www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T12:52:27+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La vulnérabilité de Zero Trust: leçons de la tempête 0558 Hack The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one\'s own network. Just recently, an attack believed to be perpetrated by the Chinese hacker group]]> 2023-08-18T17:19:00+00:00 https://thehackernews.com/2023/08/the-vulnerability-of-zero-trust-lessons.html www.secnews.physaphae.fr/article.php?IdArticle=8371755 False Hack,Vulnerability None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cinquante minutes pour pirater le chatppt: à l'intérieur du concours de con, à casser AI Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI Plus de 2 000 pirates ont attaqué des chatbots de pointe pour découvrir les vulnérabilités - et ont démontré les défis de l'IA de l'équipe rouge.

>More than 2,000 hackers attacked cutting-edge chatbots to discover vulnerabilities - and demonstrated the challenges for red-teaming AI. ]]> 2023-08-18T16:11:17+00:00 https://cyberscoop.com/def-con-ai-hacking-red-team/ www.secnews.physaphae.fr/article.php?IdArticle=8371824 False Hack,Vulnerability ChatGPT 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Def Con 31: US DOD exhorte les pirates à aller pirater \\ 'ai \\' DEF CON 31: US DoD urges hackers to go and hack \\'AI\\' The limits of current AI need to be tested before we can rely on their output]]> 2023-08-18T09:31:37+00:00 https://www.welivesecurity.com/en/cybersecurity/def-con-31-us-dod-urges-hackers-to-go-and-hack-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8382229 False Hack None 3.0000000000000000 Techworm - News Des comptes LinkedIn piratés dans une grande campagne de détournement LinkedIn Accounts Hacked In Large Hijacking Campaign Reddit , twitter , et le Forums Microsoft Pour signaler qu'ils ont perdu accès à leurs comptes et sont confrontés à des comptes gelés ou bannis (via BleepingComputer ). & # 8220; Certains ont même été pressés de payer une rançon pour reprendre le contrôle ou confronté à la suppression permanente de leurs comptes, & # 8221;a écrit Coral Tayar, chercheur en sécurité chez Cyberint, dans un article de blog. & # 8220; Bien que LinkedIn n'ait pas encore publié d'annonce officielle, il semble que leur temps de réponse de support se soit allongé, avec des rapports d'un volume élevé de demandes de soutien. & # 8221; Les utilisateurs de LinkedIn frustrés ont également indiqué qu'ils ne sont pas en mesure de résoudre les problèmes liés à leurs comptes de violation, car le support LinkedIn n'a pas répondu ou inutile. & # 8220; Mon compte a été piraté il y a 6 jours.Le courrier électronique a été modifié au milieu de la nuit et je n'avais pas la capacité de confirmer le changement ou de l'empêcher, & # 8221; La vague d'attaques semble impliquer l'utilisation d'identification divulguée ou de forçage brute des mots de passe pour prendre les comptes LinkedIn mal protégés. Les pirates échangent ensuite rapidement l'adresse e-mail associée à une de la & # 8220; Rambler.ru & # 8221;Service, réinitialisez le mot de passe et activez l'authentification à deux facteurs (2FA), verrouillant le titulaire du compte d'origine.Cela a rendu le processus de récupération du compte encore plus diffici]]> 2023-08-16T16:00:18+00:00 https://www.techworm.net/2023/08/linkedin-accounts-hacked-hijacking.html www.secnews.physaphae.fr/article.php?IdArticle=8393062 False Hack None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain La Commission électorale britannique a piraté UK Electoral Commission Hacked piraté L'année précédente.Cela & # 8217; s quatorze mois entre le piratage et la découverte.Il ne sait pas qui était derrière le hack. Nous avons travaillé avec des experts en sécurité externe et le National Cyber Security Center pour enquêter et sécuriser nos systèmes. Si le piratage était par un gouvernement majeur, les chances sont vraiment faibles qu'elle ait obtenu ses systèmes & # 8212; à moins qu'il ne brûle le réseau au sol et le reconstruit à partir de zéro (ce qui semble peu probable).

The UK Electoral Commission discovered last year that it was hacked the year before. That’s fourteen months between the hack and the discovery. It doesn’t know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our systems. If the hack was by a major government, the odds are really low that it has resecured its systems—unless it burned the network to the ground and rebuilt it from scratch (which seems unlikely).]]> 2023-08-16T11:17:51+00:00 https://www.schneier.com/blog/archives/2023/08/uk-electoral-commission-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8370670 False Hack None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Black Hat 2023: piratage de la police (au moins leurs radios) Black Hat 2023: Hacking the police (at least their radios) Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.]]> 2023-08-15T09:30:00+00:00 https://www.welivesecurity.com/en/critical-infrastructure/black-hat-2023-hacking-the-police-at-least-their-radios/ www.secnews.physaphae.fr/article.php?IdArticle=8382233 False Hack None 3.0000000000000000 SecurityWeek - Security News L'agence de santé du Colorado affirme 4 millions touchés par Moveit Hack Colorado Health Agency Says 4 Million Impacted by MOVEit Hack L'administrateur des programmes de santé du Colorado \\ affirme que les informations personnelles de 4 millions de personnes ont été compromises dans le récent hack Moveit.

>Colorado\'s health programs administrator says the personal information of 4 million individuals was compromised in the recent MOVEit hack. ]]> 2023-08-14T19:22:10+00:00 https://www.securityweek.com/colorado-health-agency-says-4-million-impacted-by-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8370048 False Hack None 2.0000000000000000 SecurityWeek - Security News Les vulnérabilités Iagona Scrutisweb pourraient exposer les distributeurs automatiques de billets au piratage à distance Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking Plusieurs vulnérabilités découvertes dans le logiciel de surveillance de la flotte ATM Iagona Scrutisweb pourraient être exploitées pour pirater à distance les distributeurs automatiques de billets.

>Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. ]]> 2023-08-14T09:48:38+00:00 https://www.securityweek.com/iagona-scrutisweb-vulnerabilities-could-expose-atms-to-remote-hacking/ www.secnews.physaphae.fr/article.php?IdArticle=8369865 False Hack,Vulnerability None 2.0000000000000000 ComputerWeekly - Computer Magazine US Cyber Board pour sonder la sécurité du cloud après le dernier piratage d'échange US Cyber Board to probe cloud security after latest Exchange hack 2023-08-14T09:45:00+00:00 https://www.computerweekly.com/news/366548173/US-Cyber-Board-to-probe-cloud-security-after-latest-Exchange-hack www.secnews.physaphae.fr/article.php?IdArticle=8369921 False Hack,Cloud None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cyber Sécurité du comité d'examen pour analyser la sécurité du cloud à la sillage de Microsoft Hack Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack La décision intervient dans le sillage d'une violation chinoise de haut niveau des responsables américains \\ 'Microsoft Contacs.

>The decision comes in the wake of a high-profile Chinese breach of U.S. officials\' Microsoft email accounts. ]]> 2023-08-11T15:38:00+00:00 https://cyberscoop.com/cyber-safety-review-board-microsoft-cisa-dhs/ www.secnews.physaphae.fr/article.php?IdArticle=8368971 False Hack,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine DHS pour examiner la sécurité de Microsoft \\ en piratage de courriels chinois DHS to Review Microsoft\\'s Security in Chinese Email Hack The review will also conduct a broader review of issues relating to cloud-based identity and authentication infrastructure]]> 2023-08-11T14:45:00+00:00 https://www.infosecurity-magazine.com/news/dhs-microsoft-security-chinese/ www.secnews.physaphae.fr/article.php?IdArticle=8368955 False Hack None 1.00000000000000000000 Recorded Future - FLux Recorded Future Microsoft Exchange Hack est le centre d'intervention de la prochaine revue de Cyber Board \\ Microsoft Exchange hack is focus of cyber board\\'s next review

L'attaque liée à la Chine contre les services de courrier électronique Microsoft recevra un examen complet du conseil spécial du gouvernement américain pour l'examen des principaux incidents de cybersécurité, a déclaré vendredi le ministère de la Sécurité intérieure.Le Cyber Safety Review Board concentrera son attention sur «le ciblage malveillant des environnements de cloud computing», selon DHS , y compris la récente intrusion dans

The China-linked attack on Microsoft email services will get a full review by the U.S. government\'s special board for examining major cybersecurity incidents, the Department of Homeland Security said Friday. The Cyber Safety Review Board will focus its attention on “the malicious targeting of cloud computing environments,” according to DHS, including the recent intrusion into]]> 2023-08-11T13:47:00+00:00 https://therecord.media/microsoft-exchange-hack-cyber-review-board www.secnews.physaphae.fr/article.php?IdArticle=8368934 False Hack,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain US Cyber Safety Board pour analyser le piratage de Microsoft Exchange des e-mails Govt US cyber safety board to analyze Microsoft Exchange hack of govt emails The Department of Homeland Security\'s Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. [...]]]> 2023-08-11T13:35:52+00:00 https://www.bleepingcomputer.com/news/security/us-cyber-safety-board-to-analyze-microsoft-exchange-hack-of-govt-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8369057 False Hack,Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future La NSA, Viasat dit que le piratage de 2022 était deux incidents;Les sanctions russes résultent d'une enquête NSA, Viasat say 2022 hack was two incidents; Russian sanctions resulted from investigation

Les responsables de la National Security Agency (NSA) et du fournisseur d'Internet satellite Viasat ont fourni de nouveaux détails sur la cyberattaque qui se répercute sur la société au début de l'invasion de l'Ukraine par la Russie.Mark Colaluca, vice-président et chef de la sécurité de l'information chez Viasat, a pris la parole aux côtés de Kristina Walter, chef de la cybersécurité de la base industrielle de la défense (DIB) à la NSA,

Officials from the National Security Agency (NSA) and satellite internet provider Viasat provided new details on the headline-grabbing cyberattack on the company at the onset of Russia\'s invasion of Ukraine. Mark Colaluca, vice president and chief information security officer at Viasat, spoke alongside Kristina Walter, chief of Defense Industrial Base (DIB) Cybersecurity at the NSA,]]> 2023-08-11T11:03:00+00:00 https://therecord.media/viasat-hack-was-two-incidents-and-resulted-in-sanctions www.secnews.physaphae.fr/article.php?IdArticle=8368902 False Hack,Industrial None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Hack satellite sur Eve of Ukraine War a été un assaut coordonné à plusieurs volets Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault Le hack satellite qui a pris d'assaut le monde était plus complexe qu'on ne le pensait initialement, selon un exécutif de Viasat.

>The satellite hack that took the world by storm was more complex than initially thought, according to a Viasat executive. ]]> 2023-08-10T23:50:39+00:00 https://cyberscoop.com/viasat-ka-sat-hack-black-hat/ www.secnews.physaphae.fr/article.php?IdArticle=8368633 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates de MoustachedBouner utilisent des attaques AITM pour espionner les diplomates MoustachedBouncer hackers use AiTM attacks to spy on diplomats A cyberespionage group named \'MoustachedBouncer\' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus. [...]]]> 2023-08-10T12:56:57+00:00 https://www.bleepingcomputer.com/news/security/moustachedbouncer-hackers-use-aitm-attacks-to-spy-on-diplomats/ www.secnews.physaphae.fr/article.php?IdArticle=8368491 False Hack None 2.0000000000000000 BBC - BBC News - Technology Quelle est la sécurité de mes données après un piratage ou une fuite? How safe is my data after a hack or leak? With various instances of private data being accessed, what can you do to keep your info secure?]]> 2023-08-09T15:57:20+00:00 https://www.bbc.co.uk/news/technology-66451970?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8367951 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Des pirates nord-coréens soutenus par l'État ont violé le grand fabricant de missiles russes North Korean state-backed hackers breached major Russian missile maker

Le principal fabricant de missiles de la Russie a été violé par des pirates nord-coréens soutenus par l'État pendant des mois, ont révélé des chercheurs.Au moins deux groupes de menaces nord-coréens nord-coréens ont été liés au piratage de Mashinostroyeniya, ou de Mash, la célèbre société de conception de fusées de Russie.L'incident a commencé fin 2021 et s'est poursuivi jusqu'en mai de l'année dernière, la cybersécurité

Russia\'s major missile manufacturer was breached by state-backed North Korean hackers for months, researchers have found. At least two different North Korean nation-state threat groups have been linked to the hack of Mashinostroyeniya, or Mash, Russia\'s famous rocket design company. The incident began in late 2021 and continued until May of last year, the cybersecurity]]> 2023-08-07T18:10:00+00:00 https://therecord.media/north-korean-hackers-breach-Russia www.secnews.physaphae.fr/article.php?IdArticle=8366878 False Hack,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Tesla Infodivernement Jailbreak déverrouille les fonctionnalités payantes, extrait les secrets Tesla infotainment jailbreak unlocks paid features, extracts secrets Researchers from the Technical University of Berlin have developed a method to hack the AMD-based infotainment systems used in all recent Tesla car models and make it run any software they choose, aka achieve \'jailbreak.\' [...]]]> 2023-08-06T11:06:12+00:00 https://www.bleepingcomputer.com/news/security/tesla-infotainment-jailbreak-unlocks-paid-features-extracts-secrets/ www.secnews.physaphae.fr/article.php?IdArticle=8366456 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le couple de New York plaide coupable de blanchiment d'argent dans 3,6 milliards de dollars Bitfinex Hack NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about 120,000 bitcoin. The development comes more than a year after Ilya Lichtenstein, 35, and his wife, Heather Morgan, 33, were arrested in February 2022, following the seizure of roughly 95,000 of the stolen]]> 2023-08-04T17:43:00+00:00 https://thehackernews.com/2023/08/nyc-couple-pleads-guilty-to-money.html www.secnews.physaphae.fr/article.php?IdArticle=8365677 False Hack None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le couple de New York a plaidé coupable à un blanchiment d'argent à Bitfinex Hack NYC couple pleaded guilty to money laundering in Bitfinex hack Ilya Lichtenstein a également admis, pour la première fois publiquement, effectuer le hack qui a entraîné une crise de 3,6 milliards de dollars par le ministère de la Justice.

>Ilya Lichtenstein also admitted, for the first time publicly, to carrying out the hack that resulted in a $3.6 billion seizure by the Department of Justice. ]]> 2023-08-03T19:47:13+00:00 https://cyberscoop.com/nyc-couple-guilty-bitfinex-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8365386 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future \\ 'Crypto Couple \\' plaide coupable de blanchiment d'argent, comme le mari admet avoir effectué Bitfinex Hack \\'Crypto couple\\' pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack

Pour réaliser le hack lui-même, une touche dans une affaire qui a séduit les enquêteurs.Comme l'a rapporté CNBC, Ilya «néerlandais» Lichtenstein, 34 ans, a fait l'admission tout en plaidant coupable d'avoir blanchi une partie de la

A New York man in court for laundering the proceeds of a 2016 heist on the Bitfinex cryptocurrency platform admitted to carrying out the hack himself, a twist in a case that has beguiled investigators. As reported by CNBC, Ilya “Dutch” Lichtenstein, 34, made the admission while pleading guilty to laundering a portion of the]]> 2023-08-03T18:34:00+00:00 https://therecord.media/crypto-couple-pleads-guilty-bitfinex www.secnews.physaphae.fr/article.php?IdArticle=8365362 False Hack None 2.0000000000000000 SecurityWeek - Security News Ivanti Zero-Day exploité par APT depuis au moins avril dans l'attaque du gouvernement norvégien Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack Le CVE-2023-35078 du CVE-2023-35078, CVE-2023-35078, récemment corrigé, est exploité pour pirater le gouvernement norvégien depuis au moins avril 2023.

>The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. ]]> 2023-08-02T05:45:27+00:00 https://www.securityweek.com/ivanti-zero-day-exploited-by-apt-since-at-least-april-in-norwegian-government-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8364628 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future \\ 'Qu'est-ce que le nouveau? \\': le piratage de Chine \\ sur Microsoft suit une histoire de cyber-espionnage. \\'What else is new?\\': China\\'s hack on Microsoft follows a storied history of cyber-espionage

lorsque James Lewis a entendu parler du piratage de China \\ sur Microsoft - qui a permis aux intrus d'accéder aux e-mails non classifiés pour les hauts responsables américains - sa réaction a été inhabituelle: «J'ai éclaté de rire parce que voler les clés de cryptage de quelqu'un \\,,,,C'est un accord majeur. » _lewis est directeur du programme Strategic Technologies au Center for Strategic et

When James Lewis first heard about China\'s hack on Microsoft - which allowed intruders to access unclassified emails for top U.S. officials - his reaction was unusual: “I burst out laughing because stealing somebody\'s encryption keys, that\'s a major deal.” _Lewis is director of the Strategic Technologies Program at the Center for Strategic and]]> 2023-08-01T12:30:00+00:00 https://therecord.media/china-espionage-microsoft-click-here www.secnews.physaphae.fr/article.php?IdArticle=8364275 False Hack None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Piratage de la projection de reprise de l'IA avec du texte dans une police blanche Hacking AI Resume Screening with Text in a White Font reportage Sur un piratage pour tromper les programmes de tri automatique de curriculum vitae: mettre du texte dans une police blanche.L'idée est que les programmes s'appuient principalement sur la correspondance des modèles simples, et l'astuce consiste à copier une liste de mots clés pertinents & # 8212; ou la description de poste publiée & # 8212; dans le CV dans une police blanche.L'ordinateur traitera le texte, mais les humains ne le verront pas. intelligent.Je ne suis pas sûr que ce soit en fait utile pour obtenir un emploi.Finalement, les humains comprendront que le demandeur n'a pas réellement les compétences requises.Mais & # 8230; peut-être ...

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords—or the published job description—into the resume in a white font. The computer will process the text, but humans won’t see it. Clever. I’m not sure it’s actually useful in getting a job, though. Eventually the humans will figure out that the applicant doesn’t actually have the required skills. But…maybe...]]> 2023-08-01T11:11:16+00:00 https://www.schneier.com/blog/archives/2023/08/hacking-ai-resume-screening-with-text-in-a-white-font.html www.secnews.physaphae.fr/article.php?IdArticle=8364253 False Hack None 2.0000000000000000 The Register - Site journalistique Anglais Sénateur américain victime-blâme Microsoft pour le piratage chinois US senator victim-blames Microsoft for Chinese hack ALSO: China says US hacked it right back, BreachForums users have been pwned, and this week\'s critical vulns Infosec in brief US senator Ron Wyden (D-OR) thinks it\'s Microsoft\'s fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "hold Microsoft responsible for its negligent cyber security practices." …]]> 2023-07-31T00:59:42+00:00 https://go.theregister.com/feed/www.theregister.com/2023/07/31/infosec_in_brief/ www.secnews.physaphae.fr/article.php?IdArticle=8363670 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services Les chercheurs découvrent une méthode surprenante pour pirater les garde-corps des LLM Researchers uncover surprising method to hack the guardrails of LLMs

]]> 2023-07-29T13:12:49+00:00 https://blog.knowbe4.com/researchers-uncover-surprising-method-to-hack-the-guardrails-of-llms www.secnews.physaphae.fr/article.php?IdArticle=8363207 False Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates déploient la porte dérobée "sous-marin" dans les attaques de passerelle de sécurité par courriel de Barracuda Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances. "SUBMARINE comprises multiple artifacts - including a SQL trigger, shell scripts, and a loaded library for a Linux daemon - that together enable]]> 2023-07-29T10:29:00+00:00 https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html www.secnews.physaphae.fr/article.php?IdArticle=8363087 False Hack,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Hack Crew responsable des données volées, l'OTAN enquête sur les réclamations Hack Crew Responsible for Stolen Data, NATO Investigates Claims NATO asserts that their cyber experts continue to look into the claims and that its classified networks remain secure.]]> 2023-07-28T20:45:00+00:00 https://www.darkreading.com/attacks-breaches/hack-crew-responsible-for-stolen-data-nato-investigates-claims www.secnews.physaphae.fr/article.php?IdArticle=8362918 False Hack None 1.00000000000000000000 Recorded Future - FLux Recorded Future Le sénateur appelle le DOJ à enquêter sur le prétendu hack chinois de Microsoft Cloud Tools Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools

Un sénateur américain de premier plan a demandé au ministère de la Justice et à plusieurs autres agences d'enquêter sur un récent hack de comptes de messagerie fournis par Microsoft utilisés par les hauts responsables gouvernementaux.Dans une lettre publié jeudi et premier rapporté par le Wall Street Journal , le sénateur américain Ron Wyden (D-ou)Département de la justice, Commission fédérale du commerce et cybersécurité et

A leading U.S. senator asked the Justice Department and several other agencies to investigate a recent hack of Microsoft-provided email accounts used by top government officials. In a letter published on Thursday and first reported by the Wall Street Journal, U.S. Senator Ron Wyden (D-OR) asked the Justice Department, Federal Trade Commission and Cybersecurity and]]> 2023-07-27T20:10:00+00:00 https://therecord.media/senator-calls-on-doj-to-investigate-alleged-china-microsoft-hack www.secnews.physaphae.fr/article.php?IdArticle=8362404 False Hack,Tool,Cloud None 2.0000000000000000 SecurityWeek - Security News Le sénateur américain Wyden accuse Microsoft de la négligence de la cybersécurité \\ ' US Senator Wyden Accuses Microsoft of \\'Cybersecurity Negligence\\' Redmond est accusé de «pratiques de cybersécurité par négligence» qui ont permis un hack chinois réussi du gouvernement américain.

>Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government. ]]> 2023-07-27T19:17:51+00:00 https://www.securityweek.com/us-senator-wyden-accuses-microsoft-of-cybersecurity-negligence/ www.secnews.physaphae.fr/article.php?IdArticle=8362402 False Hack None 3.0000000000000000 Wired Threat Level - Security News Pour faire un filigrane AI, il a besoin de son propre alphabet To Watermark AI, It Needs Its Own Alphabet It\'s getting harder to distinguish between AI- and human-generated content. But Unicode presents an elegant hack in the race to watermark AI-written text.]]> 2023-07-27T12:00:00+00:00 https://www.wired.com/story/to-watermark-ai-it-needs-its-own-alphabet/ www.secnews.physaphae.fr/article.php?IdArticle=8362194 False Hack None 2.0000000000000000 SecurityWeek - Security News Jusqu'à 11 millions de personnes frappées par Moveit Hack dans la société de services gouvernementaux Maximus Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack. ]]> 2023-07-27T09:42:41+00:00 https://www.securityweek.com/up-to-11-million-people-hit-by-moveit-hack-at-government-services-firm-maximus/ www.secnews.physaphae.fr/article.php?IdArticle=8362200 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain L'OTAN enquête sur un vol de données présumé par des pirates de siegedsec NATO investigates alleged data theft by SiegedSec hackers NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec. [...]]]> 2023-07-26T12:26:03+00:00 https://www.bleepingcomputer.com/news/security/nato-investigates-alleged-data-theft-by-siegedsec-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8361793 False Hack None 2.0000000000000000 ProofPoint - Firm Security Exclusif: les sénateurs veulent des détails sur le dernier piratage de Microsoft de China \\ Exclusive: Senators Want Details on China\\'s Latest Hack of Microsoft Email 2023-07-26T09:22:06+00:00 https://www.proofpoint.com/us/newsroom/news/exclusive-senators-want-details-chinas-latest-hack-microsoft-email www.secnews.physaphae.fr/article.php?IdArticle=8361966 False Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des acteurs nord-coréens de l'État-nation exposé à Jumpcloud Hack après l'OPSEC North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already]]> 2023-07-25T20:16:00+00:00 https://thehackernews.com/2023/07/north-korean-nation-state-actors.html www.secnews.physaphae.fr/article.php?IdArticle=8361273 False Hack,Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain La Norvège dit que Ivanti Zero-Day a été utilisée pour pirater les systèmes informatiques Govt Norway says Ivanti zero-day was used to hack govt IT systems The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti\'s Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country. [...]]]> 2023-07-25T02:42:54+00:00 https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8361085 False Hack,Vulnerability None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le dernier hack nord-coréen ciblant la crypto-monnaie montre une évolution troublante, disent les experts Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say Les experts avertissent que divers efforts de piratage nord-coréen rationalisent et évoluent de manière à les rendre plus difficiles à défendre et à détecter.

>Experts warn that various North Korean hacking efforts are streamlining and evolving in ways that make them more difficult to defend and detect. ]]> 2023-07-24T16:38:13+00:00 https://cyberscoop.com/north-korean-hack-cryptocurrency-jumpcloud/ www.secnews.physaphae.fr/article.php?IdArticle=8360828 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future La Norvège enquête sur la cyberattaque affectant 12 ministères du gouvernement Norway investigates cyberattack affecting 12 government ministries

La police norvégienne enquête sur une cyberattaque découverte plus tôt ce mois-ci qui a affecté les systèmes informatiques utilisés par une douzaine de ministères du gouvernement.

The Norwegian police are investigating a cyberattack uncovered earlier this month that affected the IT systems used by a dozen government ministries. Norway\'s Office of the Prime Minister, as well as its foreign, defense, and justice ministries, were not affected by the hack because they use a different IT platform, said Erik Hope, head of]]> 2023-07-24T13:28:00+00:00 https://therecord.media/norway-investigates-cyberattack-affecting-government-ministries www.secnews.physaphae.fr/article.php?IdArticle=8360777 False Hack None 2.0000000000000000 SecurityWeek - Security News Moveit Hack pourrait gagner des cybercriminels 100 millions de dollars à mesure que le nombre de victimes confirmées augmente MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows Les experts pensent que le gang de ransomware CL0P pourrait gagner jusqu'à 100 millions de dollars du hack Moveit, avec le nombre de victimes confirmées approchant 400.

>Experts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with the number of confirmed victims approaching 400. ]]> 2023-07-24T13:12:48+00:00 https://www.securityweek.com/moveit-hack-could-earn-cybercriminals-100m-as-number-of-confirmed-victims-grows/ www.secnews.physaphae.fr/article.php?IdArticle=8360776 False Ransomware,Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Jumpcloud Hack lié à la Corée du Nord après l'erreur OPSEC JumpCloud hack linked to North Korea after OPSEC mistake A hacking unit of North Korea\'s Reconnaissance General Bureau (RGB) was linked to the JumpCloud breach after the attackers made an operational security (OPSEC) mistake, inadvertently exposing their real-world IP addresses. [...]]]> 2023-07-24T13:12:25+00:00 https://www.bleepingcomputer.com/news/security/jumpcloud-hack-linked-to-north-korea-after-opsec-mistake/ www.secnews.physaphae.fr/article.php?IdArticle=8360851 False Hack None 2.0000000000000000 SecurityWeek - Security News Microsoft Cloud Hack a exposé plus qu'échange, e-mails Outlook Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails Le chercheur à la sécurité du cloud avertit que la clé de signature de Microsoft volée était plus puissante et non limitée à Outlook.com et échange en ligne.

>Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online. ]]> 2023-07-21T16:39:28+00:00 https://www.securityweek.com/microsoft-cloud-hack-exposed-more-than-exchange-outlook-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8359802 False Hack,Cloud None 3.0000000000000000 The Register - Site journalistique Anglais Le nombre de corps Moveit se ferme sur 400 organes, 20m + individus MOVEit body count closes in on 400 orgs, 20M+ individuals \'One of the most significant hacks of recent years,\' we\'re told The number of victims and costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven.…]]> 2023-07-20T21:01:13+00:00 https://go.theregister.com/feed/www.theregister.com/2023/07/20/moveit_victim_count/ www.secnews.physaphae.fr/article.php?IdArticle=8359414 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des pirates nord-coréens parrainés par l'État soupçonnés de Jumpcloud Supply Chain Attack North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that\'s reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It\'s worth noting]]> 2023-07-20T19:00:00+00:00 https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8359339 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future CISA travaille avec Microsoft pour étendre la journalisation du cloud après la controverse du gouvernement américain CISA works with Microsoft to expand cloud logging after U.S. gov\\'t hack controversy

Microsoft élargit l'accès aux outils critiques qui aideront les organisations à étudier les incidents de cybersécurité après avoir fait face à des réalisations importantes à la suite d'une violation liée aux pirates chinois.Mercredi, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a déclaré qu'elle avait travaillé avec Microsoft pour étendre l'accès aux capacités de journalisation cloud gratuites pour tous les clients gouvernementaux et commerciaux après plusieurs

Microsoft is expanding access to critical tools that will help organizations investigate cybersecurity incidents after facing significant backlash following a breach linked to Chinese hackers. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) said it worked with Microsoft to expand access to free cloud logging capabilities for all government and commercial customers after several]]> 2023-07-19T17:30:00+00:00 https://therecord.media/cisa-microsoft-expands-access-to-logging-tools-after-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8358924 False Hack,Tool,Cloud None 3.0000000000000000 Krebs on Security - Chercheur Américain Le propriétaire de la fuite a quitté Ashley Madison un mois avant le piratage de 2015 LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack [This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 -- less than one month before unidentified hackers stole data on 37 million users -- and launched LeakedSource three months later.]]> 2023-07-18T14:57:04+00:00 https://krebsonsecurity.com/2023/07/leakedsource-owner-quit-ashley-madison-a-month-before-2015-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8358284 False Hack None 3.0000000000000000 SecurityWeek - Security News Conversations de pirates: à l'intérieur de l'esprit de Daniel Kelley, ex-Blackhat Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat Daniel Kelley n'avait que 18 ans lorsqu'il a été arrêté et inculpé de trente chefs & # 8211;Le plus tristement célèbre pour le hack de la société de télécommunications britannique 2015, Talktalk.En 2019, il a été condamné et condamné à quatre ans de prison.

>Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of UK telecoms firm TalkTalk. In 2019 he was convicted and sentenced to four years in prison. ]]> 2023-07-18T11:00:00+00:00 https://www.securityweek.com/hacker-conversations-inside-the-mind-of-daniel-kelley-ex-blackhat/ www.secnews.physaphae.fr/article.php?IdArticle=8358213 False Hack None 3.0000000000000000 SecurityWeek - Security News Moveit Hack: le nombre d'organisations touchées dépasse 340 MOVEit Hack: Number of Impacted Organizations Exceeds 340 Le nombre d'entités touchées par le hack Moveit - directement ou indirectement - dépasserait 340 organisations et 18 millions de personnes.

>The number of entities impacted by the MOVEit hack - either directly or indirectly - reportedly exceeds 340 organizations and 18 million individuals. ]]> 2023-07-17T11:48:57+00:00 https://www.securityweek.com/moveit-hack-number-of-impacted-organizations-exceeds-340/ www.secnews.physaphae.fr/article.php?IdArticle=8357722 False Hack None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC L'élément humain de la cybersécurité: nourrir une culture cyber-consciente pour se défendre contre les attaques d'ingénierie sociale The human element of Cybersecurity: Nurturing a cyber-aware culture to defend against social engineering attacks aware of social engineering cyber attacks is key to protecting your business. We will explore the most common forms of social engineering attacks. Finally, we’ll also share key actionable advice to help educate and defend your employees against social engineering schemes. Why cybersecurity awareness is important Oftentimes the most vulnerable element in any organization’s cybersecurity defense system is an unaware employee. When someone does not know the common features of a social engineering cyber attack they can easily fall for even the most widespread cyber attack schemes. Educating employees on signs to look out for that might indicate a hidden cyberattack attempt and training employees on security policies and appropriate responses is essential to creating a resilient company-wide cybersecurity policy. Three common types of social engineering attacks To understand how to identify, trace, and respond to social engineering cyber attacks, it is important to get to know the most common forms that social engineering attacks can take. A social engineering attack occurs when a bad actor contacts an unsuspecting individual and attempts to trick them into providing sensitive information (such as credit card details or medical records) or completing a particular action (such as clicking on a contaminated link or signing up for a service). Social engineering attacks can be conducted over the phone, or via email, text message, or direct social media message. Let’s take a look at the three most common types of social engineering cyber attacks: Phishing Phishing is a type of social engineering attack that has bad actors posing as legitimate, and oftentimes familiar, contacts to extort valuable information from victims, such as bank account details or passwords. Phishing attacks can come in the form of emails claiming to be from legitimate sources- such as a government body, software company you use, or relative. Bad actors can hack someone’s legitimate account, making the communication seem more convincing, or they can impersonate an official organization, copying their logo and content style. Pretexting Pretexting attacks occur when a bad actor invents a story to gain an unsuspecting victim’s trust. The bad actor then uses this trust to trick or convince the victim into sharing sensitive data, completing an action, or otherwise accidentally causing harm to themselves or their affiliated organizations. Bad actors may use pretexting to manipulate an individual into downloading malware or compromised software, sending money, or providing private information, including financial details. Baiting]]> 2023-07-17T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-human-element-of-cybersecurity-nurturing-a-cyber-aware-culture-to-defend-against-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8357663 False Malware,Hack,Threat,Medical None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Acheter des contributions de campagne en tant que hack Buying Campaign Contributions as a Hack Achetez-les : Contendant à long terme Au bas des récents sondages, M. Burgum propose 20 $ de cartes-cadeaux aux 50 000 premières personnes qui donnent au moins 1 $ à sa campagne.Et un donateur chanceux, comme sa campagne annoncée sur Facebook, aura la possibilité de gagner une refroidisseur de Yeti Tundra 45 qui coûte généralement plus de 300 $ & # 8212; juste pour avoir donné au moins 1 $ ...

The first Republican primary debate has a popularity threshold to determine who gets to appear: 40,000 individual contributors. Now there are a lot of conventional ways a candidate can get that many contributors. Doug Burgum came up with a novel idea: buy them: A long-shot contender at the bottom of recent polls, Mr. Burgum is offering $20 gift cards to the first 50,000 people who donate at least $1 to his campaign. And one lucky donor, as his campaign advertised on Facebook, will have the chance to win a Yeti Tundra 45 cooler that typically costs more than $300—just for donating at least $1...]]> 2023-07-14T11:09:55+00:00 https://www.schneier.com/blog/archives/2023/07/buying-campaign-contributions-as-a-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8356505 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Travailleur de la technologie accusé dans un piratage de plate-forme cryptographique de 9 millions de dollars Tech worker accused in $9 million crypto platform hack

Le ministère de la Justice a annoncé l'arrestation d'un professionnel de la cybersécurité accusé d'avoir piraté un échange de crypto-monnaie et de vol d'environ 9 millions de dollars.Shakeb Ahmed, 34 ans, était Chargé mardi de fraude par fil et de blanchiment d'argent lié à une attaque contre une échange de crypto-monnaiele 2 juillet 2022. Les procureurs n'ont pas nommé là où il travaillait, mais TechCrunch

The Justice Department announced the arrest of a cybersecurity professional accused of hacking into a cryptocurrency exchange and stealing about $9 million. Shakeeb Ahmed, 34, was charged Tuesday with wire fraud and money laundering connected to an attack on a cryptocurrency exchange on July 2, 2022. Prosecutors did not name where he worked, but TechCrunch]]> 2023-07-12T13:30:00+00:00 https://therecord.media/cryptocurrency-exchange-hack-arrest-tech-worker www.secnews.physaphae.fr/article.php?IdArticle=8355303 False Hack None 2.0000000000000000 SecurityWeek - Security News Les cyberespaces chinoises ont utilisé des jetons d'authentification forgés pour pirater les e-mails du gouvernement Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails Microsoft affirme qu'un groupe de cyberespionnage chinois a suivi la Storm-0558 a utilisé des jetons d'authentification forgés pour accéder aux e-mails du gouvernement.

>Microsoft says a Chinese cyberespionage group tracked as Storm-0558 has used forged authentication tokens to access government emails. ]]> 2023-07-12T13:27:16+00:00 https://www.securityweek.com/chinese-cyberspies-used-forged-authentication-tokens-to-hack-government-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8355301 False Hack None 2.0000000000000000 SecurityWeek - Security News L'ancien ingénieur de sécurité a arrêté pour 9 millions de dollars de crypto-échange de piratage Former Security Engineer Arrested for $9 Million Crypto Exchange Hack L'ancien ingénieur de la sécurité Shakeb Ahmed a été arrêté pour des accusations liées à la fraude de la finance décentralisée de Crypto Exchange Crema.

>Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance. ]]> 2023-07-11T18:47:39+00:00 https://www.securityweek.com/former-security-engineer-arrested-for-9-million-crypto-exchange-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8354612 False Hack None 2.0000000000000000 Security Intelligence - Site de news Américain Sommes-nous condamnés à faire les mêmes erreurs de sécurité avec l'IA? Are we doomed to make the same security mistakes with AI? Si vous demandez à Jen Easterly, directeur de la CISA, les problèmes de cybersécurité actuels sont en grande partie le résultat d'incitations mal alignées.Cela s'est produit alors que l'industrie technologique a priorisé la vitesse de commercialisation de la sécurité, a déclaré vers l'est lors d'un récent événement Hack the Capitol à McLean, en Virginie.& # 8220; Nous n'avons pas un problème de cyber, nous avons une technologie et une culture [& # 8230;]

>If you ask Jen Easterly, director of CISA, the current cybersecurity woes are largely the result of misaligned incentives. This occurred as the technology industry prioritized speed to market over security, said Easterly at a recent Hack the Capitol event in McLean, Virginia. “We don’t have a cyber problem, we have a technology and culture […] ]]> 2023-07-11T13:00:00+00:00 https://securityintelligence.com/articles/are-we-doomed-to-make-the-same-security-mistakes-with-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8354400 False Hack None 3.0000000000000000 The Register - Site journalistique Anglais BARTS NHS Hack laisse les gens sur des tentes sur l'extorsion Barts NHS hack leaves folks on tenterhooks over extortion BlackCat pounces on 7TB of data and theatens to release it Staff at one of the UK\'s largest hospital groups have spent a nervous week wondering if private data, stolen from their employer\'s IT systems by a ransomware gang, is going to be splurged online after a deadline to prevent publication passed.…]]> 2023-07-11T07:32:11+00:00 https://go.theregister.com/feed/www.theregister.com/2023/07/11/barts_blackcat_theft/ www.secnews.physaphae.fr/article.php?IdArticle=8354409 False Ransomware,Hack None 2.0000000000000000 Global Security Mag - Site de news francais Cyvers découvre 126 millions de dollars Hack Multichain CyVers Discovers $126M Multichain Hack mise à jour malveillant

CyVers Discovers $126M Multichain Hack. In one of the cyber biggest hacks of the year, more than $126 million was stolen from the cross-chain router protocol Multichain. - Malware Update]]> 2023-07-10T13:57:41+00:00 https://www.globalsecuritymag.fr/CyVers-Discovers-126M-Multichain-Hack.html www.secnews.physaphae.fr/article.php?IdArticle=8354001 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates volent 20 millions de dollars en exploitant une faille dans les systèmes de paiement de Revolut \\ Hackers Steal $20 Million by Exploiting Flaw in Revolut\\'s Payment Systems Malicious actors exploited an unknown flaw in Revolut\'s payment systems to steal more than $20 million of the company\'s funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly. The fault stemmed from discrepancies between Revolut\'s U.S. and European systems, causing funds]]> 2023-07-10T10:50:00+00:00 https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8353991 False Hack,Threat None 4.0000000000000000 Dark Reading - Informationweek Branch La compétition mondiale de piratage aborde l'augmentation critique des menaces de cybersécurité pour les entreprises Global Hacking Competition Addresses Critical Increase in Cybersecurity Threats for Businesses Hack The Box launches Capture The Flag competition, including offensive and defensive challenges, to unite teams as cyberattacks increase in 2023 to unprecedented levels.]]> 2023-07-07T21:36:00+00:00 https://www.darkreading.com/attacks-breaches/global-hacking-competition-addresses-critical-increase-in-cybersecurity-threats-for-businesses www.secnews.physaphae.fr/article.php?IdArticle=8353502 False Hack None 2.0000000000000000 Krebs on Security - Chercheur Américain Top suspect en 2015 Ashley Madison Hack s'est suicidé en 2014 Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014 When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company\'s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.]]> 2023-07-07T19:55:45+00:00 https://krebsonsecurity.com/2023/07/top-suspect-in-2015-ashley-madison-hack-committed-suicide-in-2014/ www.secnews.physaphae.fr/article.php?IdArticle=8353474 False Hack None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Hack fiscal belge Belgian Tax Hack ici , épisode # 484de & # 8220; rien de tel qu'un poisson, & # 8221; à 28:00). Fondamentalement, il s'agit d'un festival de musique à la frontière entre la Belgique et la Hollande.La scène était en Hollande, mais la foule était en Belgique.Lorsque le collecteur du droit d'auteur est venu, ils ont fait valoir qu'ils n'avaient pas dû payer de taxe parce que le public était dans un autre pays.Soi-disant cela a fonctionné.

Here’s a fascinating tax hack from Belgium (listen to the details here, episode #484 of “No Such Thing as a Fish,” at 28:00). Basically, it’s about a music festival on the border between Belgium and Holland. The stage was in Holland, but the crowd was in Belgium. When the copyright collector came around, they argued that they didn’t have to pay any tax because the audience was in a different country. Supposedly it worked.]]> 2023-07-06T11:03:15+00:00 https://www.schneier.com/blog/archives/2023/07/belgian-tax-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8352868 False Hack None 4.0000000000000000 UnderNews - Site de news "pirate" francais SysDream dévoile le programme de l\'édition 2023 de “Hack in Paris” La 12ème édition de Hack In Paris se déroulera du 25 au 29 septembre 2023 à Paris (Chateauform – 28 avenue George V, Paris 8ème). Organisé par SysDream, la filiale cybersécurité du Groupe Hub One, Hack in Paris est un événement international dédié à la cybersécurité qui réunit chaque année à Paris experts et passionnés […] The post SysDream dévoile le programme de l'édition 2023 de “Hack in Paris” first appeared on UnderNews.]]> 2023-07-06T09:51:25+00:00 https://www.undernews.fr/culture-web-emploi/evenements/sysdream-devoile-le-programme-de-ledition-2023-de-hack-in-paris.html www.secnews.physaphae.fr/article.php?IdArticle=8352831 False Hack None 1.00000000000000000000 Global Security Mag - Site de news francais 25 au 29 septembre Programme de Hack In Paris s Événements]]> 2023-07-06T09:39:01+00:00 https://www.globalsecuritymag.fr/25-au-29-septembre-Programme-de-Hack-In-Paris-s.html www.secnews.physaphae.fr/article.php?IdArticle=8352839 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 27 [tête haute] La campagne de phishing d'identité massive imite plus de 100 marques et des milliers de domaines CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

CyberheistNews Vol 13 #27 | July 5th, 2023 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains A year-long phishing campaign has been uncovered that impersonates 100+ popular clothing, footwear, and apparel brands using at least 10 fake domains impersonating each brand. We\'ve seen plenty of attacks that impersonated a single brand along with a few domains used to ensure victims can be taken to a website that seeks to harvest credentials or steal personal information. But I don\'t think an attack of such magnitude as the one identified by security researchers at Internet security monitoring vendor Bolster. According to Bolster, the 13-month long campaign used over 3000 live domains (and another 3000+ domains that are no longer in use) to impersonate over 100 well-known brands. We\'re talking about brands like Nike, Guess, Fossil, Tommy Hilfiger, Skechers, and many more. Some of the domains have even existed long enough to be displayed at the top of natural search results. And these sites are very well made; so much so that they mimic their legitimate counterparts enough that visitors are completing online shopping visits, providing credit card and other payment details. The impersonation seen in this widespread attack can just as easily be used to target corporate users with brands utilized by employees; all that\'s needed is to put the time and effort into building out a legitimate enough looking impersonated website and create a means to get the right users to visit said site (something most often accomplished through phishing attacks). This latest impersonation campaign makes the case for ensuring users are vigilant when interacting with the web – something accomplished through continual Security Awareness Training. Blog post with links:https://blog.knowbe4.com/massive-impersonation-phishing-campaign [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, July 12, @ 2:00 PM (ET), for a live demonstra]]> 2023-07-05T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-27-heads-up-massive-impersonation-phishing-campaign-imitates-over-100-brands-and-thousands-of-domains www.secnews.physaphae.fr/article.php?IdArticle=8352450 False Malware,Hack,Threat,Cloud None 2.0000000000000000 Wired Threat Level - Security News J'ai utilisé Flipper Zero pour marquer des éponas dans \\ 'Tears of the Kingdom \\' I Used Flipper Zero to Score Eponas in \\'Tears of the Kingdom\\' Using my Flipper Zero to hack extra food, weapons, and horses in the game reminds of the glory days of cheat codes.]]> 2023-07-05T11:00:00+00:00 https://www.wired.com/story/flipper-zero-horse-rave/ www.secnews.physaphae.fr/article.php?IdArticle=8352413 False Hack None 3.0000000000000000 The Register - Site journalistique Anglais Fournisseur de communications satellites militaires russes hors ligne après hack Russian military satellite comms provider offline after hack ALSO: Ransomware hit on Mancunian Uni spills NHS patient deets, USPTO leaks inventor info, and this week\'s crit vulns Infosec in brief A Russian satellite communication provider has been knocked offline by hackers, and more than one party – including hackers who say they\'re associated with mutinous mercenary outfit Wagner Group – has claimed responsibility.…]]> 2023-07-03T05:24:11+00:00 https://go.theregister.com/feed/www.theregister.com/2023/07/03/infosec_in_brief/ www.secnews.physaphae.fr/article.php?IdArticle=8351710 False Ransomware,Hack None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Russian telecom confirms hack after group backing Wagner boasted about an attack A Dozor-Teleport CJSC executive told ComNews that the company has been the victim of a cyberattack affecting its cloud infrastructure.

>A Dozor-Teleport CJSC executive told ComNews that the company has been the victim of a cyberattack affecting its cloud infrastructure. ]]> 2023-06-30T19:58:12+00:00 https://cyberscoop.com/russia-satellite-hack-wagner/ www.secnews.physaphae.fr/article.php?IdArticle=8351113 False Hack,Cloud None 2.0000000000000000 TroyHunt - Blog Security TSMC dit que certaines de ses données ont été balayées dans un piratage sur un fournisseur de matériel TSMC says some of its data was swept up in a hack on a hardware supplier The pernicious LockBit ransomware syndicate claims responsibility and demands $70 million.]]> 2023-06-30T17:19:27+00:00 https://arstechnica.com/?p=1951336 www.secnews.physaphae.fr/article.php?IdArticle=8351070 False Ransomware,Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain TSMC nie Lockbit Hack car les gangs de ransomware exigent 70 millions de dollars TSMC denies LockBit hack as ransomware gang demands $70 million Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data. [...]]]> 2023-06-30T09:45:30+00:00 https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/ www.secnews.physaphae.fr/article.php?IdArticle=8351015 False Ransomware,Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future GCHQ révèle que le gouvernement britannique a été piraté par des cyber-espions étrangers il y a 20 ans GCHQ reveals British government was hacked by foreign cyber spies 20 years ago

Ce mois-ci marque le 20e anniversaire de la première fois que les cyber-experts du GCHQ ont répondu à un État étranger pirant le gouvernement britannique, a révélé l'agence vendredi.Même 20 ans plus tard, tous les détails du piratage n'ont pas été divulgués.Le National Cyber Security Center - une partie du GCHQ - a déclaré que l'agence s'est précipitée

This month marks the 20th anniversary of the first time cyber experts at GCHQ responded to a foreign state hacking the British government, the agency revealed on Friday. Even 20 years on, the full details of the hack weren\'t disclosed. The National Cyber Security Centre - a part of GCHQ - said the agency scrambled]]> 2023-06-29T23:01:00+00:00 https://therecord.media/britain-gchq-2003-hack-espionage-revealed www.secnews.physaphae.fr/article.php?IdArticle=8350831 False Hack None 2.0000000000000000 SecurityWeek - Security News Plus de 130 organisations, des millions de personnes qui auraient été touchées par Moveit Hack Over 130 Organizations, Millions of Individuals Believed to Be Impacted by MOVEit Hack Plus de victimes du hack Moveit ont été révélées, avec un total de plus de 130 organisations et 15 millions de personnes qui auraient été touchées.

>More victims of the MOVEit hack have come to light, with a total of over 130 organizations and 15 million people believed to be affected. ]]> 2023-06-29T08:32:00+00:00 https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8350561 False Hack None 2.0000000000000000 TroyHunt - Blog Security Les craintes grandissent des escroqueries en ID Deepfake après le progrès du piratage Fears grow of deepfake ID scams following Progress hack Hackers might seek to do more than extort companies.]]> 2023-06-28T13:38:58+00:00 https://arstechnica.com/?p=1950562 www.secnews.physaphae.fr/article.php?IdArticle=8350151 False Hack None 2.0000000000000000 SecurityWeek - Security News Informations sensibles volées dans Letmespy Stalkerware Hack Sensitive Information Stolen in LetMeSpy Stalkerware Hack Les e-mails, les numéros de téléphone, les journaux d'appels et les messages collectés volés en violation de données sur Android Stalkware LetMespy.

>Emails, phone numbers, calls logs, and collected messages stolen in data breach at Android stalkware LetMeSpy. ]]> 2023-06-28T10:55:34+00:00 https://www.securityweek.com/sensitive-information-stolen-in-letmespy-stalkerware-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8350121 False Data Breach,Hack None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Les protestations ont cassé Reddit Hack pour les résultats de recherche Google utiles et Google le sait Protests broke Reddit hack for useful Google search results-and Google knows it Search term + Reddit = John Oliver?]]> 2023-06-27T21:39:11+00:00 https://arstechnica.com/?p=1950232 www.secnews.physaphae.fr/article.php?IdArticle=8349946 False Hack None 2.0000000000000000 Krebs on Security - Chercheur Américain Le cyber-voyou britannique «Plugwalkjoe» obtient 5 ans de prison U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison Joseph James "PlugwalkJoe" O\'Connor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O\'Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by "SIM swapping," a crime wherein fraudsters trick a mobile provider into diverting a customer\'s phone calls and text messages to a device they control.]]> 2023-06-27T19:44:03+00:00 https://krebsonsecurity.com/2023/06/u-k-cyber-thug-plugwalkjoe-gets-5-years-in-prison/ www.secnews.physaphae.fr/article.php?IdArticle=8349868 False Hack None 2.0000000000000000 ComputerWeekly - Computer Magazine Trois ans plus tard, le piratage cryptophone ENCROCHAT NETS 6 500 arrestations et convulsions de & Euro; 900 millions Three years on, EncroChat cryptophone hack nets 6,500 arrests and seizures of €900 million 2023-06-27T18:44:00+00:00 https://www.computerweekly.com/news/366542786/Three-years-on-EncroChat-cryptophone-hack-nets-6500-arrests-and-seizures-of-900-million www.secnews.physaphae.fr/article.php?IdArticle=8349924 False Hack None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le hack de fournisseur tiers expose les données à American, Southwest Airlines Third-Party Vendor Hack Exposes Data at American, Southwest Airlines American Airlines reported 5745 pilots and applicants affected, Southwest Airlines reported 3009]]> 2023-06-27T16:00:00+00:00 https://www.infosecurity-magazine.com/news/hack-american-southwest-airlines/ www.secnews.physaphae.fr/article.php?IdArticle=8349766 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 26 [Eyes Open] La FTC révèle les cinq dernières escroqueries par SMS CyberheistNews Vol 13 #26 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams

CyberheistNews Vol 13 #26 | June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 Recorded Future - FLux Recorded Future Plus de 6 500 arrêtés depuis le piratage d'Ecrochat de la police française et néerlandaise \\ More than 6,500 arrested since French and Dutch police\\'s EncroChat hack

Trois ans après une opération policière pour pirater le service de communication crypté d'Ecrochat largement utilisé par des criminels, plus de 6 500 suspects ont été arrêtés, ont annoncé mardi des responsables de l'application des lois.Des représentants des systèmes de justice pénale français et néerlandais ont donné un aperçu des résultats de l'opération d'Ecrochat lors d'une conférence de presse à Lille

Three years after a police operation to hack the EncroChat encrypted communications service widely used by criminals, more than 6,500 suspects have been arrested, law enforcement officials announced on Tuesday. Representatives from the French and Dutch criminal justice systems gave an overview of the results of the EncroChat operation in a press conference in Lille]]> 2023-06-27T11:58:00+00:00 https://therecord.media/encrochat-police-arrest-6500-suspects www.secnews.physaphae.fr/article.php?IdArticle=8349718 False Hack,Conference None 2.0000000000000000 ComputerWeekly - Computer Magazine Un dixième d'enfants affirme qu'ils pourraient vous pirater A tenth of kids claim they could hack you 2023-06-27T06:44:00+00:00 https://www.computerweekly.com/news/366542781/A-tenth-of-kids-claim-they-could-hack-you www.secnews.physaphae.fr/article.php?IdArticle=8349709 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Solarwinds dit que SEC Investigation \\ 'progressant vers les charges \\' SolarWinds says SEC investigation \\'progressing to charges\\'

Solarwinds - la société de technologie du centre d'un hack de décembre 2020 qui a affecté plusieurs agences gouvernementales américaines - a déclaré que ses dirigeants pourraient bientôt faire face à des accusations de la Securities and Exchange Commission des États-Unis (SEC) pour sa réponse à l'incident.Le hack répandu & # 8211;que le gouvernement américain attribué

SolarWinds - the technology firm at the center of a December 2020 hack that affected multiple U.S. government agencies - said its executives may soon face charges from the U.S. Securities and Exchange Commission (SEC) for its response to the incident. The widespread hack – which the U.S. government attributed to the Russian Foreign Intelligence]]> 2023-06-26T17:47:00+00:00 https://therecord.media/solarwinds-says-sec-investigation-progressing-to-charges www.secnews.physaphae.fr/article.php?IdArticle=8349422 False Hack None 2.0000000000000000 Naked Security - Blog sophos Hacker britannique cassé en Espagne obtient 5 ans sur Twitter Hack et plus UK hacker busted in Spain gets 5 years over Twitter hack and more Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...]]> 2023-06-26T15:35:42+00:00 https://nakedsecurity.sophos.com/2023/06/26/uk-hacker-busted-in-spain-gets-5-years-over-twitter-hack-and-more/ www.secnews.physaphae.fr/article.php?IdArticle=8349386 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Twitter Hacker condamné à 5 ans de prison pour 120 000 $ d'escroquerie cryptographique Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O\'Connor (aka PlugwalkJoe), 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the criminal schemes. He was arrested in Spain in July 2021. The infamous Twitter breach allowed the]]> 2023-06-24T20:48:00+00:00 https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html www.secnews.physaphae.fr/article.php?IdArticle=8348929 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services Solarwinds \\ 'Head refuse de reculer au milieu d'une action réglementaire américaine potentielle sur le piratage russe SolarWinds\\' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack $SolarWinds\' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack$ ]]> 2023-06-24T14:43:00+00:00 https://blog.knowbe4.com/solarwinds-head-refuses-to-back-down-amid-potential-us-regulatory-action-over-russian-hack www.secnews.physaphae.fr/article.php?IdArticle=8348919 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain American Airlines, Southwest Airlines divulgue les violations de données affectant les pilotes American Airlines, Southwest Airlines disclose data breaches affecting pilots American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines\' pilot applications and recruitment portals. [...]]]> 2023-06-24T03:02:13+00:00 https://www.bleepingcomputer.com/news/security/american-airlines-southwest-airlines-disclose-data-breaches-affecting-pilots/ www.secnews.physaphae.fr/article.php?IdArticle=8348854 False Hack None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Que savoir sur le hack Moveit & # 8211;Semaine en sécurité avec Tony Anscombe What to know about the MoveIT hack – Week in security with Tony Anscombe Le gouvernement américain a maintenant annoncé une prime de 10 millions de dollars pour Intel reliant le gang de ransomware CL0P à un gouvernement étranger

>The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government ]]> 2023-06-23T13:30:29+00:00 https://www.welivesecurity.com/videos/what-to-know-about-the-moveit-hack-week-in-security-with-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8348562 False Ransomware,Hack None 2.0000000000000000 Security Intelligence - Site de news Américain Les correctifs de configuration faciles peuvent protéger votre serveur contre l'attaque Easy Configuration Fixes Can Protect Your Server from Attack En mars 2023, des données sur plus de 56 000 personnes & # 8212;y compris les numéros de sécurité sociale et autres informations personnelles & # 8212; & # 160; ont été volés dans la violation de la D.C. Beale Benefit Exchange Authority.Le hack de marché d'assurance maladie en ligne a exposé les détails personnels des membres du Congrès, de leur famille, du personnel et des dizaines de milliers d'autres résidents de la région de Washington.Il apparaît le [& # 8230;]

>In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the […] ]]> 2023-06-23T13:00:00+00:00 https://securityintelligence.com/articles/easy-configuration-fixes-can-protect-your-server/ www.secnews.physaphae.fr/article.php?IdArticle=8348510 False Hack None 2.0000000000000000 SecurityWeek - Security News 2,5 M Genworth Prenders, et 769k travailleurs et bénéficiaires de Californie à la retraite touchés par le piratage 2.5M Genworth Policyholders and 769K Retired California Workers and Beneficiaries Affected by Hack Moveit Hack: des informations personnelles d'environ 769 000 employés de Californie à la retraite et 2,5 millions de gardes financiers de Genworth ont été exposés.

>MOVEit hack: Personal information of about 769,000 retired California employees and 2.5 million Genworth Financial policyholders were exposed. ]]> 2023-06-23T10:58:04+00:00 https://www.securityweek.com/2-5m-genworth-policyholders-and-769k-retired-california-workers-and-beneficiaries-affected-by-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8348450 False Hack None 2.0000000000000000 Dark Reading - Informationweek Branch Empêcher les escroqueries d'emplois de nuire à votre organisation Keep Job Scams From Hurting Your Organization From fake job listings that ding your reputation to fake job applicants who hack your network, job scams are a major threat.]]> 2023-06-21T19:22:00+00:00 https://www.darkreading.com/edge/keep-job-scams-from-hurting-your-organization www.secnews.physaphae.fr/article.php?IdArticle=8347818 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 25 [empreintes digitales partout] Les informations d'identification volées sont la cause profonde n ° 1 des violations de données CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

CyberheistNews Vol 13 #25 | June 20th, 2023 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks. This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches. According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike. And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim. Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l]]> 2023-06-20T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-25-fingerprints-all-over-stolen-credentials-are-the-no1-root-cause-of-data-breaches www.secnews.physaphae.fr/article.php?IdArticle=8347292 False Ransomware,Data Breach,Spam,Malware,Hack,Vulnerability,Threat,Cloud ChatGPT,ChatGPT 2.0000000000000000 SecurityWeek - Security News Ransomware Gang prend le crédit pour février Reddit Hack Ransomware Gang Takes Credit for February Reddit Hack Le gang de ransomware Alphv / Blackcat a pris la responsabilité de la cyberattaque de février qui a frappé le site de médias sociaux Reddit.

>The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit. ]]> 2023-06-19T13:42:57+00:00 https://www.securityweek.com/ransomware-gang-takes-credit-for-february-reddit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8347014 False Ransomware,Hack None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Ma prise: les pirates russes mettent la pression sur les agences américaines, Global Corps dans Moveit-Zellis Hack My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack Supply-Chain Hack Ultimatum Le gang néfaste de Clop a initialement compromis Moveit, qui & # 8230; (plus…)

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack as extended extortion demands to several companies and U.S. federal agencies. Related: Supply-chain hack ultimatum The nefarious Clop gang initially compromised MOVEit, which … (more…) ]]> 2023-06-16T20:03:49+00:00 https://www.lastwatchdog.com/my-take-russian-hackers-put-the-squeeze-on-u-s-agencies-global-corps-in-moveit-zellis-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8346293 False Ransomware,Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future La vulnérabilité de Third Moveit augmente les alarmes alors que le Département de l'agriculture américaine dit qu'il peut être affecté Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted

Une troisième vulnérabilité affectant le populaire outil de transfert de fichiers Moveit provoque une alarme parmi les responsables américains et les chercheurs en cybersécurité après avoir révélé que plusieurs agences gouvernementales ont été affectées par un piratage exploitant le premier bogue.Progress Software, la société derrière Moveit, a déclaré à Recorder Future News qu'une «source indépendante» avait révélé la nouvelle vulnérabilité.Suivi

A third vulnerability affecting the popular MOVEit file transfer tool is causing alarm among U.S. officials and cybersecurity researchers after it was revealed that several government agencies were affected by a hack exploiting the first bug. Progress Software, the company behind MOVEit, told Recorded Future News that an “independent source” disclosed the new vulnerability. Tracked]]> 2023-06-16T18:37:00+00:00 https://therecord.media/third-moveit-vulnerability-raises-alarms www.secnews.physaphae.fr/article.php?IdArticle=8346273 False Hack,Tool,Vulnerability None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Des millions d'Américains \\ 'Données DMV personnelles exposées dans un hack de mouvement massif Millions of Americans\\' personal DMV data exposed in massive MOVEit hack Over 6.5 million residents of two states affected, impact may potentially widen.]]> 2023-06-16T16:28:35+00:00 https://arstechnica.com/?p=1948548 www.secnews.physaphae.fr/article.php?IdArticle=8346242 False Hack None 2.0000000000000000 Security Intelligence - Site de news Américain Comment certaines entreprises sont-elles compromises encore et encore? How Do Some Companies Get Compromised Again and Again? Hack-moi une fois, honte à toi.Hack-moi deux fois, honte à moi.La populaire société de marketing par e-mail, MailChimp, a subi une violation de données l'année dernière après que les cyberattaques ont exploité un outil d'entreprise interne pour accéder aux comptes clients.Les criminels ont pu examiner environ 300 comptes et exfiltrer des données sur 102 clients.Ils aussi [& # 8230;]

>Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also […] ]]> 2023-06-16T13:00:00+00:00 https://securityintelligence.com/articles/how-do-some-companies-get-compromised-again-and-again/ www.secnews.physaphae.fr/article.php?IdArticle=8346194 False Data Breach,Hack,Tool None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Menage Hunt: Killnet \\'s DDOS Head Flood Attacks - CC.py Threat Hunt: KillNet\\'s DDoS HEAD Flood Attacks - cc.py Figure 1 & ndash; Wireshark - généré dynamiquement 11-12 chiffres Wireshark ips

Figure 2 & ndash; Wireshark - Forged Referrer & amp;IPS anonymisé Les journaux d'erreur apache

Figure 3 & ndash;Splunk & ndash;Journaux d'erreur du serveur Apache & ndash;Échec des tentatives d'accès au fichier Guide de détection Les expressions régulières compatibles Perl peuvent être utilisées pour tirer parti du contexte dérivé de la capture de paquets lors de l'analyse des menaces, comme le montre la figure 1. Cela nous permet d'écrire des règles de suricata / reniflement qui correspondent aux modèles observés dans les en-têtes.Les détections ont tendance à évoluer plus que les requêtes de chasse et peuvent être appliquées stratégiquement sur une base par capteur.Plus précisément, la règle suivante correspondra à n'importe q]]> 2023-06-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/killnets-ddos-head-flood-attacks-cc.py www.secnews.physaphae.fr/article.php?IdArticle=8345218 False Hack,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Deux ressortissants russes accusés pour le cerveau du Mt. Gox Crypto Exchange Hack Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through at]]> 2023-06-13T16:09:00+00:00 https://thehackernews.com/2023/06/two-russian-nationals-charged-for.html www.secnews.physaphae.fr/article.php?IdArticle=8344777 False Hack None 2.0000000000000000 The State of Security - Magazine Américain Les États-Unis facturent à deux hommes avec le Mt. Gox Heist, le plus grand piratage de crypto-monnaie du monde \\ US charges two men with Mt. Gox heist, the world\\'s largest cryptocurrency hack More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers\' funds and the exchange\'s private keys. Two Russians, 43-year-old Alexey Bilyuchenko, and Aleksandr Verner, 29, are charged with conspiring to launder 647,000 Bitcoins - in a cryptocurrency heist which would have been worth approximately half a billion dollars today. The DoJ alleges in the unsealed indictment that starting in 2011, Bilyuchenko and Verner stole huge amounts of cryptocurrency from Tokyo-based Mt...]]> 2023-06-13T01:31:08+00:00 https://www.tripwire.com/state-of-security/us-charges-two-men-mt-gox-heist-worlds-largest-cryptocurrency-hack www.secnews.physaphae.fr/article.php?IdArticle=8344676 False Hack None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Mon point de vue: les entreprises prendront maintenant en vedette les attaquants \\ 'ultimatum dans le hack de chaîne d'approvisionnement Moveit-Zellis? MY TAKE: Will companies now heed attackers\\' ultimatum in the MOVEit-Zellis supply chain hack? Solarwinds-style d'approvisionnement des attaques sur la montée Les agents de Clop sont mis en ligne en dernier & # 8230; (plus…)

The cybersecurity community is waiting for the next shoe to drop in the wake of the audacious MOVEit-Zellis hack orchestrated by the infamous Russian hacking collective, Clop. Related: SolarWinds-style supply chain attacks on the rise Clop operatives went live last … (more…) ]]> 2023-06-12T16:14:57+00:00 https://www.lastwatchdog.com/my-take-will-companies-now-follow-attackers-orders-in-the-moveit-zellis-supply-chain-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8344445 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Réinitialisation de mot de passe hack exposé dans la plate-forme de commerce électronique de Honda \\, les données des concessionnaires à risque Password Reset Hack Exposed in Honda\\'s E-Commerce Platform, Dealers Data at Risk Security vulnerabilities discovered in Honda\'s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. "Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account," security researcher Eaton Zveare said in a report published last week. The platform is designed for the sale of power]]> 2023-06-12T13:56:00+00:00 https://thehackernews.com/2023/06/password-reset-hack-exposed-in-hondas-e.html www.secnews.physaphae.fr/article.php?IdArticle=8344319 False Hack None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Deux ressortissants russes chargés dans le cadre de MT Gox Hack Two Russian Nationals Charged in Connection with Mt Gox Hack One allegedly used stolen funds to help set up the crypto exchange]]> 2023-06-12T10:00:00+00:00 https://www.infosecurity-magazine.com/news/russians-charged-with-mt-gox-heist/ www.secnews.physaphae.fr/article.php?IdArticle=8344336 False Hack None 2.0000000000000000