Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Les fuites de données sont anormalement courantes ces derniers temps. Les cybercriminels ont recours à diverses astuces pour accéder aux bases de données et aux fichiers qui y sont stockés. Le plus logique serait de protéger les bases de données en utilisant le chiffrement, mais c’est souvent irréalisable. Après tout, plus un service a besoin […]
Continue ReadingLorsque les médias disent qu’une entreprise a été victime d’un ransomware, beaucoup pensent que des cybercriminels astucieux ont d’abord écrit le programme malveillant, puis qu’ils ont cherché pendant longtemps avant de trouver comment pirater le système et de pouvoir chiffrer les données confidentielles. C’est à cause de ce raisonnement que divers responsables croient encore que […]
Continue ReadingIf your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability (CVE-2021-44228) in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency (CISA) has advised on Thursday. The agency accompanied the warning with detailed […]
Continue ReadingLe service Managed Detection and Response (MDR) de Kaspersky permet aux entreprises de renforcer leurs équipes de sécurité en externalisant la surveillance 24 heures sur 24 de l’infrastructure professionnelle. Selon un rapport d’analyse MDR récemment publié, le service a traité 410 000 alertes de sécurité en 2021, ce qui a provoqué le signalement de 8479 […]
Continue ReadingThe post Tripwire Products: Quick Reference Guide appeared first on The State of Security.
Continue ReadingJune 15, 2022, is the day that Microsoft will stop supporting most versions of Internet Explorer 11, and organizations should have ensured that they ready for its retirement. But are they? Internet Explorer retirement does not equal death Slowly but relentlessly, Microsoft has been pushing users and organizations to switch to Microsoft Edge as their […]
Continue ReadingLes experts de Kaspersky ont étudié le programme malveillant WinDealer créé par le groupe d’APT LuoYu. La découverte la plus intéressante est que les cybercriminels contrôlent apparemment cette méthode d’attaque de type » man-on-the-side » et l’exploitent avec succès pour délivrer le programme malveillant et pour prendre le contrôle des ordinateurs infectés. Qu’est-ce qu’une attaque de type […]
Continue ReadingA new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. Isolating unmanaged devices Lateral movement is a fundamental tactic deployed by most cyberattackers today, which means […]
Continue ReadingExposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server servers vulnerable to CVE-2021-42321 exploitation are the most common exploit paths medium to large enterprises left open for attackers in Q1 2022, according to Mandiant. Opening doors for attackers The firm has […]
Continue ReadingMore than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the wild began to crop up here and there. Since then, other state-backed threat actors have started exploiting it, but now one of the most active Qbot (QakBot) malware affiliates has also […]
Continue Reading