This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T12:51:51+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch 2022-09-19T21:24:55+00:00 https://www.darkreading.com/attacks-breaches/uber-breach-external-contractor-mfa-bombing-attack www.secnews.physaphae.fr/article.php?IdArticle=7006455 False None Uber None SecurityWeek - Security News 2022-09-19T19:02:09+00:00 https://www.securityweek.com/uber-confirms-hacker-accessed-bug-bounty-dashboard-internal-tools www.secnews.physaphae.fr/article.php?IdArticle=7006276 False None Uber,Uber None Bleeping Computer - Magazine Américain 2022-09-19T14:26:20+00:00 https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/ www.secnews.physaphae.fr/article.php?IdArticle=7004815 False Hack Uber,Uber None Global Security Mag - Site de news francais Malwares]]> 2022-09-19T14:24:04+00:00 http://www.globalsecuritymag.fr/Avast-Uber-annonce-avoir-ete-la,20220919,130015.html www.secnews.physaphae.fr/article.php?IdArticle=7002875 False None Uber,Uber None Global Security Mag - Site de news francais Malwares]]> 2022-09-19T13:01:44+00:00 http://www.globalsecuritymag.fr/Commentaire-de-John-Shier-Senior,20220919,130011.html www.secnews.physaphae.fr/article.php?IdArticle=7002227 False None Uber,Uber None SecurityWeek - Security News 2022-09-19T10:24:11+00:00 https://www.securityweek.com/gta-6-videos-and-source-code-stolen-rockstar-games-hack www.secnews.physaphae.fr/article.php?IdArticle=7001779 False Hack Uber,Uber None Global Security Mag - Site de news francais Malwares]]> 2022-09-19T08:13:47+00:00 http://www.globalsecuritymag.fr/La-Cyberattaque-UBER-vue-par,20220919,129980.html www.secnews.physaphae.fr/article.php?IdArticle=6999562 False None Uber,Uber None Security Affairs - Blog Secu Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game’s Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay videos and source code. On September 18, 2022, threat actors that go on GTAForums as 'teapotuberhacker' […] ]]> 2022-09-19T07:11:18+00:00 https://securityaffairs.co/wordpress/135923/data-breach/gta6-gameplay-videos-source-code-leak.html www.secnews.physaphae.fr/article.php?IdArticle=6998645 True Threat Uber None Security Affairs - Blog Secu 2022-09-18T11:58:11+00:00 https://securityaffairs.co/wordpress/135876/data-breach/uber-data-breach-update.html www.secnews.physaphae.fr/article.php?IdArticle=6978688 False Hack Uber,Uber None Naked Security - Blog sophos 2022-09-17T20:57:38+00:00 https://nakedsecurity.sophos.com/2022/09/17/s3-ep100-5-uber-breach-an-expert-speaks-audio-text/ www.secnews.physaphae.fr/article.php?IdArticle=6963046 False None Uber,Uber None SecurityWeek - Security News a major data breach, claiming there was no evidence the hacker got access to sensitive user data. ]]> 2022-09-17T16:14:00+00:00 https://www.securityweek.com/serious-breach-uber-spotlights-hacker-social-deception www.secnews.physaphae.fr/article.php?IdArticle=6958482 False None Uber,Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-17T14:23:00+00:00 https://thehackernews.com/2022/09/uber-claims-no-sensitive-data-exposed.html www.secnews.physaphae.fr/article.php?IdArticle=6951046 False None Uber,Uber None Wired Threat Level - Security News 2022-09-16T21:35:11+00:00 https://www.wired.com/story/uber-hack-mfa-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=6938018 False None Uber,Uber None Dark Reading - Informationweek Branch 2022-09-16T20:37:57+00:00 https://www.darkreading.com/attacks-breaches/attacker-apparently-didnt-breach-single-system-pwn-uber www.secnews.physaphae.fr/article.php?IdArticle=6936852 False None Uber,Uber None TechRepublic - Security News US Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. ]]> 2022-09-16T18:41:24+00:00 https://www.techrepublic.com/article/uber-internal-security-breach/ www.secnews.physaphae.fr/article.php?IdArticle=6935211 False None Uber 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber 2022-09-16T17:00:29+00:00 https://www.cyberscoop.com/uber-hack-systems-failure-dont-blame-employee/ www.secnews.physaphae.fr/article.php?IdArticle=6932978 False Hack Uber,Uber None Global Security Mag - Site de news francais Malwares]]> 2022-09-16T15:17:47+00:00 http://www.globalsecuritymag.fr/Cyberattaques-la-gestion-des,20220916,129962.html www.secnews.physaphae.fr/article.php?IdArticle=6932314 False None Uber 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2022-09-16T15:16:20+00:00 http://www.globalsecuritymag.fr/GITGUARDIAN-Uber-victime-d-une,20220916,129961.html www.secnews.physaphae.fr/article.php?IdArticle=6932315 False None Uber,Uber None Dark Reading - Informationweek Branch 2022-09-16T14:21:55+00:00 https://www.darkreading.com/attacks-breaches/hacker-pwns-uber-via-compromised-slack-account www.secnews.physaphae.fr/article.php?IdArticle=6931154 False None Uber,Uber None Schneier on Security - Chercheur Cryptologue Américain big: The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. “They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.” It looks like a pretty basic phishing attack; someone gave the hacker their login credentials. And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything...]]> 2022-09-16T14:07:13+00:00 https://www.schneier.com/blog/archives/2022/09/massive-data-breach-at-uber.html www.secnews.physaphae.fr/article.php?IdArticle=6931477 False Data Breach,Hack Uber,Uber None knowbe4 - cybersecurity services ]]> 2022-09-16T12:36:02+00:00 https://blog.knowbe4.com/uber-security-breach-looks-bad-caused-by-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=6929656 False None Uber None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: Uber Tags: MFA Tags: push notification Tags: Slack Tags: HackerOne Uber was forced to take several systems offline after reports of a serious breach (Read more...) ]]> 2022-09-16T12:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/uber-hacked-again-in-what-seems-an-uber-hack-this-time www.secnews.physaphae.fr/article.php?IdArticle=6940392 False None Uber None Graham Cluley - Blog Security 2022-09-16T11:37:48+00:00 https://grahamcluley.com/ubers-hacker-irritated-his-way-into-its-network-stole-internal-documents/ www.secnews.physaphae.fr/article.php?IdArticle=6928391 False None Uber,Uber None 01net. Actualites - Securite - Magazine Francais Une nouvelle grosse tuile pour Uber ? L'entreprise reconnaît être la victime d'un " incident de sécurité ". D'après plusieurs experts, le pirate aurait eu accès à une somme de données sensibles considérable. L'article Uber piraté : un hacker aurait entièrement compromis l'entreprise de VTC est à retrouver sur 01net.com.]]> 2022-09-16T10:11:37+00:00 https://www.01net.com/actualites/uber-pirate-un-hacker-aurait-entierement-compromis-lentreprise-de-vtc.html www.secnews.physaphae.fr/article.php?IdArticle=6927595 False None Uber None BBC - BBC News - Technology 2022-09-16T10:10:38+00:00 https://www.bbc.co.uk/news/technology-62925047?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=6927818 False Hack Uber None SecurityWeek - Security News Uber “responding to a cybersecurity incident” after hacker claims to have breached several systems ]]> 2022-09-16T09:22:19+00:00 https://www.securityweek.com/uber-investigating-data-breach-after-hacker-claims-extensive-compromise www.secnews.physaphae.fr/article.php?IdArticle=6927482 False Data Breach Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-09-16T09:00:00+00:00 https://www.infosecurity-magazine.com/news/uber-hacker-compromised-secret-bug/ www.secnews.physaphae.fr/article.php?IdArticle=6925882 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-16T08:38:00+00:00 https://thehackernews.com/2022/09/uber-says-its-investigating-potential.html www.secnews.physaphae.fr/article.php?IdArticle=6921329 False Hack Uber None Security Affairs - Blog Secu Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] ]]> 2022-09-16T07:22:27+00:00 https://securityaffairs.co/wordpress/135811/data-breach/uber-hacked-systems-allegedly-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=6924934 False Vulnerability,Threat Uber,Uber None ComputerWeekly - Computer Magazine 2022-09-16T05:52:00+00:00 https://www.computerweekly.com/news/252525030/Uber-suffers-major-cyber-attack www.secnews.physaphae.fr/article.php?IdArticle=6927497 False None Uber None CSO - CSO Daily Dashboard In a statement on Twitter, Uber wrote “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.” While details from the company are currently sparse, a report by the New York Times on Thursday claimed that a hacker was able to compromise an employee's Slack account and used it to send a message to Uber employees announcing that the company had suffered a data breach.To read this article in full, please click here]]> 2022-09-16T03:46:00+00:00 https://www.csoonline.com/article/3673942/uber-responding-to-cybersecurity-incident-following-reports-of-significant-data-breach.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6927552 False Data Breach Uber,Uber None The Register - Site journalistique Anglais 2022-09-16T03:13:43+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/16/uber_security_incident/ www.secnews.physaphae.fr/article.php?IdArticle=6921306 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-09-13T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36103 www.secnews.physaphae.fr/article.php?IdArticle=6872795 False Vulnerability Uber None Global Security Mag - Site de news francais Points de Vue]]> 2022-09-13T15:46:06+00:00 http://www.globalsecuritymag.fr/Exploiter-toute-la-valeur-ajoutee,20220913,129778.html www.secnews.physaphae.fr/article.php?IdArticle=6870537 False None Uber None Silicon - Site de News Francais 2022-09-09T14:33:20+00:00 https://www.silicon.fr/kubernetes-istio-sans-sidecar-446831.html www.secnews.physaphae.fr/article.php?IdArticle=6803541 False None Uber None Global Security Mag - Site de news francais Produits]]> 2022-09-08T15:50:02+00:00 http://www.globalsecuritymag.fr/Canonical-lance-Charmed-Kubeflow-1,20220908,129635.html www.secnews.physaphae.fr/article.php?IdArticle=6786583 False None Uber None InformationSecurityBuzzNews - Site de News Securite 2022-09-08T14:18:20+00:00 https://informationsecuritybuzz.com/expert-comments/ubers-ex-security-officer-facing-criminal-charges-after-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=6785622 False Data Breach Uber None CVE Liste - Common Vulnerability Exposure 2022-09-07T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36049 www.secnews.physaphae.fr/article.php?IdArticle=6774470 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-09-07T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36782 www.secnews.physaphae.fr/article.php?IdArticle=6765502 False Vulnerability Uber None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: YouTube Tags: forex Tags: trading Tags: scam Tags: Instagram Tags: influencer Tags: dance Tags: dancing Tags: fashion Tags: money We take a look at a tale of lost wealth, influencer lifestyles, and a Forex deal which brings everything crashing down. (Read more...) ]]> 2022-09-06T12:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/youtuber-on-the-run-after-allegedly-swiping-55m-usd-from-followers www.secnews.physaphae.fr/article.php?IdArticle=6756930 False None Uber None Global Security Mag - Site de news francais Produits]]> 2022-09-02T08:15:34+00:00 http://www.globalsecuritymag.fr/Canonical-Kubernetes-1-25-est,20220902,129400.html www.secnews.physaphae.fr/article.php?IdArticle=6680526 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-09-01T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1902 www.secnews.physaphae.fr/article.php?IdArticle=6672346 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-09-01T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2238 www.secnews.physaphae.fr/article.php?IdArticle=6672364 False Vulnerability,Guideline Uber None CVE Liste - Common Vulnerability Exposure 2022-09-01T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36055 www.secnews.physaphae.fr/article.php?IdArticle=6666260 False Tool Uber None Graham Cluley - Blog Security Continue reading "Over 900K Kubernetes clusters are misconfigured! Is your cluster a target?"]]> 2022-09-01T11:56:25+00:00 https://grahamcluley.com/feed-sponsor-teleport-4/ www.secnews.physaphae.fr/article.php?IdArticle=6663209 False None Uber None Silicon - Site de News Francais 2022-09-01T08:30:58+00:00 https://www.silicon.fr/kubernetes-airbnb-skyscanner-echecs-446047.html www.secnews.physaphae.fr/article.php?IdArticle=6661125 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-08-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36035 www.secnews.physaphae.fr/article.php?IdArticle=6648917 False Tool,Vulnerability Uber None Global Security Mag - Site de news francais Produits]]> 2022-08-30T19:26:24+00:00 http://www.globalsecuritymag.fr/VMware-Tanzu-R-enrichit-son,20220830,129312.html www.secnews.physaphae.fr/article.php?IdArticle=6631355 False None Uber None Global Security Mag - Site de news francais Produits]]> 2022-08-30T08:56:20+00:00 http://www.globalsecuritymag.fr/Red-Hat-lance-OpenShift-Platform,20220830,129285.html www.secnews.physaphae.fr/article.php?IdArticle=6621764 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-08-29T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31677 www.secnews.physaphae.fr/article.php?IdArticle=6614440 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-08-24T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4178 www.secnews.physaphae.fr/article.php?IdArticle=6506187 False None Uber None ProjectZero - Blog de recherche Google 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general. Overview For nearly ten years, Google’s Project Zero has been working to make it more difficult for bad actors to find and exploit security vulnerabilities, significantly improving the security of the Internet for everyone. In that time, we have partnered with folks across industry to transform the way organizations prioritize and approach fixing security vulnerabilities and updating people’s software. To help contextualize the shifts we are seeing the ecosystem make, we looked back at the set of vulnerabilities Project Zero has been reporting, how a range of vendors have been responding to them, and then attempted to identify trends in this data, such as how the industry as a whole is patching vulnerabilities faster. For this post, we look at fixed bugs that were reported between January 2019 and December 2021 (2019 is the year we made changes to our disclosure policies and also began recording more detailed metrics on our reported bugs). The data we'll be referencing is publicly available on the Project Zero Bug Tracker, and on various open source project repositories (in the case of the data used below to track the timeline of open-source browser bugs). There are a number of caveats with our data, the largest being that we'll be looking at a small number of samples, so differences in numbers may or may not be statistically significant. Also, the direction of Project Zero's research is almost entirely influenced by the choices of individual researchers, so changes in our researc]]> 2022-08-23T11:50:56+00:00 https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html www.secnews.physaphae.fr/article.php?IdArticle=8221936 False Vulnerability,Patching Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-08-18T19:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35976 www.secnews.physaphae.fr/article.php?IdArticle=6399396 False Vulnerability,Guideline Uber None CISCO Talos - Cisco Research blog By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H]]> 2022-08-18T08:00:00+00:00 http://blog.talosintelligence.com/2022/08/ukraine-and-fragility-of-agriculture.html www.secnews.physaphae.fr/article.php?IdArticle=6392803 False Ransomware,Threat,Guideline,Cloud APT 10,APT 32,APT 37,APT 21,NotPetya,Uber,Guam,APT 28 None Global Security Mag - Site de news francais Investigations]]> 2022-08-16T07:53:06+00:00 http://www.globalsecuritymag.fr/Les-deploiements-disperses-de,20220816,128897.html www.secnews.physaphae.fr/article.php?IdArticle=6349160 False None Uber None SecurityWeek - Security News 2022-08-15T11:48:00+00:00 https://www.securityweek.com/google-boosts-bug-bounty-rewards-linux-kernel-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=6341289 False Vulnerability Uber None UnderNews - Site de news "pirate" francais Lorsque vous décidez d'acheter une machine à tuber, vous voulez surtout qu'elle soit robuste et qu'elle peut servir pendant de nombreuses années. Mais aujourd'hui, vu le nombre de modèles de machines à tuber sur le marché, ce n'est pas évident de faire un choix. Donc, nous avons décidé de vous donner quelques astuces et quelques […] The post Comment choisir sa machine à tuber ? first appeared on UnderNews.]]> 2022-08-10T13:28:10+00:00 https://www.undernews.fr/hypernews-mag/comment-choisir-sa-machine-a-tuber.html www.secnews.physaphae.fr/article.php?IdArticle=6230097 False None Uber None GoogleSec - Firm Security Blog Cover of the medieval cookbook. Title in large letters kernel Exploits. Adorned. Featuring a small penguin. 15th century. Color. High quality picture. Private collection. Detailed.The Linux kernel is a key component for the security of the Internet. Google uses Linux in almost everything, from the computers our employees use, to the products people around the world use daily like Chromebooks, Android on phones, cars, and TVs, and workloads on Google Cloud. Because of this, we have heavily invested in Linux's security - and today, we're announcing how we're building on those investments and increasing our rewards.In 2020, we launched an open-source Kubernetes-based Capture-the-Flag (CTF) project called, kCTF. The kCTF Vulnerability Rewards Program (VRP) lets researchers connect to our Google Kubernetes Engine (GKE) instances, and if they can hack it, they get a flag, and are potentially rewarded. All of GKE and its dependenci]]> 2022-08-10T12:00:24+00:00 http://security.googleblog.com/2022/08/making-linux-kernel-exploit-cooking.html www.secnews.physaphae.fr/article.php?IdArticle=6232094 False Hack Uber None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC DevOps teams develop applications and deploy services using them. Moreover, organizations also use these containers to deploy and scale the DevOps infrastructure like the CI/CD tools. A report reveals that by 2022, organizations are likely to run 24% of their workload on containers. However, despite the benefits containers offer, it doesn’t mean they are completely secure. A study revealed that 87% of organizations had deployed containers in their production, while it's found that 94% had experienced at least one security incident. Another research finds that 45% of organizations have delayed or slowed down their application deployment process because of container security issues. All these issues can cause organizations to slow down their transformation journey and bear financial and reputational loss. To avoid such circumstances, organizations need to be aware of cloud container threats and learn how to minimize risks. Why are cloud containers becoming a growing threat? Containerization is a fast-moving trend that plays a pivotal role in improving agility and boosting innovation and is necessary for application development. The adoption of containers has soared in recent years and will continue to rise - and why not, as it transforms how an organization deploys IT infrastructure. Gartner predicts that by 2023, 70% of organizations will use containerized applications. In a survey, the Cloud-Native Computing Foundation (CFNC) finds that 96% of enterprises have evaluated or actively use Kubernetes. Besides this, 68% of the IT leaders in the Red Hat State of Enterprise Open Source Report for 2022 say that container technology is on the level of other important technologies, like Artificial Intelligence and Machine Learning. Container adoption comes with great advantages, but can also pose cybersecurity threats and challenges that adversely impact organizations. Enterprises who depend on container technology but fail to identify the security vulnerabilities and implement mitigation measures compromise their sensitive business data, including customer data. The situation becomes even more dire since most of these threats can’t be mitigated through endpoint security tools such as proxies or VPNs.  Here are some of the reasons cloud containers are becoming a threat to organizations: Human error Hackers can compromise container technology in the cloud in several ways. ]]> 2022-08-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/are-cloud-containers-a-sugar-coated-threat www.secnews.physaphae.fr/article.php?IdArticle=6227177 False Malware,Vulnerability,Threat,Guideline Uber None NoticeBored - Experienced IT Security professional glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):]]> 2022-08-06T10:46:21+00:00 http://blog.noticebored.com/2022/08/a-glossy-nicely-constructed-and.html www.secnews.physaphae.fr/article.php?IdArticle=6150878 False Malware,Vulnerability,Threat,Patching,Guideline,Medical,Cloud APT 38,APT 19,APT 10,APT 37,Uber,APT 15,Guam,APT 28,APT 34 None CVE Liste - Common Vulnerability Exposure 2022-08-04T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35930 www.secnews.physaphae.fr/article.php?IdArticle=6133263 False None Uber None Krebs on Security - Chercheur Américain 2022-08-04T15:41:09+00:00 https://krebsonsecurity.com/2022/08/scammers-sent-uber-to-take-elderly-lady-to-the-bank/ www.secnews.physaphae.fr/article.php?IdArticle=6126079 False None Uber,Uber None Global Security Mag - Site de news francais Produits]]> 2022-08-02T08:56:51+00:00 http://www.globalsecuritymag.fr/Elastic-annonce-des-ameliorations,20220802,128495.html www.secnews.physaphae.fr/article.php?IdArticle=6087263 False None Uber 4.0000000000000000 Malwarebytes Labs - MalwarebytesLabs 2022-07-29T16:44:16+00:00 https://blog.malwarebytes.com/cybercrime/2022/07/to-settle-with-the-doj-uber-must-confess-to-a-cover-up-and-it-did/ www.secnews.physaphae.fr/article.php?IdArticle=6015494 False Data Breach Uber,Uber None Global Security Mag - Site de news francais Produits]]> 2022-07-29T11:02:43+00:00 http://www.globalsecuritymag.fr/Mirantis-lance-Lens-Pro-en,20220729,128416.html www.secnews.physaphae.fr/article.php?IdArticle=6009888 False None Uber None Graham Cluley - Blog Security 2022-07-27T20:12:10+00:00 https://www.bitdefender.com/blog/hotforsecurity/ubers-former-head-of-security-faces-fraud-charges-after-allegedly-covering-up-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=5975515 False Data Breach Uber,Uber None Global Security Mag - Site de news francais Business]]> 2022-07-27T08:01:19+00:00 http://www.globalsecuritymag.fr/Mirantis-rachete-amazee-io,20220727,128333.html www.secnews.physaphae.fr/article.php?IdArticle=5964991 False None Uber None CSO - CSO Daily Dashboard zero trust access management applications, has announced the latest version of its unified access plane, Teleport 10, which features passwordless access as a single sign-on (SSO) infrastructure access solution.Teleport's unified access plane is an open source identity-based infrastructure access platform that unifies secure access to servers, Kubernetes clusters, applications and databases.To read this article in full, please click here]]> 2022-07-27T06:09:00+00:00 https://www.csoonline.com/article/3668036/teleport-features-passwordless-access-with-new-access-plane-update.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5969701 False None Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-07-26T15:15:00+00:00 https://www.infosecurity-magazine.com/news/uber-hacking-case-doj/ www.secnews.physaphae.fr/article.php?IdArticle=5952345 False None Uber None InformationSecurityBuzzNews - Site de News Securite 2022-07-26T11:34:02+00:00 https://informationsecuritybuzz.com/expert-comments/uber-admits-covering-up-2016-data-breach-that-exposed-57m-users-data/ www.secnews.physaphae.fr/article.php?IdArticle=5949368 False Data Breach Uber,Uber None SecurityWeek - Security News 2022-07-25T13:20:58+00:00 https://www.securityweek.com/uber-settles-federal-investigators-over-2016-data-breach-coverup www.secnews.physaphae.fr/article.php?IdArticle=5940182 False Data Breach Uber None Dark Reading - Informationweek Branch 2022-07-19T14:00:00+00:00 https://www.darkreading.com/attacks-breaches/protecting-against-kubernetes-borne-ransomware www.secnews.physaphae.fr/article.php?IdArticle=5825506 False Ransomware,Malware Uber None CVE Liste - Common Vulnerability Exposure 2022-07-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31102 www.secnews.physaphae.fr/article.php?IdArticle=5679745 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-07-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31105 www.secnews.physaphae.fr/article.php?IdArticle=5679746 False Tool,Vulnerability Uber None Global Security Mag - Site de news francais Business]]> 2022-07-12T10:26:58+00:00 http://www.globalsecuritymag.fr/HID-Global-et-le-Laboratoire,20220712,127800.html www.secnews.physaphae.fr/article.php?IdArticle=5690400 False None Uber None TroyHunt - Blog Security 2022-07-11T19:45:28+00:00 https://arstechnica.com/?p=1865604 www.secnews.physaphae.fr/article.php?IdArticle=5663906 False None Uber,Uber None Vuln AWS - FLux Vuln AWS aws-security@amazon.com. ]]> 2022-07-11T15:54:32+00:00 https://aws.amazon.com/security/security-bulletins/AWS-2022-007/ www.secnews.physaphae.fr/article.php?IdArticle=8296119 False None Uber 2.0000000000000000 Malwarebytes Labs - MalwarebytesLabs A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and recorded them being arrested by the police. ]]> 2022-07-11T08:40:19+00:00 https://blog.malwarebytes.com/tech-support-scams/2022/07/tech-support-scammers-get-caught-on-camera/ www.secnews.physaphae.fr/article.php?IdArticle=5659121 False None Uber None The Register - Site journalistique Anglais 2022-07-11T06:45:08+00:00 https://go.theregister.com/feed/www.theregister.com/2022/07/11/uber_leak/ www.secnews.physaphae.fr/article.php?IdArticle=5658122 False None Uber,Uber None BBC - BBC News - Technology 2022-07-10T16:00:32+00:00 https://www.bbc.co.uk/news/business-62057321?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=5654485 False Guideline Uber,Uber None Malwarebytes Labs - MalwarebytesLabs We take a look at reports of scammers targeting Youtuber's channels with malware called YTStealer, that eats authentication cookies. ]]> 2022-07-01T17:35:43+00:00 https://blog.malwarebytes.com/scams/2022/07/ytstealer-targets-youtube-content-creators/ www.secnews.physaphae.fr/article.php?IdArticle=5495957 False Malware Uber None CVE Liste - Common Vulnerability Exposure 2022-06-30T17:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22472 www.secnews.physaphae.fr/article.php?IdArticle=5475204 False Vulnerability Uber None TroyHunt - Blog Security 2022-06-29T22:25:52+00:00 https://arstechnica.com/?p=1863620 www.secnews.physaphae.fr/article.php?IdArticle=5459236 False Malware Uber None InformationSecurityBuzzNews - Site de News Securite 2022-06-29T16:10:18+00:00 https://informationsecuritybuzz.com/expert-comments/kubernetes-api-over-900000-exposures-found-across-the-internet/ www.secnews.physaphae.fr/article.php?IdArticle=5454189 False None Uber None The Register - Site journalistique Anglais 2022-06-29T14:05:08+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/29/exuber_security_chiefs_alleged_coverup/ www.secnews.physaphae.fr/article.php?IdArticle=5452792 False None Uber,Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-06-28T17:00:00+00:00 https://www.infosecurity-magazine.com/news/misconfigured-kubernetes-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=5434034 False Threat Uber None Bleeping Computer - Magazine Américain 2022-06-28T06:39:23+00:00 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ www.secnews.physaphae.fr/article.php?IdArticle=5428901 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31098 www.secnews.physaphae.fr/article.php?IdArticle=5424287 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31077 www.secnews.physaphae.fr/article.php?IdArticle=5423408 False None Uber None CVE Liste - Common Vulnerability Exposure =v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround.]]> 2022-06-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31036 www.secnews.physaphae.fr/article.php?IdArticle=5423402 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31076 www.secnews.physaphae.fr/article.php?IdArticle=5423407 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31034 www.secnews.physaphae.fr/article.php?IdArticle=5422523 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31035 www.secnews.physaphae.fr/article.php?IdArticle=5422524 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-25T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31016 www.secnews.physaphae.fr/article.php?IdArticle=5378752 False Vulnerability Uber None InformationSecurityBuzzNews - Site de News Securite 2022-06-20T22:05:15+00:00 https://informationsecuritybuzz.com/expert-comments/why-93-of-kubernetes-users-struggle-with-security/ www.secnews.physaphae.fr/article.php?IdArticle=5302367 False None Uber None GoogleSec - Firm Security Blog SBOMs)-a list of all the components, libraries, and modules that are required to build a piece of software. In the wake of the 2021 Executive Order on Cybersecurity, these ingredient labels for software became popular as a way to understand what's in the software we all consume. The guiding idea is that it's impossible to judge the risks of particular software without knowing all of its components-including those produced by others. This increased interest in SBOMs saw another boost after the National Institute of Standards and Technology (NIST) released its Secure Software Development Framework, which requires SBOM information to be available for software. But now that the industry is making progress on methods to generate and share SBOMs, what do we do with them?Generating an SBOM is only one half of the story. Once an SBOM is available for a given piece of software, it needs to be mapped onto a list of known vulnerabilities to know which components could pose a threat. By connecting these two sources of information, consumers will know not just what's in what's in their software, but also its risks and whether they need to remediate any issues.In this blog post, we demonstrate the process of taking an SBOM from a large and critical project-Kubernetes-and using an open source tool to identify the vulnerabilities it contains. Our example's success shows that we don't need to wait for SBOM generation to reach full maturity before we begin mapping SBOMs to common vulnerability databases. With just a few updates from SBOM creators to address current limitations in connecting the two sources of data, this process is poised to become easily within reach of the average software consumer. OSV: Connecting SBOMs to vulnerabilitiesThe following example uses Kubernetes, a major project that makes its SBOM available using the Software Package Data Exchange (SPDX) format-an international open standard (ISO) for communicating SBOM information. The same idea should apply to any project that makes its SBOM available, and for projects that don't, you can generate your own SBOM using the same bom tool Kubernetes created.We have chosen to map the SBOM to the Open Source Vulnerabilities (OSV) database, which describes vulnerabilities in a format that was specifically designed to map to open source package versions or commit hashes. The OSV database excels here as it provides a standardized format and aggregates information across multiple ecosystems (e.g., Python, Golang, Rust) and databases (e.g., Github Advisory Database (GHSA), Global Security Database (GSD)).To connect the SBOM to the database, we'll use the SPDX spdx-to-osv tool. This open source tool takes in an SPDX SBOM document, queries the OSV database of vulnerabilities, and returns an enumeration of vulnerabilities present in the software's declared components.Example: Kubernetes' SBOMThe first step is to download Kubernetes' SBOM, which is publicly available and contains information on the project, dependencies, versions, and ]]> 2022-06-14T12:00:00+00:00 http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=5145917 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-13T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31054 www.secnews.physaphae.fr/article.php?IdArticle=5137205 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-13T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31055 www.secnews.physaphae.fr/article.php?IdArticle=5135354 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-06-09T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31030 www.secnews.physaphae.fr/article.php?IdArticle=5059844 False None Uber 5.0000000000000000 TrendMicro - Security Firm Blog 2022-06-09T00:00:00+00:00 https://www.trendmicro.com/en_us/devops/22/f/amazon-eks-vs-azure-kubernetes-service-aks.html www.secnews.physaphae.fr/article.php?IdArticle=5489568 False None Uber None