This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T18:48:36+00:00 www.secnews.physaphae.fr AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC biomimetics. Nature’s inspiration for innovation in Spacesuits and Cyber Defense Not only is nature beautiful to look at, but it is also providing us with fantastic ideas for solving complex technological problems. The concept of biomimicry, which refers to drawing inspiration from natural systems to address human challenges, is now trending heavily in fields such as cybersecurity and space exploration. Biomimicry involves the creation and development of materials, structures, and systems that are inspired by biological entities and processes. For thousands of years, humans have turned to the natural world as a source of inspiration for innovations across various domains, including transportation and entertainment. This approach has led to significant advancements, such as the design of aircraft inspired by the aerodynamics of bird wings and the development of anti-glare screens modeled after the intricate nanostructures found in moth eyes. By observing and emulating the unique characteristics of wildlife, we have continuously found ways to enhance our technological capabilities and improve the quality of our daily lives. This field not only highlights the ingenuity inherent in nature but also underscores the potential for sustainable and efficient design solutions drawn from the biological world Nature’s Influence on Cybersecurity Data Masking Inspired by Moths The humble moth, with its ability to blend into its surroundings, provides a perfect metaphor for data masking in cybersecurity. This technique involves hiding real data among fake data, thereby protecting sensitive information from prying eyes. Steganography and the Chameleon Similarly, the chameleon\'s ability to change its color to match its environment mirrors the practice of steganography in cybersecurity. This method involves hiding information within non-secret data, much like concealing a secret message within an ordinary-looking image or audio file. Digital watermarking in multimedia is a practical application of this technique, helping to secure copyrights by embedding invisible codes within files. Consider some applications in different industry verticals: Sacrificial systems and deception Inspired by how some animals like lizards can shed their tails to protect vital organs, healthcare cybersecurity could utilize "sacrificial systems" - offering up less critical systems or data as decoys to distract and study cyber attackers, buying time to strengthen protection of the most sensitive medical information. Biomimicry in Space Suits: A Journey from Earth to Beyond Radiation Protection Inspired by Fungi Recent studies have explored the potential of fungi, particularly those thriving in the radioactive wasteland of Chernobyl, to protect astronauts from cosmic rays. These fungi utilize radiation as an energy source, suggesting their potential to develop into living, self-repairing shie]]> 2024-05-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/wild-wisdom-what-technology-learns-from-the-natural-world www.secnews.physaphae.fr/article.php?IdArticle=8497111 False Studies,Medical None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-05-09T20:21:41+00:00 https://www.darkreading.com/cyberattacks-data-breaches/87-of-ddos-attacks-targeted-windows-os-devices-in-2023 www.secnews.physaphae.fr/article.php?IdArticle=8496786 False Studies None 4.0000000000000000 Zimperium - cyber risk firms for mobile The recent hack of Senator Lindsey Graham\'s phone offers a critical case study, revealing how smishing attacks can successfully compromise personal devices with alarming consequences. ]]> 2024-05-08T23:16:03+00:00 https://www.zimperium.com/blog/white-box-cryptography-the-key-to-safeguarding-sensitive-data-in-mobile-applications/ www.secnews.physaphae.fr/article.php?IdArticle=8496234 False Hack,Studies None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

97% of Organizations Hit by Ransomware Worked with Law Enforcement, Sophos State of Ransomware Report Finds by Sophos - Special Reports]]> 2024-05-08T08:19:06+00:00 https://www.globalsecuritymag.fr/97-of-organizations-hit-by-ransomware-worked-with-law-enforcement-sophos-state.html www.secnews.physaphae.fr/article.php?IdArticle=8495804 False Ransomware,Studies,Legislation None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) How safe is your comments section? Discover how a seemingly innocent \'thank you\' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here.  When is a \'Thank you\' not a \'Thank you\'? When it\'s a sneaky bit of code that\'s been hidden inside a \'Thank You\']]> 2024-05-07T16:12:00+00:00 https://thehackernews.com/2024/05/new-case-study-malicious-comment.html www.secnews.physaphae.fr/article.php?IdArticle=8495186 False Vulnerability,Studies None 3.0000000000000000 TechRepublic - Security News US According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.]]> 2024-05-03T16:52:14+00:00 https://www.techrepublic.com/article/cyber-security-trends-google-report/ www.secnews.physaphae.fr/article.php?IdArticle=8493104 False Studies None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft illustrated the severity of the issue via a case study involving Xiaomi\'s File Manager]]> 2024-05-02T15:30:00+00:00 https://www.infosecurity-magazine.com/news/android-flaw-apps-4-billion/ www.secnews.physaphae.fr/article.php?IdArticle=8492471 False Studies,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-05-02T07:49:28+00:00 https://www.globalsecuritymag.fr/le-rapport-etat-de-la-cybersecurite-en-2024-de-splunk-met-en-avant-l-impact.html www.secnews.physaphae.fr/article.php?IdArticle=8492255 False Studies None 4.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

2024 Data Breach Investigations Report: Half of the breaches in EMEA are internal What you need to know: • More than two-thirds (68%) of breaches globally involve a non-malicious human action. • Vulnerability exploitation experienced 180% growth vs 2023. • On average it took organisations about 55 days to patch 50% of their critical vulnerabilities. - Special Reports]]> 2024-05-02T07:44:47+00:00 https://www.globalsecuritymag.fr/2024-data-breach-investigations-report-half-of-the-breaches-in-emea-are.html www.secnews.physaphae.fr/article.php?IdArticle=8492256 False Data Breach,Vulnerability,Studies None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:46:49+00:00 https://community.riskiq.com/article/ddb0878a www.secnews.physaphae.fr/article.php?IdArticle=8492016 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sophos found that the average ransom payment was $2m in 2023, with 63% of ransom demands $1m or more]]> 2024-04-30T11:40:00+00:00 https://www.infosecurity-magazine.com/news/ransom-payments-surge-500/ www.secnews.physaphae.fr/article.php?IdArticle=8491220 False Studies None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The top malicious domains attracted over 100,000 hits each, according to Akamai Security]]> 2024-04-29T16:00:00+00:00 https://www.infosecurity-magazine.com/news/study-reveals-usps-phishing-levels/ www.secnews.physaphae.fr/article.php?IdArticle=8490730 False Studies None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Je couvre régulièrement le sujet de l'analyse des risques cyber-physiques dans mes écrits, et en conséquence, j'ai reçu ...

---

>I regularly cover the topic of cyber-physical risk analysis in my writings, and as a result, I’ve received... ]]> 2024-04-28T05:22:29+00:00 https://industrialcyber.co/expert/through-the-lens-of-a-case-study-what-it-takes-to-be-a-cyber-physical-risk-analyst/ www.secnews.physaphae.fr/article.php?IdArticle=8489936 False Studies None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all]]> 2024-04-25T10:05:00+00:00 https://www.infosecurity-magazine.com/news/11-percent-cybersecurity-teams/ www.secnews.physaphae.fr/article.php?IdArticle=8488460 False Studies None 3.0000000000000000 SecurityWeek - Security News Les systèmes Hive mènent une autre étude sur les mots de passe de fissuration via des attaques de force brute, mais il ne cible plus MD5.

---

>Hive Systems conducts another study on cracking passwords via brute-force attacks, but it\'s no longer targeting MD5. ]]> 2024-04-24T10:22:19+00:00 https://www.securityweek.com/new-password-cracking-analysis-targets-bcrypt/ www.secnews.physaphae.fr/article.php?IdArticle=8487923 False Studies None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-04-24T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/understanding-how-rationality-deterrence-theory-and-indeterminism-influence-cybercrime www.secnews.physaphae.fr/article.php?IdArticle=8488070 False Tool,Vulnerability,Studies,Legislation,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine One in five UK organizations have had corporate data exposed via generative AI, says RiverSafe]]> 2024-04-24T09:15:00+00:00 https://www.infosecurity-magazine.com/news/fifth-cisos-staff-leaked-data-genai/ www.secnews.physaphae.fr/article.php?IdArticle=8487896 False Studies None 4.0000000000000000 Fortinet - Fabricant Materiel Securite Learn how organizations are using the cloud, their cloud-security challenges, and other insights from the 2024 Cloud Security Report]]> 2024-04-23T19:38:00+00:00 https://www.fortinet.com/blog/industry-trends/key-findings-cloud-security-report-2024 www.secnews.physaphae.fr/article.php?IdArticle=8487424 False Studies,Cloud None 3.0000000000000000 IT Security Guru - Blog Sécurité Insight expert: les méthodes de recrutement obsolètes entravent la cyber-armée mondiale Apparu pour la première fois sur gourou de la sécurité informatique .

---

Cybersecurity is \'inclusive\' by nature: no one is exempt from the fallout of the expanding cyber threat landscape. The notion, therefore, that some groups of individuals are offered fewer opportunities to join the cyber industry than others is frankly absurd. ISC2\'s latest Cybersecurity Workforce Study gives us a snapshot into the supply and demand of […] The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army first appeared on IT Security Guru. ]]> 2024-04-23T15:09:25+00:00 https://www.itsecurityguru.org/2024/04/23/expert-insight-outdated-recruitment-methods-are-impeding-the-global-cyber-army/?utm_source=rss&utm_medium=rss&utm_campaign=expert-insight-outdated-recruitment-methods-are-impeding-the-global-cyber-army www.secnews.physaphae.fr/article.php?IdArticle=8487483 False Threat,Studies None 3.0000000000000000 Data Security Breach - Site de news Francais 2024-04-22T22:02:33+00:00 https://www.datasecuritybreach.fr/bot-internet/ www.secnews.physaphae.fr/article.php?IdArticle=8487052 False Studies None 3.0000000000000000 Techworm - News #StopRansomare: Review our ? #cybersecurity advisory, outlining known #AkiraRansomware #TTPs & #IOCs, developed with @FBI, @EC3Europol, & @NCSC_NL to reduce the exploitation of businesses and critical infrastructure. https://t.co/2VBMKhoAXK pic.twitter.com/Nn0fEK4HRw — CISA Cyber (@CISACyber) April 18, 2024 “Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension.  Akira threat actors have continued to use both Megazord and Akira, including Akira_v2 (identified by trusted third party investigations) interchangeably,” the joint cybersecurity advisory reads. The FBI and cybersecurity researchers have observed Akira threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured, mostly using known Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269. Additional methods of initial access include the use of external-facing services such as Remote Desktop Protocol (RDP), spear phishing attacks, and credential abuse. Once initial access is obtained, Akira threat actors attempt to exploit the functions of domain controllers by creating new domain accounts to establish persis]]> 2024-04-19T20:15:33+00:00 https://www.techworm.net/2024/04/akira-ransomware-42-million-250-orgs.html www.secnews.physaphae.fr/article.php?IdArticle=8485347 False Ransomware,Vulnerability,Threat,Studies None 3.0000000000000000 TechRepublic - Security News US Nearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.]]> 2024-04-18T16:26:44+00:00 https://www.techrepublic.com/article/data-stealing-malware-study/ www.secnews.physaphae.fr/article.php?IdArticle=8484857 False Malware,Studies None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Une fois par an, Check Point publie un rapport annuel examinant les plus grands événements et tendances de la cybersécurité.Dans cet épisode, nous décomposons la dernière itération, en nous concentrant sur ses parties les plus importantes, pour vous rattraper ce que vous devez savoir en 2024.

---

>Once every year, Check Point releases an annual report reviewing the biggest events and trends in cybersecurity. In this episode we’ll break down the latest iteration, focusing on its most important parts, to catch you up on what you need to know most in 2024. ]]> 2024-04-18T13:00:09+00:00 https://research.checkpoint.com/2024/2024-security-report-podcast-edition/ www.secnews.physaphae.fr/article.php?IdArticle=8484727 False Studies None 4.0000000000000000 ProjectZero - Blog de recherche Google Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though I had previously fuzzed PE files in 2019, the new element of code coverage guidance allowed me to discover a completely new bug: issue #2281. For my next target, I chose the Windows registry. That\'s because arbitrary registry hives can be loaded from disk without any special privileges via the RegLoadAppKey API (since Windows Vista). The hives use a binary format and are fully parsed in the kernel, making them a noteworthy local attack surface. Furthermore, I was also somewhat familiar with basic harnessing of the registry, having fuzzed it in 2016 together with James Forshaw. Once again, the code coverage support proved useful, leading to the discovery of issue #2299. But when I started to perform a root cause analysis of the bug, I realized that: The hive binary format is not very well suited for trivial bitflipping-style fuzzing, because it is structurally simple, and random mutations are much more likely to render (parts of) the hive unusable than to trigger any interesting memory safety violations.On the other hand, the registry has many properties that make it an attractive attack]]> 2024-04-18T09:53:59+00:00 https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html www.secnews.physaphae.fr/article.php?IdArticle=8484833 False Tool,Vulnerability,Threat,Studies None 4.0000000000000000 ProofPoint - Cyber Firms 2024-04-17T18:00:31+00:00 https://www.proofpoint.com/us/blog/engineering-insights/exploding-prompts-available-open-source www.secnews.physaphae.fr/article.php?IdArticle=8484113 False Malware,Tool,Threat,Studies,Cloud,Technical None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year]]> 2024-04-17T08:30:00+00:00 https://www.infosecurity-magazine.com/news/insider-threats-14-cost-living/ www.secnews.physaphae.fr/article.php?IdArticle=8483988 False Studies None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-04-17T08:21:29+00:00 https://www.globalsecuritymag.fr/tendances-mondiales-de-la-cybersecurite-au-1er-trimestre-2024-les-cyberattaques.html www.secnews.physaphae.fr/article.php?IdArticle=8483992 False Ransomware,Studies None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC nuanced approach to cybersecurity—one that not only fortifies defenses but also resonates with and supports the people behind the screens. Integrating human-centric design with continuous threat management emerges as a forward-thinking strategy, promising a balanced blend of technical excellence and user empathy to navigate the complex cybersecurity challenges of today and tomorrow. Embracing the Human Element in Cybersecurity Diving into the realm of human-centric security design and culture, it\'s clear that the future of cybersecurity isn\'t just about the latest technology—it\'s equally about the human touch. This approach puts the spotlight firmly on enhancing the employee experience, ensuring that cybersecurity measures don\'t become an unbearable burden that drives people to take shortcuts. By designing systems that people can use easily and effectively, the friction often caused by stringent security protocols can be significantly reduced. Gartner\'s insights throw a compelling light on this shift, predicting that by 2027, half of all Chief Information Security Officers (CISOs) will have formally embraced human-centric security practices. This isn\'t just a hopeful guess but a recognition of the tangible benefits these practices bring to the table—reducing operational friction and bolstering the adoption of essential controls. This strategic pivot also acknowledges a fundamental truth. When security becomes a seamless part of the workflow, its effectiveness skyrockets. It\'s a win-win, improving both the user experience and the overall security posture. CTEM: Your Cybersecurity Compass in Stormy Seas Imagine that your organization\'s cybersecurity landscape isn\'t just a static battleground. Instead, it’s more like the open sea, with waves of threats coming and going, each with the potential to breach your defenses. That\'s where Continuous Threat Exposure Management (CTEM) sails in, serving as your trusted compass, guiding you through these treacherous waters. CTEM isn\'t your average, run-of-the-mill security tactic. It\'s about being proactive, scanning the horizon with a spyglass, looking for potential vulnerabilities before they even become a blip on a hacker\'s radar. Think of it as your cybersecurity early-warning system, constantly on the lookout for trou]]> 2024-04-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecuritys-human-factor-merging-tech-with-people-centric-strategies www.secnews.physaphae.fr/article.php?IdArticle=8483336 False Vulnerability,Threat,Studies,Prediction,Medical,Technical None 2.0000000000000000 TechRepublic - Security News US Research has found that criminals can demand higher ransom when they compromise an organisation\'s backup data in a ransomware attack. Discover advice from security experts on how to properly protect your backup.]]> 2024-04-12T15:44:26+00:00 https://www.techrepublic.com/article/ransomware-attackers-target-backups/ www.secnews.physaphae.fr/article.php?IdArticle=8480811 False Ransomware,Studies None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Une étude de l'ISC2 à but non lucratif révèle que les champs de cybersécurité sont des tendances américaines des disparités de rémunération entre les hommes et les femmes.

---

>A study from non-profit ISC2 finds that the cybersecurity fields bucks U.S. trends of pay disparities between men and women. ]]> 2024-04-11T13:00:00+00:00 https://cyberscoop.com/women-make-less-than-men-in-us-cyber-jobs-but-the-gap-is-narrowing/ www.secnews.physaphae.fr/article.php?IdArticle=8479992 False Studies None 3.0000000000000000 Recorded Future - FLux Recorded Future La Federal Communications Commission (FCC) a annoncé lundi qu'elle lançait une procédure officielle pour étudier les moyens d'empêcher les agresseurs d'utiliser des outils de connectivité automobile pour harceler les survivants de la violence domestique.L'agence a déclaré avoir publié un avis de réglementation proposée qui abritera comment s'assurer que les constructeurs automobiles et les services sans fil

---

The Federal Communications Commission (FCC) announced Monday that it is launching a formal proceeding to study ways to prevent abusers from using car connectivity tools to harass domestic violence survivors. The agency said it has issued a notice of proposed rulemaking which will home in on how to make sure automakers and wireless service]]> 2024-04-09T00:37:43+00:00 https://therecord.media/fcc-connected-car-stalking-rulemaking www.secnews.physaphae.fr/article.php?IdArticle=8478392 False Tool,Studies None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-05T13:39:39+00:00 https://community.riskiq.com/article/b4f39b04 www.secnews.physaphae.fr/article.php?IdArticle=8476526 False Malware,Tool,Vulnerability,Threat,Studies,Industrial,Prediction,Technical Guam 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Checkmarx One Total Economic Impact Study Finds Return on Investment of 177% in Fewer Than Six Months and Gain of $7.13M in Benefits Over Three Years New independent study of a global, $10 billion composite organization with 1000 developers demonstrated a 177% ROI, 40-50% improvement in developer productivity and 35% reduction in the likelihood of a breach over three years - Special Reports]]> 2024-04-05T12:24:03+00:00 https://www.globalsecuritymag.fr/checkmarx-one-total-economic-impact-study-finds-return-on-investment-of-177-in.html www.secnews.physaphae.fr/article.php?IdArticle=8476479 False Studies None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux / / affiche

---

Over Half of UK Smartphone Users Left Vulnerable to Cyber Attacks by Bitdefende has uncovered a stark reality: more than half of smartphone users are gambling with their digital safety. - Special Reports / affiche]]> 2024-04-04T08:46:30+00:00 https://www.globalsecuritymag.fr/over-half-of-uk-smartphone-users-left-vulnerable-to-cyber-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8475755 False Studies None 3.0000000000000000 knowbe4 - cybersecurity services Les nouvelles données d'attaque TTP couvrant 2023 mettent en lumière les acteurs de la menace et les actions des utilisateurs qui mettent les organisations les plus à risque.

---

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk.]]> 2024-04-03T16:36:17+00:00 https://blog.knowbe4.com/phishing-and-users-top-list-as-cyberattack-initial-access-enablers www.secnews.physaphae.fr/article.php?IdArticle=8475328 False Threat,Studies None 3.0000000000000000 ComputerWeekly - Computer Magazine 2024-04-03T15:51:00+00:00 https://www.computerweekly.com/news/366578657/RDP-abused-in-over-90-of-cyber-attacks-Sophos-finds www.secnews.physaphae.fr/article.php?IdArticle=8475417 False Studies None 4.0000000000000000 Global Security Mag - Site de news francais - rapports spéciaux

---

Flashpoint released its 2024 Global Threat Intelligence Report that looks back at 2023 to shed light on cyber threats, geopolitical turmoil, and escalating physical conflicts around the world to help organizations strengthen defenses, ensure operational resilience, and proactively confront multifaceted threats. - Special Reports]]> 2024-03-27T20:00:58+00:00 https://www.globalsecuritymag.fr/flashpoint-releases-annual-global-threat-intelligence-report.html www.secnews.physaphae.fr/article.php?IdArticle=8471580 False Threat,Studies None 4.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

AI and automation have helped organizations respond to security incidents up to 99% faster than last year, according to new study from ReliaQuest With social engineering still the biggest threat to organizations, AI is being leveraged on both sides to increase the threat and the speed of defense; Organizations fully leveraging AI and automation can respond to threats within 7 minutes or less - Special Reports]]> 2024-03-26T17:21:58+00:00 https://www.globalsecuritymag.fr/ai-and-automation-have-helped-organizations-respond-to-security-incidents-up-to.html www.secnews.physaphae.fr/article.php?IdArticle=8470888 False Threat,Studies None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Foundation for Defense of Democracies (FDD) published a study highlighting a mismatch in the U.S. military\'s failure... ]]> 2024-03-26T15:12:18+00:00 https://industrialcyber.co/threat-landscape/fdd-study-reveals-gaps-in-us-militarys-cyber-talent-recruitment-and-retention-calls-for-reforms/ www.secnews.physaphae.fr/article.php?IdArticle=8470828 False Studies None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Détails .Il est de 2 millions de dollars de moins qu'en 2022, mais il est encore beaucoup beaucoup. La récompense la plus élevée pour un rapport de vulnérabilité en 2023 était de 113 337 $, tandis que le décompte total depuis le lancement du programme en 2010 a atteint 59 millions de dollars. Pour Android, le système d'exploitation mobile le plus populaire et le plus largement utilisé, le programme a accordé plus de 3,4 millions de dollars. Google a également augmenté le montant maximal de récompense pour les vulnérabilités critiques concernant Android à 15 000 $, ce qui a augmenté les rapports communautaires. Au cours des conférences de sécurité comme ESCAL8 et Hardwea.io, Google a attribué 70 000 $ pour 20 découvertes critiques dans le système d'exploitation Android et Android Automotive et 116 000 $ pour 50 rapports concernant les problèmes dans Nest, Fitbit et Wearables ...

---

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables...]]> 2024-03-22T11:01:39+00:00 https://www.schneier.com/blog/archives/2024/03/google-pays-10m-in-bug-bounties-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8468408 False Vulnerability,Studies,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-03-20T19:11:48+00:00 https://www.darkreading.com/application-security/akamai-research-finds-29-of-web-attacks-target-apis www.secnews.physaphae.fr/article.php?IdArticle=8467497 False Studies None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Thales latest report also suggests less than half of organizations have a formal ransomware response plan]]> 2024-03-20T16:00:00+00:00 https://www.infosecurity-magazine.com/news/27-spike-ransomware-8-yield/ www.secnews.physaphae.fr/article.php?IdArticle=8467398 False Ransomware,Studies None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-03-20T14:36:21+00:00 https://www.globalsecuritymag.fr/palo-alto-networks-devoile-son-nouveau-rapport-sur-l-etat-de-la-securite-ot.html www.secnews.physaphae.fr/article.php?IdArticle=8467371 False Studies,Industrial None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Trend Micro researchers disclosed that since early 2022 they have been tracking Earth Krahang, an APT (advanced persistent... ]]> 2024-03-20T10:26:22+00:00 https://industrialcyber.co/news/trend-micro-uncovers-earth-krahang-hackers-exploiting-intergovernmental-trust-for-cross-government-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8467250 False Studies,Prediction None 3.0000000000000000 Zimperium - cyber risk firms for mobile L'image est douloureusement claire...Les organisations ne voient pas de ralentissement de la fraude financière ciblant les appareils mobiles.MasterCard a récemment partagé que leurs données montrent une tendance de 41 milliards de dollars de perte liée à la fraude en 2022, atteignant 48 milliards de dollars d'ici 2023. JuniperResearch met le nombre à 91 milliards de dollars d'ici 2028 et [& # 8230;]

---

>The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting  mobile devices. Mastercard recently shared that their data shows a trend of $41billion in fraud-related loss in 2022, growing to $48billion by 2023.  JuniperResearch puts the number at $91billion by 2028 and […] ]]> 2024-03-19T13:00:00+00:00 https://zimpstage.wpengine.com/blog/the-growing-risks-of-on-device-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=8470945 False Studies,Mobile,Prediction None 4.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region.]]> 2024-03-19T10:00:20+00:00 https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2023/112153/ www.secnews.physaphae.fr/article.php?IdArticle=8466577 False Threat,Studies,Industrial None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine DoControl said one in six employees was found to have shared company data via personal email]]> 2024-03-14T16:00:00+00:00 https://www.infosecurity-magazine.com/news/surge-saas-assets-employee-data/ www.secnews.physaphae.fr/article.php?IdArticle=8463867 False Studies,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

DoControl\'s 2024 State of SaaS Data Security Report Found Companies Create 286K New SaaS Assets Weekly, and 1 out of 6 Employees Shared Company Data With Personal Email. Increased exposure of SaaS assets greatly heightens risk for potential breaches - Product Reviews]]> 2024-03-14T14:56:45+00:00 https://www.globalsecuritymag.fr/docontrol-s-2024-state-of-saas-data-security-report-found-companies-create-286k.html www.secnews.physaphae.fr/article.php?IdArticle=8463871 False Studies,Cloud None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google revealed it paid $10m in bug bounty payments to more than 600 researchers in 2023, with the highest single payment being £113,337]]> 2024-03-14T11:30:00+00:00 https://www.infosecurity-magazine.com/news/google-paid-10m-bug-bounties/ www.secnews.physaphae.fr/article.php?IdArticle=8463733 False Studies None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors]]> 2024-03-13T14:01:00+00:00 https://www.infosecurity-magazine.com/news/cloud-account-attacks-surged-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8463205 False Threat,Studies,Cloud None 4.0000000000000000 Silicon - Site de News Francais 2024-03-13T13:36:33+00:00 https://www.silicon.fr/cigref-anticiper-cyberattaques-476803.html www.secnews.physaphae.fr/article.php?IdArticle=8463198 False Tool,Studies None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New Mimecast report finds cybercriminals capitalise on businesses\' biggest flaw: Human risk Annual research report explores the State of Email and Collaboration Security, finding that 74% of all cyber breaches are caused by human factors - Special Reports]]> 2024-03-13T13:10:05+00:00 https://www.globalsecuritymag.fr/new-mimecast-report-finds-cybercriminals-capitalise-on-businesses-biggest-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8463203 False Studies None 4.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs Data and Credential Theft Malware are Top Two Threats Against SMBs in 2023, Accounting for Nearly 50% of All Malware Sophos Detected Targeting this Market Segment Ransomware Still the Biggest Threat to SMBs; Business Email Compromise on the Rise, Along with More Sophisticated Social Engineering Tactics - Special Reports]]> 2024-03-13T08:30:49+00:00 https://www.globalsecuritymag.fr/2024-sophos-threat-report-cybercrime-on-main-street-details-cyberthreats-facing.html www.secnews.physaphae.fr/article.php?IdArticle=8463062 False Malware,Threat,Studies None 4.0000000000000000 Kaspersky - Kaspersky Research blog In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected.]]> 2024-03-13T08:00:40+00:00 https://securelist.com/state-of-stalkerware-2023/112135/ www.secnews.physaphae.fr/article.php?IdArticle=8463037 False Studies None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws]]> 2024-03-12T17:45:00+00:00 https://www.infosecurity-magazine.com/news/top-vulnerabilities-corporate-web/ www.secnews.physaphae.fr/article.php?IdArticle=8462761 False Vulnerability,Studies None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Office of the Director of National Intelligence (ODNI) has unveiled an unclassified version of its Annual Threat Assessment of the US Intelligence Community]]> 2024-03-12T17:00:00+00:00 https://www.infosecurity-magazine.com/news/us-intelligence-predicts-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8462731 False Threat,Studies None 4.0000000000000000 Palo Alto Network - Site Constructeur Il y a des défis pour l'IA en cybersécurité dans des environnements réels avec une haute précision, nécessitant une spécialisation dans le domaine d'étude spécifique.

---

>There are challenges for AI in cybersecurity in real-world environments with high precision, requiring specialization in the specific field of study. ]]> 2024-03-12T16:55:14+00:00 https://www.paloaltonetworks.com/blog/2024/03/challenges-for-ai-in-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8462737 False Studies None 2.0000000000000000 Data Security Breach - Site de news Francais 2024-03-12T15:13:49+00:00 https://www.datasecuritybreach.fr/phishing-tuesday-mardi/ www.secnews.physaphae.fr/article.php?IdArticle=8462708 False Studies None 4.0000000000000000 SecurityWeek - Security News GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. ]]> 2024-03-12T12:47:00+00:00 https://www.securityweek.com/cisas-ot-attack-response-team-understaffed-gao/ www.secnews.physaphae.fr/article.php?IdArticle=8462645 False Studies,Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Three-quarters of cyber-incidents Sophos responded to involved small businesses in 2023, with attackers\' main goal being data theft]]> 2024-03-12T12:20:00+00:00 https://www.infosecurity-magazine.com/news/cyber-incident-victims-small/ www.secnews.physaphae.fr/article.php?IdArticle=8462620 False Studies None 3.0000000000000000 Bleeping Computer - Magazine Américain Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company\'s products and services. [...]]]> 2024-03-12T12:00:00+00:00 https://www.bleepingcomputer.com/news/google/google-paid-10-million-in-bug-bounty-rewards-last-year/ www.secnews.physaphae.fr/article.php?IdArticle=8462730 False Studies None 2.0000000000000000 ProofPoint - Cyber Firms 2024-03-12T07:03:40+00:00 https://www.proofpoint.com/us/blog/compliance-and-archiving/if-youre-using-veritas-archiving-whats-your-next-step www.secnews.physaphae.fr/article.php?IdArticle=8462674 False Tool,Studies,Cloud,Technical None 2.0000000000000000 Recorded Future - FLux Recorded Future Avec la croissance croissante de l'intelligence disponible exclusivement à partir d'informations publiquement ou dans le commerce, les agences de renseignement ont été confrontées à la manière de mieux comprendre la collecte et le traitement des données.Dans un nouvelle stratégie publié vendredi par le bureau du directeur national (ODNI) et la CIA, les agences, les agencesdit le

---

With the surging growth of intelligence available exclusively from publicly or commercially available information, intelligence agencies have been grappling with how to get a better handle on collecting and processing the data. In a new strategy released Friday by the Office of the Director of National Intelligence (ODNI) and the CIA, the agencies said the]]> 2024-03-11T17:24:16+00:00 https://therecord.media/odni-osint-strategy-few-details www.secnews.physaphae.fr/article.php?IdArticle=8462234 False Studies None 4.0000000000000000 Silicon - Site de News Francais 2024-03-11T14:07:15+00:00 https://www.silicon.fr/open-trusted-cloud-que-retenir-du-1er-barometre-des-editeurs-de-logiciels-europeens-dovhcloud-476663.html www.secnews.physaphae.fr/article.php?IdArticle=8462163 False Studies,Cloud None 4.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-03-11T10:25:07+00:00 https://www.globalsecuritymag.fr/trend-micro-rapport-2023-sur-l-etat-de-la-cybersecurite.html www.secnews.physaphae.fr/article.php?IdArticle=8462507 False Threat,Studies,Prediction None 4.0000000000000000 Dark Reading - Informationweek Branch Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.]]> 2024-03-08T21:42:16+00:00 https://www.darkreading.com/cybersecurity-operations/ciso-corner-nsa-guidelines-utility-sbom-case-study-lava-lamps www.secnews.physaphae.fr/article.php?IdArticle=8460995 False Studies None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain documenté Les résultats dans un article qui donne beaucoup de bien donne beaucoup de bienExemples et essaie d'organiser une taxonomie de stratégies d'injection rapide efficaces.Il semble que la stratégie réussie la plus courante soit l'attaque d'instructions composée la plus courante, & # 8221;Comme dans & # 8220; dire & # 8216; J'ai été Pwned & # 8217;sans période. & # 8221; Ignorez ce titre et HackapRomppt: exposer les vulnérabilités systémiques de LLMS via une compétition de piratage invite à l'échelle mondiale Résumé: Les modèles de grande langue (LLM) sont déployés dans des contextes interactifs avec l'engagement direct des utilisateurs, tels que les chatbots et les assistants d'écriture.Ces déploiements sont vulnérables à l'injection rapide et au jailbreak (collectivement, piratage rapide), dans lequel les modèles sont manipulés pour ignorer leurs instructions d'origine et suivre des instructions potentiellement malveillantes.Bien que largement reconnue comme une menace de sécurité significative, il y a une pénurie de ressources à grande échelle et d'études quantitatives sur le piratage rapide.Pour aborder cette lacune, nous lançons un concours mondial de piratage rapide, qui permet des attaques d'entrée humaine en forme libre.Nous produisons 600k + invites adversaires contre trois LLM de pointe.Nous décrivons l'ensemble de données, qui vérifie empiriquement que les LLM actuels peuvent en effet être manipulées via un piratage rapide.Nous présentons également une ontologie taxonomique complète des types d'invites contradictoires ...

---

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts...]]> 2024-03-08T12:06:58+00:00 https://www.schneier.com/blog/archives/2024/03/a-taxonomy-of-prompt-injection-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8460800 False Vulnerability,Threat,Studies None 3.0000000000000000 Kaspersky - Kaspersky Research blog This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks.]]> 2024-03-07T10:00:53+00:00 https://securelist.com/spam-phishing-report-2023/112015/ www.secnews.physaphae.fr/article.php?IdArticle=8460239 False Spam,Studies None 4.0000000000000000 Recorded Future - FLux Recorded Future Plus de 12,5 milliards de dollars ont été perdus en 2023 à cause de la fraude en ligne dans les cas signalés par le public américain, selon le FBI \\’s annuel Rapport sur la criminalité sur Internet - Une augmentation de 22% par rapport à l'année précédente.Le rapport compile les informations du Centre des plaintes de criminalité sur Internet du FBI \\ et montre une augmentation constante de la fraude presque à travers

---

More than $12.5 billion was lost in 2023 to online fraud in cases reported by the American public, according to the FBI\'s annual Internet Crime Report - a 22% increase on the year before. The report compiles information from the FBI\'s Internet Crime Complaint Center (IC3) and shows a steady increase in fraud nearly across]]> 2024-03-06T19:23:26+00:00 https://therecord.media/fbi-internet-crime-report-2023 www.secnews.physaphae.fr/article.php?IdArticle=8459980 False Studies None 4.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-03-06T14:28:56+00:00 https://www.globalsecuritymag.fr/94-des-responsables-informatiques-s-appuient-sur-un-stockage-immuable-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8459865 False General Information,Studies None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-05T19:03:47+00:00 https://community.riskiq.com/article/ed40fbef www.secnews.physaphae.fr/article.php?IdArticle=8459485 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Medical,Technical ChatGPT,APT 28,APT 4 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New Study From IRONSCALES & Osterman Research Reveals Organizations High on Confidence, Low on Capabilities Against Image-Based Attacks While over 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, nearly 76% were still compromised in the last 12 months - Special Reports]]> 2024-03-05T16:10:40+00:00 https://www.globalsecuritymag.fr/new-study-from-ironscales-osterman-research-reveals-organizations-high-on.html www.secnews.physaphae.fr/article.php?IdArticle=8459424 False Studies None 3.0000000000000000 Cisco - Security Firm Blog This year, the team was tapped to build a similar team to support the Cisco Live Melbourne 2023 conference. This report serves as a summary of the design, deployment, and operation of the network, as well some of the more interesting findings from three days of threat hunting on the network.]]> 2024-03-01T13:00:12+00:00 https://feedpress.me/link/23535/16598184/cisco-live-melbourne-soc-report www.secnews.physaphae.fr/article.php?IdArticle=8457501 False Threat,Studies,Conference None 4.0000000000000000 Data Security Breach - Site de news Francais 2024-02-29T15:58:39+00:00 https://www.datasecuritybreach.fr/intercert-france/ www.secnews.physaphae.fr/article.php?IdArticle=8457026 False Studies None 5.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Chainalysis study of crypto flows reveals darknet markets made $1.7bn in 2023]]> 2024-02-29T14:00:00+00:00 https://www.infosecurity-magazine.com/news/dark-web-market-revenues-rebound/ www.secnews.physaphae.fr/article.php?IdArticle=8456978 False Studies None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Global Checkmarx Study Finds Vulnerabilities in Applications Developed In-house Were the Cause of Breaches at 92% of Companies Surveyed Global study of CISOs, AppSec leaders and developers reveals that business pressures are a primary reason for the release of vulnerable applications - Special Reports]]> 2024-02-29T12:58:04+00:00 https://www.globalsecuritymag.fr/global-checkmarx-study-finds-vulnerabilities-in-applications-developed-in-house.html www.secnews.physaphae.fr/article.php?IdArticle=8456980 False Vulnerability,Studies None 4.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-02-29T11:56:55+00:00 https://www.globalsecuritymag.fr/assurance-cyber-stoik-publie-son-premier-bilan-annuel-des-sinistres-de-ses.html www.secnews.physaphae.fr/article.php?IdArticle=8456932 False Studies None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies.  Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives  54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud]]> 2024-02-29T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-governance-and-preserving-privacy www.secnews.physaphae.fr/article.php?IdArticle=8456899 False Studies,Prediction,Cloud,Technical None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-02-28T17:21:10+00:00 https://blog.knowbe4.com/credential-theft-mostly-due-phishing www.secnews.physaphae.fr/article.php?IdArticle=8456542 False Studies None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-02-28T15:11:22+00:00 https://www.globalsecuritymag.fr/le-rapport-securityscorecard-sur-les-violations-tierces-revele-que-la-chaine-d.html www.secnews.physaphae.fr/article.php?IdArticle=8456496 False Studies None 4.0000000000000000 Palo Alto Network - Site Constructeur Le rapport de la réponse aux incidents de l'unité 42 de 2024 offre un aperçu des tactiques des attaquants et des recommandations exploitables pour vous aider à défendre votre organisation.

---

>The 2024 Unit 42 Incident Response Report offers insights into attacker tactics and actionable recommendations to help you defend your organization. ]]> 2024-02-28T14:00:53+00:00 https://www.paloaltonetworks.com/blog/2024/02/unit-42-incident-response-report/ www.secnews.physaphae.fr/article.php?IdArticle=8456442 False Studies None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC get the 2022 report). Get the complimentary 2023 report.   The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Energy and Utilities-specific respondents equal 203. At the onset of our research, we established the following hypotheses. ·       Momentum edge computing has in the market. ·       Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. ·       Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED- delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the energy and utilities industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that energy and utilities leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common t]]> 2024-02-28T13:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/get-the-att-cybersecurity-insightsreport-focus-on-energy-and-utilities www.secnews.physaphae.fr/article.php?IdArticle=8456418 False Ransomware,Studies None 4.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New Viakoo Survey Finds Less Than Half of IT Leaders are Confident in their IoT Security Plans 71% of IT leaders wish they started their IoT security plans differently so they could remediate vulnerabilities faster - Special Reports]]> 2024-02-27T18:34:03+00:00 https://www.globalsecuritymag.fr/new-viakoo-survey-finds-less-than-half-of-it-leaders-are-confident-in-their-iot.html www.secnews.physaphae.fr/article.php?IdArticle=8456013 False Vulnerability,Studies,Industrial None 2.0000000000000000 Fortinet - Fabricant Materiel Securite FortiGuard Labs annual report reviews critical Outbreak Alerts impacting organizations worldwide. Learn more.]]> 2024-02-27T14:00:00+00:00 https://www.fortinet.com/blog/threat-research/fortiguard-labs-outbreak-alerts-report-2023 www.secnews.physaphae.fr/article.php?IdArticle=8455918 False Threat,Studies None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Viakoo study also said 50% firms faced IoT cyber incidents in past year, 44% of which were severe]]> 2024-02-27T14:00:00+00:00 https://www.infosecurity-magazine.com/news/half-leaders-identify-iot-security/ www.secnews.physaphae.fr/article.php?IdArticle=8455884 False Studies None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Synopsys report reveals 74% of codebases now contain risky open source components]]> 2024-02-27T13:00:00+00:00 https://www.infosecurity-magazine.com/news/commercial-code-highrisk-open/ www.secnews.physaphae.fr/article.php?IdArticle=8455858 False Studies,Commercial None 3.0000000000000000 UnderNews - Site de news "pirate" francais Les menaces cyber ciblant les individus représentent un risque croissant pour les entreprises ; les notifications de pénalités financières directes liées aux campagnes d'hameçonnage ont augmenté de 320 % en France, et celles liées aux dommages réputationnels de 166 %. Rapport State of the Phish 2024 de Proofpoint : 75 % des salariés français jouent sciemment avec la sécurité de leur entreprise Tribune – […] The post Etude Proofpoint : 75% des salariés français mettent sciemment leur entreprise à risque first appeared on UnderNews.]]> 2024-02-27T12:32:30+00:00 https://www.undernews.fr/reseau-securite/etude-proofpoint-75-des-salaries-francais-mettent-sciemment-leur-entreprise-a-risque.html www.secnews.physaphae.fr/article.php?IdArticle=8455855 True Threat,Studies None 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions]]> 2024-02-27T11:00:00+00:00 https://www.infosecurity-magazine.com/news/orgs-inected-ransomware-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8455811 False Ransomware,Studies None 3.0000000000000000 ProofPoint - Firm Security 2024-02-27T08:58:07+00:00 https://www.proofpoint.com/us/newsroom/news/68-percent-employees-willingly-gamble-organizational-security www.secnews.physaphae.fr/article.php?IdArticle=8460304 False Studies None 4.0000000000000000 ProofPoint - Cyber Firms 2024-02-27T05:00:31+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/2024-state-of-phish-report www.secnews.physaphae.fr/article.php?IdArticle=8455788 False Ransomware,Tool,Vulnerability,Threat,Studies,Technical None 4.0000000000000000 Kaspersky - Kaspersky Research blog This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others.]]> 2024-02-26T08:00:20+00:00 https://securelist.com/mobile-malware-report-2023/111964/ www.secnews.physaphae.fr/article.php?IdArticle=8455272 False Malware,Threat,Studies,Mobile None 4.0000000000000000 knowbe4 - cybersecurity services Trente pour cent de tous les cyber-incidents en 2023 impliquaient des abus de références valides, selon le dernier indice de renseignement sur les menaces d'IBM X-Force.Cela représente une augmentation de soixante et onze pour cent par rapport à 2022.

---

Thirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force\'s latest Threat Intelligence Index. This represents a seventy-one percent increase compared to 2022.]]> 2024-02-23T14:02:47+00:00 https://blog.knowbe4.com/-one-in-three-cyberattacks-last-year-involved-abuse-of-accounts www.secnews.physaphae.fr/article.php?IdArticle=8454129 False Threat,Studies None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial EU Member States, backed by the European Commission and ENISA, the EU’s Cybersecurity Agency, released this week a... ]]> 2024-02-23T10:50:54+00:00 https://industrialcyber.co/news/eu-releases-comprehensive-risk-assessment-report-on-cybersecurity-resilience-of-communication-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8454067 False Studies None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cyolo, en partenariat avec Ponemon Institute, a publié une étude mondiale explorant la façon dont les organisations qui opèrent une infrastructure critique, industrielle ...

---

>Cyolo, in partnership with Ponemon Institute, released a global study exploring how organizations that operate critical infrastructure, industrial... ]]> 2024-02-23T10:41:59+00:00 https://industrialcyber.co/news/new-cyolo-and-ponemon-institute-research-identifies-significant-gaps-in-securing-access-to-connected-ot-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8454071 False Studies,Industrial None 3.0000000000000000 IT Security Guru - Blog Sécurité Nouvelle cyberison \\ 'True Cost to Business Study 2024 \' révèle qu'il ne paie toujours pas pour payer d'abord apparu sur Guru de sécurité informatique .

---

Cybereason has today announced the results of their third annual ransomware study, commissioned to better understand the true impact of ransomware to businesses. This global study reveals ransomware attacks are becoming more frequent, effective, and sophisticated: 56 percent of organisations surveyed suffered more than one ransomware attack in the last 24 months. It still \'doesn\'t […] The post New Cybereason \'True Cost to Business Study 2024\' Reveals it Still Doesn\'t Pay to Pay first appeared on IT Security Guru. ]]> 2024-02-22T13:46:38+00:00 https://www.itsecurityguru.org/2024/02/22/new-cybereason-true-cost-to-business-study-2024-reveals-it-still-doesnt-pay-to-pay/?utm_source=rss&utm_medium=rss&utm_campaign=new-cybereason-true-cost-to-business-study-2024-reveals-it-still-doesnt-pay-to-pay www.secnews.physaphae.fr/article.php?IdArticle=8453682 False Ransomware,Studies None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le Centre de partage et d'analyse des informations sur l'électricité (E-ISAC) a dévoilé son rapport de fin d'année 2023 parallèlement à sa vidéo de 2023 annuelle ...

---

>The Electricity Information Sharing and Analysis Center (E-ISAC) unveiled its 2023 End-of-Year Report alongside its 2023 Year-in-Review video... ]]> 2024-02-22T09:05:35+00:00 https://industrialcyber.co/reports/e-isac-2023-report-highlights-cybersecurity-triumphs-and-challenges-in-electricity-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8453576 False Studies None 4.0000000000000000 Sekoia - Cyber Firms Ce rapport donne un aperçu de l'évolution de l'araignée dispersée, de son modus operandi et de l'ensemble d'outils se sont exploités au cours des dernières années.De plus, il plonge dans le TTPS Spider Spisted Spider, ainsi que les dernières campagnes en cours, y compris leurs cibles actuelles. la publication Suivante araignée dispersée pose de nouveaux œufs est un article de Blog Sekoia.io .

---

>This report provides an overview of the Scattered Spider evolution, its modus operandi and the toolset leveraged over the past years. Additionally, it delves into the Scattered Spider TTPs, as well as the latest ongoing campaigns, including their current targets. La publication suivante Scattered Spider laying new eggs est un article de Sekoia.io Blog.]]> 2024-02-22T08:30:00+00:00 https://blog.sekoia.io/scattered-spider-laying-new-eggs/ www.secnews.physaphae.fr/article.php?IdArticle=8453572 False Studies None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Introduction: Comprendre le paysage des menaces en évolution de la cybersécurité industrielle 2023 a été un moment de bassin versant pour la cybersécurité industrielle, ...

---

>Introduction: Understanding the Evolving Threat Landscape in Industrial Cybersecurity 2023 has been a watershed moment for industrial cybersecurity,... ]]> 2024-02-22T08:28:44+00:00 https://industrialcyber.co/expert/strengthening-ics-ot-cyber-resilience-learning-from-2023s-cybersecurity-incidents-from-dragos-report/ www.secnews.physaphae.fr/article.php?IdArticle=8453577 False Threat,Studies,Industrial None 4.0000000000000000 CybeReason - Vendor blog ]]> 2024-02-21T21:57:49+00:00 https://www.cybereason.com/blog/ransomware-true-cost-to-business-2024 www.secnews.physaphae.fr/article.php?IdArticle=8453397 False Ransomware,Studies None 4.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-02-21T15:58:44+00:00 https://www.globalsecuritymag.fr/rapport-2024-incident-response-unit-42-palo-alto-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8453266 False Tool,Threat,Studies None 3.0000000000000000