This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T17:11:35+00:00 www.secnews.physaphae.fr TechRepublic - Security News US 2020-06-25T19:30:34+00:00 https://www.techrepublic.com/article/ohio-using-ai-to-cull-old-laws-and-streamline-regulations/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1774364 False Tool Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC more vulnerable targets to cyberattacks. Schools are finding themselves outmatched as these threats intensify. Parents likewise need to learn about and ensure safe cybersecurity practices for their kids, and would therefore also benefit from learning about the security methods that we are about to cover. In this article, we’ll discuss how school technology leaders can develop the necessary strategies to protect against and mitigate breaches by procuring technology and developing risk management policies and planning for incidents before they occur. Why Are Schools At Risk of Cyber Attacks? In the face of the COVID-19 pandemic, the focus and attention of most of the cybersecurity community have been on protecting government institutions, the airline industry, and the healthcare industry from hackers. This is good, but educational institutions are at just as much risk from malicious hackers as the above industries and organizations are as well. If anything, this risk has only increased significantly due to the record numbers of students who are now attending school via online learning platforms, video conferences, and e-learning environments. In the United States, the Federal Bureau of Investigation has warned extensively about the greatly increased cybersecurity risks of teleconferencing and online classrooms. The FBI specifically cites examples of malicious cybercriminals delivering threatening content to Zoom classroom calls (colloquially referred to as Zoom-bombing), which has even resulted in numerous school districts pulling out of Zoom and seeking alternative platforms. This highlights a larger issue of schools and school districts using technology that has either not been properly vetted or that educators and students are not prepared to use safely. In other words, even as school districts turn to alternative teleconferencing options besides Zoom, they can still be a major risk of falling prey to hackers and cybercriminals. This leads us to our next question: what exactly can school districts and educational inst]]> 2020-06-15T11:00:00+00:00 https://feeds.feedblitz.com/~/627516638/0/alienvault-blogs~Cybersecurity-in-education-Securing-schools-as-they-transition-to-online-learning www.secnews.physaphae.fr/article.php?IdArticle=1768813 False Malware,Vulnerability,Guideline Deloitte None TechRepublic - Security News US 2020-06-02T13:58:48+00:00 https://www.techrepublic.com/article/deloitte-launches-model-to-help-organizations-reboot-workspaces/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1746288 False None Deloitte None IT Security Guru - Blog Sécurité 2020-05-22T10:23:12+00:00 https://www.itsecurityguru.org/2020/05/22/unemployment-claimants-suffer-data-breach/?utm_source=rss&utm_medium=rss&utm_campaign=unemployment-claimants-suffer-data-breach www.secnews.physaphae.fr/article.php?IdArticle=1725586 False Data Breach Deloitte 4.0000000000000000 TechRepublic - Security News US 2020-05-21T17:09:32+00:00 https://www.techrepublic.com/article/kinetic-tech-leaders-needed-to-reinvent-the-enterprise/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1723675 False None Deloitte None TechRepublic - Security News US 2020-05-19T18:27:31+00:00 https://www.techrepublic.com/article/businesses-are-reopening-but-dont-expect-pre-crisis-operating-levels-until-2021/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1718934 False None Deloitte None TechRepublic - Security News US 2020-05-13T18:23:34+00:00 https://www.techrepublic.com/article/nearly-60-of-cfos-dont-expect-a-return-to-near-normal-operations-in-2020/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1707362 False None Deloitte None TechRepublic - Security News US 2020-04-09T20:16:10+00:00 https://www.techrepublic.com/article/deloitte-highlights-top-9-challenges-for-enterprises-during-covid-19-crisis/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1645425 False Guideline Deloitte None TechRepublic - Security News US 2020-03-23T13:50:50+00:00 https://www.techrepublic.com/article/3-ways-to-revamp-the-hiring-process-for-cybersecurity-jobs/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1615826 False None Deloitte None TechRepublic - Security News US 2020-03-11T12:30:08+00:00 https://www.techrepublic.com/article/local-governments-dont-pay-ransoms-to-hackers/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1592012 False Ransomware Deloitte None CSO - CSO Daily Dashboard ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau of Investigation indicated the attackers used Russian-made malware known as Ryuk. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ]]]> 2020-03-11T05:54:00+00:00 https://www.csoonline.com/article/3531961/deloitte-8-things-municipal-governments-can-do-about-ransomware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1591959 False Ransomware Deloitte None TechRepublic - Security News US 2020-01-27T19:55:29+00:00 https://www.techrepublic.com/article/software-developers-can-create-better-programs-with-ai/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1512744 False None Deloitte None TechRepublic - Security News US 2020-01-20T11:00:16+00:00 http://www.techrepublic.com/article/leaders-like-the-idea-of-industry-4-0-more-than-reality/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1502207 False None Deloitte None TechRepublic - Security News US 2019-11-29T10:00:09+00:00 https://www.techrepublic.com/article/how-businesses-plan-to-accelerate-growth-in-2020/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1493312 False None Deloitte None NoticeBored - Experienced IT Security professional ISO 22301, already an excellent standard on business continuity, has just been revised and republished. Advisera has a useful page of info about ISO 22301 here.There's quite a bit of common ground between business continuity and information risk and security, especially as most organizations are highly dependent on their information, IT systems and processes. The most significant risks are often the same, hence it makes sense to manage both aspects competently and consistently. The ISO 'management system' structured approach is effective from the governance and management perspective.  Aligning/coordinating the infosec and business continuity management systems has several valuable benefits since they are complementary. Extending that thought, it occurs to me that most if not all other areas of management also have information risk and security implications:Physical site security and facilities management (e.g. reliable power and cooling for the servers);IT and information management (dataflows, information architecture, information systems and networks and processes, intellectual property, innovation, creativity);Change management (ranging from version control through projects and initiatives up to strategic changes);Incident management (see below);Risk management (as a whole, not just information risks);Privacy management;]]> 2019-11-07T17:41:58+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/Ab_6GEHY1Js/nblog-nov-7-super-management-systems.html www.secnews.physaphae.fr/article.php?IdArticle=1495751 False None Deloitte None TechRepublic - Security News US 2019-11-07T15:53:30+00:00 https://www.techrepublic.com/article/software-companies-continue-the-winning-streak-on-deloittes-fast-500-list/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1451985 False Guideline Deloitte None TechRepublic - Security News US 2019-10-24T14:39:20+00:00 https://www.techrepublic.com/article/top-5-ways-organizations-can-secure-their-iot-devices/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1424164 False None Deloitte None RedTeam PL - DarkTrace: AI bases detection https://attack.mitre.org/] “is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations” which recommends the Conveigh honeypot [https://github.com/Kevin-Robertson/Conveigh] for detection of the LLMNR/NBT-NS Poisoning and Relay]]> 2019-10-18T13:25:14+00:00 https://blog.redteam.pl/2019/10/bypassing-llmnr-nbns-honeypot.html www.secnews.physaphae.fr/article.php?IdArticle=1798888 False Threat,Guideline Deloitte 2.0000000000000000 TechRepublic - Security News US 2019-10-15T15:46:28+00:00 https://www.techrepublic.com/article/how-to-market-your-business-for-the-digital-age-7-key-trends/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1405136 False None Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC repair the damage when they happen. Companies and institutions across industries lose money from cyber attacks all the time.  There are the more obvious ways like piracy, data breaches, and litigation. There are also ways that accountants can’t quite put a dollar figure on, such as reputational damage that makes customers and clientele less likely to want to buy a company’s products and services in the future. Everything is digital these days, both on premises and in the cloud. So cybersecurity staff and security measures are things you have to spend money on. But how should your company determine how much money to budget for security? And how should your company determine how to spend it? Photo by Fabian Blank on Unsplash What is a typical cybersecurity budget? While there is no one-size-fits-all answer when trying to decide what a “typical budget” looks like for cybersecurity operations, there are a few studies that have been done that can provide some insight. A recent study by Deloitte and the Financial Services Information Sharing and Analysis Center found that financial services on average spend 10% of their IT budgets on cybersecurity. That’s approximately 0.2% to 0.9% of company revenue or $1,300 to $3,000 spent per full time employee. For a bigger picture benchmark, consider that Microsoft CEO Satya Nadella recently revealed in a statement that the tech behemoth “will invest more than $1 billion each year in cybersecurity for the foreseeable future”. Finally, it’s worth noting that the 2019 U.S. President’s budget allocated $15 billion in spending on cybersecurity, about 0.3% of the entire fiscal budget ($4.746 trillion). And while none of these figures can clarify what a “typical” budget should look like for the average business or organization, they can at least provide a benchmark for how larger tech firms, financial service companies and governments are allocating cybersecurity spend as a percentage of overall budget. Considerations for your cybersecurity budget There are so many different variables and factors involved when it comes to determining your cybersecurity budget. I’ll offer you some tips which can be used as a starting point to help your company decide. I asked Kate Brew, from AT&T Cybersecurity, to send a tweet to get views from various industry decision makers. The question was “Cybersecurity budgets come in many sizes. How does your company determine yours?” Here are some responses, which should illustrate what typical cybersecurity budgets are. Some of the responses were a bit tongue-in-cheek: “They keep me far away from budget/financial decisions at my company but I’d like to think a d20 is involved somehow...” (I love Dungeons and Dragons references!) “Yeah. They most often range in size from ‘miniscule,’ to ‘barely visible to the unaided eye.’” “Pick a number and subtract that number from itself. That&]]> 2019-09-23T13:00:00+00:00 https://feeds.feedblitz.com/~/607072210/0/alienvault-blogs~How-to-justify-your-cybersecurity-budget-in www.secnews.physaphae.fr/article.php?IdArticle=1356143 False Threat,Studies Deloitte None TechRepublic - Security News US 2019-09-10T13:59:03+00:00 https://www.techrepublic.com/article/how-to-best-handle-legacy-models-during-a-digital-transformation/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1317664 False None Deloitte None SecurityWeek - Security News 2019-08-24T11:10:05+00:00 https://www.securityweek.com/vulnerability-found-simplemdm-apple-device-management-solution www.secnews.physaphae.fr/article.php?IdArticle=1283878 False Vulnerability FedEx,Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Deloitte survey, large enterprises spend thousands per employee and up to hundreds of millions of dollars per annum on cybersecurity, often deploying dozens or even hundreds of expensive and sophisticated security solutions along the way. For our bike manufacturer, it’s impossible to wade through all of the solutions on offer from the thousands of cybersecurity vendors out there. Their business is at risk through no fault of their own and the “solution” to mitigating that risk is beyond reasonable allocation of resources. Mind you, it’s not just the bicycle company in this race. There’s the contract manufacturer that actually assembles the bikes, the advertising agency that promotes them, the distributors that get them into stores and perhaps 20 other major partners and subcontractors who support the core business. And this is just one major bicycle brand! There are millions of other mid-sized enterprises around the globe with the exact same problem. Every business, including the Fortune 500, would relish the opportunity to be more efficient in cybersecurity and to put more money back into the business. But for mid-sized companies, who don’t have the same resources to protect themselves, it’s a matter of survival. Our bicycle brand should be focused on engineering the perfect machine to break a 36mph Tour de France stage speed, not on cybersecurity. This shouldn’t be something that soaks up resources and diverts attention from the core business. That’s precisely why AlienVault automated threat detection and streamlined response, and why we continue to focus on making security more accessible as AT&T Cybersecurity.  What gets me excited for customers like the bicycle manufacturer is the ability to do all that and more, on a much grander scale, because of what AT&T brings to the table. With a core mission of connecting people where they live and work for more than 140 years, security is in AT&T’s DNA. Ever since there was something of value carried over a network, AT&T has been a leader—including what is now called cybersecurity. Serving more than 3 million companies globally from the smallest business to nearly all the Fortune 1000 has given AT&T unrivaled visibility into the threats and needs of business customers. And as a trusted advisor that provides countless integrated business solutions around the globe, AT&T has assembled a broad portfolio of nearly all of the leading security vendors to help in the mission. We now have the opportunity to integrate AT&T’s unparalleled threat intelligence, AlienVault’s proven strengths in automation, and the world’s best cybersecurity solutions into one unified platform that eliminates cost and complexity for millions of companies both large and small. The bicycle manufacturer can choose to use the platform to manage security themselves, outsource the work completely, or utilize a collaborative model that utilizes collective expertise and capabilities. This is enabled through the AT&T consulting and managed services teams or through]]> 2019-08-01T12:30:00+00:00 https://feeds.feedblitz.com/~/605127584/0/alienvault-blogs~For-midsized-enterprises-to-win-the-cybersecurity-race-the-game-needs-to-change www.secnews.physaphae.fr/article.php?IdArticle=1236739 False Threat,Guideline Deloitte None TechRepublic - Security News US 2019-08-01T12:00:00+00:00 https://www.techrepublic.com/article/top-10-iot-security-risks-for-businesses/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1236745 False None Deloitte None TechRepublic - Security News US 2019-03-14T15:53:02+00:00 https://www.techrepublic.com/article/7-tech-capabilities-your-business-needs-to-hit-digital-transformation-success/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1069523 False None Deloitte None TechRepublic - Security News US 2019-03-08T14:42:04+00:00 https://www.techrepublic.com/article/why-companies-ignore-cybersecurity-in-digital-transformations/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1060421 False None Deloitte 5.0000000000000000 SecurityWeek - Security News 2019-03-07T15:50:02+00:00 https://www.securityweek.com/organizations-not-positioned-success-tackling-cyber-demands-deloitte www.secnews.physaphae.fr/article.php?IdArticle=1059796 False None Deloitte None TechRepublic - Security News US 2019-01-22T14:44:03+00:00 https://www.techrepublic.com/article/4-ways-leaders-can-prepare-for-the-coming-fourth-industrial-revolution/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1003624 False Guideline Deloitte 4.0000000000000000 TechRepublic - Security News US 2019-01-15T15:02:03+00:00 https://www.techrepublic.com/article/the-future-of-business-tech-6-trends-that-will-define-the-next-two-decades/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=993590 False None Deloitte None TechRepublic - Security News US 2019-01-15T14:17:00+00:00 https://www.techrepublic.com/article/why-vendor-security-practices-are-causing-heartburn-for-enterprise-pros/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=993471 False None Deloitte 5.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Security Experts Believe Skills Gap Can Be Bridged – Deloitte Disruption Index]]> 2019-01-11T18:00:00+00:00 https://www.informationsecuritybuzz.com/expert-comments/security-experts-believe-skills-gap-can-be-bridged-deloitte-disruption-index/ www.secnews.physaphae.fr/article.php?IdArticle=987140 False Guideline Deloitte None CSO - CSO Daily Dashboard 2019-01-07T06:05:00+00:00 https://www.csoonline.com/article/3331598/identity-management/managing-identity-and-access-management-in-uncertain-times.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=978974 False Data Breach Equifax,Yahoo,Deloitte None TechRepublic - Security News US 2018-12-13T14:08:00+00:00 https://www.techrepublic.com/article/5-ways-businesses-can-use-data-science-tools-without-hiring-a-data-scientist/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=944210 False None Deloitte 3.0000000000000000 IT Security Guru - Blog Sécurité 2018-12-13T13:01:01+00:00 https://www.itsecurityguru.org/2018/12/13/context-appoints-dave-spence-as-director-of-response/ www.secnews.physaphae.fr/article.php?IdArticle=946079 False Guideline Deloitte None TechRepublic - Security News US 2018-12-07T15:05:01+00:00 https://www.techrepublic.com/article/7-tips-for-cxos-to-combat-cybersecurity-risks-in-2019-and-beyond/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=939649 False None Deloitte None TechRepublic - Security News US 2018-11-19T14:40:04+00:00 https://www.techrepublic.com/article/71-of-consumers-will-shop-black-friday-and-cyber-monday-deals-is-your-business-ready/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=906765 False None Deloitte 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cyber Wargames A Tactic Few Organisations Use To Promote Cyber Awareness – Deloitte Survey]]> 2018-10-19T01:17:00+00:00 https://www.informationsecuritybuzz.com/expert-comments/cyber-wargames-a-tactic/ www.secnews.physaphae.fr/article.php?IdArticle=854272 False None Deloitte None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-10-16T15:36:05+00:00 https://threatpost.com/threatlist-half-of-execs-feel-unprepared-to-respond-to-a-cyber-incident/138320/ www.secnews.physaphae.fr/article.php?IdArticle=850209 False None Deloitte None TechRepublic - Security News US 2018-09-20T14:52:05+00:00 https://www.techrepublic.com/article/why-gig-workers-in-finance-will-grow-88-in-the-next-three-years/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=817710 False None Deloitte None TechRepublic - Security News US 2018-08-07T14:16:02+00:00 https://www.techrepublic.com/article/us-falls-behind-china-in-race-to-5g-hurting-businesses-and-risking-economic-benefits/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=769716 False None Deloitte None TechRepublic - Security News US 2018-08-07T13:41:00+00:00 https://www.techrepublic.com/article/5-job-categories-ai-will-disrupt-and-how-mid-market-companies-are-responding/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=769608 False None Deloitte None TechRepublic - Security News US 2018-08-07T13:13:02+00:00 https://www.techrepublic.com/article/one-third-of-mid-market-companies-have-no-it-governance-strategy-6-tips-to-fix-gaps/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=769609 False None Deloitte None TechRepublic - Security News US 2018-07-26T13:14:04+00:00 https://www.techrepublic.com/article/4-ways-wearables-can-benefit-your-workforce/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=754623 False None Deloitte 2.0000000000000000 TechRepublic - Security News US 2018-07-13T15:10:03+00:00 https://www.techrepublic.com/article/deloitte-collaboration-could-make-it-easier-to-migrate-sap-apps-to-google-cloud/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=744069 False None Deloitte None InformationSecurityBuzzNews - Site de News Securite NIST Framework Components]]> 2018-07-08T12:50:05+00:00 https://www.informationsecuritybuzz.com/videos/nist-framework-components/ www.secnews.physaphae.fr/article.php?IdArticle=735780 True Guideline Deloitte 2.0000000000000000 TechRepublic - Security News US 2018-06-27T14:34:03+00:00 https://www.techrepublic.com/article/deloittes-5-vectors-of-progress-prove-iot-is-a-solid-investment/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=725550 False Guideline Deloitte 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Tulin’s CyberSec Talk – Cyber Security Management Best Practices]]> 2018-06-23T14:00:02+00:00 https://www.informationsecuritybuzz.com/videos/tulins-cybersec-talk-cyber-security-management-best-practices/ www.secnews.physaphae.fr/article.php?IdArticle=719222 True Guideline Deloitte None SecurityWeek - Security News Security Teams Need the Ability to Collaborate and Coordinate to Make Better Use of the Talent and Data They Already Have We all know that security teams are drowning in a sea of alerts, largely driven by a defense-in-depth strategy with layers of protection that aren't integrated and create a massive amount of logs and events. If you need further evidence, Cisco's 2018 Annual Cybersecurity Report (PDF) found that among organizations using 50+ vendors, 55 percent say orchestrating security alerts is very challenging and for those with 21-50 vendors, 43 percent are struggling. The result? On average, 44 percent of alerts are not investigated and of those investigated and deemed legitimate, nearly half (49 percent) go un-remediated! Compound that reality with the “CNN Factor” – global cyberattacks that garner widespread interest and trigger calls from management – and you've got a situation that is quickly becoming untenable. It isn't sufficient for security teams to prevent, detect and respond to attacks. Security teams also must be able to proactively investigate and understand what the latest, large-scale cyber campaign means to their organization.  Yet Cisco's study finds, “One reason [alerts go un-remediated] appears to be the lack of headcount and trained personnel who can facilitate the demand to investigate all alerts.” So how can security teams handle the fallout from the headlines along with their daily list of “to-dos?” They need a force multiplier – the ability to collaborate and coordinate to make better use of the talent and data they already have. This will not only help them respond more effectively and efficiently to alerts, but also address the inevitable flurry of questions every time a large-scale attack happens and take action as needed.  Collaborate. It isn't just security tools that are siloed, security teams typically operate in silos as well and that includes all the members of your threat intelligence program – threat intelligence analysts, security operations centers (SOCs) and incident handlers, to name a few. When one team member researches an event or alert and doesn't find information that is relevant to them, they tend to put that information aside and move on to the next task. But what if someone else in threat operations, conducting a separate investigation, could have benefitted from that work? Without the ability to collaborate as part of the workflow, key commonalities are missed so investigations take longer or hit a dead end.  What's needed is a single, shared environment that fuses together threat data, evidence and users, so that all team members involved in the inve]]> 2018-03-29T12:10:04+00:00 https://www.securityweek.com/cnn-factor-adds-more-complexity-security-operations www.secnews.physaphae.fr/article.php?IdArticle=549982 True Guideline Deloitte None SecurityWeek - Security News PDF) finds 81% of cybersecurity professionals affirm that threat intelligence is providing value and helping them do their jobs better. The millions of threat-focused data points available, the many sources of global threat data we subscribe to, and the internal threat and event data from our layers of defense and SIEMs provide a significant amount of threat intelligence. But are we capturing all the value we can to truly strengthen our defenses and accelerate detection and response? As I've said before, not all threat intelligence is equal. Threat intelligence that is of value to your organization, may not be of value to another. How do you get the most value from your threat intelligence? It comes down to relevance, and that's determined by your industry/geography, your environment and your skills/capabilities. Industry/Geography. Threat data focused on attacks and vulnerabilities specific to your industry and geography is much more relevant than generic data that includes threats that target a specific sector and/or region you are not in. External threat feeds such as those from national/governmental Computer Emergency Response Teams (CERTs) and Information Sharing and Analysis Centers (ISACs) organized by industry, can prove useful. Complementing the data in your central repository with data from these types of sources can help reduce noise and allow you to focus on threats occurring locally in your sector. Environment. Depending on your environment or infrastructure, some indicators are more relevant than others. For example, if your workforce is highly distributed and endpoint protection is key, hashes are important because they enable you to detect malicious files on those devices. On the network, domain names and IPs are more relevant indicators allowing you to track suspicious traffic. To get the most value from your threat intelligence, you need tools that aggregate indicators in a c]]> 2018-03-14T15:42:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/0xf8Gwa_Dbc/value-threat-intelligence-clear-are-you-capturing-it-all www.secnews.physaphae.fr/article.php?IdArticle=513459 False Guideline Deloitte None UnderNews - Site de news "pirate" francais Le 15 novembre dernier, Mailjet, leader européen du pilotage d'emails marketing et transactionnels et ses partenaires (Taj-Deloitte, Les Echos, Generali, AFNOR et PeopleDoc) organisaient le premier grand événement dédié au RGPD (Règlement Général sur la Protection des Données) à Paris.]]> 2018-03-09T08:00:03+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/ELkILnYIgLQ/rgpd-j-100-ou-en-sommes-nous.html www.secnews.physaphae.fr/article.php?IdArticle=502442 False Guideline Deloitte None The Last Watchdog - Blog Sécurité de Byron V Acohido 2017-11-27T21:50:47+00:00 http://www.lastwatchdog.com/my-take-why-ubers-flaunting-of-disclosure-laws-will-ignite-security-regulations/ www.secnews.physaphae.fr/article.php?IdArticle=440554 False None Uber,Deloitte None IT Security Guru - Blog Sécurité 85% of senior exec’s plan to invest in AI and IoT by 2020, according to research published by Deloitte. Read Full Story  ORIGINAL SOURCE: Help Net Security ]]> 2017-11-21T12:12:51+00:00 http://www.itsecurityguru.org/2017/11/21/investment-ai-set-rise-2020/ www.secnews.physaphae.fr/article.php?IdArticle=437350 False None Deloitte None ComputerWeekly - Computer Magazine 2017-10-31T04:31:29+00:00 http://www.computerweekly.com/news/450429178/Deloitte-sponsorship-helps-progress-of-Bletchley-cyber-school www.secnews.physaphae.fr/article.php?IdArticle=426358 False None Deloitte None 01net. Actualites - Securite - Magazine Francais ]]> 2017-10-11T01:03:01+00:00 http://www.01net.com/actualites/securite-50percent-des-francais-utilisent-leur-smartphone-perso-au-bureau-1274587.html www.secnews.physaphae.fr/article.php?IdArticle=418740 False None Deloitte None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/463606098/0/thesecurityledger -->» Related StoriesHacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside - EnclosureAfter Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why. - Enclosure ]]> 2017-10-02T21:12:43+00:00 https://feeds.feedblitz.com/~/463606098/0/thesecurityledger~Hacker-Eye-on-the-Consultant-Guy-Deloitte-and-the-Art-of-spotting-Vulnerable-Firms-from-the-Outside/ www.secnews.physaphae.fr/article.php?IdArticle=414356 False None Equifax,Deloitte None The Last Watchdog - Blog Sécurité de Byron V Acohido 2017-10-02T17:49:11+00:00 http://lastwatchdog.com/roundtable-the-implications-of-deloitte-data-breach-coming-on-the-heells-of-hacks-at-equifax-sec/ www.secnews.physaphae.fr/article.php?IdArticle=414359 False None Equifax,Deloitte None Malwarebytes Labs - MalwarebytesLabs A compilation of security news and blog posts from the 25th of September to the 1st of October. We touched on that new macOS High Sierra keychain vulnerability, the Deloitte breach, BlueBorne, crypto mining, and others. Categories: Security world Week in security Tags: bluebornecrypto miningdavid sanchezdeloitte hackHigh SierraJerome Segurakeychain vulnerabilityNathan CollierrecapThomas Reedweekly blog roundupWilliam Tsing (Read more...) ]]> 2017-10-02T16:59:47+00:00 https://blog.malwarebytes.com/security-world/2017/10/a-week-in-security-september-25-october-01/ www.secnews.physaphae.fr/article.php?IdArticle=414233 False None Deloitte None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-09-29T13:00:55+00:00 https://threatpost.com/threatpost-news-wrap-september-29-2017/128200/ www.secnews.physaphae.fr/article.php?IdArticle=413705 False None Deloitte 5.0000000000000000 Darknet - The Darkside - Site de news Américain It seems to be non-stop lately, this time it's Deloitte Hacked, which has also revealed all kinds of publically accessible resources that really should be more secure (VPN, RDP & Proxy services). The irony is that Deloitte positions itself as a global leader in information security and offers consulting services to huge clients all over the planet, now it seems they don't take their own advice. Honestly this is not all that uncommon, it's human nature to leave your own stuff last as it doesn't directly impact revenue or value (until you get hacked). Read the rest of Deloitte Hacked – Client Emails, Usernames & Passwords Leaked now! Only available at Darknet. ]]> 2017-09-29T09:54:51+00:00 https://www.darknet.org.uk/2017/09/deloitte-hacked-client-emails-usernames-passwords-leaked/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=413668 False Guideline Deloitte None Malwarebytes Labs - MalwarebytesLabs On September 25, 2017, Deloitte announced that they detected a breach of the firm's global email server via a poorly secured admin email in March of this year. We go over the breach and provide suggestions for Deloitte's cybersecurity clients. Categories: Business Security world Tags: breachcybersecuritydata breachdeloittehackedhackers (Read more...) ]]> 2017-09-28T16:00:58+00:00 https://blog.malwarebytes.com/security-world/2017/09/deloitte-breached-by-hackers-for-months/ www.secnews.physaphae.fr/article.php?IdArticle=413199 False None Deloitte None Graham Cluley - Blog Security Deloitte suffers an embarrassing hack, CCleaner spreads malware, and Twitter explains why it isn't planning to ban Donald Trump from Twitter anytime soon. ]]> 2017-09-28T10:47:39+00:00 https://www.grahamcluley.com/smashing-security-podcast-045-deloitte-fail-ccleaner-dotards-twitter/ www.secnews.physaphae.fr/article.php?IdArticle=413138 False None CCleaner,Deloitte None InformationSecurityBuzzNews - Site de News Securite Deloitte Cyber Attack]]> 2017-09-26T20:00:28+00:00 http://www.informationsecuritybuzz.com/expert-comments/deloitte-cyber-attack/ www.secnews.physaphae.fr/article.php?IdArticle=412517 False None Deloitte None Adam Shostack - American Security Blog Continue reading "It’s Not The Crime, It’s The Coverup or the Chaos"]]> 2017-09-26T18:42:47+00:00 https://adam.shostack.org/blog/2017/09/its-not-the-crime-its-the-coverup-or-the-chaos/ www.secnews.physaphae.fr/article.php?IdArticle=412382 False None Equifax,Deloitte None UnderNews - Site de news "pirate" francais Le journal anglais The Guardian vient de révéler que le cabinet d'audit en sécurité Deloitte a été touché par une cyberattaque il y a un an. Cette dernière, découverte par le cabinet en mars, a dérobé plusieurs courriels confidentiels de clients. ]]> 2017-09-26T07:27:20+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/mpridHJbDmg/le-cabinet-deloitte-victime-dune-cyberattaque.html www.secnews.physaphae.fr/article.php?IdArticle=412165 False None Deloitte None Zataz - Magazine Francais de secu Piratage pour le géant de l’audit Deloitte est apparu en premier sur ZATAZ. ]]> 2017-09-25T21:17:54+00:00 https://www.zataz.com/piratage-geant-de-laudit-deloitte/ www.secnews.physaphae.fr/article.php?IdArticle=411981 False None Deloitte None Krebs on Security - Chercheur Américain 2017-09-25T20:12:46+00:00 https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=411881 False None Deloitte None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-09-25T18:45:15+00:00 https://threatpost.com/deloitte-very-few-clients-impacted-by-cyber-attack/128129/ www.secnews.physaphae.fr/article.php?IdArticle=412013 False None Deloitte None Security Affairs - Blog Secu 2017-09-25T17:34:09+00:00 http://securityaffairs.co/wordpress/63414/data-breach/deloitte-secrity-breach.html www.secnews.physaphae.fr/article.php?IdArticle=411908 False None Deloitte None Bleeping Computer - Magazine Américain 2017-09-25T15:51:13+00:00 https://www.bleepingcomputer.com/news/security/hackers-breached-deloitte-one-of-the-big-four-accounting-firms/ www.secnews.physaphae.fr/article.php?IdArticle=412001 False None Deloitte None Dark Reading - Informationweek Branch 2017-09-25T15:50:00+00:00 https://www.darkreading.com/attacks-breaches/breach-at-deloitte-exposes-emails-client-data/d/d-id/1329973?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=412025 False None Deloitte None SecurityWeek - Security News Deloitte said Monday that "very few" of the accounting and consultancy firm's clients were affected by a hack after a news report said systems of blue-chip clients had been breached. ]]> 2017-09-25T15:45:40+00:00 http://feedproxy.google.com/~r/Securityweek/~3/qDrOHI3w7-4/deloitte-says-very-few-clients-hit-hack www.secnews.physaphae.fr/article.php?IdArticle=411898 False None Deloitte None BBC - BBC News - Technology 2017-09-25T15:24:14+00:00 http://www.bbc.co.uk/news/technology-41385951 www.secnews.physaphae.fr/article.php?IdArticle=411874 False None Deloitte None ZD Net - Magazine Info 2017-09-25T15:01:00+00:00 http://www.zdnet.com/article/deloitte-confirms-it-was-hit-by-a-cyberattack-exposing-client-emails/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=411872 False None Deloitte None ComputerWeekly - Computer Magazine 2017-09-25T10:57:47+00:00 http://www.computerweekly.com/news/450426883/Deloitte-breach-underlines-need-for-better-authentication www.secnews.physaphae.fr/article.php?IdArticle=412007 False None Deloitte None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-09-25T10:31:14+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/CDg5UZQdRZM/deloitte-hack.html www.secnews.physaphae.fr/article.php?IdArticle=411865 False None Deloitte None IT Security Guru - Blog Sécurité 2017-06-26T09:55:49+00:00 http://www.itsecurityguru.org/2017/06/26/bankers-hiring-cyber-security-experts-help-get-deals-done/ www.secnews.physaphae.fr/article.php?IdArticle=378558 False None Deloitte None Fortinet - Fabricant Materiel Securite 2017-04-13T05:38:18+00:00 http://blog.fortinet.com/2017/04/13/certification-marks-for-iot-devices-a-suggestion-to-the-ftc-and-california www.secnews.physaphae.fr/article.php?IdArticle=358828 False None Deloitte 4.0000000000000000 TechRepublic - Security News US 2017-02-27T16:09:38+00:00 http://www.techrepublic.com/article/responding-to-cyber-threats-in-the-terabit-era/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=323936 False None Deloitte None Dark Reading - Informationweek Branch 2017-02-25T09:00:00+00:00 http://www.darkreading.com/risk/cyber-insurance-uptake-hampered-by-skewed-data-poor-communication/d/d-id/1328265?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=322844 False None Deloitte None Dark Reading - Informationweek Branch 2017-02-15T02:01:00+00:00 http://www.darkreading.com/deloitte-tackles-identity-management/v/d-id/1328163?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=314976 False None Deloitte None ComputerWeekly - Computer Magazine 2017-01-18T06:31:37+00:00 http://www.computerweekly.com/news/450411183/2017-may-be-crisis-year-for-DDoS-attacks-warns-Deloitte www.secnews.physaphae.fr/article.php?IdArticle=294859 False None Deloitte None ComputerWeekly - Computer Magazine 2017-01-11T05:06:42+00:00 http://www.computerweekly.com/news/450410760/Deloitte-predicts-major-advances-in-mobile-technology-in-2017 www.secnews.physaphae.fr/article.php?IdArticle=289988 False None Deloitte None Network World - Magazine Info 2016 Survey of US Physicians" released this week found little had changed since its last report two years ago, when doctors surveyed at the time generally held negative opinions of EHRs.The latest survey found nearly all physicians would like to see improvements in EHRs, with 62% calling for them to be more interoperable and 57% looking for improved workflow and increased productivity.To read this article in full or to leave a comment, please click here]]> 2016-09-29T04:56:00+00:00 http://www.networkworld.com/article/3125609/software/doctors-e-health-records-raise-costs-dont-help-patient-outcomes.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=143561 False None Deloitte None Dark Reading - Informationweek Branch 2016-09-20T17:05:00+00:00 http://www.darkreading.com/risk/lack-of-funding-stymies-state-cisos/d/d-id/1326957?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=101979 False None Deloitte None Dark Reading - Informationweek Branch 2016-09-15T09:00:00+00:00 http://www.darkreading.com/careers-and-people/stop-blaming-users-make-security-user-friendly/v/d-id/1326910?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=69158 False None Deloitte None Errata Security - Errata Security 1] [2] [3] [4].The story so fartl;dr: hackers drop 0day on medical device company hoping to profit by shorting their stockSt Jude Medical (STJ) is one of the largest providers of pacemakers (aka. cardiac devices) in the country, around ~$2.5 billion in revenue, which accounts for about half their business. They provide "smart" pacemakers with an on-board computer that talks via radio-waves to a nearby monitor that records the functioning of the device (and health data). That monitor, "Merlin@Home", then talks back up to St Jude (via phone lines, 3G cell phone, or wifi). Pretty much all pacemakers work that way (my father's does, although his is from a different vendor).MedSec is a bunch of cybersecurity researchers (white-hat hackers) who have been investigating medical devices. In theory, their primary business is to sell their services to medical device companies, to help companies secure their devices. Their CEO is Justine Bone, a long-time white-hat hacker.Muddy Waters is an investment company known for investigating companies, finding problems like accounting fraud, and profiting by shorting the stock of misbehaving companies.Apparently, MedSec did a survey of many pacemaker manufacturers, chose the one with the most cybersecurity problems, and went to Muddy Waters with their findings, asking for a share of the profits Muddy Waters got from shorting the stock.Muddy Waters published their findings in [1] above. St Jude published their response in [2] above. They are both highly dishonest. I point that out because people want to discuss the ethics of using 0day to short stock when we should talk about the ethics of lying."Why you should sell the stock" [finance issues]In this section, I try to briefly summarize Muddy Water's argument why St Jude's stock will drop. I'm not an expert in this area (though I do a bunch of investment), but they do seem flimsy to me.Muddy Water's argument is that these pacemakers are half of St Jude's business, and that fixing them will first require recalling them all, then take another 2 year to fix, during which time they can't be selling pacemakers. Much of the Muddy Waters paper is taken up explaining this, citing similar medical cases, and so on.If at all true, and if the cybersecurity claims hold up, then yes, this would be good reason to short the stock. However, I suspect they aren't true -- and they are simply trying to scare people about long-term consequences allowing Muddy Waters to profit in the short term.@selenakyle on Twitter suggests this interest document [4] about market-solutions to vuln-disclosure, if you are interested in this angle of things.The 0day being droppedWell, they didn't actually drop 0day as such, just claims that 0day exists -- that it's been "demonstrated". Reading through their document a few times, I've created a list of the 0day they found, to the granularity that]]> 2016-08-26T23:01:43+00:00 http://blog.erratasec.com/2016/08/notes-on-that-stjudemuddywattersmedsec.html www.secnews.physaphae.fr/article.php?IdArticle=9074 False Guideline Deloitte None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2016-08-24T04:22:00+00:00 http://www.networkworld.com/article/3111925/malware-cybercrime/a-deeper-look-at-business-impact-of-a-cyberattack.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=8525 False None Deloitte None ZD Net - Magazine Info 2016-07-20T07:00:04+00:00 http://www.zdnet.com/article/cray-deloitte-team-up-on-supercomputer-powered-threat-analytics/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=4394 False None Deloitte None