This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-11T05:31:13+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) #### Targeted Industries - Information Technology ## Snapshot The Sysdig Threat Research Team released a report on a new attack termed LLMjacking, where exploited cloud credentials are used to target large language model (LLM) services. ## Description The credentials used in this attack were acquired from a system running a vulnerable version of Laravel ([CVE-2021-3129](https://security.microsoft.com/intel-explorer/cves/CVE-2021-3129/)). While attacks against LLM-based AI systems are often discussed in the context of prompt abuse and altering training data, this attack aimed to sell LLM access to other cybercriminals while the cloud account owner footed the bill. Upon initial access, attackers exfiltrated cloud credentials and penetrated the cloud environment to target local LLM models hosted by cloud providers. Sysdig researchers discovered evidence of a reverse proxy for LLMs being used, suggesting financial motivation or the extraction of LLM training data. Th]]> 2024-05-10T21:39:05+00:00 https://community.riskiq.com/article/344e58e5 www.secnews.physaphae.fr/article.php?IdArticle=8497469 False Threat,Cloud None None HackRead - Chercher Cyber Par deeba ahmed Les chercheurs découvrent un nouveau schéma de cyberattaque appelé "llmjacking" exploitant des informations d'identification cloud volées pour détourner des modèles d'IA puissants.Cet article explore les implications des attaquants en tirant parti de grands modèles de langue (LLM) à des fins malveillantes et offre des recommandations de sécurité pour les communautés cloud et AI. Ceci est un article de HackRead.com Lire le post original: Une nouvelle attaque llmjacking permet aux pirates de détourner les modèles AI à but lucratif

---

>By Deeba Ahmed Researchers uncover a novel cyberattack scheme called "LLMjacking" exploiting stolen cloud credentials to hijack powerful AI models. This article explores the implications of attackers leveraging large language models (LLMs) for malicious purposes and offers security recommendations for the cloud and AI communities. This is a post from HackRead.com Read the original post: New LLMjacking Attack Lets Hackers Hijack AI Models for Profit]]> 2024-05-10T20:54:34+00:00 https://www.hackread.com/llmjacking-attack-hackers-hijack-ai-models/ www.secnews.physaphae.fr/article.php?IdArticle=8497424 False Cloud None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained]]> 2024-05-10T13:11:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html www.secnews.physaphae.fr/article.php?IdArticle=8497059 False Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Kevin Mandia, CEO of Mandiant at Google Cloud, calls for content "watermarks" as the industry braces for a barrage of mind-bending AI-generated fake audio and video traffic.]]> 2024-05-10T13:00:00+00:00 https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes www.secnews.physaphae.fr/article.php?IdArticle=8497194 False Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-05-09T20:14:24+00:00 https://www.darkreading.com/cloud-security/cyberproof-announces-strategic-partnership-with-google-cloud www.secnews.physaphae.fr/article.php?IdArticle=8496787 False Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The latest round of investment prices the fast-growing cloud native application protection platform (CNAPP) at $12 billion with a simple mandate: Grow quickly through acquisition.]]> 2024-05-09T18:30:53+00:00 https://www.darkreading.com/cloud-security/aggressive-cloud-security-player-wiz-scores-1-billion-in-funding-round www.secnews.physaphae.fr/article.php?IdArticle=8496761 False Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-09T16:44:05+00:00 https://community.riskiq.com/article/1db83f2c www.secnews.physaphae.fr/article.php?IdArticle=8496697 False Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sysdig said the attackers gained access to these credentials from a vulnerable version of Laravel]]> 2024-05-09T16:00:00+00:00 https://www.infosecurity-magazine.com/news/llmjacking-exploits-stolen-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8496648 False Cloud None 3.0000000000000000 CrowdStrike - CTI Society The massive increase in cloud adoption has driven adversaries to focus their efforts on cloud environments - a shift that led to cloud intrusions increasing by 75% in 2023, emphasizing the need for stronger cloud security. Larger scale leads to larger risk. As organizations increase their quantity of cloud assets, their attack surface grows. Each […]]]> 2024-05-09T15:04:53+00:00 https://www.crowdstrike.com/blog/enhanced-cloud-asset-visualization/ www.secnews.physaphae.fr/article.php?IdArticle=8496639 False Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite utilisez-vous Microsoft Azure Virtual WAN, ou envisagez-vous de l'utiliser?Si oui, quelle est la meilleure façon de sécuriser vos déploiements WAN virtuels?Ce n'est pas une question triviale, car tous les pare-feu ne sont pas égaux ou même similaires en termes de capacité à protéger leur client, à sauver la croissance de leur entreprise et à répondre aux exigences opérationnelles.Pour aider les organisations qui évaluent les solutions de sécurité pour protéger leurs déploiements WAN virtuels, cet article considère cinq cas d'utilisation commerciale et explique comment Check Point améliore et complète la sécurité Azure par sa sécurité de réseau cloud de qualité supérieure de qualité supérieure.Contexte de plus en plus d'organisations sont [& # 8230;]

---

>Are you using Microsoft Azure Virtual WAN, or considering using it? If so, what is the best way to secure your Virtual WAN deployments? This is not a trivial question, because not all firewalls are equal or even similar in terms of their ability to protect their customer, future-proof their business growth and meet operational requirements. To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, enterprise-grade cloud network security. Background More and more organizations are […] ]]> 2024-05-09T13:00:29+00:00 https://blog.checkpoint.com/security/five-business-use-cases-for-evaluating-azure-virtual-wan-security-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8496581 False Cloud None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Nozomi Networks and Mandiant, part of Google Cloud, announced Wednesday that they have expanded their global partnership to... ]]> 2024-05-09T11:09:44+00:00 https://industrialcyber.co/news/nozomi-mandiant-extend-alliance-to-boost-threat-detection-and-response-for-global-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8496521 False Threat,Cloud None 3.0000000000000000 The State of Security - Magazine Américain The FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards. Staff at the corporate offices of US retail companies have been the target of highly-sophisticated email phishing and SMS phishing ("smishing") attacks. These attacks attempt to gain access to employee accounts, IT systems, and cloud services used by the company. Once they have gained access, the cybercriminals target other employees in order to move laterally through a network. They attempt to...]]> 2024-05-09T10:08:04+00:00 https://www.tripwire.com/state-of-security/fbi-warns-us-retailers-cybercriminals-are-targeting-their-gift-card-systems www.secnews.physaphae.fr/article.php?IdArticle=8496642 False Cloud None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-09T06:00:11+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass www.secnews.physaphae.fr/article.php?IdArticle=8496584 False Tool,Threat,Prediction,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-09T00:49:06+00:00 https://community.riskiq.com/article/1f1ae96f www.secnews.physaphae.fr/article.php?IdArticle=8496261 False Ransomware,Malware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

SentinelOne® Redefines Cloud Security Company launches revolutionary CNAPP with unique Offensive Security Engine™ that thinks like a hacker to move beyond the theoretical and deliver Verified Exploit Paths™ - Product Reviews]]> 2024-05-08T21:28:20+00:00 https://www.globalsecuritymag.fr/sentinelone-launched-singularity-tm-cloud-native-security.html www.secnews.physaphae.fr/article.php?IdArticle=8496205 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

StackHawk Announces Integration with Microsoft Defender for Cloud StackHawk StackHawk collaborates with Microsoft to proactively test APIs for security vulnerabilities to strengthen overall security posture - Business News]]> 2024-05-08T21:20:21+00:00 https://www.globalsecuritymag.fr/stackhawk-announces-integration-with-microsoft-defender-for-cloud-stackhawk.html www.secnews.physaphae.fr/article.php?IdArticle=8496178 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user\'s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of]]> 2024-05-08T19:48:00+00:00 https://thehackernews.com/2024/05/a-saas-security-challenge-getting.html www.secnews.physaphae.fr/article.php?IdArticle=8495969 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical.]]> 2024-05-08T16:28:00+00:00 https://thehackernews.com/2024/05/the-fundamentals-of-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8495846 False Cloud None 3.0000000000000000 Cisco - Security Firm Blog

---

Learn how Cisco is bringing on-prem and cloud security together into a unified platform to marry the power of Cisco Secure Firewall and Multicloud Defense.]]> 2024-05-08T15:00:16+00:00 https://feedpress.me/link/23535/16676548/secure-firewall-multicloud-defense-secure-connectivity-with-simplified-policy-across-clouds www.secnews.physaphae.fr/article.php?IdArticle=8495964 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Cado Security Introduces First-Ever Support to Perform Investigations in Distroless Container Environments Cado Security Platform now Supports Investigations in Distroless Container Environments, Eliminating Critical Blindspots and Delivering Unprecedented Visibility into Cloud Risk. - Product Reviews]]> 2024-05-08T10:58:57+00:00 https://www.globalsecuritymag.fr/cado-security-introduces-cado-security-platform.html www.secnews.physaphae.fr/article.php?IdArticle=8495864 False Cloud None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-08T06:00:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/spoofed-email-greater-impersonation-risk www.secnews.physaphae.fr/article.php?IdArticle=8495932 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 The State of Security - Magazine Américain The Rolling Stones wanted to protect their space; we, as security practitioners, need to protect ours. Data \'castles\' in the cloud are out there, and they\'re constantly under siege. By drawing inspiration from a band that embodied personal freedom, we can draw some – okay, very stretched - parallels to modern cloud security . Nonetheless, they work. And we all knew this blog was coming. And if you read the blog backward you can hear the name of the latest malware family... Maybe. "Hey, you. Get off of my cloud!" We\'re quite certain the real meaning of the Stones\' pinnacle lyric was the...]]> 2024-05-08T02:44:47+00:00 https://www.tripwire.com/state-of-security/hey-you-get-my-cloud www.secnews.physaphae.fr/article.php?IdArticle=8495759 False Malware,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

AppOmni Releases Zero Trust Posture Management, Enhancing SaaS Security by Extending Zero Trust to the Application Layer - Product Reviews]]> 2024-05-07T19:24:31+00:00 https://www.globalsecuritymag.fr/appomni-announced-appomni-zero-trust-posture-management.html www.secnews.physaphae.fr/article.php?IdArticle=8495451 False Cloud None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week. "APT42 was]]> 2024-05-07T18:55:00+00:00 https://thehackernews.com/2024/05/apt42-hackers-pose-as-journalists-to.html www.secnews.physaphae.fr/article.php?IdArticle=8495241 False Cloud APT 42 4.0000000000000000 Checkpoint - Fabricant Materiel Securite Alors que les cybermenaces se développent rapidement, les entreprises peuvent faire confiance à un point de contrôle pour fournir des solutions accélérées de réseau et de cloud, en collaboration avec NVIDIA.En combinant l'expérience de Check Point \\ dans la prévention avancée des menaces avec les plates-formes informatiques accélérées de pointe de Nvidia \\, les entreprises peuvent obtenir la meilleure sécurité sur les réseaux les plus rapides.Vérifier la collaboration pluriannuelle de Point \\ avec NVIDIA s'étend sur trois domaines clés: Premièrement, la sécurisation de l'infrastructure de cloud AI propulsée par les unités de traitement des données Bluefield NVIDIA (DPU) pour aider les entreprises à développer et à déployer des applications généatives d'IA génératives.Deuxièmement, accélérer la sécurité du réseau en tirant parti de la plate-forme de réseautage NVIDIA ConnectX à haute vitesse pour l'inspection du pare-feu.Troisièmement, en utilisant des commutateurs intelligents [& # 8230;]

---

>As cyber threats expand rapidly, enterprises can trust Check Point to deliver accelerated network and cloud security solutions, in collaboration with NVIDIA. By combining Check Point\'s experience in advanced threat prevention with NVIDIA\'s cutting-edge accelerated computing platforms, enterprises can get the best security on the fastest networks. Check Point\'s multi-year collaboration with NVIDIA spans three key areas: First, securing the AI Cloud infrastructure powered by NVIDIA BlueField data processing units (DPUs) to help enterprises safely develop and deploy generative AI applications. Second, accelerating network security by leveraging the high-speed NVIDIA ConnectX networking platform for firewall inspection. Third, using intelligent switches […] ]]> 2024-05-07T16:32:56+00:00 https://blog.checkpoint.com/security/check-point-protects-enterprises-by-accelerating-security-for-networks-and-ai-cloud-infrastructure-in-collaboration-with-nvidia/ www.secnews.physaphae.fr/article.php?IdArticle=8495347 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

DoControl Unveils New Product Innovations: Identity Threat Detection and Response (ITDR) and SaaS Misconfigurations Management With these two groundbreaking capabilities, DoControl delivers a holistic SaaS Security Posture Management solution, safeguarding SaaS data, identities, connected apps, and configurations to mitigate sensitive data exposure and combat insider threats - Product Reviews]]> 2024-05-07T16:10:43+00:00 https://www.globalsecuritymag.fr/docontrol-introduces-identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8495368 False Threat,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Produits

---

Le nouveau serveur IBM Power étend les applications d\'IA " on-premises " vers le Cloud et l\'" Edge " pour une valeur business accrue dans tous les secteurs d\'activité - Produits]]> 2024-05-07T13:37:22+00:00 https://www.globalsecuritymag.fr/ibm-annonce-l-ibm-r-power-r-s1012.html www.secnews.physaphae.fr/article.php?IdArticle=8495263 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T13:08:21+00:00 https://www.globalsecuritymag.fr/veeam-lance-kasten-v7-0.html www.secnews.physaphae.fr/article.php?IdArticle=8495266 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T13:06:05+00:00 https://www.globalsecuritymag.fr/proofpoint-inc-devoile-deux-innovations.html www.secnews.physaphae.fr/article.php?IdArticle=8495267 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Eviden reinforces its end-to-end cloud offering with new CloudSecOps Center, an integrated center of Cloud security services, in Timisoara, Romania Complements Eviden\'s three Cloud Centers launched last year - Business News]]> 2024-05-07T13:03:05+00:00 https://www.globalsecuritymag.fr/eviden-launchs-new-cloudsecops-center-in-timisoara-romania.html www.secnews.physaphae.fr/article.php?IdArticle=8495228 False Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Pendant ce temps, la technologie progresse à un rythme effréné, tout comme les risques posés par les cybermenaces.Le rapport FUTURESTM de niveau 2024 révèle cet acte d'équilibrage délicat entre l'innovation et la sécurité.Nous avons examiné l'ensemble des problèmes commerciaux impliqués dans la résilience cyber et de cybersécurité et découvert le leadership exécutif et le leadership technique ont des opportunités pour un alignement beaucoup plus profond. Obtenez votre copie gratuite du rapport. & nbsp; La quête insaisissable de la cyber-résilience. Imaginez un monde où les entreprises sont imperméables aux cybermenaces & mdash; un monde où chaque aspect d'une organisation est sauvegardé contre les perturbations potentielles.C'est l'idéal élevé de la cyber-résilience, mais pour de nombreuses entreprises, elle reste un objectif insaisissable.L'évolution rapide de l'informatique a transformé le paysage informatique, brouillant les lignes entre les logiciels propriétaires et open-source, les systèmes hérités, les initiatives de transformation numérique du cloud computing.Bien que ces progrès apportent des avantages indéniables, ils introduisent également des risques sans précédent. Selon nos recherches, 85% des leaders informatiques reconnaissent que l'innovation informatique a le prix d'un risque accru.Dans un monde où les cybercriminels deviennent de plus en plus sophistiqués, le besoin de cyber-résilience n'a jamais été aussi urgent.Des attaques de ransomwares massives aux incidents DDOS débilitants, les entreprises opèrent dans un climat où une seule cyber violation peut avoir des conséquences catastrophiques. Exploration de la relation entre le leadership exécutif et la cyber-résilience. Notre enquête auprès de 1 050 C-suite et cadres supérieurs comprenait 18 pays et sept industries: énergie et services publics, services financiers, soins de santé, fabrication, commerce de détail, transport et SLED américain (État, gouvernement local et enseignement supérieur).Dans les prochains mois, nous publierons un rapport vertical pour chaque marché.Ce rapport Landmark a été conçu pour aider les organisations à commencer à parler plus de manière réfléchie des vulnérabilités et des opportunités d'amélioration. Dans le rapport, vous & rsquo; ll: Découvrez pourquoi les chefs d'entreprise et les chefs de technologie ont besoin de hiérarchiser la cyber-résilience. découvrez les obstacles critiques à la cyber-résilience. Découvrez les défis concernant la résilience de la cybersécurité. ]]> 2024-05-07T12:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-cyber-resilience-research-reveals-a-complex-terrain www.secnews.physaphae.fr/article.php?IdArticle=8496672 False Ransomware,Vulnerability,Medical,Cloud,Technical None 3.0000000000000000 Cisco - Security Firm Blog

---

Announcing the public availability of Cisco Cloud Controls Framework (CCF) V3.0 - a “build-once-use-many” approach for SaaS compliance with global standards.]]> 2024-05-07T12:00:46+00:00 https://feedpress.me/link/23535/16675334/accelerating-saas-security-certifications-to-maximize-market-access-2 www.secnews.physaphae.fr/article.php?IdArticle=8495179 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais actualités du marché

---

MSP CloudReso selects Cubbit\'s hyper-resilient DS3 distributed cloud to achieve data security and 30% savings on storage costs With Cubbit DS3, French-based MSP CloudReso can offer unprecedented data sovereignty, geographical resilience, and ransomware protection - Market News]]> 2024-05-07T11:41:03+00:00 https://www.globalsecuritymag.fr/cloudreso-selects-cubbit-s-hyper-resilient-ds3-distributed-cloud-to-achieve.html www.secnews.physaphae.fr/article.php?IdArticle=8495199 False Ransomware,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Genetec Security Center SaaS seamlessly connects to direct-to-cloud devices, and maximizes existing access control and camera investments New offering supports direct-to-cloud workflows with Axis, Bosch, Hanwha, and i-PRO devices, while the new Genetec Cloudlink line of appliances enables already deployed access control and camera equipment to connect to the cloud. - Product Reviews]]> 2024-05-07T09:20:26+00:00 https://www.globalsecuritymag.fr/genetec-inc-announced-security-center-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8495127 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-05-07T09:09:28+00:00 https://www.globalsecuritymag.fr/crowdstrike-et-google-cloud-annoncent-un-partenariat-strategique.html www.secnews.physaphae.fr/article.php?IdArticle=8495128 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T07:20:11+00:00 https://www.globalsecuritymag.fr/f5-devoile-de-nouvelles-solutions-de-securite.html www.secnews.physaphae.fr/article.php?IdArticle=8495070 False Threat,Cloud None 3.0000000000000000 Techworm - News 2024-05-06T22:38:28+00:00 https://www.techworm.net/2024/05/xiaomi-phones-security-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8494749 False Vulnerability,Mobile,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-05-06T21:18:13+00:00 https://www.darkreading.com/cloud-security/bigid-launches-industry-first-hybrid-scanning-for-cloud-native-workloads www.secnews.physaphae.fr/article.php?IdArticle=8494825 False Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T19:54:46+00:00 https://community.riskiq.com/article/7c5aa156 www.secnews.physaphae.fr/article.php?IdArticle=8494794 False Malware,Vulnerability,Threat,Patching,Cloud APT 42 3.0000000000000000 CrowdStrike - CTI Society Today\'s businesses are building their future in the cloud. They rely on cloud infrastructure and services to operate, develop new products and deliver greater value to their customers. The cloud is the catalyst for digital transformation among organizations of all sizes and industries. But while the cloud powers immeasurable speed, growth and innovation, it also […]]]> 2024-05-06T15:19:05+00:00 https://www.crowdstrike.com/blog/cloud-security-defines-future-evolving-market/ www.secnews.physaphae.fr/article.php?IdArticle=8496640 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Accelerating Innovation: Introducing SocX, SecureIQLab\'s AI-Powered Cloud Security Validation Platform - Product Reviews]]> 2024-05-06T14:50:07+00:00 https://www.globalsecuritymag.fr/introducing-socx-secureiqlab-s-ai-powered-cloud-security-validation-platform.html www.secnews.physaphae.fr/article.php?IdArticle=8494663 False Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ici . En 2022, j'ai fondé ma société de capital-investissement, Willjam Ventures, et depuis lors, nous avons tenu une expérience exceptionnelle à investir et à opérer les entreprises de cybersécurité de classe mondiale.Ce dernier investissement dans LevelBlue ne fait pas exception, ce qui témoigne de cet engagement.Nous sommes enthousiasmés par l'opportunité à venir pour LevelBlue.Ici & rsquo; s pourquoi: & # 9679; sa mission & ndash;pour simplifier la sécurité et faire de la cyber-résilience un résultat réalisable & ndash;est essentiel au succès des entreprises. Alors que les organisations continuent d'innover, des technologies telles que l'intelligence artificielle (IA) et le cloud computing créent un paysage de menace plus dynamique et élargi.Avec LevelBlue, les organisations n'ont plus besoin de sacrifier l'innovation avec la sécurité et le ndash;Ils réalisent les deux, avec confiance.Avec plus de 1 300 employés axés sur cette mission, LevelBlue propose des services de sécurité stratégiques, notamment des services de sécurité gérés primés, des conseils stratégiques expérimentés, des renseignements sur les menaces et des recherches révolutionnaires & ndash;Servir de conseiller de confiance pour les entreprises du monde entier. & # 9679; LevelBlue rassemble certains des esprits les plus talentueux et les plus brillants de la cybersécurité. Tout comme tout voyage, les organisations ne devraient pas se lancer dans leur voyage de cybersécurité seul.C'est là que LevelBlue entre en jeu. Chaque membre de notre équipe de conseil a en moyenne 15 ans d'expérience en cybersécurité, détenant les dernières certifications et connaissances en travaillant avec des organisations de différents types et tailles.Je suis également ravi d'être rejoint par Sundhar Annamalai, le président de LevelBlue, qui a plus de 20 ans d'expérience dans les services technologiques et l'exécution stratégique pour aider notre entreprise à de nouveaux sommets. & # 9679; La société a une histoire de longue date de la recherche de recherches à l'avenir et neutres. Les conseillers de confiance tiennent leurs clients informés sur les dernières tendances avant qu'elles ne se produisent, et c'est à cela que LevelBlue est le meilleur.Avec la plate-forme de renseignement sur les menaces de niveau Blue, ainsi que les rapports de recherche de l'industrie de l'entreprise (plus à venir sur ce blog), les clients peuvent rester en une étape avant les dernières cyber-menaces, tout en acquittent des informations précieuses sur la façon d'allouer correctement allouéRessources de cybersécurité. La cyber-résilience n'est pas facilement définie, et elle n'est pas facilement réalisable sans le soutien nécessaire.Les services de cybersécurité stratégiques de niveauBlue aideront à résoudre ce défi à une époque où il a le plus besoin.Nous avons la bonne équipe, la bonne technologie et au bon moment dans le temps & ndash;Je suis ravi pour le voyage à venir. Pour ceux de la conférence RSA, nous vous invitons à venir en savoir plus sur LevelBlue en visitant le stand # 6155 à Moscone North Expo.Nous sommes impatients de nous présenter à vous.

---

Today is a monumental day for the cybersecurity industry. Live from RSA Conference 2024, I’m excited to introduce LevelBlue – a joint venture with AT&T and WillJam Ventures, to form a new, standalone managed security services busines]]> 2024-05-06T14:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introducing-levelblue-elevating-business-confidence-by-simplifying-security www.secnews.physaphae.fr/article.php?IdArticle=8496673 False Threat,Cloud,Conference None 3.0000000000000000 Bleeping Computer - Magazine Américain The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. [...]]]> 2024-05-04T10:17:34+00:00 https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8493646 False Malware,Threat,Cloud APT 42 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.]]> 2024-05-03T18:05:00+00:00 https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8492991 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.]]> 2024-05-03T16:12:00+00:00 https://thehackernews.com/2024/05/new-guide-explains-how-to-eliminate.html www.secnews.physaphae.fr/article.php?IdArticle=8492915 False Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The new startup\'s SaaS platform claims to help organizations detect ransomware attacks faster than “traditional” methods and to recover within 24 hours.]]> 2024-05-02T22:10:42+00:00 https://www.darkreading.com/endpoint-security/mimic-launches-with-new-ransomeware-defense-platform www.secnews.physaphae.fr/article.php?IdArticle=8492963 False Ransomware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "]]> 2024-05-02T15:49:00+00:00 https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8492326 False Threat,Cloud None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique SaaS applications have fundamentally transformed business operations by enabling on-demand user access to services and data via the internet from anywhere. Yet, despite countless benefits, SaaS in the enterprise is fraught with cybersecurity challenges.  Addressing SaaS sprawl It goes without saying that SaaS adoption has experienced exponential growth across every industry and market segment. The […] ]]> 2024-05-02T14:05:50+00:00 https://www.netskope.com/blog/breaking-boundaries-the-industrys-first-sse-leader-to-leverage-generative-ai-in-saas-security www.secnews.physaphae.fr/article.php?IdArticle=8492409 False Cloud None 2.0000000000000000 Techworm - News 2024-05-02T11:32:21+00:00 https://www.techworm.net/2024/05/dropbox-customer-data-stolen-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8492211 False Cloud None 3.0000000000000000 Silicon - Site de News Francais 2024-05-02T10:41:00+00:00 https://www.silicon.fr/broadcom-concessions-fournisseurs-cloud-478304.html www.secnews.physaphae.fr/article.php?IdArticle=8492384 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent]]> 2024-05-02T10:34:00+00:00 https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html www.secnews.physaphae.fr/article.php?IdArticle=8492194 False Malware,Cloud None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les membres d'une équipe de piratage iranienne notoire utilisent de fausses personnalités pour voler des informations d'identification et accéder aux environnements cloud de victime, selon un nouveau rapport mandiant.

---

>Members of a notorious Iranian hacking crew are using false personas to steal credentials and access victim cloud environments, per a new Mandiant report. ]]> 2024-05-02T03:00:00+00:00 https://cyberscoop.com/iranian-hackers-impersonate-journalists-in-social-engineering-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8492149 False Cloud None 2.0000000000000000 Techworm - News avertir dans un article de blog . «La seiche est en attente, reniflant passivement les paquets, n'agissant que lorsqu'il est déclenché par un ensemble de règles prédéfini.Le renifleur de paquets utilisé par la seiche a été conçu pour acquérir du matériel d'authentification, en mettant l'accent sur les services publics basés sur le cloud. » ]]> 2024-05-01T23:25:26+00:00 https://www.techworm.net/2024/05/malware-target-router-steal-password.html www.secnews.physaphae.fr/article.php?IdArticle=8491968 False Malware,Threat,Cloud,Technical APT 32 4.0000000000000000 Techworm - News 2024-05-01T20:17:03+00:00 https://www.techworm.net/2024/05/google-bounty-rce-bugs-android-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8491889 False Malware,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses.]]> 2024-05-01T17:34:12+00:00 https://www.darkreading.com/cloud-security/cuttlefish-zero-click-malware-steals-private-cloud-data www.secnews.physaphae.fr/article.php?IdArticle=8491941 False Malware,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

F5 Delivers New Solutions that Radically Simplify Security for Every App and API • F5 Distributed Cloud Services Web Application Scanning automates security reconnaissance and penetration testing for web applications. • BIG-IP Next WAF mitigates web app and API threats while increasing operational efficiency for NetOps and SecOps teams. • NGINX App Protect extends web app firewall protections for NGINX open source deployments to provide DevSecOps teams with effective controls without hindering developer agility. - Product Reviews]]> 2024-05-01T17:26:37+00:00 https://www.globalsecuritymag.fr/f5-announced-f5-distributed-cloud-services-web-application-scanning.html www.secnews.physaphae.fr/article.php?IdArticle=8491961 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Netwrix annual security survey: 79% of organisations spotted a cyberattack within the last 12 months, up from 68% in 2023 Over the last year, the attacks that gained momentum are account compromise in the cloud and targeted attacks on premises - Special Reports]]> 2024-05-01T14:55:49+00:00 https://www.globalsecuritymag.fr/netwrix-annual-security-survey-79-of-organisations-spotted-a-cyberattack-within.html www.secnews.physaphae.fr/article.php?IdArticle=8491870 False Cloud None 2.0000000000000000 SecurityWeek - Security News Plate-forme de logiciels malveillants semi-ruisseaux errant autour des routeurs SOHO d'entreprise capables de récolter secrètement les données d'authentification du cloud public à partir du trafic Internet.

---

>Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic. ]]> 2024-05-01T14:33:31+00:00 https://www.securityweek.com/cuttlefish-malware-targets-routers-harvests-cloud-authentication-data/ www.secnews.physaphae.fr/article.php?IdArticle=8491900 False Malware,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Si vous souhaitez protéger vos travailleurs distants, l'un des meilleurs endroits pour démarrer est le navigateur Web.C'est le portail principal vers notre journée de travail pour accéder à tout, des fichiers aux applications SaaS ou simplement à parcourir le Web.C'est pourquoi nous avons récemment ajouté une protection significative de navigateur à l'accès à l'harmonie sur Internet.Que vous cherchiez à empêcher les attaques de phishing, la réutilisation des mots de passe d'entreprise ou des fuites numériques, nous vous sommes couverts.Soutenu par ThreatCloud AI, la technologie de prévention des menaces de Check Point \\, la sécurité du navigateur d'accès Internet, la sécurité des navigateurs améliore la sécurité de votre main-d'œuvre à distance et à bureau.Fonctionnalités principales de sécurité du navigateur Prise en charge de la sécurité du navigateur [& # 8230;]

---

>If you want to protect your remote workers one of the best places to start is the web browser. It\'s the primary portal to our workday for accessing everything from files to SaaS applications or just browsing the web. That\'s why we recently added significant browser protection to Harmony SASE Internet Access. Whether you\'re looking to prevent phishing attacks, reuse of corporate passwords, or digital leaks, we\'ve got you covered. Backed by ThreatCloud AI, Check Point\'s industry-leading threat prevention technology, Internet Access Browser Security improves the security of your remote and in-office workforce. Browser Security Main Features Browser Security supports […] ]]> 2024-05-01T13:00:45+00:00 https://blog.checkpoint.com/security/extending-sase-protection-into-the-browser/ www.secnews.physaphae.fr/article.php?IdArticle=8491809 False Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-01T05:12:14+00:00 https://www.proofpoint.com/us/blog/information-protection/whats-best-way-stop-genai-data-loss-take-human-centric-approach www.secnews.physaphae.fr/article.php?IdArticle=8491708 False Tool,Medical,Cloud ChatGPT 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-04-30T09:30:54+00:00 https://www.globalsecuritymag.fr/keeper-security-conclut-un-partenariat-en-cybersecurite-avec-williams-racing.html www.secnews.physaphae.fr/article.php?IdArticle=8491183 False Cloud None 1.00000000000000000000 Global Security Mag - Site de news francais Business]]> 2024-04-30T08:30:54+00:00 https://www.globalsecuritymag.fr/outscale-marque-de-dassault-systemes-annonce-l-acquisition-strategique-de.html www.secnews.physaphae.fr/article.php?IdArticle=8491157 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-04-30T08:10:42+00:00 https://www.globalsecuritymag.fr/groupe-infodis-devient-tenexa.html www.secnews.physaphae.fr/article.php?IdArticle=8491159 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-04-30T07:23:24+00:00 https://www.globalsecuritymag.fr/le-groupe-inherent-annonce-l-acquisition-d-upper-link-et-renforce-son-expertise.html www.secnews.physaphae.fr/article.php?IdArticle=8491122 False Cloud None 1.00000000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-30T07:17:16+00:00 https://www.globalsecuritymag.fr/trend-micro-devoile-de-nouvelles-capacites-pour-maitriser-l-ensemble-de-la.html www.secnews.physaphae.fr/article.php?IdArticle=8491125 False Prediction,Cloud None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog Are you looking to catch up on the latest in AI and cloud-native Application Security at RSAC 2024? Veracode is hosting a series of talks at our booth along with a series of programs at The W San Francisco. Here are all the details.  Veracode at RSAC 2024: A Preview  RSAC 2024 is around the corner and Veracode, a visionary provider of cloud-native Application Security testing solutions, will be at the forefront, showcasing groundbreaking innovations that are shaping the future of AppSec.   This year, we are particularly excited to showcase the recent acquisition of Longbow Security, a strategic move that strengthens our commitment to providing comprehensive code-to-cloud security.   According to App Developer Magazine, “The integration of Longbow into Veracode enables security teams to discover cloud and application assets quickly and easily assess their threat exposure using automated issue investigation and root cause analysis. Longbow provides a centralized…]]> 2024-04-29T10:49:21+00:00 https://www.veracode.com/blog/intro-appsec/your-must-know-ai-and-cloud-native-appsec-insights-rsac-2024 www.secnews.physaphae.fr/article.php?IdArticle=8490697 False Threat,Cloud None 1.00000000000000000000 IndustrialCyber - cyber risk firms for industrial Organizations are increasingly forced to protect their cloud and IIoT in Industry 4.0 across OT/ICS (operational technology/industrial control... ]]> 2024-04-28T05:28:32+00:00 https://industrialcyber.co/features/securing-cloud-iiot-in-industry-4-0-emerges-crucial-for-protecting-industrial-operations-across-ot-ics-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8489935 False Industrial,Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-26T21:12:34+00:00 https://therecord.media/kyc-executive-order-cloud-industry-opposition www.secnews.physaphae.fr/article.php?IdArticle=8489264 False Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.]]> 2024-04-26T19:34:32+00:00 https://www.darkreading.com/cybersecurity-operations/ciso-corner-evil-sboms-zero-trust-cloud-security-mitre-ivanti www.secnews.physaphae.fr/article.php?IdArticle=8489272 False Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-26T19:12:08+00:00 https://community.riskiq.com/article/2641df15 www.secnews.physaphae.fr/article.php?IdArticle=8489234 False Ransomware,Spam,Malware,Tool,Threat,Industrial,Cloud None 2.0000000000000000 GoogleSec - Firm Security Blog IntroductionAs security professionals, we\'re constantly looking for ways to reduce risk and improve our workflow\'s efficiency. We\'ve made great strides in using AI to identify malicious content, block threats, and discover and fix vulnerabilities. We also published the Secure AI Framework (SAIF), a conceptual framework for secure AI systems to ensure we are deploying AI in a responsible manner. Today we are highlighting another way we use generative AI to help the defenders gain the advantage: Leveraging LLMs (Large Language Model) to speed-up our security and privacy incidents workflows.]]> 2024-04-26T18:33:10+00:00 http://security.googleblog.com/2024/04/accelerating-incident-response-using.html www.secnews.physaphae.fr/article.php?IdArticle=8493537 False Tool,Threat,Industrial,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Un effet secondaire intéressant de la prolifération du développement de logiciels natifs du cloud est les lignes floues entre les rôles des équipes Infosec et DevOps pour protéger les données de l'application et des utilisateurs.Jusqu'à récemment, DevSecops consistait principalement à sécuriser et à protéger le code, les outils utilisés dans le SDLC et l'infrastructure des applications \\ 'contre les vulnérabilités, les fuites et les erreurs de configuration potentiels.Aujourd'hui, les données sensibles ne vit plus dans des bases de données sécurisées et centralisées.Au lieu de cela, il est dispersé dans des instances fluides et amorphes sur diverses plates-formes cloud et hybrides, ce qui rend le problème de la protection des données.Si vous regardez les chiffres, l'état de la sécurité des données aujourd'hui est carrément terrifiant.[& # 8230;]

---

>An interesting side-effect of the proliferation of cloud-native software development is the blurred lines between the roles of InfoSec and DevOps teams in protecting application and user data. Until recently, DevSecOps was mostly about securing and protecting the code, the tools used in the SDLC, and the applications\' infrastructure from potential vulnerabilities, leaks, and misconfigurations. Today, sensitive data no longer lives in secure and centralized databases. Instead, it\'s scattered in fluid and amorphic instances on various cloud and hybrid platforms, making data protection everyone\'s problem. If you look at the numbers, the state of data security today is downright terrifying. […] ]]> 2024-04-26T13:00:25+00:00 https://blog.checkpoint.com/securing-the-cloud/7-essentials-every-data-security-posture-management-dspm-must-have/ www.secnews.physaphae.fr/article.php?IdArticle=8489057 False Tool,Vulnerability,Cloud None 3.0000000000000000 Korben - Bloger francais 2024-04-25T07:20:40+00:00 https://korben.info/localsumm-generateur-resumes-local-navigateur.html www.secnews.physaphae.fr/article.php?IdArticle=8488430 False Cloud None 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform Anthos Service Mesh Security Bulletin . High cve-2024-27919 CVE-2024-30255 CVE-2024-32475 CVE-2023-45288

---

Published: 2024-04-24Description Description Severity Notes The following CVEs expose Anthos Service Mesh to exploitable vulnerabilities: CVE-2024-27919: HTTP/2: memory exhaustion due to CONTINUATION frame flood. CVE-2024-30255: HTTP/2: CPU exhaustion due to CONTINUATION frame flood CVE-2024-32475: Abnormal termination when using \'auto_sni\' with \':authority\' header longer than 255 characters. CVE-2023-45288: HTTP/2 CONTINUATION frames can be utilized for DoS attacks. For instructions and more details, see the Anthos Service Mesh security bulletin. High CVE-2024-27919 CVE-2024-30255 CVE-2024-32475 CVE-2023-45288 ]]> 2024-04-24T21:21:38+00:00 https://cloud.google.com/support/bulletins/index#gcp-2024-023 www.secnews.physaphae.fr/article.php?IdArticle=8488219 False Vulnerability,Cloud None None Global Security Mag - Site de news francais rapports spéciaux

---

Metomic surveyed more than 400 CISOs to better understand the biggest challenges security leaders are up against in 2024, along with their top priorities and initiatives Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, GenAI and cloud applications, today released its “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic surveyed more than 400 Chief Information Security Officers (...) - Special Reports]]> 2024-04-24T13:26:05+00:00 https://www.globalsecuritymag.fr/metomic-ciso-survey-finds-72-of-u-s-cisos-are-concerned-generative-ai-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8488016 False Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.]]> 2024-04-24T13:24:44+00:00 https://www.darkreading.com/cloud-security/patch-crushftp-zero-day-cloud-exploit-targets-us-orgs www.secnews.physaphae.fr/article.php?IdArticle=8488006 False Vulnerability,Threat,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-04-24T12:22:43+00:00 https://www.globalsecuritymag.fr/nokia-transfere-ses-fonctions-de-rh-mondiales-vers-oracle-fusion-cloud-hcm.html www.secnews.physaphae.fr/article.php?IdArticle=8487974 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

It\'s time to move on from our reliance on third-party tools built on easily exploited infrastructure At present, an overwhelming proportion of businesses are placing their sensitive data in the hands of third-party cloud tools that are plagued by a multitude of vulnerabilities. This is according to OmniIndex CEO and data security expert Simon Bain, who argues that businesses must embrace modern technologies or risk attacks, as ransomware attackers continually exploit third-party cloud (...) - Opinion]]> 2024-04-24T08:05:50+00:00 https://www.globalsecuritymag.fr/cloudy-with-a-chance-of-ransomware-third-party-cloud-tools-are-putting-you-at.html www.secnews.physaphae.fr/article.php?IdArticle=8487843 False Ransomware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.]]> 2024-04-23T20:47:27+00:00 https://www.darkreading.com/cloud-security/5-hard-truths-about-the-state-of-cloud-security-2024 www.secnews.physaphae.fr/article.php?IdArticle=8487611 False Cloud None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Learn how organizations are using the cloud, their cloud-security challenges, and other insights from the 2024 Cloud Security Report]]> 2024-04-23T19:38:00+00:00 https://www.fortinet.com/blog/industry-trends/key-findings-cloud-security-report-2024 www.secnews.physaphae.fr/article.php?IdArticle=8487424 False Studies,Cloud None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme NetSkope.Cet article vise à fournir une intelligence stratégique et exploitable sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Le résumé OneDrive et SharePoint étaient en haut de la liste des principales applications cloud utilisées pour les téléchargements de logiciels malveillants.Les attaquants continuent [& # 8230;]

---

>Netskope Threat Labs publishes a monthly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary OneDrive and SharePoint were on the top of the list of top cloud apps used for malware downloads. Attackers continue […] ]]> 2024-04-23T18:32:40+00:00 https://www.netskope.com/blog/netskope-threat-labs-stats-for-march-2024 www.secnews.physaphae.fr/article.php?IdArticle=8487560 False Malware,Threat,Cloud None 3.0000000000000000 IT Security Guru - Blog Sécurité Le rapport M mandiant \\ a révèle que de nouvelles perspectives des cyber-enquêtes de première ligne sont apparues pour la première fois sur gourou de la sécurité informatique .

---

Mandiant, part of Google Cloud, today released the findings of its M-Trends 2024 report. Now in its 15th year, this annual report provides expert trend analysis based on Mandiant frontline cyber attack investigations and remediations conducted in 2023. The 2024 report reveals evidence that organizations globally have made meaningful improvements in their defensive capabilities, identifying […] The post Mandiant\'s M-Trends Report Reveals New Insights from Frontline Cyber Investigations first appeared on IT Security Guru. ]]> 2024-04-23T13:59:53+00:00 https://www.itsecurityguru.org/2024/04/23/mandiants-m-trends-report-reveals-new-insights-from-frontline-cyber-investigations/?utm_source=rss&utm_medium=rss&utm_campaign=mandiants-m-trends-report-reveals-new-insights-from-frontline-cyber-investigations www.secnews.physaphae.fr/article.php?IdArticle=8487440 False Prediction,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

This IT auditing SaaS solution is now available in end-customer and MSP versions Netwrix, a vendor that delivers effective and accessible cybersecurity to any organisation, released a new version of its easy-to-use and fast-to-deploy IT auditing software-as-a-service (SaaS) solution, Netwrix 1Secure. It enables prompt detection of suspicious activities around data across the Microsoft 365 environment, Entra ID (formerly Azure AD), as well as Active Directory, and file servers. Netwrix (...) - Product Reviews]]> 2024-04-23T13:30:25+00:00 https://www.globalsecuritymag.fr/new-version-of-netwrix-1secure-accelerates-security-threat-detection-and.html www.secnews.physaphae.fr/article.php?IdArticle=8487421 False Threat,Cloud None 3.0000000000000000 GoogleSec - Firm Security Blog The Reporting API is an emerging web standard that provides a generic reporting mechanism for issues occurring on the browsers visiting your production website. The reports you receive detail issues such as security violations or soon-to-be-deprecated APIs, from users\' browsers from all over the world. Collecting reports is often as simple as specifying an endpoint URL in the HTTP header; the browser will automatically start forwarding reports covering the issues you are interested in to those endpoints. However, processing and analyzing these reports is not that simple. For example, you may receive a massive number of reports on your endpoint, and it is possible that not all of them will be helpful in identifying the underlying problem. In such circumstances, distilling and fixing issues can be quite a challenge. In this blog post, we\'ll share how the Google security team uses the Reporting API to detect potential issues and identify the actual problems causing them. We\'ll also introduce an open source solution, so you can easily replicate Google\'s approach to processing reports and acting on them. How does the Reporting API work? Some errors only occur in production, on users\' browsers to which you have no access. You won\'t see these errors locally or during development because there could be unexpected conditions real users, real networks, and real devices are in. With the Reporting API, you directly leverage the browser to monitor these errors: the browser catches these errors for you, generates an error report, and sends this report to an endpoint you\'ve specified. How reports are generated and sent. Errors you can monitor with the Reporting API include: Security violations: Content-Security-Policy (CSP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Embedder-Policy (COEP) Deprecated and soon-to-be-deprecated API calls Browser interventions Permissions policy And more For a full list of error types you can monitor, see use cases and report types. The Reporting API is activated and configured using HTTP response headers: you need to declare the endpoint(s) you want the browser to send reports to, and which error types you want to monitor. The browser then sends reports to your endpoint in POST requests whose payload is a list of reports. Example setup:#]]> 2024-04-23T13:15:47+00:00 http://security.googleblog.com/2024/04/uncovering-potential-threats-to-your.html www.secnews.physaphae.fr/article.php?IdArticle=8493538 False Malware,Tool,Vulnerability,Mobile,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-04-23T12:43:53+00:00 https://www.globalsecuritymag.fr/le-rapport-m-trends-de-mandiant-revele-de-nouvelles-informations-issues-des.html www.secnews.physaphae.fr/article.php?IdArticle=8487382 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-23T12:12:05+00:00 https://www.globalsecuritymag.fr/avec-la-nouvelle-version-de-sa-solution-d-audit-saas-1secure-netwrix-accelere.html www.secnews.physaphae.fr/article.php?IdArticle=8487387 False Cloud None 2.0000000000000000 CrowdStrike - CTI Society Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation.  However, as organizations migrate to the cloud, they face a complex and growing threat landscape of […]]]> 2024-04-22T17:03:13+00:00 https://www.crowdstrike.com/blog/best-practices-to-secure-aws-resources/ www.secnews.physaphae.fr/article.php?IdArticle=8486953 False Threat,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Netzer Shohet est un chef de produit basé à Givatayim, en Israël.Il a rejoint Check Point en tant que développeur dans l'équipe d'infrastructure IPS en 2005 et travaille actuellement sur le développement du cloud pour notre plate-forme qui a permis le lancement de CloudGuard WAF, Quantum SD-WAN et Quantum IoT Protect, entre autres.Netzer est titulaire d'un diplôme de maîtrise en philosophie et d'un baccalauréat en informatique et biologie de l'Université de Tel Aviv et a rédigé son livre le plus vendu, «The Cyber-Safe Child», pour aider les parents à enseigner à leurs enfantssur la cyber-sécurité.Quel est votre rôle à Check Point, en particulier au sein de l'équipe de produit?Je travaille comme [& # 8230;]

---

>Netzer Shohet is a Product Manager based in Givatayim, Israel. He joined Check Point as a developer on the IPS infrastructure team in 2005 and currently works on cloud development for our platform that enabled the launch of CloudGuard WAF, Quantum SD-WAN, and Quantum IoT Protect, among others. Netzer holds a Master\'s degree in Philosophy and a Bachelor\'s degree in Computer Science and Biology from Tel Aviv University and authored his best-selling book, “The Cyber-Safe Child,” to help parents teach their children about cyber safety. What is your role at Check Point, specifically within the product team? I work as […] ]]> 2024-04-22T13:00:37+00:00 https://blog.checkpoint.com/company-and-culture/getting-to-know-netzer-shohet/ www.secnews.physaphae.fr/article.php?IdArticle=8486828 False Cloud None 2.0000000000000000 Sekoia - Cyber Firms Le changement global vers le cloud computing est indéniable.Selon Statista, le marché mondial de l'informatique du cloud public continue de croître et devrait atteindre environ 679 milliards de dollars américains en 2024. AWS, Azure et Google Cloud Services dominent le marché et offrent l'évolutivité et la rentabilité des entreprises.Néanmoins, tout devient plus compliqué lorsqu'il [& # 8230;] la publication Suivante sécuriser les périmètres de cloud est un article de Blog Sekoia.io .

---

>The global shift towards cloud computing is undeniable. According to Statista, the worldwide public cloud computing market continues to grow and is expected to reach an estimated 679 billion U.S. dollars in 2024. AWS, Azure and Google Cloud services dominate the market and offer businesses scalability and cost-effectiveness. Nevertheless, everything becomes more complicated when it […] La publication suivante Securing cloud perimeters est un article de Sekoia.io Blog.]]> 2024-04-22T07:18:51+00:00 https://blog.sekoia.io/securing-cloud-perimeters/ www.secnews.physaphae.fr/article.php?IdArticle=8486700 False Cloud None 2.0000000000000000 The State of Security - Magazine Américain As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let \' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model...]]> 2024-04-22T02:35:32+00:00 https://www.tripwire.com/state-of-security/nsa-debuts-cloud-security-mitigation-strategies www.secnews.physaphae.fr/article.php?IdArticle=8486677 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here\'s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let\'s discuss why]]> 2024-04-19T16:38:00+00:00 https://thehackernews.com/2024/04/showcasing-networkless-identity-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8485252 False Cloud None 3.0000000000000000 Vuln AWS - FLux Vuln AWS Comment la culture unique de la sécurité à AWS fait une différence " Article de blog. & nbsp;

---

Publication Date: 2024/04/19 09:00 AM PDT AWS is aware of a recent Cyber Safety Review Board (CSRB) report regarding a 2023 Microsoft Online Exchange issue. We are not affected by the issues described in this report and no customer action is required. At AWS, security is our top priority. Every AWS customer benefits from the fact that we have the most operational experience of any cloud provider. We designed AWS from its very foundation to be the most secure way for our customers to run their workloads, and built our internal culture around security as a business imperative. The security of the AWS cloud is unique and differentiated by our technology, culture, and practices. To learn more, please refer to our "How the unique culture of security at AWS makes a difference" blog post.  ]]> 2024-04-19T15:59:33+00:00 https://aws.amazon.com/security/security-bulletins/AWS-2024-004/ www.secnews.physaphae.fr/article.php?IdArticle=8485378 False Cloud None None CrowdStrike - CTI Society As Porter Airlines scaled its business, it needed a unified cybersecurity platform to eliminate the challenges of juggling multiple cloud, identity and endpoint security products. Porter consolidated its cybersecurity strategy with the single-agent, single-console architecture of the AI-native CrowdStrike Falcon® XDR platform. With the Falcon platform, the airline has reduced cost and complexity while driving […]]]> 2024-04-18T19:56:43+00:00 https://www.crowdstrike.com/blog/porter-airlines-consolidates-cybersecurity-with-crowdstrike/ www.secnews.physaphae.fr/article.php?IdArticle=8486954 False Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Alors que les entreprises passent de plus en plus vers le cloud, la sécurité du cloud est une priorité absolue.Les clients nous disent que plus leur confiance dans leur sécurité dans leur cloud est grande, plus ils migreront rapidement et plus ils se déplaceront vers le cloud.Une importance particulière est particulièrement importante, une couche fondamentale de défense avec une atténuation des risques les plus larges et un ratio de coûts / avantages les plus larges.Selon les cyberratings, «les pare-feu de réseau cloud sont considérés comme la première ligne de défense lorsqu'ils sont déployés dans des fournisseurs de cloud publics tels que les services Web d'Amazon, Google Cloud Platform et Microsoft Azure».Dans cet article, nous résumons une partie de la [& # 8230;] [& # 8230;]

---

>As businesses increasingly transition to the cloud, cloud security is a top priority. Customers tell us that the greater their confidence in their cloud security, the faster they will migrate, and the more workloads they will move to the cloud. Of particular importance is cloud network security, a foundational layer of defense with broadest risk mitigation and best cost/benefit ratio. According to CyberRatings, “Cloud network firewalls are considered to be the first line of defense when deployed in public cloud providers such as Amazon Web Services, Google Cloud Platform and Microsoft Azure.” In this article, we’ll summarize some of the […] ]]> 2024-04-18T13:00:58+00:00 https://blog.checkpoint.com/securing-the-cloud/miercom-ngfw-security-benchmark-2024-why-it-matters-for-cloud-network-security/ www.secnews.physaphae.fr/article.php?IdArticle=8484749 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2024-04-18T12:30:46+00:00 https://www.globalsecuritymag.fr/cohesity-annonce-sa-collaboration-avec-intel.html www.secnews.physaphae.fr/article.php?IdArticle=8484726 False Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-18T08:35:54+00:00 https://www.globalsecuritymag.fr/cisco-devoile-hypershield.html www.secnews.physaphae.fr/article.php?IdArticle=8484609 False Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Permiso Security announced Cloud Console Cartographer during Black Hat Asia to help defenders look inside Amazon Web Services events logs for signs of cyberattacks.]]> 2024-04-18T02:00:00+00:00 https://www.darkreading.com/cloud-security/open-source-tool-looks-signals-in-noisy-aws-cloud-logs www.secnews.physaphae.fr/article.php?IdArticle=8484720 False Tool,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Ukraine ## Snapshot Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. **Microsoft tracks this APT as Seashell Blizzard.  [Read more about them here.](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb)** ## Description APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. The group has honed each of these capabilities and sought to integrate them into a unified playbook over time. APT44 has aggressively pursued a multi-pronged effort to help the Russian military gain a wartime advantage and is responsible for nearly all of the disruptive and destructive operations against Ukraine over the past decade. The group presents a persistent, high severity threat to governments and critical infrastructure operators globally where Russian national interests intersect. APT44 is seen by the Kremlin as a flexible instrument of power capable of servicing Russia\'s wide-ranging national interests and ambitions, including efforts to undermine democratic processes globally. The group\'s support of the Kremlin\'s political objectives has resulted in some of the largest and mo]]> 2024-04-17T20:31:47+00:00 https://community.riskiq.com/article/24c2a760 www.secnews.physaphae.fr/article.php?IdArticle=8484361 False Threat,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-17T18:00:31+00:00 https://www.proofpoint.com/us/blog/engineering-insights/exploding-prompts-available-open-source www.secnews.physaphae.fr/article.php?IdArticle=8484113 False Malware,Tool,Threat,Studies,Cloud,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The introduction of Open AI\'s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,]]> 2024-04-17T16:37:00+00:00 https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8484090 False Tool,Cloud ChatGPT 2.0000000000000000