Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?

Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?,

Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are increasingly willing to pay a subscription or retainer to gain access to expert C-level cyber-assistance

,

Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are increasingly willing to pay a subscription or retainer to gain access to expert C-level cyber-assistance

, ,
https://thehackernews.com/2023/05/download-ebook-what-does-it-take-to-be.html

Grâce aux « passkeys », Google signe le « début de la fin des mots de passe »

Grâce aux « passkeys », Google signe le « début de la fin des mots de passe »,

google

Se connecter à son compte Google sans mot de passe, ni vérification en deux étapes, c’est désormais possible à compter de ce mercredi 3 mai. La méthode (« passkey » ou clé d’accès) est basée sur la norme « Fido ».

,

google

Se connecter à son compte Google sans mot de passe, ni vérification en deux étapes, c’est désormais possible à compter de ce mercredi 3 mai. La méthode (« passkey » ou clé d’accès) est basée sur la norme « Fido ».

, ,
https://www.01net.com/actualites/grace-aux-passkeys-google-signe-le-debut-de-la-fin-des-mots-de-passe.html

L’administration Biden veut mettre les géants de l’IA au pas

L’administration Biden veut mettre les géants de l’IA au pas,

joe biden

Comme un calendrier qui s’accélère. La Maison Blanche a invité les principaux dirigeants du secteur de l’IA à discuter des garde-fous à mettre en place pour atténuer, voire supprimer, les risques soulevés par les outils d’intelligence artificielle. Deux jours plus tôt, l’autorité de la concurrence, en charge de la protection des consommateurs, a aussi rappelé les règles du jeu.

,

joe biden

Comme un calendrier qui s’accélère. La Maison Blanche a invité les principaux dirigeants du secteur de l’IA à discuter des garde-fous à mettre en place pour atténuer, voire supprimer, les risques soulevés par les outils d’intelligence artificielle. Deux jours plus tôt, l’autorité de la concurrence, en charge de la protection des consommateurs, a aussi rappelé les règles du jeu.

, ,
https://www.01net.com/actualites/ladministration-biden-veut-mettre-les-geants-de-lia-au-pas.html

Apple and Google Join Forces to Stop Unauthorized Tracking Alert System

Apple and Google Join Forces to Stop Unauthorized Tracking Alert System,

Apple and Google have teamed up to work on a draft industry-wide specification that’s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags.
« The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and

,

Apple and Google have teamed up to work on a draft industry-wide specification that’s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags.
« The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and

, ,
https://thehackernews.com/2023/05/apple-and-google-join-forces-to-stop.html

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices,

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs.
The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions.
« The 5-year-old vulnerability (

,

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs.
The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions.
« The 5-year-old vulnerability (

, ,
https://thehackernews.com/2023/05/hackers-exploiting-5-year-old-unpatched.html

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units.
The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.
« Successful exploitation of this

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units.
The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.
« Successful exploitation of this

, ,
https://thehackernews.com/2023/05/cisa-issues-advisory-on-critical-rce.html

Voici les 20 mots de passe les plus utilisés en France… et c’est vraiment triste

Voici les 20 mots de passe les plus utilisés en France… et c’est vraiment triste,

mots passe

Les Français continuent de choisir des mots de passe non sécurisés. D’après une étude de NordPass, les internautes ne parviennent pas à changer leurs habitudes. Ils utilisent encore et toujours des codes d’accès qu’un pirate peut « cracker » en moins d’une seconde… Découvrez la liste des mots de passe à ne surtout pas utiliser.

,

mots passe

Les Français continuent de choisir des mots de passe non sécurisés. D’après une étude de NordPass, les internautes ne parviennent pas à changer leurs habitudes. Ils utilisent encore et toujours des codes d’accès qu’un pirate peut « cracker » en moins d’une seconde… Découvrez la liste des mots de passe à ne surtout pas utiliser.

, ,
https://www.01net.com/actualites/voici-20-mots-de-passe-plus-utilises-france-vraiment-triste.html

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software,

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.
The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It’s currently used by several

,

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.
The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It’s currently used by several

, ,
https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html

BouldSpy Android Spyware: Iranian Government’s Alleged Tool for Spying on Minority Groups

BouldSpy Android Spyware: Iranian Government’s Alleged Tool for Spying on Minority Groups

,

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups.
The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups.
« The spyware

,

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups.
The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups.
« The spyware

, ,
https://thehackernews.com/2023/05/bouldspy-android-spyware-iranian.html

Why Telecoms Struggle with SaaS Security

Why Telecoms Struggle with SaaS Security,

The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort.
It’s the breaches in telecom companies that tend to have a seismic impact and far-reaching implications — in addition to reputational damage, which can be

,

The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort.
It’s the breaches in telecom companies that tend to have a seismic impact and far-reaching implications — in addition to reputational damage, which can be

, ,
https://thehackernews.com/2023/05/why-telecoms-struggle-with-saas-security.html