This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T16:08:50+00:00 www.secnews.physaphae.fr AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC millions of dollars due to fraud every year, according to the FTC. Online shopping is the number one avenue where this money is lost, with bad investments and illegitimate businesses falling close behind. There is an increasing amount of ways that scammers can have access to your information or social engineer you into spending money. Some examples include phishing emails, password attacks, and malware. Often, hackers will also target people whom they profile as gullible. Charity scams are unfortunately rampant, including scammers pretending to be charitable organizations like the Red Cross. These crop up when disaster strikes, and they masquerade as legitimate ways to donate. Other scammers will pretend to be individuals in need, family members, or even government organizations. Instead, the money goes to illegitimate scammers. To avoid this, you should always double-check links and, more importantly, log in to a reputable site when entering any credit card or banking information. Financial institutions are surprisingly not the most targeted, but they are still rife with sensitive info that can be vulnerable to hackers if not guarded correctly. Cybersecurity in online banking is extremely important. There can be data breaches, customer phishing scams, and even offshore banking transparency issues. Enhanced security must be in place to prevent these scams, including encryption, multi-factor authentication, threat detection, and biometrics. Why Stronger Biometrics Are Necessary Physical biometrics are the most common form of biometrics employed for financial security currently. However, bad actors have learned how to bypass these physical barriers. Printed-out photos can work for face identification, and fingerprints and palm prints can be stolen and imprinted onto soft surfaces and then used for sign-ins. Evolving threats demand cybersecurity measures that are as far advanced as possible. Behavioral biometrics takes things a step further by analyzing the behavior patterns of device users. Then, these patterns can be developed over time and set to be recognized by the device. These behaviors can be digital or in-person and include factors like: Gait; Posture; Signatures;]]> 2024-04-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/enhancing-financial-security-through-behavioral-biometrics www.secnews.physaphae.fr/article.php?IdArticle=8490698 False Malware,Threat Deloitte 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC malware on your computer. Don't give out any personal information to someone who calls you out of the blue. And if they try to get you to click on a link, don't do it. Hang up and call the organization they claimed to be from using a number you know to be legitimate (e.g., the number on the back of your credit card or from the organization's website). What’s more, consider doing a reverse phone lookup on them to see where the number is actually originating from. The message is not personalized If you receive an email that doesn't address you by name or refers to you as "Dear User" or "Dear Valued Customer," be wary. Phishing emails often use generic greetings in an attempt to seem more widespread - and less suspicious - than they actually are. That's because they are usually sent out en masse as part of a massive automated campaign. Phishers usually just have a list of email addresses and the idea isn't to find out the name of the person it belongs to or do any kind of in-depth personalization, but to get as many people as possible to click on the links in their message. The sender's email address doesn't match the organization they're claiming to represent This is a pretty straightforward way to spot a phishing attempt. If you get an email purporting to be from your bank, but the email address it comes from is something like johnsmith12345@gmail.com, then it's pretty clear that something is not right. Organizations won’t send out official communications from a Gmail or Hotmail address. They will always use their own domain name (e.g., WellsFargo.com, PayPal.com). So, if the email you receive is coming from anything other than an organization's official domain, it's a huge red flag. There are grammatical errors or typos in the email If you receive an email that is full of grammatical errors, typos, or just generally seems to be poorly written, it's a good indicator that it's a phishing email. Phishers often send out their emails quickly and without much care or attention to detail. So if an email looks like it was dashed off in a hurry, with no regard for proper spelling or grammar, it's probably a phishing email. Phishing scams also originate overseas, and the architects of these scams aren't native English speakers. So another giveaway that an email might be a phishing attempt is if it contains poor grammar or strange phrasing. The message is urgent or includes a sense of urgency Phishers often try to create a sense of urgency in their emails in order to get people to act quickly without thinking. They might say that your account is about to be closed, or that you need to take action immediately to prevent]]> 2022-11-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/10-ways-to-spot-a-phishing-attempt www.secnews.physaphae.fr/article.php?IdArticle=8166765 False Malware Yahoo,Deloitte 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC over 80% of account holders engage in some form of digital banking. The popularity of digital banking stems from the convenience and level of personalization that it offers. But is digital banking good for you, or do the risks, such as cybersecurity issues, outweigh the benefits?  Below, let’s explore some of the pros and cons of digital transformation in banking. Pros of digital transformation in banking Digital banking offers several advantages to the modern banking customer. Here are a few: 24/7 Access to your bank One of the most significant benefits of digital banking is that it gives you round-the-clock access to your account. You don’t have to wait for working hours to deposit your funds, get an account statement, change your account details, or transact funds. You can do it at any time from wherever you are.  Additionally, you don’t have to waste time in long queues in the banking hall. Digital banking is like having your personal bank right in your pocket. Better rates, lower fees Banks typically charge account maintenance and transaction fees to cover expenses like employees, bank premises, etc. Since digital banking allows customers to serve themselves directly over the internet, there’s less demand for bank employees and multiple brick-and-mortar branches. Therefore, banks embracing digital transformation have lower overheads and can offer their customers lower fees and higher interest rates. These benefits are especially pronounced for purely digital banks without physical premises. Better customer experience A 2021 survey by Deloitte Insights found that digital-first banks routinely outperform traditional banks in multiple areas that matter most to customers, including simplicity of transactions, transaction speed, and the overall quality of the banking experience. Digital banks provide a smoother experience compared to traditional banks. For instance, transacting on a digital bank takes just a few minutes on your smartphone or laptop. In contrast, simply making a transaction in a traditional bank could take close to an hour as you must get to the physical bank, wait in line, fill out transaction forms, and speak to a teller. In addition, digital banks offer features like budgeting tools that make it easier to manage your money. They also update you on every aspect of your account with text and email alerts, such as when you make transactions, when you don’t have enough money for an upcoming bill, and so on. This makes the digital banking experience much better than what you get with a traditional bank. Automated payments With digital banks, it’s amazingly easy to automate your payments. You can set up payments that you want to make from your account every month, s]]> 2022-11-10T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-pros-and-cons-of-the-digital-transformation-in-banking www.secnews.physaphae.fr/article.php?IdArticle=7923522 False Ransomware,Malware,Tool Deloitte,Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Focus on cybersecurity across industries has increased recently, no doubt due to factors like COVID-19 forcing a jump in remote work. In 2020, we saw cybersecurity move from being a technical problem to a business issue. Along with the recognition that businesses really need to lead with a security-first mindset to be resilient, the CISO was elevated to a seat at the proverbial table as a true C-suite leader and trusted board advisor. Energy and utilities face unique challenges compared to other industries. According to McKinsey: “In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists out to publicly register their opposition to utilities’ projects or broad agendas. The second vulnerability is utilities’ expansive and increasing attack surface, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally the electric-power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the commandeering of operational-technology (OT) systems to stop multiple wind turbines, and even physical destruction.” Let’s look at one type of common and profitable attack that could impact energy and utility companies – ransomware. What is ransomware? Ransomware is exactly as the name implies – something valuable to your business is being kept from you until a ransom is paid for its return. In simple terms, ransomware is extortion. Ransomware, a form of malicious software, blocks you from accessing your computer systems or files until you pay the cyber adversary to allow you access to your information. The ransom is typically requested in crypto currency because of its anonymity and ease of online payment – this translates to no tracing of the origin or destination of the funds, a common tactic of cyber criminals. Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Law enforcement agencies recommend not paying the ransom associated with ransomware. The thought is that if the ransom is paid, you as the victim of ransomware are then identified as an easy target for further cybercrime and the ransomware attack is perpetuated against others. Who is the target of ransomware? Cyber criminals seek the path of least resistance in their targets and strike against businesses that are easy targets. Ransomware is a business and the perpetrators, like any good businessperson, are looking for a strong ROI. The C]]> 2021-06-03T10:00:00+00:00 https://feeds.feedblitz.com/~/653868100/0/alienvault-blogs~Ransomware-and-Energy-and-Utilities www.secnews.physaphae.fr/article.php?IdArticle=2884727 True Ransomware,Malware,Tool,Vulnerability,Guideline Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Focus on cybersecurity across industries has increased recently, no doubt due to factors like COVID-19 forcing a jump in remote work. In 2020, we saw cybersecurity move from being a technical problem to a business issue. Along with the recognition that businesses really need to lead with a security-first mindset to be resilient, the CISO was elevated to a seat at the proverbial table as a true C-suite leader and trusted board advisor. Energy and utilities face unique challenges compared to other industries. According to McKinsey: “In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists out to publicly register their opposition to utilities’ projects or broad agendas. The second vulnerability is utilities’ expansive and increasing attack surface, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally the electric-power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the commandeering of operational-technology (OT) systems to stop multiple wind turbines, and even physical destruction.” Let’s look at one type of common and profitable attack that could impact energy and utility companies – ransomware. What is ransomware? Ransomware is exactly as the name implies – something valuable to your business is being kept from you until a ransom is paid for its return. In simple terms, ransomware is extortion. Ransomware, a form of malicious software, blocks you from accessing your computer systems or files until you pay the cyber adversary to allow you access to your information. The ransom is typically requested in crypto currency because of its anonymity and ease of online payment – this translates to no tracing of the origin or destination of the funds, a common tactic of cyber criminals. Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Law enforcement agencies recommend not paying the ransom associated with ransomware. The thought is that if the ransom is paid, you as the victim of ransomware are then identified as an easy target for further cybercrime and the ransomware attack is perpetuated against others. Who is the target of ransomware? Cyber criminals seek the path of least resistance in their targets and strike against businesses that are easy targets. Ransomware is a business and the perpetrators, like any good businessperson, are looking for a strong ROI. The C]]> 2021-06-03T10:00:00+00:00 https://feeds.feedblitz.com/~/653868100/0/alienvault-blogs~Ransomware-and-energy-and-utilities www.secnews.physaphae.fr/article.php?IdArticle=2870813 False Ransomware,Malware,Tool,Vulnerability,Guideline Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC more vulnerable targets to cyberattacks. Schools are finding themselves outmatched as these threats intensify. Parents likewise need to learn about and ensure safe cybersecurity practices for their kids, and would therefore also benefit from learning about the security methods that we are about to cover. In this article, we’ll discuss how school technology leaders can develop the necessary strategies to protect against and mitigate breaches by procuring technology and developing risk management policies and planning for incidents before they occur. Why Are Schools At Risk of Cyber Attacks? In the face of the COVID-19 pandemic, the focus and attention of most of the cybersecurity community have been on protecting government institutions, the airline industry, and the healthcare industry from hackers. This is good, but educational institutions are at just as much risk from malicious hackers as the above industries and organizations are as well. If anything, this risk has only increased significantly due to the record numbers of students who are now attending school via online learning platforms, video conferences, and e-learning environments. In the United States, the Federal Bureau of Investigation has warned extensively about the greatly increased cybersecurity risks of teleconferencing and online classrooms. The FBI specifically cites examples of malicious cybercriminals delivering threatening content to Zoom classroom calls (colloquially referred to as Zoom-bombing), which has even resulted in numerous school districts pulling out of Zoom and seeking alternative platforms. This highlights a larger issue of schools and school districts using technology that has either not been properly vetted or that educators and students are not prepared to use safely. In other words, even as school districts turn to alternative teleconferencing options besides Zoom, they can still be a major risk of falling prey to hackers and cybercriminals. This leads us to our next question: what exactly can school districts and educational inst]]> 2020-06-15T11:00:00+00:00 https://feeds.feedblitz.com/~/627516638/0/alienvault-blogs~Cybersecurity-in-education-Securing-schools-as-they-transition-to-online-learning www.secnews.physaphae.fr/article.php?IdArticle=1768813 False Malware,Vulnerability,Guideline Deloitte None