This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-15T16:45:48+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais nouvelles commerciales

---

NormCyber attains Microsoft security specialisation for Threat Protection Recognises Managed Security Service Provider\'s technical capabilities and track record for protecting enterprise environments from attack - Business News]]> 2024-05-14T09:50:02+00:00 https://www.globalsecuritymag.fr/normcyber-attains-microsoft-security-specialisation-for-threat-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8499465 False Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts]]> 2024-05-13T15:49:00+00:00 https://thehackernews.com/2024/05/shq-response-platform-and-risk-centre.html www.secnews.physaphae.fr/article.php?IdArticle=8498846 False Technical None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les discussions de mardi à Genève couvriront les «domaines de préoccupation» et les «opinions sur les risques techniques», selon un responsable de l'administration.

---

>The Tuesday discussions in Geneva will cover “areas of concern” and “views on the technical risks,” per an administration official. ]]> 2024-05-13T09:00:00+00:00 https://cyberscoop.com/us-china-meeting-this-week-to-talk-ai-safety-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8498792 False Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware\'s stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz researcher Muhammed Irfan V A said in a technical report. "Hijack]]> 2024-05-08T16:28:00+00:00 https://thehackernews.com/2024/05/hijack-loader-malware-employs-process.html www.secnews.physaphae.fr/article.php?IdArticle=8495847 False Malware,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Pendant ce temps, la technologie progresse à un rythme effréné, tout comme les risques posés par les cybermenaces.Le rapport FUTURESTM de niveau 2024 révèle cet acte d'équilibrage délicat entre l'innovation et la sécurité.Nous avons examiné l'ensemble des problèmes commerciaux impliqués dans la résilience cyber et de cybersécurité et découvert le leadership exécutif et le leadership technique ont des opportunités pour un alignement beaucoup plus profond. Obtenez votre copie gratuite du rapport. & nbsp; La quête insaisissable de la cyber-résilience. Imaginez un monde où les entreprises sont imperméables aux cybermenaces & mdash; un monde où chaque aspect d'une organisation est sauvegardé contre les perturbations potentielles.C'est l'idéal élevé de la cyber-résilience, mais pour de nombreuses entreprises, elle reste un objectif insaisissable.L'évolution rapide de l'informatique a transformé le paysage informatique, brouillant les lignes entre les logiciels propriétaires et open-source, les systèmes hérités, les initiatives de transformation numérique du cloud computing.Bien que ces progrès apportent des avantages indéniables, ils introduisent également des risques sans précédent. Selon nos recherches, 85% des leaders informatiques reconnaissent que l'innovation informatique a le prix d'un risque accru.Dans un monde où les cybercriminels deviennent de plus en plus sophistiqués, le besoin de cyber-résilience n'a jamais été aussi urgent.Des attaques de ransomwares massives aux incidents DDOS débilitants, les entreprises opèrent dans un climat où une seule cyber violation peut avoir des conséquences catastrophiques. Exploration de la relation entre le leadership exécutif et la cyber-résilience. Notre enquête auprès de 1 050 C-suite et cadres supérieurs comprenait 18 pays et sept industries: énergie et services publics, services financiers, soins de santé, fabrication, commerce de détail, transport et SLED américain (État, gouvernement local et enseignement supérieur).Dans les prochains mois, nous publierons un rapport vertical pour chaque marché.Ce rapport Landmark a été conçu pour aider les organisations à commencer à parler plus de manière réfléchie des vulnérabilités et des opportunités d'amélioration. Dans le rapport, vous & rsquo; ll: Découvrez pourquoi les chefs d'entreprise et les chefs de technologie ont besoin de hiérarchiser la cyber-résilience. découvrez les obstacles critiques à la cyber-résilience. Découvrez les défis concernant la résilience de la cybersécurité. ]]> 2024-05-07T12:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-cyber-resilience-research-reveals-a-complex-terrain www.secnews.physaphae.fr/article.php?IdArticle=8496672 False Ransomware,Vulnerability,Medical,Cloud,Technical None 3.0000000000000000 HackRead - Chercher Cyber Par contributeurs quotidiens est-il vraiment hors ligne en espèces électroniques hors ligne possible?Contrairement à Bitcoin, les experts approfondissent les obstacles techniques de la création de trésorerie logicielle qui fonctionne sans Internet.Découvrez pourquoi y parvenir pourrait être un écrou plus difficile à casser que prévu. Ceci est un article de HackRead.com Lire le post original: Electronic Cash entièrement hors ligne: est-ce un problème insoluble?

---

>By Daily Contributors Is truly offline offline electronic Cash possible? Unlike Bitcoin, experts dig deeper into the technical hurdles of creating software-based cash that works without the internet. Discover why achieving this might be a tougher nut to crack than expected. This is a post from HackRead.com Read the original post: Fully Offline Electronic Cash: Is It an Intractable Problem?]]> 2024-05-05T21:55:43+00:00 https://www.hackread.com/fully-offline-electronic-cash-intractable-problem/ www.secnews.physaphae.fr/article.php?IdArticle=8494243 False Technical None 3.0000000000000000 HexaCorn - Blog de recherche Continuer la lecture & # 8594;

---

In the first part I had promised that I would demonstrate that the piracy is good! (sometimes) I kinda lied back there, but I am not going to lie today: I will tell you all about it in the part … Continue reading →]]> 2024-05-03T23:29:59+00:00 https://www.hexacorn.com/blog/2024/05/03/the-art-of-artifact-collection-and-hoarding-for-the-sake-of-forensic-exclusivity-part-2/ www.secnews.physaphae.fr/article.php?IdArticle=8493260 False Technical None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cybersecurity professionals at GBHackers have discovered a series of cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers to install Mallox Ransomware on systems. **Read more about Microsoft\'s coverage for [Mallox Ransomware here.](https://sip.security.microsoft.com/intel-profiles/7fbe39c998c8a495a1652ac6f8bd34852c00f97dc61278cafc56dca1d443131e)** ## Description The threat actor group\'s modus operandi involves exploiting vulnerabilities in improperly managed MS-SQL servers. By employing brute force and dictionary attacks, the attackers gain unauthorized access, primarily targeting the SA (System Administrator) account.  Once inside, they deploy the Remcos Remote Access Tool (RAT) to take control of the infected system. Remcos RAT, initially used for system breach and control, has been repurposed by attackers for malicious activities, featuring capabilities such as keylogging, screenshot capture, and control over webcams and microphones.  Additionally, a custom-made remote screen control malware is deployed, allowing attackers to gain access to the infected system using the AnyDesk ID obtained from the command and control server. Mallox ransomware, known for targeting MS-SQL servers, was then installed to encrypt the system.  Mallox ransomware, utilizes AES-256 and SHA-256 encryption algorithms, appending a ".rmallox" extension to encrypted files. The attack patterns observed in this campaign bear a striking resemblance to ]]> 2024-05-03T20:14:15+00:00 https://community.riskiq.com/article/f5f3ecc6 www.secnews.physaphae.fr/article.php?IdArticle=8493202 False Ransomware,Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 HexaCorn - Blog de recherche Continuer la lecture & # 8594;

---

This post is going to blow your mind – I am going to demonstrate that the piracy is good! (sometimes) I like to challenge the forensic processes du jour. At least in my head. Today we often use this forensic … Continue reading →]]> 2024-05-02T00:18:27+00:00 https://www.hexacorn.com/blog/2024/05/02/the-art-of-artifact-collection-and-hoarding-for-the-sake-of-forensic-exclusivity/ www.secnews.physaphae.fr/article.php?IdArticle=8492100 False Technical None 3.0000000000000000 Techworm - News avertir dans un article de blog . «La seiche est en attente, reniflant passivement les paquets, n'agissant que lorsqu'il est déclenché par un ensemble de règles prédéfini.Le renifleur de paquets utilisé par la seiche a été conçu pour acquérir du matériel d'authentification, en mettant l'accent sur les services publics basés sur le cloud. » ]]> 2024-05-01T23:25:26+00:00 https://www.techworm.net/2024/05/malware-target-router-steal-password.html www.secnews.physaphae.fr/article.php?IdArticle=8491968 False Malware,Threat,Cloud,Technical APT 32 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:46:49+00:00 https://community.riskiq.com/article/ddb0878a www.secnews.physaphae.fr/article.php?IdArticle=8492016 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC date: Displays the current date and time. ]]> 2024-04-30T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/volatile-data-acquisition-from-live-linux-systems-part-i www.secnews.physaphae.fr/article.php?IdArticle=8491341 False Tool,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The DFIR report provides a detailed account of a sophisticated intrusion that began with a phishing campaign using PrometheusTDS to distribute IcedID malware in August 2023. ## Description The IcedID malware established persistence, communicated with C2 servers, and dropped a Cobalt Strike beacon, which was used for lateral movement, data exfiltration, and ransomware deployment. The threat actor also utilized a suite of tools such as Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. The intrusion culminated in the deployment of Dagon Locker ransomware after 29 days. The threat actors employed various techniques to obfuscate the JavaScript file and the Cobalt Strike shellcode, evade detection, maintain persistence, and perform network enumeration activities. The threat actor\'s activities included the abuse of lateral movement functionalities such as PsExec and Remote Desktop Protocol (RDP), exfiltration of files, dumping and exfiltration of Windows Security event logs, and the use of PowerShell commands executed from the Cobalt Strike beacon. Additionally, the threat actor employed multiple exfiltration techniques, including the use of Rclone and AWS CLI to exfiltrate data from the compromised infrastructure. The deployment of the Dagon Locker ransomware was facilitated through the use of a custom PowerShell script, AWScollector, and a locker module, with a specific PowerShell command run from a domain controller to deploy the ransomware to different systems. The impact of this incident resulted in all systems being affected by the Dagon Locker ransomware. ## References [https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/](https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/)]]> 2024-04-29T20:07:15+00:00 https://community.riskiq.com/article/55e96eb8 www.secnews.physaphae.fr/article.php?IdArticle=8490876 False Ransomware,Malware,Tool,Threat,Technical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les chercheurs de Team82 de Claroty \\ ont découvert une vulnérabilité de désérialisation, CVE-2022-23450, dans Siemens & # 8217;Produit Simatic Energy Manager (Enmpro).La critique ...

---

>Researchers from Claroty\'s Team82 discovered a deserialization vulnerability, CVE-2022-23450, in Siemens’ SIMATIC Energy Manager (EnMPro) product. The critical... ]]> 2024-04-29T13:58:51+00:00 https://industrialcyber.co/vulnerabilities/clarotys-team82-details-exploitation-of-classic-deserialization-vulnerability-in-siemens-enmpro-line/ www.secnews.physaphae.fr/article.php?IdArticle=8490675 False Vulnerability,Technical None 4.0000000000000000 Intigrity - Blog Au cas où vous l'auriez manqué sur notre chaîne Twitter, nous avons récemment lancé des erreurs de configurations (ou mal-figmapper pour faire court)!Misconfig Mapper est un nouveau projet conçu par l'équipe des pirates d'Intigriti pour vous aider à trouver des erreurs de sécurité dans les services populaires utilisés dans vos objectifs de tests de prime / pénétration de bogue (tels que Atlassian, Jenkins, etc.). De plus, il peut vous aider à trouver [& # 8230;]

---

>In case you missed it on our Twitter channel, we’ve recently launched Misconfigurations Mapper (or MisconfigMapper for short)! Misconfig Mapper is a new project designed by Intigriti Hackers Team to help you find security misconfigurations in popular services used at your bug bounty/penetration testing targets (such as Atlassian, Jenkins, etc.).Additionally it can help you find […] ]]> 2024-04-29T10:50:00+00:00 https://blog.intigriti.com/2024/04/29/introducing-misconfig-mapper/ www.secnews.physaphae.fr/article.php?IdArticle=8490592 False Technical None 4.0000000000000000 HexaCorn - Blog de recherche continuer à lire &# 8594;

---

Many forensic artifacts can be looked at from many different angles. A few years ago I proposed a concept of filighting that tried to solve a problem of finding unusual, orphaned and potentially malicious files dropped inside directories that contain … Continue reading →]]> 2024-04-26T23:40:21+00:00 https://www.hexacorn.com/blog/2024/04/26/a-license-metadata-to-kill-for/ www.secnews.physaphae.fr/article.php?IdArticle=8489312 False Technical None 4.0000000000000000 The State of Security - Magazine Américain What\'s going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious threat to organizations. What\'s "junk gun" ransomware? It\'s a name coined by Sophos researchers for unsophisticated ransomware that is often sold cheaply as a one-time purchase. "Junk gun" ransomware is appealing to a criminal who wants to operate independently but lacks technical skills. Can you give some examples? Sure. The Kryptina ransomware was made available for sale in December...]]> 2024-04-25T10:03:58+00:00 https://www.tripwire.com/state-of-security/junk-gun-ransomware-cheap-new-threat-small-businesses www.secnews.physaphae.fr/article.php?IdArticle=8488572 False Ransomware,Threat,Technical None 2.0000000000000000 Korben - Bloger francais 2024-04-23T07:00:00+00:00 https://korben.info/un-nouvel-outil-de-programmation-visuelle-flyde-en-alpha-pour-les-developpeurs.html www.secnews.physaphae.fr/article.php?IdArticle=8487263 False Technical None 4.0000000000000000 Korben - Bloger francais 2024-04-19T16:08:26+00:00 https://korben.info/mateusz-jurczyk-expert-securite-explorant-failles-registre-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8485381 False Tool,Threat,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.]]> 2024-04-19T03:20:00+00:00 https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware www.secnews.physaphae.fr/article.php?IdArticle=8485078 False Malware,Technical None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.]]> 2024-04-18T16:01:00+00:00 https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8484686 False Malware,Mobile,Technical None 2.0000000000000000 ProjectZero - Blog de recherche Google Hives Load hive Unload hive Flush hive to disk Keys Open key Create key Delete key ]]> 2024-04-18T09:46:51+00:00 https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html www.secnews.physaphae.fr/article.php?IdArticle=8484832 False Tool,Prediction,Technical None 4.0000000000000000 ProofPoint - Cyber Firms 2024-04-17T18:00:31+00:00 https://www.proofpoint.com/us/blog/engineering-insights/exploding-prompts-available-open-source www.secnews.physaphae.fr/article.php?IdArticle=8484113 False Malware,Tool,Threat,Studies,Cloud,Technical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Dragos and Hexagon have joined forces to provide industrial organizations with the comprehensive visibility and context of ICS/OT... ]]> 2024-04-17T12:52:50+00:00 https://industrialcyber.co/news/hexagon-and-dragos-announce-technical-alliance-to-boost-industrial-cybersecurity-reduce-overall-ot-cyber-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8484120 False Industrial,Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC nuanced approach to cybersecurity—one that not only fortifies defenses but also resonates with and supports the people behind the screens. Integrating human-centric design with continuous threat management emerges as a forward-thinking strategy, promising a balanced blend of technical excellence and user empathy to navigate the complex cybersecurity challenges of today and tomorrow. Embracing the Human Element in Cybersecurity Diving into the realm of human-centric security design and culture, it\'s clear that the future of cybersecurity isn\'t just about the latest technology—it\'s equally about the human touch. This approach puts the spotlight firmly on enhancing the employee experience, ensuring that cybersecurity measures don\'t become an unbearable burden that drives people to take shortcuts. By designing systems that people can use easily and effectively, the friction often caused by stringent security protocols can be significantly reduced. Gartner\'s insights throw a compelling light on this shift, predicting that by 2027, half of all Chief Information Security Officers (CISOs) will have formally embraced human-centric security practices. This isn\'t just a hopeful guess but a recognition of the tangible benefits these practices bring to the table—reducing operational friction and bolstering the adoption of essential controls. This strategic pivot also acknowledges a fundamental truth. When security becomes a seamless part of the workflow, its effectiveness skyrockets. It\'s a win-win, improving both the user experience and the overall security posture. CTEM: Your Cybersecurity Compass in Stormy Seas Imagine that your organization\'s cybersecurity landscape isn\'t just a static battleground. Instead, it’s more like the open sea, with waves of threats coming and going, each with the potential to breach your defenses. That\'s where Continuous Threat Exposure Management (CTEM) sails in, serving as your trusted compass, guiding you through these treacherous waters. CTEM isn\'t your average, run-of-the-mill security tactic. It\'s about being proactive, scanning the horizon with a spyglass, looking for potential vulnerabilities before they even become a blip on a hacker\'s radar. Think of it as your cybersecurity early-warning system, constantly on the lookout for trou]]> 2024-04-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecuritys-human-factor-merging-tech-with-people-centric-strategies www.secnews.physaphae.fr/article.php?IdArticle=8483336 False Vulnerability,Threat,Studies,Prediction,Medical,Technical None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-11T06:23:43+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/faqs-2024-state-phish-report-part-1-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8480017 False Ransomware,Malware,Tool,Threat,Cloud,Technical None 3.0000000000000000 The State of Security - Magazine Américain As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D\'Addamio , for example, a former nurse turned threat analyst. I spoke with Gina about her career transition. Her responses show how she leveraged her previous experience to succeed in an exciting new role in the cybersecurity space. Check out our conversation below...]]> 2024-04-10T02:58:51+00:00 https://www.tripwire.com/state-of-security/life-cybersecurity-nursing-threat-analyst www.secnews.physaphae.fr/article.php?IdArticle=8479163 False Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has announced support for what\'s called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox]]> 2024-04-08T19:21:00+00:00 https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html www.secnews.physaphae.fr/article.php?IdArticle=8478161 False Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-05T13:39:39+00:00 https://community.riskiq.com/article/b4f39b04 www.secnews.physaphae.fr/article.php?IdArticle=8476526 False Malware,Tool,Vulnerability,Threat,Studies,Industrial,Prediction,Technical Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published this week. "It employs the .NET (de)serialization feature to interact with a core]]> 2024-04-05T13:18:00+00:00 https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8476376 False Malware,Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim\'s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions. #### Reference URL(s) 1. https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/ #### Publication Date March 28, 2024 #### Author(s) Joshua Kamp ]]> 2024-03-28T19:11:03+00:00 https://community.riskiq.com/article/3f7c3599 www.secnews.physaphae.fr/article.php?IdArticle=8472213 False Malware,Mobile,Technical None 3.0000000000000000 GoogleSec - Firm Security Blog how we have been prioritizing firmware security, and how to apply mitigations in a firmware environment to mitigate unknown vulnerabilities. In this post we will show how the Kernel Address Sanitizer (KASan) can be used to proactively discover vulnerabilities earlier in the development lifecycle. Despite the narrow application implied by its name, KASan is applicable to a wide-range of firmware targets. Using KASan enabled builds during testing and/or fuzzing can help catch memory corruption vulnerabilities and stability issues before they land on user devices. We\'ve already used KASan in some firmware targets to proactively find and fix 40+ memory safety bugs and vulnerabilities, including some of critical severity. Along with this blog post we are releasing a small project which demonstrates an implementation of KASan for bare-metal targets leveraging the QEMU system emulator. Readers can refer to this implementation for technical details while following the blog post. Address Sanitizer (ASan) overview Address sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime. It is capable of detecting the following classes of temporal and spatial memory safety bugs: out-of-bounds memory access use-after-free double/invalid free use-after-return ASan relies on the compiler to instrument code with dynamic checks for virtual addresses used in load/store operations. A separate runtime library defines the instrumentation hooks for the heap memory and error reporting. For most user-space targets (such as aarch64-linux-android) ASan can be enabled as simply as using the -fsanitize=address compiler option for Clang due to existing support of this target both in the toolchain and in the libclang_rt runtime. However, the situation is rather different for bare-metal code which is frequently built with the none system targets, such as arm-none-eabi. Unlike traditional user-space programs, bare-metal code running inside an embedded system often doesn\'t have a common runtime implementation. As such, LLVM can\'t provide a default runtime for these environments. To provide custom implementations for the necessary runtime routines, the Clang toolchain exposes an interface for address sanitization through the -fsanitize=kernel-address compiler option. The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren\'t supported by default with -fsanitize=address. We\'ll demonstrate how to use the version of address sanitizer originally built for the kernel on other bare-metal targets. KASan 101 Let\'s take a look at the KASan major building blocks from a high-level perspective (a thorough explanation of how ASan works under-the-hood is provided in this whitepaper). The main idea behind KASan is that every memory access operation, such as load/store instructions and memory copy functions (for example, memm]]> 2024-03-28T18:16:18+00:00 http://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html www.secnews.physaphae.fr/article.php?IdArticle=8477255 False Tool,Vulnerability,Mobile,Technical None 2.0000000000000000 CyberSecurityVentures - cybersecurity services Et le nouveau XDR vaut-il le prix?& # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;27 mars 2024 Alors que la détection et la réponse des points finaux (EDR) et la détection et la réponse prolongées (XDR) représentent toutes deux des outils cruciaux dans l'arsenal de cybersécurité d'aujourd'hui, il peut

---

>And is the newer XDR worth the price? – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Mar. 27, 2024 While Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) both represent crucial tools in today\'s cybersecurity arsenal, it can ]]> 2024-03-28T14:41:47+00:00 https://cybersecurityventures.com/edr-vs-xdr-the-key-differences/ www.secnews.physaphae.fr/article.php?IdArticle=8472066 False Tool,Technical None 3.0000000000000000 GoogleSec - Firm Security Blog Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., www.example.com) into numeric IP addresses (e.g., 192.0.2.1) so that devices and servers can find and communicate with each other. When a user enters a domain name in their browser, the DNS resolver (e.g. Google Public DNS) locates the authoritative DNS nameservers for the requested name, and queries one or more of them to obtain the IP address(es) to return to the browser.When DNS was launched in the early 1980s as a trusted, content-neutral infrastructure, security was not yet a pressing concern, however, as the Internet grew DNS became vulnerable to various attacks. In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.DNS Cache Poisoning AttacksDNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like. Google Public DNS). The path from a client to the resolver is usually on a local network or can be protected using encrypted transports like DoH, DoT. The resolver queries authoritative DNS servers to obtain answers for user queries. This communication primarily occurs over UDP, an insecure connectionless protocol, in which messages can be easily spoofed including the source IP address. The content of DNS queries may be sufficiently predictable that even an off-path attacker can, with enough effort, forge responses that appear to be from the queried authoritative server. This response will be cached if it matches the necessary fields and arrives before the authentic response. This type of attack is called a cache poisoning attack, which can cause great harm once successful. According to RFC 5452, the probability of success is very high without protection. Forged DNS responses can lead to denial of service, or may even compromise application security. For an excellent introduction to cache poisoning attacks, please see “]]> 2024-03-28T14:29:57+00:00 http://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html www.secnews.physaphae.fr/article.php?IdArticle=8477254 False Technical None 2.0000000000000000 SonarSource - Blog Sécu et Codage By acknowledging the impact of technical debt and embracing proactive solutions like Sonar, development teams can mitigate its effects and build software that is resilient, reliable, and scalable.]]> 2024-03-27T08:00:00+00:00 https://www.sonarsource.com/blog/technical-debt-s-impact-on-development-speed-and-code-quality www.secnews.physaphae.fr/article.php?IdArticle=8471591 False Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description StrelaStealer is a malware that targets email clients to steal login data, sending it to the attacker\'s server for potential further attacks. Since StrelaStealer\'s emergence in 2022, the threat actor has launched multiple large-scale email campaigns, with its most recent campaigns impacting over 100 organizations across the EU and U.S. Attackers have targeted organizations in a variety of industries, but organizations in the high tech industry have been the biggest target. Technical analysis of StrelaStealer reveals an evolving infection chain using ZIP attachments, JScript files, and updated DLL payloads, demonstrating the malware\'s adaptability and the challenge it poses to security analysts and products. #### Reference URL(s) 1. https://unit42.paloaltonetworks.com/strelastealer-campaign/ #### Publication Date March 22, 2024 #### Author(s) Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhaparwal, Anmol Maurya, and Vishwa Thothathri]]> 2024-03-26T17:11:47+00:00 https://community.riskiq.com/article/82785858 www.secnews.physaphae.fr/article.php?IdArticle=8470906 False Malware,Threat,Technical None 2.0000000000000000 The State of Security - Magazine Américain What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats , and ways to protect the privacy of online activities. Essential components of browser security include secure communication protocols like HTTPS, which encrypts data in transit; features within the browser that detect and block malicious websites, phishing attempts, and malware; and technical measures for isolating the...]]> 2024-03-26T03:49:14+00:00 https://www.tripwire.com/state-of-security/browser-security-2024-technologies-and-trends www.secnews.physaphae.fr/article.php?IdArticle=8470637 False Malware,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In January 2024, Microsoft discovered they\'d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn\'t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of]]> 2024-03-25T17:07:00+00:00 https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html www.secnews.physaphae.fr/article.php?IdArticle=8470153 False Hack,Vulnerability,Threat,Technical None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Article du journal de droit Recommander la même idée pour les ingénieurs de l'IA. Cet article propose une autre manière: professionnalisation de l'ingénierie AI.Obliger les ingénieurs d'IA pour obtenir des licences pour construire des produits d'IA commerciaux, les pousser à collaborer sur des normes techniques spécifiques au domaine en faveur scientifique et en appuyant sur le domaine et en facilitant les services de police eux-mêmes.Cette proposition de cette article traite des préjudices de l'IA à leur création, influençant les décisions même d'ingénierie qui leur donnent naissance en premier lieu.En arrachant le contrôle des informations et de la conception du système aux entreprises et en les remettant aux ingénieurs de l'IA, la professionnalisation enget une IA digne de confiance par conception.Au-delà de la recommandation de la solution politique spécifique de la professionnalisation, cet article vise à éloigner le discours sur l'IA de l'accent mis sur les solutions légères et les solutions ex post qui traitent des produits déjà créés à un accent sur les contrôles ex ante qui précèdent le développement de l'IA.Nous avons déjà utilisé ce livre de jeu dans les domaines nécessitant un niveau d'expertise élevé où une obligation pour le bien-être public doit l'emporter sur les motivations commerciales.Et si, comme les médecins, les ingénieurs de l'IA ont également promis de ne pas faire de mal? ...

---

The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers. This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to build commercial AI products, push them to collaborate on scientifically-supported, domain-specific technical standards, and charge them with policing themselves. This Article’s proposal addresses AI harms at their inception, influencing the very engineering decisions that give rise to them in the first place. By wresting control over information and system design away from companies and handing it to AI engineers, professionalization engenders trustworthy AI by design. Beyond recommending the specific policy solution of professionalization, this Article seeks to shift the discourse on AI away from an emphasis on light-touch, ex post solutions that address already-created products to a greater focus on ex ante controls that precede AI development. We’ve used this playbook before in fields requiring a high level of expertise where a duty to the public welfare must trump business motivations. What if, like doctors, AI engineers also vowed to do no harm?...]]> 2024-03-25T11:04:34+00:00 https://www.schneier.com/blog/archives/2024/03/licensing-ai-engineers.html www.secnews.physaphae.fr/article.php?IdArticle=8470099 False Technical,Commercial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the]]> 2024-03-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/decoding-the-cybersecurity-implications-of-ais-rapid-advancement www.secnews.physaphae.fr/article.php?IdArticle=8470065 False Spam,Tool,Vulnerability,Threat,Prediction,Technical Deloitte 2.0000000000000000 Techworm - News 2024-03-23T21:28:48+00:00 https://www.techworm.net/2024/03/hackers-unlock-3-million-hotel-doors.html www.secnews.physaphae.fr/article.php?IdArticle=8469128 False Tool,Vulnerability,Mobile,Technical None 2.0000000000000000 Dragos - CTI Society Bienvenue à & # 8220; The Hunt, & # 8221;Une série de blogs s'est concentrée sur le rôle essentiel de la chasse aux menaces dans les environnements de technologie opérationnelle (OT) .... Le post The Hunt: Hugen Hunting in OT Environments est apparu pour la première fois sur dragos .

---

>Welcome to “The Hunt,” a blog series focused on the critical role of threat hunting within operational technology (OT) environments.... The post The Hunt: Threat Hunting in OT Environments  first appeared on Dragos.]]> 2024-03-20T13:58:32+00:00 https://www.dragos.com/blog/what-is-threat-hunting/ www.secnews.physaphae.fr/article.php?IdArticle=8467338 False Threat,Industrial,Technical None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog Understanding Security Debt Security debt is a major and growing problem in software development with significant implications for application security, according to Veracode\'s State of Software Security 2024 Report. Let\'s delve a bit deeper into the scope and risk of security debt, and gain some insights for application security managers to effectively address this challenge. Security debt refers to software flaws that remain unfixed for a year or more. These flaws accumulate over time due to various factors, including resource constraints, technical complexity, or lack of prioritization. Security debt can be categorized as critical or non-critical and can exist in both first-party and, maybe more worrying, third-party code. Prevalence and Impact of Security Debt According to recent research, 42% of active applications have security debt, with 11% carrying critical security debt that poses a severe risk to organizations. Large applications are particularly susceptible, with 40% of…]]> 2024-03-18T12:25:43+00:00 https://www.veracode.com/blog/managing-appsec/security-debt-growing-threat-application-security www.secnews.physaphae.fr/article.php?IdArticle=8466191 False Threat,Technical None 3.0000000000000000 HexaCorn - Blog de recherche I have already covered cases where I abused WINDIR environment variable to LOLBINize some WoW executables. I thought I covered w32tm.exe before, but looking at my blog history I can’t find any reference to it. So, here it is:]]> 2024-03-16T22:18:38+00:00 https://www.hexacorn.com/blog/2024/03/16/lolbin-wow-ltd-x-2/ www.secnews.physaphae.fr/article.php?IdArticle=8465099 False Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2024-03-14T06:00:19+00:00 https://www.proofpoint.com/us/blog/engineering-insights/copilot-ai-assistant-to-increase-developer-productivity www.secnews.physaphae.fr/article.php?IdArticle=8463763 False Tool,Cloud,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app\'s icon from the home screen of the victim\'s device, IBM said in a technical report published today. “Thanks to this new technique, during PixPirate reconnaissance]]> 2024-03-13T19:25:00+00:00 https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html www.secnews.physaphae.fr/article.php?IdArticle=8463199 False Threat,Mobile,Technical None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it\'s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks.   Let\'s explore the key insights from the White House Technical Report and delve into recommendations for integrating security across the software development lifecycle (SDLC).  Securing Cyberspace Building Blocks: The Role of Programming Languages  The White House\'s report emphasizes the programming language as a primary building block in securing the digital ecosystem. It highlights the prevalence of memory safety vulnerabilities and the need to proactively eliminate entire classes of software vulnerabilities. The report advocates for the adoption of…]]> 2024-03-13T11:17:26+00:00 https://www.veracode.com/blog/security-news/timely-shift-prioritizing-software-security-2024-digital-landscape www.secnews.physaphae.fr/article.php?IdArticle=8463264 False Vulnerability,Technical None 2.0000000000000000 ProofPoint - Cyber Firms 2024-03-12T07:03:40+00:00 https://www.proofpoint.com/us/blog/compliance-and-archiving/if-youre-using-veritas-archiving-whats-your-next-step www.secnews.physaphae.fr/article.php?IdArticle=8462674 False Tool,Studies,Cloud,Technical None 2.0000000000000000 Recorded Future - FLux Recorded Future Un certain nombre d'agences gouvernementales françaises ont été touchées par des cyberattaques «intenses», a annoncé lundi le bureau du Premier ministre \\.La nature des attaques, qui a commencé dimanche soir, n'a pas été confirmée bien que la description soit conforme aux attaques distribuées en déni de service (DDOS).Le gouvernement français a déclaré que l'attaque était «menée en utilisant des moyens techniques familiers mais

---

A number of French government agencies have been hit by “intense” cyberattacks, the prime minister\'s office announced on Monday. The nature of the attacks, which began on Sunday night, has not been confirmed although the description is consistent with distributed-denial-of-service (DDoS) attacks. The French government said the attack was “conducted using familiar technical means but]]> 2024-03-11T17:27:44+00:00 https://therecord.media/france-government-ddos-incident www.secnews.physaphae.fr/article.php?IdArticle=8462233 False Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It]]> 2024-03-11T11:58:00+00:00 https://thehackernews.com/2024/03/proof-of-concept-exploit-released-for.html www.secnews.physaphae.fr/article.php?IdArticle=8461989 False Vulnerability,Threat,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring in malicious software components into code.]]> 2024-03-08T03:00:22+00:00 https://www.darkreading.com/application-security/how-to-ensure-open-source-pckages-are-not-landmines www.secnews.physaphae.fr/article.php?IdArticle=8460914 False Technical Bahamut 3.0000000000000000 Dark Reading - Informationweek Branch Cyber risk quantification brings together the CISO\'s technical expertise and the CFO\'s focus on financial impact to develop a stronger and better understanding of cyber risk.]]> 2024-03-07T18:34:58+00:00 https://www.darkreading.com/cyber-risk/cyber-insurance-strategy-requires-ciso-cfo-collaboration www.secnews.physaphae.fr/article.php?IdArticle=8460778 False Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that\'s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the campaign&]]> 2024-03-07T13:09:00+00:00 https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8460221 False Threat,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AI governance  framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from]]> 2024-03-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/securing-ai www.secnews.physaphae.fr/article.php?IdArticle=8460259 False Tool,Vulnerability,Threat,Mobile,Medical,Cloud,Technical ChatGPT 2.0000000000000000 SecurityWeek - Security News Les experts de la réponse aux incidents de Sygnia fournissent un souffle détaillé par coup d'une attaque de ransomware Blackcat et partagent des conseils pour la survie.

---

>Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival. ]]> 2024-03-06T15:21:19+00:00 https://www.securityweek.com/anatomy-of-a-blackcat-attack-through-the-eyes-of-incident-response/ www.secnews.physaphae.fr/article.php?IdArticle=8459887 False Ransomware,Technical None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Office of the National Cyber Director (ONCD) published a technical report built upon President Joe Biden\'s... ]]> 2024-03-06T13:10:39+00:00 https://industrialcyber.co/threat-landscape/oncd-report-outlines-path-to-enhanced-cybersecurity-through-secure-software-and-hardware-practices/ www.secnews.physaphae.fr/article.php?IdArticle=8459841 False Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-05T19:03:47+00:00 https://community.riskiq.com/article/ed40fbef www.secnews.physaphae.fr/article.php?IdArticle=8459485 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Medical,Technical ChatGPT,APT 28,APT 4 2.0000000000000000 Palo Alto Network - Site Constructeur Ignite on Tour est un roadshow mondial de l'industrie de conférences de cybersécurité en personne, réunissant les chefs d'entreprise et les praticiens techniques.

---

>Ignite on Tour is a global industry roadshow of in-person cybersecurity conferences, bringing business leaders and technical practitioners together. ]]> 2024-03-05T11:00:10+00:00 https://www.paloaltonetworks.com/blog/2024/03/cybersecurity-transformation-at-ignite-on-tour/ www.secnews.physaphae.fr/article.php?IdArticle=8459244 False Technical None 3.0000000000000000 HexaCorn - Blog de recherche Continuer la lecture & # 8594;

---

I was recently surprised by the fact that Windows’ nslookup.exe accepts the local config file .nslookuprc. When the program starts it resolves the environment variable HOME and then looks for a %HOME%\.nslookuprc file. It then reads this config file (if … Continue reading →]]> 2024-03-01T23:59:08+00:00 https://www.hexacorn.com/blog/2024/03/01/1-little-known-secret-of-nslookup-exe/ www.secnews.physaphae.fr/article.php?IdArticle=8457737 False Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Recorded Future\'s Insikt Group has discovered new infrastructure related to the operators of Predator, a mercenary mobile spyware. The infrastructure is believed to be in use in at least eleven countries, including Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. Despite being marketed for counterterrorism and law enforcement, Predator is often used against civil society, targeting journalists, politicians, and activists. The use of spyware like Predator poses significant risks to privacy, legality, and physical safety, especially when used outside serious crime and counterterrorism contexts. The Insikt Group\'s research identified a new multi-tiered Predator delivery infrastructure, with evidence from domain analysis and network intelligence data. Despite public disclosures in September 2023, Predator\'s operators have continued their operations with minimal changes. Predator, alongside NSO Group\'s Pegasus, remains a leading provider of mercenary spyware, with consistent tactics, techniques, and procedures over time. As the mercenary spyware market expands, the risks extend beyond civil society to anyone of interest to entities with access to these tools. Innovations in this field are likely to lead to more stealthy and comprehensive spyware capabilities. #### Reference URL(s) 1. https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices #### Publication Date March 1, 2024 #### Author(s) Insikt Group]]> 2024-03-01T20:49:50+00:00 https://community.riskiq.com/article/7287eb1b www.secnews.physaphae.fr/article.php?IdArticle=8457691 False Tool,Mobile,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre.]]> 2024-02-29T19:17:54+00:00 https://www.darkreading.com/endpoint-security/four-new-cwes-released-for-microprocessor-architectures www.secnews.physaphae.fr/article.php?IdArticle=8457137 False Technical None 4.0000000000000000 HackRead - Chercher Cyber Par uzair amir VPN ou proxys résidentiels: quel est le meilleur?Soit \\ explorer sans plonger dans les détails techniques. Ceci est un article de HackRead.com Lire le post original: Explorer les différences entre les procurations résidentielles et les VPN: qui vous convient?

---

>By Uzair Amir VPN or Residential Proxies: Which is best? Let\'s explore without diving into technical details. This is a post from HackRead.com Read the original post: Exploring the Differences Between Residential Proxies and VPNs: Which is Right for You?]]> 2024-02-29T16:07:39+00:00 https://www.hackread.com/differences-between-residential-proxies-and-vpns/ www.secnews.physaphae.fr/article.php?IdArticle=8457028 False Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies.  Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives  54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud]]> 2024-02-29T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-governance-and-preserving-privacy www.secnews.physaphae.fr/article.php?IdArticle=8456899 False Studies,Prediction,Cloud,Technical None 2.0000000000000000 CrowdStrike - CTI Society ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding […]]]> 2024-02-29T01:15:21+00:00 https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8463760 False Ransomware,Technical None 4.0000000000000000 ProofPoint - Cyber Firms 2024-02-27T05:00:31+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/2024-state-of-phish-report www.secnews.physaphae.fr/article.php?IdArticle=8455788 False Ransomware,Tool,Vulnerability,Threat,Studies,Technical None 4.0000000000000000 Dark Reading - Informationweek Branch The Office of the National Cyber Director technical report focuses on reducing memory-safety vulnerabilities in applications and making it harder for malicious actors to exploit them.]]> 2024-02-27T00:12:58+00:00 https://www.darkreading.com/application-security/white-house-switch-memory-safe-languages www.secnews.physaphae.fr/article.php?IdArticle=8455963 False Vulnerability,Threat,Technical None 2.0000000000000000 CyberSecurityVentures - cybersecurity services Apprenez à optimiser votre solution SIEM avec des stratégies et des pratiques clés.& # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;26 février 2024 Les systèmes de gestion de la sécurité et de la gestion des événements (SIEM) jouent un rôle central dans la posture de cybersécurité des organisations avec

---

>Learn how to optimize your SIEM solution with key strategies and practices. – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Feb. 26, 2024 Security Information and Event Management (SIEM) systems play a pivotal role in the cybersecurity posture of organizations with ]]> 2024-02-26T18:27:00+00:00 https://cybersecurityventures.com/siem-implementation-strategies-and-best-practices/ www.secnews.physaphae.fr/article.php?IdArticle=8455511 False Technical None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog In today\'s digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs. Understanding SQL Injection Vulnerabilities and Attacks SQL injection attacks occur when hackers manipulate an application\'s SQL queries to gain unauthorized access, tamper with the database, or disrupt the application\'s functionality. These attacks can lead to identity spoofing, unauthorized data access, and chained attacks. SQL injection is a technique where hackers inject malicious SQL queries into a web application\'s backend database. This vulnerability arises when the application accepts user input as a SQL statement that the database…]]> 2024-02-26T15:17:44+00:00 https://www.veracode.com/blog/secure-development/practical-steps-prevent-sql-injection-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8456060 False Vulnerability,Threat,Guideline,Technical None 3.0000000000000000 SecureMac - Security focused on MAC Explorez les géants de la technologie \\ 'Stance proactive contre les cyber-menaces, un accord mondial sur la manipulation de l'IA et la poussée des attaques d'identification européennes.Vigilance continue dans un paysage numérique dynamique.

---

>Explore tech giants\' proactive stance against cyber threats, a global accord on AI manipulation, and the surge in European credential attacks. Continuous vigilance in a dynamic digital landscape. ]]> 2024-02-23T18:06:39+00:00 https://www.securemac.com/news/checklist-364-tech-tackles-technical-difficulties www.secnews.physaphae.fr/article.php?IdArticle=8454212 False Technical None 2.0000000000000000 SecurityWeek - Security News AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack. ]]> 2024-02-23T10:13:36+00:00 https://www.securityweek.com/att-says-the-outage-to-its-us-cellphone-network-was-not-caused-by-a-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8454073 False Technical None 2.0000000000000000 Sekoia - Cyber Firms L'automatisation joue un rôle central dans la rationalisation des opérations, l'amélioration de la posture de sécurité et la minimisation des risques.Cependant, l'exécution des tâches d'automatisation peut toujours être difficile pour les organisations ayant une infrastructure sur site en raison de la complexité et des contraintes techniques.Pour relever ce défi, Sekoia.io a récemment publié PlayBooks sur prém.Cette nouvelle fonctionnalité aide à exécuter en toute sécurité des actions dans un environnement sur prémal, [& # 8230;] la publication Suivante playbooks on-prem est un article de sekoia.io blog .

---

>Automation plays a pivotal role in streamlining operations, enhancing security posture, and minimizing risks. However, executing automation tasks can still be challenging for organizations with on-premises infrastructure due to technical complexities and constraints. To address this challenge, Sekoia.io has recently released Playbooks on-prem. This new feature helps to safely execute actions across an on-prem environment, […] La publication suivante Playbooks on-prem est un article de Sekoia.io Blog.]]> 2024-02-22T19:41:25+00:00 https://blog.sekoia.io/playbooks-on-prem/ www.secnews.physaphae.fr/article.php?IdArticle=8453832 False Technical None 3.0000000000000000 Bleeping Computer - Magazine Américain Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. [...]]]> 2024-02-21T12:18:14+00:00 https://www.bleepingcomputer.com/news/security/screenconnect-critical-bug-now-under-attack-as-exploit-code-emerges/ www.secnews.physaphae.fr/article.php?IdArticle=8453302 False Vulnerability,Threat,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated]]> 2024-02-20T20:50:00+00:00 https://thehackernews.com/2024/02/new-migo-malware-targeting-redis.html www.secnews.physaphae.fr/article.php?IdArticle=8452773 False Malware,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence.]]> 2024-02-16T22:24:14+00:00 https://www.darkreading.com/cyber-risk/what-using-security-to-regulate-ai-chips-could-look-like www.secnews.physaphae.fr/article.php?IdArticle=8451137 False Technical None 2.0000000000000000 CyberSecurityVentures - cybersecurity services Comment l'Open XDR fournit un moyen efficace et complet de lutter contre les menaces & # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;15 février 2024 Les cyberattaques sont en hausse dans chaque industrie, mais les sociétés de logiciels et leurs clients restent particulièrement vulnérables parce que

---

>How Open XDR provides an effective and comprehensive means of combating threats – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Feb. 15, 2024 Cyberattacks are on the rise in every industry, but software companies and their clients remain especially vulnerable because ]]> 2024-02-15T17:07:14+00:00 https://cybersecurityventures.com/securing-supply-chains-with-open-xdr/ www.secnews.physaphae.fr/article.php?IdArticle=8450505 False Technical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today\'s rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers\' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation. What is top of mind for the CISO in 2024? How do we build a cyber security ecosystem that can manage the threats and opportunities of the future? How do we ensure future technologies are secure by design, not as an afterthought? How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop? Must haves for CISOs in 2024 Protecting privacy Protecting critical assets Mitigating risk Minimizing disruption Maintaining compliance Establishing and maintaining "CRUST" (credibility and trust) Ensuring secure productivity & efficiency At the top of the list of issues driving cybersecurity concerns include: Growing number of hackers/cybercriminals. Evolving threats & advanced skillset of criminals. Privacy concerns handling other\'s data. Generative AI Practical action plan: Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following: 1) Prevents breaches & minimizes the impact of a potential breach Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year. 2) Reduces cybersecurity risks Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allo]]> 2024-02-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-practical-cyber-action-plan-survive-and-thrive www.secnews.physaphae.fr/article.php?IdArticle=8450360 False Vulnerability,Threat,Cloud,Technical None 2.0000000000000000 The State of Security - Magazine Américain Good news for organisations who have fallen victim to the notorious Rhysida ransomware . A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled. Researchers from Kookmin University describe how they exploited an implementation flaw in Rhysida\'s code to regenerate its encryption key in a technical paper about their findings. "Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data. However, an...]]> 2024-02-15T09:18:45+00:00 https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released www.secnews.physaphae.fr/article.php?IdArticle=8450462 False Ransomware,Tool,Vulnerability,Technical None 3.0000000000000000 Bleeping Computer - Magazine Américain The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. [...]]]> 2024-02-15T08:27:50+00:00 https://www.bleepingcomputer.com/news/security/new-qbot-malware-variant-uses-fake-adobe-installer-popup-for-evasion/ www.secnews.physaphae.fr/article.php?IdArticle=8450419 False Malware,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch Boards of directors don\'t care about the minute technical details of the security program. They want to see how key performance indicators are tracked and utilized.]]> 2024-02-14T23:00:00+00:00 https://www.darkreading.com/cybersecurity-analytics/10-security-metrics-categories-cisos-should-present-to-the-board www.secnews.physaphae.fr/article.php?IdArticle=8450418 False Technical None 2.0000000000000000 ProofPoint - Firm Security 2024-02-12T17:27:08+00:00 https://www.proofpoint.com/us/newsroom/news/north-koreas-dmarc-spoofing-tricks www.secnews.physaphae.fr/article.php?IdArticle=8450744 False Technical None 4.0000000000000000 SentinelOne (SecIntel) - Cyber Firms China\'s claims of hacks and espionage lack the rigorous technical detail seen in western threat intel. Why the asymmetry, and how does it benefit the PRC?]]> 2024-02-12T11:00:25+00:00 https://www.sentinelone.com/labs/chinas-cyber-revenge-why-the-prc-fails-to-back-its-claims-of-western-espionage/ www.secnews.physaphae.fr/article.php?IdArticle=8449210 False Threat,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report. Troll]]> 2024-02-08T12:23:00+00:00 https://thehackernews.com/2024/02/kimsukys-new-golang-stealer-troll-and.html www.secnews.physaphae.fr/article.php?IdArticle=8447938 False Malware,Technical None 3.0000000000000000 SecurityWeek - Security News New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. ]]> 2024-02-07T21:45:09+00:00 https://www.securityweek.com/cisa-chinas-volt-typhoon-hackers-planning-critical-infrastructure-disruption/ www.secnews.physaphae.fr/article.php?IdArticle=8447815 False Technical Guam 2.0000000000000000 Intigrity - Blog Les magasins de commerce électronique peuvent perdre beaucoup de revenus si les vulnérabilités de manipulation des prix sont activement exploitées par les mauvais acteurs. & # 160;Ce sont souvent des vulnérabilités de sécurité causées par une mauvaise manipulation de la logique par les développeurs, ce qui peut entraîner une erreur de calcul des prix (injection de formule) à la caisse, permettant souvent aux acheteurs malveillants de commander des articles à un [& # 8230;] très réduit [& # 8230;]

---

>E-commerce stores can lose out on a lot of revenue if price manipulation vulnerabilities get actively exploited by bad actors.  These are often security vulnerabilities caused by improper logic handling by developers which can cause the server to miscalculate prices (formula injection) at checkout, often allowing malicious shoppers to order items at a highly reduced […] ]]> 2024-02-05T11:12:23+00:00 https://blog.intigriti.com/2024/02/05/top-5-price-manipulation-vulnerabilities-ecommerce/ www.secnews.physaphae.fr/article.php?IdArticle=8448087 False Vulnerability,Technical None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Introduction: naviguer dans l'odyssée de cybersécurité IEC 61850 dans la tapisserie complexe des systèmes de contrôle industriel (ICS) et du ...

---

>Introduction: Navigating the IEC 61850 Cybersecurity Odyssey In the intricate tapestry of Industrial Control Systems (ICS) and the... ]]> 2024-02-05T10:46:32+00:00 https://industrialcyber.co/expert/safeguarding-iec-61850-implementation-in-industrial-control-systems-a-technical-odyssey/ www.secnews.physaphae.fr/article.php?IdArticle=8446874 False Industrial,Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2024-02-02T05:00:36+00:00 https://www.proofpoint.com/us/blog/engineering-insights/domain-relationship-policy-framework www.secnews.physaphae.fr/article.php?IdArticle=8446027 False Tool,Prediction,Cloud,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description ESET has worked with the Federal Police of Brazil on an effort to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities. Grandoreiro is a Latin American banking trojan that has been active since at least 2017 and targets Brazil, Mexico, and Spain. Grandoreiro\'s operators have abused cloud providers such as Azure and AWS to host their network infrastructure. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/ #### Publication Date January 30, 2024 #### Author(s) ESET Research ]]> 2024-01-31T21:23:24+00:00 https://community.riskiq.com/article/5af9ede2 www.secnews.physaphae.fr/article.php?IdArticle=8445334 False Cloud,Technical None 3.0000000000000000 Recorded Future - FLux Recorded Future Les citoyens russes ne pouvaient pas accéder à la majorité des sites Web du domaine du pays \\..La panne était

---

Russian citizens couldn\'t access the majority of websites on the country\'s .ru domain for several hours on Tuesday, including the Yandex search engine, the VKontakte social media platform, the major state-owned bank Sberbank and news outlets. The outage was reportedly caused by a technical problem with the .ru domain\'s global Domain Name System Security Extensions,]]> 2024-01-31T13:30:18+00:00 https://therecord.media/russia-top-level-domain-internet-outage-dnssec www.secnews.physaphae.fr/article.php?IdArticle=8445187 False Technical None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology]]> 2024-01-30T11:30:00+00:00 https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/ www.secnews.physaphae.fr/article.php?IdArticle=8445071 False Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Expanded investigation Events search Performing a search of the external username in the customer’s environment led the MDR team to over 1,000 “MessageSent” Teams events that were generated by the user. Although these events did not include the IDs of the recipients, they did include the external user’s tenant ID, as displayed in Image 2 below. Image 2: Event log showing external user tenant ID A Microsoft 365 tenant ID is a globally unique identifier assigned to an organization. It is what allows members of different companies to communicate with one another via Teams. As long as both members of a chat have valid tenant IDs, and External Access is enabled, they can exchange messages. With this in mind, the MDR SOC team was able to query events that contained the external user’s tenant ID and found multiple “MemberAdded” events, which are generated when a user joins a chat in Teams. Image 3: “MemberAdded” event These events include the victim’s user ID, but not the external user ID. In addition to the external tenant ID, the MDR SOC team was able to positively link these “MemberAdded” events back to the attacker via the “ChatThreadId” field, which was also present in the original “MessageSent&rdq]]> 2024-01-30T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response www.secnews.physaphae.fr/article.php?IdArticle=8444739 False Malware,Threat,Technical None 4.0000000000000000 Dark Reading - Informationweek Branch Sunday night, Freehold Township district officials notified its staff and parents that school would not be in session Monday due to technical difficulties caused by a cyber incident.]]> 2024-01-29T16:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/freehold-township-district-closes-due-to-cyber-incident www.secnews.physaphae.fr/article.php?IdArticle=8444476 False Technical None 2.0000000000000000 The State of Security - Magazine Américain In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open new avenues for innovation. However, with great power comes great responsibility, especially in terms of security. OWASP API Security Top 10 offers a roadmap to safeguard these essential tools against evolving cyber threats. For business executives and security professionals alike, understanding and implementing the principles...]]> 2024-01-29T01:51:11+00:00 https://www.tripwire.com/state-of-security/owasp-api-security-top-10-business-guide www.secnews.physaphae.fr/article.php?IdArticle=8444335 False Tool,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart - a multi-layered approach with strategic redundancy and a blend of passive and active security]]> 2024-01-26T16:34:00+00:00 https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html www.secnews.physaphae.fr/article.php?IdArticle=8443370 False Technical None 3.0000000000000000 Securonix - Siem Securonix Threat Research Security Advisory: Technical Analysis and Detection of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN]]> 2024-01-26T09:00:54+00:00 https://www.securonix.com/blog/securonix-threat-research-security-advisory-technical-analysis-and-detection-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ www.secnews.physaphae.fr/article.php?IdArticle=8443435 False Vulnerability,Threat,Technical None 2.0000000000000000 Recorded Future - FLux Recorded Future La société de technologie financière Equlend a été frappée par une cyberattaque cette semaine qui a forcé plusieurs de ses systèmes hors ligne et peut nécessiter plusieurs jours pour se remettre.La société, fondée en 2000 par plusieurs des plus grandes sociétés financières du monde \\, a réalisé des nouvelles futures vers une déclaration disant qu'elle a identifié un problème technique sur

---

Financial technology firm EquiLend was hit with a cyberattack this week which forced several of its systems offline and may require several days to recover from. The company, which was founded in 2000 by several of the world\'s largest financial firms, directed Recorded Future News to a statement saying it identified a technical issue on]]> 2024-01-24T21:45:00+00:00 https://therecord.media/equilend-cyberattack-financial-recovery-two-days www.secnews.physaphae.fr/article.php?IdArticle=8442700 False Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-23T15:29:37+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/more-one-quarter-global-2000-are-not-ready-upcoming-stringent-email www.secnews.physaphae.fr/article.php?IdArticle=8442630 False Spam,Tool,Threat,Cloud,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity]]> 2024-01-22T22:17:00+00:00 https://thehackernews.com/2024/01/north-korean-hackers-weaponize-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8441736 False Threat,Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-22T06:00:26+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/types-identity-threats-attacks www.secnews.physaphae.fr/article.php?IdArticle=8441709 False Malware,Vulnerability,Threat,Patching,Technical None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-01-18T06:15:00+00:00 https://www.computerweekly.com/news/366566733/Cyber-non-profit-enlists-ex-NCSC-head-as-technical-chair www.secnews.physaphae.fr/article.php?IdArticle=8440239 False Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group\'s Pegasus, QuaDream\'s Reign, and Intellexa\'s Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file]]> 2024-01-17T15:52:00+00:00 https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8439832 False Mobile,Technical None 3.0000000000000000