de la prise de contrôle du compte Gitlab est activement exploité dans les attaques CISA says GitLab account takeover bug is actively exploited in attacks CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. [...]]]> 2024-05-01T12:29:36+00:00 https://www.bleepingcomputer.com/news/security/cisa-says-gitlab-account-takeover-bug-is-actively-exploited-in-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8491933 False Vulnerability None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial DOE, l'EPA support NSM-22 axée sur la sécurité et la résilience des infrastructures critiques DOE, EPA support NSM-22 focused on critical infrastructure security and resilience Le Département américain de l'Énergie (DOE) accueille la libération du mémorandum de sécurité nationale 22 (NSM-22) sur l'infrastructure critique ...

>The U.S. Department of Energy (DOE) welcomes the release of National Security Memorandum 22 (NSM-22) on Critical Infrastructure... ]]> 2024-05-01T12:24:44+00:00 https://industrialcyber.co/critical-infrastructure/doe-epa-support-nsm-22-focused-on-critical-infrastructure-security-and-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8491814 False None None 2.0000000000000000 ComputerWeekly - Computer Magazine Australia\\'s Qantas apologises for mobile app data breach 2024-05-01T12:03:00+00:00 https://www.computerweekly.com/news/366583075/Australias-Qantas-apologises-for-mobile-app-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8491929 False Data Breach,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) L'ancien employé de la NSA a condamné à 22 ans pour avoir tenté de vendre des secrets américains à la Russie Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.]]> 2024-05-01T12:02:00+00:00 https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html www.secnews.physaphae.fr/article.php?IdArticle=8491665 False Legislation None 3.0000000000000000 NIST Security - NIST cybersecurity insights Faire un tour!NIST Cybersecurity Framework 2.0: Guide de démarrage rapide des petites entreprises Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small business community\'s significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses. To add to the festivities, this NIST Cybersecurity Insights blog showcases the NIST Cybersecurity Framework 2.0]]> 2024-05-01T12:00:00+00:00 https://www.nist.gov/blogs/cybersecurity-insights/take-tour-nist-cybersecurity-framework-20-small-business-quick-start www.secnews.physaphae.fr/article.php?IdArticle=8491860 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les poursuites et les dévaluations de l'entreprise attendent pour les entreprises violées Lawsuits and Company Devaluations Await For Breached Firms New report from Netwrix reveals unplanned expenses impact half of breached firms, including a surge in lawsuits]]> 2024-05-01T12:00:00+00:00 https://www.infosecurity-magazine.com/news/lawsuits-company-devaluations/ www.secnews.physaphae.fr/article.php?IdArticle=8491787 False None None 2.0000000000000000 SecurityWeek - Security News Wpeeper Android Trojan utilise des sites WordPress compromis pour protéger le serveur de commandement et de contrôle Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal. ]]> 2024-05-01T11:57:52+00:00 https://www.securityweek.com/wpeeper-android-trojan-uses-compromised-wordpress-sites-to-shield-command-and-control-server/ www.secnews.physaphae.fr/article.php?IdArticle=8491811 False Mobile None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Vous avez une arnaque de voix AI Voice Scam a trompé une entreprise pour croire qu'elle avait affaire à un présentateur de la BBC.Ils ont simulé sa voix et ont accepté de l'argent destiné à elle.

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.]]> 2024-05-01T11:09:23+00:00 https://www.schneier.com/blog/archives/2024/05/ai-voice-scam.html www.secnews.physaphae.fr/article.php?IdArticle=8491786 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine DBIR: La vulnérabilité exploite le triple comme point d'accès initial pour les violations de données DBIR: Vulnerability Exploits Triple as Initial Access Point for Data Breaches The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found]]> 2024-05-01T11:00:00+00:00 https://www.infosecurity-magazine.com/news/dbir-vulnerability-exploits-triple/ www.secnews.physaphae.fr/article.php?IdArticle=8491764 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine INFOCURITY EUROPE HENTE: Construire des équipes fortes et conduire des changements avec Claire Williams de F1 \\ Infosecurity Europe Keynote: Building Strong Teams and Driving Change with F1\\'s Claire Williams Join Claire Williams at Infosecurity Europe to learn how F1 leadership strategies can inspire cybersecurity leaders]]> 2024-05-01T10:00:00+00:00 https://www.infosecurity-magazine.com/news/infosecurity-europe-keynote-claire/ www.secnews.physaphae.fr/article.php?IdArticle=8491738 False None None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Histoires du SOC & # 8211;Combattre les escroqueries «alertes de sécurité» Stories from the SOC – Combating “Security Alert” Scams phishing/scams is by end-user education and communication with the IT department. In a recent incident, a fake “Microsoft Security Alert” domain targeted one of our Managed Endpoint Security with SentinelOne customers, causing alarm for the end users and IT staff, but fortunately, the end user did not fall into the trap of calling the fraudulent number. The customer immediately contacted their assigned Threat Hunter for support and guidance, and the Threat Hunter was able to quickly utilize the security measures in place, locate multiple domains, and report them to the Alien Labs threat intelligence team. AT&T Cybersecurity was one of the first cybersecurity companies to alert on the domains and share the information via the Open Threat Exchange (OTX) threat intelligence sharing community, helping other organizations protect against it. Investigation Initial Alarm Review Indicators of Compromise (IOCs) The initial security layers failed to raise alarms for several reasons. First, the firewalls did not block the domain because it was newly registered and therefore not yet on any known block lists. Second, the platform did not create any alarms because the domain’s SSL certificates were properly configured. Finally, the EDR tool did not alert because no downloads were initiated from the website. The first indication of an issue came from an end user who feared a hack and reported it to the internal IT team. Utilizing the information provided by the end user, the Threat Hunter was able to locate the user\'s asset. Sniffing the URL data revealed a deceptive “Microsoft Security Alert” domain and a counterfeit McAfee website. These were detected largely because of improvements recommended during the customer\'s monthly meetings with the Threat Hunter, including a recommendation to activate the SentinelOne Deep Visibility browser extension, which is the tool that was instrumental in capturing URL information with greater accuracy after all the redirects. fake support page

Figure I – Fake Microsoft Support page

Figure 2 – Fake McAfee page Artifact (Indicator of Compromise) IOC Fake McAfee Page bavareafastrak[.]org Website Hosting Scam Pages Galaxytracke[.]com Zip file hash Tizer.zip - 43fb8fb69d5cbb8d8651af075059a8d96735a0d5 Figure 3 – Indicators of compromise Expanded Investigation Events Search With the understanding that the e]]> 2024-05-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-combating-security-alert-scams www.secnews.physaphae.fr/article.php?IdArticle=8491736 False Hack,Tool,Threat None 2.0000000000000000 The Register - Site journalistique Anglais Le projet de loi avance pour exonérer des centaines dans le scandale Horizon du bureau de poste Bill advances to exonerate hundreds in Post Office Horizon scandal \'Their convictions wiped clean from the slate,\' minister promises The mass exoneration of wrongfully convicted Post Office managers caught up in the Horizon IT scandal has come a step closer in the UK after MPs passed the third stage of a government bill.…]]> 2024-05-01T09:31:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/01/post_office_exoneration_bill/ www.secnews.physaphae.fr/article.php?IdArticle=8491737 False None None 3.0000000000000000 Detection Engineering - Blog Sécu DET.Eng.Hebdomadaire # 67 - droppin \\ 'my nist nvd diss track Det. Eng. Weekly #67 - Droppin\\' my NIST NVD diss track 🎵 NIST\'s analysis missing in action, left CVEs hangin’ like a bad connection 🎵]]> 2024-05-01T09:22:41+00:00 https://www.detectionengineering.net/p/det-eng-weekly-67-droppin-my-nist www.secnews.physaphae.fr/article.php?IdArticle=8491735 False None None 2.0000000000000000 Global Security Mag - Site de news francais L'impact potentiel de l'Ai \\ sur les élections locales, révèle l'expert AI\\'s potential impact on local elections, expert reveals opinion

In light of the upcoming local elections on May 2nd, reports have suggested that the UK could be facing an increase of online disinformation, cyber security threats, and AI scams. Christoph C. Cemper, on behalf of AIPRM, has issued expert advice on how to spot these scams and combat misinformation: - Opinion]]> 2024-05-01T09:19:33+00:00 https://www.globalsecuritymag.fr/ai-s-potential-impact-on-local-elections-expert-reveals.html www.secnews.physaphae.fr/article.php?IdArticle=8491739 False None None 2.0000000000000000 Global Security Mag - Site de news francais Les paiements de ransomwares augmentent de 500% au cours de la dernière année, trouve le rapport Sophos State of Ransomware Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report rapports spéciaux

Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report Rate of Ransomware Attacks Falls Slightly, But Recovery Costs Hit $2.73 million - Special Reports]]> 2024-05-01T09:15:10+00:00 https://www.globalsecuritymag.fr/ransomware-payments-increase-500-in-the-last-year-finds-sophos-state-of.html www.secnews.physaphae.fr/article.php?IdArticle=8491740 False Ransomware None 3.0000000000000000 Bleeping Computer - Magazine Américain Les nouveaux logiciels malveillants de seiche infectent les routeurs pour surveiller le trafic pour les informations d'identification New Cuttlefish malware infects routers to monitor traffic for credentials A new malware named \'Cuttlefish\' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. [...]]]> 2024-05-01T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-cuttlefish-malware-infects-routers-to-monitor-traffic-for-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8491839 False Malware None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial La Maison Blanche publie un mémorandum de sécurité nationale sur la sécurité et la résilience des infrastructures critiques White House releases National Security Memorandum on critical infrastructure security and resilience The U.S. White House announced Tuesday that President Joe Biden has signed a National Security Memorandum (NSM) to... ]]> 2024-05-01T08:53:35+00:00 https://industrialcyber.co/critical-infrastructure/white-house-releases-national-security-memorandum-on-critical-infrastructure-security-and-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8491711 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le nouveau modèle de risque mobile de NCSC \\ visait les entreprises «à haute menace» NCSC\\'s New Mobile Risk Model Aimed at “High-Threat” Firms The UK\'s National Cyber Security Centre claims its AMS model will protect firms from state-backed mobile threats]]> 2024-05-01T08:45:00+00:00 https://www.infosecurity-magazine.com/news/ncscs-mobile-risk-model-highthreat/ www.secnews.physaphae.fr/article.php?IdArticle=8491709 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais & livre; perte de 5 km pour les entreprises chaque cyberattaque: l'expert révèle comment réduire le risque £5k loss for businesses EVERY cyber attack: expert reveals how to reduce risk mise à jour malveillant / / affiche

£5k loss for businesses EVERY cyber attack: expert reveals how to reduce risk by Reboot Online - Malware Update / affiche]]> 2024-05-01T08:09:28+00:00 https://www.globalsecuritymag.fr/l5k-loss-for-businesses-every-cyber-attack-expert-reveals-how-to-reduce-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8491714 False None None 2.0000000000000000 Korben - Bloger francais MetaDetective – Pour dévoiler les secrets cachés de vos fichiers 2024-05-01T07:00:00+00:00 https://korben.info/metadetective-outil-ultime-analyse-metadonnees.html www.secnews.physaphae.fr/article.php?IdArticle=8491687 False None None 4.0000000000000000 ProofPoint - Firm Security ProofPoint élabore une offre de protection de l'information avec les capacités DLP inter-canaux qui abordent la nouvelle réalité du Genai pour les organisations Proofpoint Bolsters Information Protection Offering with Cross-Channel DLP Capabilities that Address the New GenAI Reality for Organizations 2024-05-01T06:00:00+00:00 https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-bolsters-information-protection-offering-cross-channel-dlp www.secnews.physaphae.fr/article.php?IdArticle=8491734 False None None 2.0000000000000000 ProofPoint - Cyber Firms Quelle est la meilleure façon d'arrêter la perte de données Genai?Adopter une approche centrée sur l'homme What\\'s the Best Way to Stop GenAI Data Loss? Take a Human-Centric Approach 2024-05-01T05:12:14+00:00 https://www.proofpoint.com/us/blog/information-protection/whats-best-way-stop-genai-data-loss-take-human-centric-approach www.secnews.physaphae.fr/article.php?IdArticle=8491708 False Tool,Medical,Cloud ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch Verizon DBIR: Gaffes de sécurité de base sous-tendre la récolte exceptionnelle de violations Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.]]> 2024-05-01T04:01:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/verizon-dbir-basic-security-gaffes-underpin-bumper-crop-of-breaches www.secnews.physaphae.fr/article.php?IdArticle=8491604 False Vulnerability None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'exploitation des vulnérabilités presque triplée comme source de violations de données l'année dernière Exploitation of vulnerabilities almost tripled as a source of data breaches last year Le rapport annuel de violation de données de Verizon \\ a identifié le hack Moveit comme «l'enfant d'affiche» du phénomène.

>Verizon\'s annual data breach report identified the MOVEit hack as the “poster child” of the phenomenon. ]]> 2024-05-01T04:01:00+00:00 https://cyberscoop.com/verizon-data-breach-report-vulnerabilities-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8491605 False Data Breach,Hack,Vulnerability None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Les acteurs de la menace nord-coréenne utilisent de faux entretiens d'embauche pour cibler les développeurs North Korean Threat Actors Use Fake Job Interviews to Target Developers #### Targeted Industries - Information Technology ## Snapshot The Securonix Threat Research Team has been monitoring a new ongoing social engineeri]]> 2024-05-01T01:13:37+00:00 https://community.riskiq.com/article/7ef7309c www.secnews.physaphae.fr/article.php?IdArticle=8491579 False Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus Routeur Roulette: Cybercriminaux et États-nations partageant des réseaux compromis Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm\'s exploitation of EdgeRouters, complementing the FBI\'s advisory from February 27, 2024.]]> 2024-05-01T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/e/router-roulette.html www.secnews.physaphae.fr/article.php?IdArticle=8491686 False None APT 28 3.0000000000000000 Korben - Bloger francais Rabbit R1 – Le super gadget IA trop hype n\'est en fait qu\'une app Android 2024-04-30T23:31:47+00:00 https://korben.info/rabbit-r1-gadget-ia-application-android.html www.secnews.physaphae.fr/article.php?IdArticle=8491526 False Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch Facebook à 20 ans: contempler le coût de la vie privée Facebook at 20: Contemplating the Cost of Privacy As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information.]]> 2024-04-30T23:30:52+00:00 https://www.darkreading.com/data-privacy/facebook-at-20-contemplating-the-cost-of-privacy www.secnews.physaphae.fr/article.php?IdArticle=8491812 False None None 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Easterly fait appel au Congrès sur le financement de la CISA, citant des menaces chinoises contre les infrastructures critiques Easterly appeals to Congress on CISA funding, citing Chinese threats to critical infrastructure Le directeur de l'agence a déclaré au comité des crédits de la Chambre qu'un fonds de 150 millions de dollars permettrait à CISA de renforcer trois initiatives clés.

>The director of the agency told the House Appropriations Committee that a $150 million fund would allow CISA to bolster three key initiatives. ]]> 2024-04-30T22:35:20+00:00 https://cyberscoop.com/jen-easterly-cisa-funding-congress-critical-infrastructure-china/ www.secnews.physaphae.fr/article.php?IdArticle=8491505 False None None 2.0000000000000000 Dark Reading - Informationweek Branch Les attaquants ont planté des millions de référentiels sans image sur Docker Hub Attackers Planted Millions of Imageless Repositories on Docker Hub The purported metadata for each these containers had embedded links to malicious files.]]> 2024-04-30T20:45:23+00:00 https://www.darkreading.com/cyber-risk/attackers-planted-millions-of-imageless-repositories-on-docker-hub www.secnews.physaphae.fr/article.php?IdArticle=8491463 False None None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Le géant des soins de santé est propre au sujet du hack récent et de la rançon payée Health care giant comes clean about recent hack and paid ransom Ransomware attack on the $371 billion company hamstrung US prescription market.]]> 2024-04-30T20:44:58+00:00 https://arstechnica.com/?p=2020827 www.secnews.physaphae.fr/article.php?IdArticle=8491485 False Ransomware,Hack None 2.0000000000000000 Dark Reading - Informationweek Branch Chaîne de médicaments canadiens en mode verrouillage temporaire après le cyber-incident Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident London Drugs offered no details about the nature of the incident, nor when its pharmacies would be functioning normally again.]]> 2024-04-30T20:31:16+00:00 https://www.darkreading.com/cyberattacks-data-breaches/canadian-drug-chain-in-temporary-lockdown-mode-after-cyber-incident www.secnews.physaphae.fr/article.php?IdArticle=8491464 False None None 2.0000000000000000 The Register - Site journalistique Anglais PDG de UnitedHealth: \\ 'La décision de payer la rançon était la mine \\' UnitedHealth CEO: \\'Decision to pay ransom was mine\\' Congress to hear how Citrix MFA snafu led to data theft, $870M+ loss UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cybercriminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn\'t have multi-factor authentication enabled.…]]> 2024-04-30T20:02:59+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/30/unitedhealth_ceo_ransom/ www.secnews.physaphae.fr/article.php?IdArticle=8491441 False Ransomware,Medical None 3.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido ALERTE NOUVELLES: Cybersixgill dévoile \\ 'Intelligence tierce \\' pour livrer une menace spécifique au fournisseur Intel News alert: Cybersixgill unveils \\'Third-Party Intelligence\\' to deliver vendor-specific threat intel Cybersixgill, Le fournisseur de données mondiales de cyber-menace, casséNouveau terrain aujourd'hui en introduisant son module d'intelligence tiers.

LeUn nouveau module fournit une cybersécurité et des menaces spécifiques aux fournisseurs pour les organisations \\ 'Teams de sécurité, permettant & # 8230;(Plus…)

Tel Aviv, Israel – April 30, 2024 – Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module.

The new module delivers vendor-specific cybersecurity and threat intelligence to organizations\' security teams, enabling … (more…) ]]> 2024-04-30T19:22:43+00:00 https://www.lastwatchdog.com/news-alert-cybersixgill-unveils-third-party-intelligence-to-deliver-vendor-specific-threat-intel/ www.secnews.physaphae.fr/article.php?IdArticle=8491442 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les constructeurs automobiles qui mentent sur les mandats de mandats avant de partager les données de localisation, la sonde du Sénat révèle Carmakers lying about requiring warrants before sharing location data, Senate probe finds 2024-04-30T19:16:53+00:00 https://therecord.media/carmakers-lying-about-warrants-location-data www.secnews.physaphae.fr/article.php?IdArticle=8491443 False None None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résoudre le dilemme du service d'assistance avec p-dem Solving the Help Desk Dilemma with P-DEM Une dure réalité pour les entreprises et les agents de l'entreprise d'Enterprise d'aujourd'hui qui dirigent les bureaux d'aide d'entreprise aujourd'hui sont dans une situation très difficile.Ils sont chargés de résoudre un volume considérablement accru de billets, mais n'ont pas la visibilité et les outils nécessaires pour le faire. & # 160;Dépassé et souvent incapable de faire leur travail efficacement, les professionnels de l'assistance [& # 8230;]

>A harsh reality for today\'s enterprise help desks Leaders and agents running enterprise help desks today are in a very tough spot. They are tasked with resolving a dramatically increased volume of tickets, yet lack the visibility and tools needed to do so. Overwhelmed and often unable to do their jobs effectively, help desk professionals […] ]]> 2024-04-30T19:13:26+00:00 https://www.netskope.com/blog/solving-the-help-desk-dilemma-with-p-dem www.secnews.physaphae.fr/article.php?IdArticle=8491440 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des millions de conteneurs malveillants \\ 'sans image \\' plantés sur Docker Hub sur 5 ans Millions of Malicious \\'Imageless\\' Containers Planted on Docker Hub Over 5 Years Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository]]> 2024-04-30T19:06:00+00:00 https://thehackernews.com/2024/04/millions-of-malicious-imageless.html www.secnews.physaphae.fr/article.php?IdArticle=8491274 False None None 1.00000000000000000000 Bleeping Computer - Magazine Américain Les nouvelles attaques de logiciels malveillants de nouvelles latrodectus utilisent des thèmes Microsoft, CloudFlare New Latrodectus malware attacks use Microsoft, Cloudflare themes Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. [...]]]> 2024-04-30T18:08:49+00:00 https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-attacks-use-microsoft-cloudflare-themes/ www.secnews.physaphae.fr/article.php?IdArticle=8491506 False Malware None 2.0000000000000000 Recorded Future - FLux Recorded Future Le Congrès cercles UnitedHealth comme les effets de l'attaque des ransomwares continue Congress circles UnitedHealth as effects of ransomware attack continue 2024-04-30T17:37:51+00:00 https://therecord.media/unitedhealth-group-change-healthcare-ransomware-congress www.secnews.physaphae.fr/article.php?IdArticle=8491397 False Ransomware,Legislation None 2.0000000000000000 Dark Reading - Informationweek Branch Pour endommager les systèmes OT, les pirates exploitent les USB, les anciens bugs &Malware To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware USBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps.]]> 2024-04-30T17:28:56+00:00 https://www.darkreading.com/ics-ot-security/to-damage-ot-systems-hackers-tap-usbs-old-bugs-and-malware www.secnews.physaphae.fr/article.php?IdArticle=8491396 False Malware,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial US DHS fournit des directives de sécurité et de sécurité pour garantir les infrastructures critiques des menaces liées à l'IA US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats Le Département américain de la sécurité intérieure (DHS), en coordination avec la Cybersecurity Infrastructure and Security Agency (CISA), publié ...

>The U.S. Department of Homeland Security (DHS), in coordination with the Cybersecurity Infrastructure and Security Agency (CISA), released... ]]> 2024-04-30T17:20:40+00:00 https://industrialcyber.co/ai/us-dhs-delivers-safety-and-security-guidelines-to-secure-critical-infrastructure-from-ai-related-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8491394 False None None 3.0000000000000000 SecurityWeek - Security News Utilisateurs de Docker Hub ciblés avec des référentiels sans image et malveillants Docker Hub Users Targeted With Imageless, Malicious Repositories JFROG s’alarme après avoir trouvé trois campagnes de logiciels malveillants à grande échelle ciblant Docker Hub avec des référentiels sans image.

>JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories. ]]> 2024-04-30T17:08:48+00:00 https://www.securityweek.com/docker-hub-users-targeted-with-imageless-malicious-repositories/ www.secnews.physaphae.fr/article.php?IdArticle=8491393 False Malware None 3.0000000000000000 SonarSource - Blog Sécu et Codage Conduite DevOps Transformation: nivellement de CI / CD avec analyse de code statique Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis The current software development approach of relying on unit testing to determine if code can be pushed to production isn\'t cutting it. Static code analysis must be incorporated into the development process to catch and help fix quality issues as well.]]> 2024-04-30T17:00:00+00:00 https://www.sonarsource.com/blog/driving-devops-transformation-leveling-up-ci-cd-with-static-code-analysis www.secnews.physaphae.fr/article.php?IdArticle=8491439 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Le FBI a recherché la base de données de la section 702 à moitié autant en 2023, dit l'administration Biden FBI searched Section 702 database half as much in 2023, Biden administration says 2024-04-30T16:50:17+00:00 https://therecord.media/fbi-section-702-fisa-warrantless-searches-down-in-2023 www.secnews.physaphae.fr/article.php?IdArticle=8491369 False None None 2.0000000000000000 Dark Reading - Informationweek Branch Les opérateurs sans fil sont confrontés à 200 millions de dollars FCC à mesure que les eaux de confidentialité des données soient royales Wireless Carriers Face $200M FCC Fine As Data Privacy Waters Roil Verizon, AT&T, and T-Mobile USA are being fined for sharing location data. They plan to appeal the decision, which is the culmination of a four-year investigation into how carriers sold customer data to third parties.]]> 2024-04-30T16:46:57+00:00 https://www.darkreading.com/cyber-risk/fcc-fines-wireless-carriers-200m-for-sharing-location-data www.secnews.physaphae.fr/article.php?IdArticle=8491368 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Deux pirates en Ukraine accusés d'avoir propagé la propagande russe Two hackers in Ukraine accused of spreading Russian propaganda 2024-04-30T16:39:51+00:00 https://therecord.media/two-hackers-accused-of-spreading-propaganda-russia www.secnews.physaphae.fr/article.php?IdArticle=8491370 False Legislation None 3.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Essai d'invité: recalibrer la sécurité des infrastructures critiques à la suite des menaces en évolution GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

Le récent Unitronics Hack , dans lequel les attaquants ont pris le contrôle d'une eau de Pennsylvanie & # 8230; (plus…)

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage.

The recent Unitronics hack, in which attackers took control over a Pennsylvania water … (more…) ]]> 2024-04-30T16:33:22+00:00 https://www.lastwatchdog.com/guest-essay-recalibrating-critical-infrastructure-security-in-the-wake-of-evolving-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8491364 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le gouvernement américain libère de nouvelles ressources contre les menaces d'IA US Government Releases New Resources Against AI Threats The US Department of Homeland Security has released new guidelines for securing critical infrastructure and CBRN from AI threats]]> 2024-04-30T16:30:00+00:00 https://www.infosecurity-magazine.com/news/us-releases-new-resources-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8491710 False None None 2.0000000000000000 UnderNews - Site de news "pirate" francais Journée mondiale du mot de passe : les conseils de Proofpoint Comme vous le savez peut-être, la journée mondiale du mot de passe tombe ce jeudi 2 mai, rappelant à tous l'importance d'adopter des gestes forts pour protéger ses environnements numériques. Tribune – En effet, et selon le Data Breach Investigations Report de Verizon, plus de 80 % des infractions liées au piratage informatique impliquent l'utilisation d'informations […] The post Journée mondiale du mot de passe : les conseils de Proofpoint first appeared on UnderNews.]]> 2024-04-30T16:26:14+00:00 https://www.undernews.fr/authentification-biometrie/journee-mondiale-du-mot-de-passe-les-conseils-de-proofpoint.html www.secnews.physaphae.fr/article.php?IdArticle=8491365 False Data Breach None 2.0000000000000000 CrowdStrike - CTI Society CrowdStrike a nommé le seul choix des clients \\ 'en 2024 Gartner & Reg;«Voix du client» pour la gestion de la surface d'attaque externe CrowdStrike Named the Only Customers\\' Choice in 2024 Gartner® “Voice of the Customer” for External Attack Surface Management As adversaries become faster and stealthier, they relentlessly search for vulnerable assets to exploit. Meanwhile, your digital footprint is expanding, making it increasingly challenging to keep track of all of your assets. It\'s no wonder 76% of breaches in 2023 were due to unknown and unmanaged internet-facing assets. Against this backdrop, it’s more critical than […]]]> 2024-04-30T16:17:33+00:00 https://www.crowdstrike.com/blog/crowdstrike-named-only-customers-choice-for-easm-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8493045 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Philadelphia Inquirer: Données de plus de 25 000 personnes volées en 2023 violation Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. [...]]]> 2024-04-30T16:12:01+00:00 https://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8491465 False None None 2.0000000000000000 Global Security Mag - Site de news francais Keysight introduit des capacités de test pour renforcer la cryptographie post-Quantum Keysight Introduces Testing Capabilities to Strengthen Post-Quantum Cryptography revues de produits

Industry-first testing solution addresses the demand for improved security in the post-quantum era. Enables device and chip vendors to identify and fix hardware vulnerabilities in the design cycle. Supports testing of the latest post-quantum cryptography algorithms as selected by NIST Keysight Technologies, announce an industry-first automated solution designed to test the robustness of post-quantum cryptography (PQC). This latest addition to Keysight Inspector is a notable expansion of (...) - Product Reviews]]> 2024-04-30T16:08:03+00:00 https://www.globalsecuritymag.fr/keysight-introduces-testing-capabilities-to-strengthen-post-quantum.html www.secnews.physaphae.fr/article.php?IdArticle=8491385 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le gouvernement américain publie de nouvelles directives de sécurité de l'IA pour les infrastructures critiques U.S. Government Releases New AI Security Guidelines for Critical Infrastructure The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)&]]> 2024-04-30T16:06:00+00:00 https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html www.secnews.physaphae.fr/article.php?IdArticle=8491192 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ransomware augmente malgré les retraits, explique Corvus Report Ransomware Rising Despite Takedowns, Says Corvus Report The first quarter of 2024 saw the most ransomware activity ever recorded, Corvus Insurance found in a new analysis]]> 2024-04-30T16:00:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-rising-takedowns-corvus/ www.secnews.physaphae.fr/article.php?IdArticle=8491338 False Ransomware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le YMCA a été condamné à une amende pour violation de données, l'ICO soulève des préoccupations concernant la vie privée pour les personnes victimes du VIH YMCA Fined for Data Breach, ICO Raises Concerns About Privacy for People with HIV Central YMCA was fined £7,500 for a data breach exposing HIV information of support program participants, prompting the ICO to call for stronger privacy protections for people with HIV]]> 2024-04-30T15:30:00+00:00 https://www.infosecurity-magazine.com/news/ico-raises-concerns-privacy-hiv/ www.secnews.physaphae.fr/article.php?IdArticle=8491339 False Data Breach None 2.0000000000000000 Wired Threat Level - Security News 7 meilleures tablettes de dessin (2024): Wacom, iPad, sans écran, Android et Windows 7 Best Drawing Tablets (2024): Wacom, iPad, Screenless, Android, and Windows Whether you\'re photo-editing or illustrating, the right drawing tablet can transform your workflow. These digital art slates are WIRED-tested and approved.]]> 2024-04-30T15:30:00+00:00 https://www.wired.com/gallery/best-drawing-tablets/ www.secnews.physaphae.fr/article.php?IdArticle=8491335 False Mobile None 3.0000000000000000 Zataz - Magazine Francais de secu Google sécurise Chrome contre une dangereuse faille permettant des attaques furtives 2024-04-30T15:21:23+00:00 https://www.zataz.com/google-securise-chrome-contre-une-dangereuse-faille-permettant-des-attaques-furtives/ www.secnews.physaphae.fr/article.php?IdArticle=8491336 False None None 2.0000000000000000 RedCanary - Red Canary Les avantages du Genai par la fonction SOC The benefits of GenAI by SOC function The security industry is leaning hard into GenAI, but how might this emerging technology benefit the various functions within a SOC?]]> 2024-04-30T15:20:03+00:00 https://redcanary.com/blog/security-operations/benefits-of-genai-by-soc-function/ www.secnews.physaphae.fr/article.php?IdArticle=8491340 False None None 3.0000000000000000 Global Security Mag - Site de news francais Keeper Security Forges Cybersecurity Partnership avec Williams Racing Keeper Security Forges Cybersecurity Partnership With Williams Racing nouvelles commerciales

Keeper and Williams Racing today announce a new multi-year sponsorship Keeper Security, the leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, connections and privileged access, joins Williams Racing as an Official Partner on the eve of the F1 Miami Grand Prix. Trusted by thousands of businesses and millions of individuals globally for its zero-trust and zero-knowledge cybersecurity software, Keeper\'s branding will appear on (...) - Business News]]> 2024-04-30T14:58:52+00:00 https://www.globalsecuritymag.fr/keeper-security-forges-cybersecurity-partnership-with-williams-racing.html www.secnews.physaphae.fr/article.php?IdArticle=8491356 True None None 2.0000000000000000 Bleeping Computer - Magazine Américain Google paie maintenant jusqu'à 450 000 $ pour les bogues RCE dans certaines applications Android Google now pays up to $450,000 for RCE bugs in some Android apps Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [...]]]> 2024-04-30T14:33:51+00:00 https://www.bleepingcomputer.com/news/security/google-now-pays-up-to-450-000-for-rce-bugs-in-some-android-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8491419 False Vulnerability,Mobile None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Xage annonce l'analyse et les capacités d'informations alimentées par AI pour stimuler l'accès et la protection Zero Trust Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection Xage Security, a vendor of zero trust access and protection solutions, announced Tuesday new AI-powered analytics and insight... ]]> 2024-04-30T14:18:26+00:00 https://industrialcyber.co/news/xage-announces-ai-powered-analytics-and-insight-capabilities-to-boost-zero-trust-access-and-protection/ www.secnews.physaphae.fr/article.php?IdArticle=8491313 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Sur le rôle de CISA \\ dans la protection des infrastructures critiques, la Maison Blanche s'en tient au script On CISA\\'s role in protecting critical infrastructure, White House sticks to the script 2024-04-30T14:06:10+00:00 https://therecord.media/biden-signs-updated-ppd-21-cisa-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8491281 False None None 2.0000000000000000 Dark Reading - Informationweek Branch Les 6 séances de sécurité des données que vous ne devriez pas manquer au RSAC 2024 The 6 Data Security Sessions You Shouldn\\'t Miss at RSAC 2024 Themed "The Art of Possible," this year\'s conference celebrates new challenges and opportunities in the age of AI.]]> 2024-04-30T14:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/6-data-security-sessions-you-shouldnt-miss-rsac-2024 www.secnews.physaphae.fr/article.php?IdArticle=8491278 False Conference None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les agences d'espionnage américaines pour partager l'intelligence sur les infrastructures critiques dans la refonte des politiques US spy agencies to share intelligence on critical infrastructure in policy revamp Un document de politique révisé vise à clarifier les rôles et les responsabilités des agences fédérales chargées de sécuriser les infrastructures critiques américaines.

>A revised policy document aims to clarify the roles and responsibilities of federal agencies responsible for securing U.S. critical infrastructure. ]]> 2024-04-30T14:00:00+00:00 https://cyberscoop.com/critical-infrastructure-memorandum-ppd-21/ www.secnews.physaphae.fr/article.php?IdArticle=8491283 False None None 2.0000000000000000 Krebs on Security - Chercheur Américain Les patients en psychothérapie à masse masse reçoivent six ans Man Who Mass-Extorted Psychotherapy Patients Gets Six Years A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.]]> 2024-04-30T13:34:32+00:00 https://krebsonsecurity.com/2024/04/man-who-mass-extorted-psychotherapy-patients-gets-six-years/ www.secnews.physaphae.fr/article.php?IdArticle=8491298 False Legislation None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial US DHS établit une commission de sécurité et de sécurité de l'IA pour conseiller sur le déploiement sûr dans les infrastructures critiques US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure Le Département américain de la sécurité intérieure (DHS) a récemment annoncé la création de la sécurité et de la sécurité de l'intelligence artificielle ...

>The U.S. Department of Homeland Security (DHS) recently announced the establishment of the Artificial Intelligence Safety and Security... ]]> 2024-04-30T13:34:00+00:00 https://industrialcyber.co/ai/us-dhs-establishes-ai-safety-and-security-board-to-advise-on-safe-deployment-in-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8491276 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain Des millions de repos de docker ont trouvé des logiciels malveillants, des sites de phishing Millions of Docker repos found pushing malware, phishing sites Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. [...]]]> 2024-04-30T13:32:10+00:00 https://www.bleepingcomputer.com/news/security/millions-of-docker-repos-found-pushing-malware-phishing-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8491395 False Malware None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Des millions de contenants malveillants trouvés sur Docker Hub Millions of Malicious Containers Found on Docker Hub According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware]]> 2024-04-30T13:30:00+00:00 https://www.infosecurity-magazine.com/news/malicious-containers-found-docker/ www.secnews.physaphae.fr/article.php?IdArticle=8491277 False Spam,Malware None 2.0000000000000000 Korben - Bloger francais WeTransfer intègre un nouveau système de paiement qui va plaire à tous les créatifs 2024-04-30T13:26:17+00:00 https://korben.info/wetransfer-revolutionne-le-partage-fichiers-paiement-integre.html www.secnews.physaphae.fr/article.php?IdArticle=8491337 False None None 3.0000000000000000 Global Security Mag - Site de news francais BlackBerry présente Cylance Assistant, le niveau supérieur de cybersécurité avec des capacités d\'IA générative Produits]]> 2024-04-30T13:23:45+00:00 https://www.globalsecuritymag.fr/blackberry-presente-cylance-assistant-le-niveau-superieur-de-cybersecurite-avec.html www.secnews.physaphae.fr/article.php?IdArticle=8491299 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Onyxie présente l'IA à la plate-forme de gestion de la cybersécurité pour alimenter la gestion du programme de sécurité prédictive Onyxia Introduces AI to Cybersecurity Management Platform to Power Predictive Security Program Management revues de produits

AI and ML Solution provides CISOs with a predictive, deeper level of security analysis and management Onyxia Cyber, leaders in cybersecurity management, today unveiled OnyxAI, Onyxia\'s AI-driven Predictive Cybersecurity Management Engine, to deliver powerful insights that enable security leaders to proactively optimize security performance, resource allocation, and risk management. OnyxAI uses statistical analysis, machine learning, and generative AI, including LLM and NLP models, to (...) - Product Reviews]]> 2024-04-30T13:22:34+00:00 https://www.globalsecuritymag.fr/onyxia-introduces-ai-to-cybersecurity-management-platform-to-power-predictive.html www.secnews.physaphae.fr/article.php?IdArticle=8491300 False None None 3.0000000000000000 SecurityWeek - Security News La vulnérabilité dans le langage de programmation R pourrait alimenter les attaques de la chaîne d'approvisionnement Vulnerability in R Programming Language Could Fuel Supply Chain Attacks Une vulnérabilité (CVE-2024-27322) dans l'implémentation du langage de programmation R peut être exploitée pour exécuter arbitraire et être utilisée dans le cadre d'une attaque de chaîne d'approvisionnement.

>A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack. ]]> 2024-04-30T13:07:55+00:00 https://www.securityweek.com/vulnerability-in-r-programming-language-enables-supply-chain-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8491312 False Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais Danemark \\'s S! Rene Système d'alerte publique à l'aide de la solution utimaco \\'s U.Warn fait partie du magasin annuel Hyledag Denmark\\'s S!RENEN Public Warning System using Utimaco\\'s u.warn solution is part of the annual STORE HYLEDAG nouvelles commerciales

S!RENEN, the Danish Public Warning System launched last year, is used by the Danish Police for any case of emergency that requires real-time communication to citizens and visitors in a certain area. Utimaco, a leading global provider of IT security solutions and public warning systems announced last year that the Danish Ministry of Defense Acquisition and Logistics Organization (DALO) had adopted Utimaco\'s u.warn solution module Command Post as the Cell Broadcast Entity (CBE) to manage (...) - Business News]]> 2024-04-30T13:01:16+00:00 https://www.globalsecuritymag.fr/denmark-s-s-renen-public-warning-system-using-utimaco-s-u-warn-solution-is-part.html www.secnews.physaphae.fr/article.php?IdArticle=8491301 False Legislation None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Infinity Global Services \\ 'Cyber Park présente «Nemesis» & # 8211;Une aventure en cybersécurité vous attend! Infinity Global Services\\' Cyber Park Introduces “Nemesis” – A Cyber Security Adventure Awaits! 2024-04-30T13:00:55+00:00 https://blog.checkpoint.com/infinity-global-services/infinity-global-services-cyber-park-introduces-nemesis-a-cyber-security-adventure-awaits/ www.secnews.physaphae.fr/article.php?IdArticle=8491280 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Hacker qui a chanté les patients en psychothérapie condamné à six ans de prison Hacker who blackmailed psychotherapy patients sentenced to six years in prison 2024-04-30T13:00:21+00:00 https://therecord.media/julius-kivimaki-hacker-finland-psychotherapy-center-sentencing www.secnews.physaphae.fr/article.php?IdArticle=8491282 False Legislation None 3.0000000000000000 Security Intelligence - Site de news Américain Les solutions de cybersécurité AI détectent les ransomwares en moins de 60 secondes AI cybersecurity solutions detect ransomware in under 60 seconds Vous vous inquiétez des ransomwares?Si c'est le cas, ce n'est pas surprenant.Selon le Forum économique mondial, pour les cyber-pertes importantes (& # 8364; 1 million +), le nombre de cas dans lesquels les données sont exfiltrées augmentent, double de 40% en 2019 à près de 80% en 2022. Et une activité plus récente estsuivi encore plus haut.Pendant ce temps, d'autres dangers apparaissent sur [& # 8230;]

>Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher. Meanwhile, other dangers are appearing on […] ]]> 2024-04-30T13:00:00+00:00 https://securityintelligence.com/articles/ai-cybersecurity-threat-detection-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8491273 False Ransomware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Désinformation: l'UE ouvre sonde contre Facebook et Instagram avant les élections Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election Meta\'s moderation failings could allow coordinated disinformation campaigns to thrive in the run-up to the EU election]]> 2024-04-30T13:00:00+00:00 https://www.infosecurity-magazine.com/news/eu-probe-faceboo-instagram/ www.secnews.physaphae.fr/article.php?IdArticle=8491248 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pays de la Baltique blâment la Russie pour le brouillage GPS des vols commerciaux Baltic countries blame Russia for GPS jamming of commercial flights 2024-04-30T12:51:30+00:00 https://therecord.media/baltic-countries-blame-russia-gps-jamming-airline-flights www.secnews.physaphae.fr/article.php?IdArticle=8491249 False Commercial None 3.0000000000000000 Bleeping Computer - Magazine Américain Nouveau Wpeeper Android Malware se cache derrière des sites WordPress piratés New Wpeeper Android malware hides behind hacked WordPress sites A new Android backdoor malware named \'Wpeeper\' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. [...]]]> 2024-04-30T12:41:57+00:00 https://www.bleepingcomputer.com/news/security/new-wpeeper-android-malware-hides-behind-hacked-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8491367 False Malware,Mobile None 2.0000000000000000 ComputerWeekly - Computer Magazine Gardien pour aider Williams F1 à retenir les cyber-défis Keeper to help Williams F1 keep up with cyber challenges 2024-04-30T12:38:00+00:00 https://www.computerweekly.com/news/366582855/Keeper-to-help-Williams-F1-keep-up-with-cyber-challenges www.secnews.physaphae.fr/article.php?IdArticle=8491366 False None None 3.0000000000000000 GoogleSec - Firm Security Blog Détection du vol de données du navigateur à l'aide des journaux d'événements Windows Detecting browser data theft using Windows Event Logs dbsc Cela aidera à perturber l'industrie du vol de cookies car l'exfiltration de ces cookies n'aura plus de valeur. Lorsqu'il n'est pas possible d'éviter le vol d'identification et de cookies par malware, la prochaine meilleure chose est de rendre l'attaque plus observable par antivirus, d'agents de détection de terminaux ou d'administrateurs d'entreprise avec des outils d'analyse de journaux de base. Ce blog décrit un ensemble de signaux à utiliser par les administrateurs système ou les agents de détection de point de terminaison qui devraient signaler de manière fiable tout accès aux données protégées du navigateur d'une autre application sur le système.En augmentant la probabilité d'une attaque détectée, cela modifie le calcul pour les attaquants qui pourraient avoir un fort désir de rester furtif et pourraient les amener à repenser ces types d'attaques contre nos utilisateurs. arrière-plan Les navigateurs basés sur le chrome sur Windows utilisent le DPAPI (API de protection des données) pour sécuriser les secrets locaux tels que les cookies, le mot de passe, etc.La protection DPAPI est basée sur une clé dérivée des informations d'identification de connexion de l'utilisateur et est conçue pour se protéger contre l'accès non autorisé aux secrets des autres utilisateurs du système ou lorsque le système est éteint.Étant donné que le secret DPAPI est lié à l'utilisateur connecté, il ne peut pas protéger contre les attaques de logiciels malveillants locaux - l'exécution de logiciels malveillants en tant qu'utilisateur ou à un niveau de privilège plus élevé peut simplement appeler les mêmes API que le navigateur pour obtenir le secret DPAPI. Depuis 2013, Chromium applique l'indicateur CryptProtect_Audit aux appels DPAPI pour demander qu'un journal d'audit soit généré lorsque le décryptage se produit, ainsi que le marquage des données en tant que détenue par le navigateur.Parce que tout le stockage de données crypté de Chromium \\ est soutenu par une clé sécurisée DPAPI, toute application qui souhaite décrypter ces données, y compris les logiciels malveillants, devrait toujours générer de manière fiable un journal d'événements clairement observable, qui peut être utilisé pour détecter ces typesd'attaques. Il y a trois étapes principales impliquées dans le profit de ce journal: Activer la connexion sur l'ordinateur exécutant Google Chrome, ou tout autre navigateur basé sur le chrome. Exporter les journaux des événements vers votre système backend. Créer une logique de détection pour détecter le vol. Ce blog montrera également comment la journalisation fonctionne dans la pratique en la testant contre un voleur de mot de passe Python. Étape 1: Activer la connexion sur le système Les événements DPAPI sont connectés à deux endroits du système.Premièrement, il y a le 4693 Événement qui peut être connecté au journal de sécurité.Cet événement peut être activé en activant "Audit l'activité DPAPI" et les étapes pour ce faire sont d]]> 2024-04-30T12:14:48+00:00 http://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html www.secnews.physaphae.fr/article.php?IdArticle=8493535 False Malware,Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais CIGENT et Swissbit annoncent le partenariat pour améliorer la sécurité des données de point final Cigent and Swissbit announce partnership to enhance endpoint data security nouvelles commerciales

Cigent, a leading provider of endpoint data protection solutions, and Swissbit, a leading manufacturer of storage, security, and embedded IoT solutions, today announced a strategic partnership to offer a comprehensive portfolio of secure storage drives designed to safeguard endpoint data against a growing landscape of cyberthreats. This collaboration addresses the urgent market requirements for improved data security on endpoint devices, where a significant majority of sensitive data (...) - Business News]]> 2024-04-30T12:12:57+00:00 https://www.globalsecuritymag.fr/cigent-and-swissbit-announce-partnership-to-enhance-endpoint-data-security.html www.secnews.physaphae.fr/article.php?IdArticle=8491264 False None None 2.0000000000000000 Global Security Mag - Site de news francais Semperis prolonge la détection des attaques basée sur la ML avec une orientation spécialisée sur les risques d'identité Semperis Extends ML-Based Attack Detection with Specialised Identity Risk Focus revues de produits

Identity Runtime Protection (IRP), the first offering in the Semperis Lightning™ platform, merges deep machine learning with unmatched identity security expertise to detect and stop the most successful attack techniques Semperis announce the release of Lightning Identity Runtime Protection (IRP), a new identity threat detection and response (ITDR) offering that uses machine learning models developed by identity security experts to detect widespread and successful attack patterns such as (...) - Product Reviews]]> 2024-04-30T12:05:17+00:00 https://www.globalsecuritymag.fr/semperis-extends-ml-based-attack-detection-with-specialised-identity-risk-focus.html www.secnews.physaphae.fr/article.php?IdArticle=8491265 False Threat None 3.0000000000000000 Sekoia - Cyber Firms Garder la démocratie: évaluation des cybermenaces pour 2024 élections mondiales Guarding Democracy: Assessing Cyber Threats to 2024 Worldwide Elections Résumé de l'exécutif Introduction 2024 marque un moment charnière dans la politique mondiale en tant que nombre inhabituel d'élections et se déroulera dans diverses nations, englobant environ 54% de la population du monde.Les élections servent d'événements clés dans les sociétés démocratiques, ce qui signifie non seulement la volonté du peuple mais aussi la stabilité et la continuité de la gouvernance.[& # 8230;] la publication Suivante Gardant la démocratie: évaluation des cyber-menaces pour 2024 dans le monde entier dans le monde entierÉlections est un article de blog Sekoia.io .

>Executive Summary Introduction 2024 marks a pivotal moment in global politics as an unusual number of elections have and will take place across various nations, encompassing approximately 54% of the world’s population. Elections serve as keystone events in democratic societies, signifying not only the will of the people but also stability and continuity in governance. […] La publication suivante Guarding Democracy: Assessing Cyber Threats to 2024 Worldwide Elections est un article de Sekoia.io Blog.]]> 2024-04-30T12:00:00+00:00 https://blog.sekoia.io/guarding-democracy-assessing-cyber-threats-to-2024-worldwide-elections/ www.secnews.physaphae.fr/article.php?IdArticle=8491247 False None None 2.0000000000000000 Dragos - CTI Society Qu'est-ce que la cybersécurité OT et en quoi diffère-t-elle de la cybersécurité informatique? What Is OT Cybersecurity and How Does It Differ from IT Cybersecurity? Dragos est une entreprise de cybersécurité industrielle tirant parti des logiciels, des renseignements et des services professionnels pour protéger la civilisation.Le SANS Institute rend la cybersécurité ... Le post Qu'est-ce que la cybersécurité OT et en quoi diffère-t-elle de la cybersécurité? est apparu pour la première fois sur dragos .

>Dragos is an industrial cybersecurity company leveraging software, intelligence, and professional services to safeguard civilization. The SANS Institute empowers cybersecurity... The post What Is OT Cybersecurity and How Does It Differ from IT Cybersecurity? first appeared on Dragos.]]> 2024-04-30T12:00:00+00:00 https://www.dragos.com/blog/what-is-ot-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8491217 False Industrial None 3.0000000000000000 Recorded Future - FLux Recorded Future L'UE enquête sur la méta pour des échecs présumés sur les ingérence des élections russes EU investigating Meta for suspected failures over Russian election interference 2024-04-30T11:59:58+00:00 https://therecord.media/european-commission-meta-investigation-russia-elections www.secnews.physaphae.fr/article.php?IdArticle=8491221 False None None 2.0000000000000000 Global Security Mag - Site de news francais La France fait état du plus fort taux d\'attaques par ransomware en 2024, selon le rapport de Sophos sur l\'état des ransomwares Investigations]]> 2024-04-30T11:50:17+00:00 https://www.globalsecuritymag.fr/la-france-fait-etat-du-plus-fort-taux-d-attaques-par-ransomware-en-2024-selon.html www.secnews.physaphae.fr/article.php?IdArticle=8491237 False Ransomware None 3.0000000000000000 Korben - Bloger francais GitHub Copilot Workspace – L\'environnement de dev piloté par l\'IA ! 2024-04-30T11:48:33+00:00 https://korben.info/github-copilot-workspace-environnement-dev-pilote-ia.html www.secnews.physaphae.fr/article.php?IdArticle=8491275 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ransom Payments augmente de 500% à une moyenne de 2 millions de dollars Ransom Payments Surge by 500% to an Average of $2m Sophos found that the average ransom payment was $2m in 2023, with 63% of ransom demands $1m or more]]> 2024-04-30T11:40:00+00:00 https://www.infosecurity-magazine.com/news/ransom-payments-surge-500/ www.secnews.physaphae.fr/article.php?IdArticle=8491220 False Studies None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial US DOE déploie un rapport d'évaluation initial sur les avantages et les risques de l'IA pour l'infrastructure énergétique critique US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure The U.S. Department of Energy (DOE) released a summary report on the potential benefits and risks of artificial... ]]> 2024-04-30T11:30:29+00:00 https://industrialcyber.co/ai/us-doe-rolls-out-initial-assessment-report-on-ai-benefits-and-risks-for-critical-energy-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8491224 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La loi du nouveau Royaume-Uni interdit les mots de passe par défaut sur les appareils intelligents à partir d'avril 2024 New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024 The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to]]> 2024-04-30T11:27:00+00:00 https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html www.secnews.physaphae.fr/article.php?IdArticle=8491077 False None None 4.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain WhatsApp en Inde WhatsApp in India tirage whatsapp Out of India si les tribunaux essaient de le forcer à briser son chiffrement de bout en bout.

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.]]> 2024-04-30T11:00:28+00:00 https://www.schneier.com/blog/archives/2024/04/whatsapp-in-india.html www.secnews.physaphae.fr/article.php?IdArticle=8491195 False None None 2.0000000000000000