News RGPD...

News RGPD

  • North Korean Hackers Collaborate with Play Ransomware
    par OSINT without Borders le 1 novembre 2024 à 8h31

    A North Korean-backed hacking group has engaged in a ransomware campaign for the first time, according to Palo Alto Networks. Jumpy Pisces, a hacking group tied to the Reconnaissance General Bureau of the Korean People’s Army, has been involved in a recent ransomware incident, according to a new report by Palo Alto’s threat intelligence team, Unit 42, published on October 30. This marks a shift in the nation-state group’s tactics and the first time they have been involved with financially motivated cyber threat actors. Jumpy Pisces and Play Collaboration In early September 2024, Unit 42 engaged in incident response services for a client impacted by Play ransomware. First detected in 2022, Play is now one of the most active ransomware gangs. Palo Alto tracks this group as Fiddling Scorpius. Upon investigation, Unit 42 observed the earliest signs of unauthorized activity at the end of May 2024. The researchers assessed with high confidence that it came from Jumpy Pisces, with the group gaining initial access via a compromised user account. The North Korean group carried out lateral movement and maintained persistence by spreading the open-source tool Sliver and their unique custom malware, DTrack, to other hosts via Server Message Block (SMB) protocol. These tools continued communicating with Jumpy Pisces’ command-and-control (C2) server until early September. This ultimately led to the deployment of Play ransomware. “It remains unclear whether Jumpy Pisces has officially become an affiliate for Play ransomware or if they acted as an initial access broker (IAB) by selling network access to Play ransomware actors,” Unit 42 researchers wrote. However, Play claimed in its data leak site (DLS) that it does not operate a ransomware-as-a-service (RaaS) model, suggesting that the IAB hypothesis is more likely. “Either way, this incident is significant because it marks the first recorded collaboration between Jumpy Pisces and an underground ransomware network,” Unit 42 researchers wrote. “This development could indicate a future trend where North Korean threat groups will increasingly participate in broader ransomware campaigns, potentially leading to more widespread and damaging attacks globally.” Intrusion Tactics and Tools Jumpy Pisces gained unauthorized initial access after a compromised user account accessed a particular host through a firewall. Partial registry dumps on the host indicate possible use of Impacket’s credential harvesting module, secretsdump.py. Attackers copied files associated with the Sliver and DTrack malware family to various hosts using the compromised account over SMB. DTrack was blocked by the target’s endpoint detection and response (EDR) solution. However, Unit 42 observed Sliver beaconing activity spanning multiple days until early September 2024, with quiet periods in July and sporadically on other days. An unidentified threat actor entered the network in early September through the same compromised user account. They carried out pre-ransomware activities, including credential harvesting, privilege escalation and the uninstallation of EDR sensors, eventually leading to the deployment of Play ransomware. Alongside Sliver and DTrack, attackers used a dedicated tool built to create a privileged user account on victim machines with Remote Desktop Protocol (RDP) enabled, a customized version of Mimikatz, a publicly available credential dumping tool and a trojanized binary that steals browser history, autofills and credit card details for Chrome, Edge and Brave internet browsers. All these tools were signed using several invalid certificates previously linked to Jumpy Pisces.

  • Learning to eat soup with a knife – Sophos News
    par OSINT without Borders le 1 novembre 2024 à 7h29

    Embedded architecture devices such as network appliances haven’t historically been top-of-the-backlog when it comes to security features, and during Pacific Rim they became the subject of an escalating arms race – one that blue teamers, and not just those at Sophos, must get a handle on. The good news is that many of our existing principles transfer extremely well: More recent network appliance technology is based on well-understood OS’s such as Linux variants. The bad news is that some of those principles may need tweaking. While technology has progressed, there is still a high proportion of devices in the field running arcane, security-unaware embedded architectures – sitting on racks collecting dust. Of course Sophos, as an information-security company, has a dual view of security and response; we respond not only to incidents that affect us as a company, but to incidents that affect our products and services – the “us” that is sent into the wider world. Our incident response processes, therefore, extend beyond our own corporate environment to the very infrastructure we deploy for our customers. It’s a particular kind of double vision, which – we hope – gives us a leg up on thinking about how to evolve incident-response principles to meet current needs. Actually making the dual-view system work, though, requires close cooperation between the groups that develop our products and the group tasked with responding to security issues concerning them, our Product Security Incident Response Team (PSIRT). Since not all enterprises have (or have need of) a PSIRT, before we dig into our findings, it’s good to explain how our PSIRT operates. Life in the Sophos PSIRT Our PSIRT monitors several channels for information about new findings in Sophos products and services. For example, as we mentioned in a recent article which provided transparency into Sophos Intercept X (a follow-up explored our content update architecture), we’ve participated in an external bug bounty program since December 14, 2017 – as it turned out, just short of a year before the first ripples of what became Pacific Rim — and welcome the scrutiny and collaborative opportunities that this brings. Our responsible disclosure policy also offers ‘safe harbor’ for security researchers who disclose findings in good faith. In addition to external reports, we also conduct our own internal testing and open-source monitoring. When PSIRT gets an incoming security event, the team triages it – confirming, measuring, communicating, and tracking to ensure our response is proportionate, safe, and adequate. If necessary, we escalate issues to our Global Security Operations Centre (GSOC), which is follow-the-sun with over a dozen outposts coordinating on cases 24/7. Our PSIRT drives remediation, working with our product SMEs to offer technical security guidance, and moving towards resolution alongside response standards – enabling our customers to effectively manage relevant risks in a timely manner. We aim to clearly communicate outcomes in actionable security advisories and comprehensive CVEs – including CVSS scores, and Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC) information. In addition to being just generally best PSIRT practice, this all factors into our commitment to CISA’s Secure by Design initiative. In fact, Sophos was one of the first organizations to commit to the initiative’s pledge, and you can see details of our specific pledges here. (An essay from our CEO, Joe Levy dives deeply into our commitment to Secure by Design and how, with everything we learned from Pacific Rim, we mean to carry that commitment forward.) Of course, a good PSIRT doesn’t just wait for reports to come to it. In the background, as well as performing its own testing and research, the team also works to mature our product security standards, frameworks, and guidelines; perform root cause analyses; and continuously improve our processes based on feedback from both internal and external stakeholders. All these tasks inform what we’ll discuss in the rest of this article, as we break down what we learned from iterating and improving our processes over the life of Pacific Rim. We’ll talk about principles – many of which we have implemented or are in the process of implementing ourselves – as a starting point for a longer conversation among practitioners about what effective and scalable response looks like when it comes to network appliances. What we learned Telemetry It all starts with being able to capture state and changes on the device itself. Network appliances can often be overlooked as devices in their own right, as their usual role is as “invisible” carriers of network traffic. However, this distinction is an important step to provide observability on the device – essential for response. Key challenges: Network plane vs control plane. We don’t want to monitor your network (the network plane). Not in the least. We do, however, want to monitor the device that manages your network (the control plane). This distinction is often logical rather than material, but has become an important distinction to ensure we can preserve customer privacy. On-device resource availability. These appliances are still small devices, with limited RAM and CPU resource availability. Telemetry capture functions must be streamlined to avoid unnecessary service degradation for the device’s primary function. (That said, resource capacity has improved in recent years – which, unfortunately, means it is easier for attackers to hide in the noise. Admins are less likely to accidentally wipe an attacker off a device with an inadvertently judicious hard reboot when they notice that the firewall is running slowly for the whole network, because the modern firewall can tolerate bloatware and thus doesn’t exhibit the same distress.) Noisy data capture. Network appliances are built differently. While a /tmp folder may be reasonably quiet on a user endpoint – and worthy of active monitoring – it can be considerably noisier on a network appliance. Tuning is important to make sure the telemetry isn’t flooded with noise. Streaming Whether the detection occurs on the device or in a back-end data lake (more on that below), there will inevitably be a point at which the acquired telemetry should be sent off the device. While many of these principles are well-documented for the security monitoring field, there are some unique challenges for network appliances. Key challenges: Host interference / NIC setup. Network appliances are already touchy when it comes to network interface management and how the host itself affects the traffic it carries. Adding in an extra data stream output often takes a fair bit of re-architecting. Good technology selections that cause minimal interference are vital to ensure a firebreak between response and device operation. OSQuery stands out as a great example of a technology that can support near-real-time querying while reducing the risk of resource impact. Collection vs. selection. Collection of the entirety of a user’s network traffic is both a massive privacy concern and an extremely inefficient form of detection engineering. “Selecting” the most relevant data using rulesets (that can be created, edited, tested, and deployed) is a standard practice for high-volume collection, but requires well-documented (and audited) selection criteria to make it work. This distinction also allows for judicious application of retention policies – longer for selected data and shorter for collection. Triggers, tripwires, and detections The next stage is discerning signal from noise. As cybersecurity specialists, we are often taught to look for the absence of the normal and the presence of the abnormal – but the definition of both varies widely in network appliances. Key challenges: Telemetry choices + streaming choices = blind spots. Knowingly selecting a subset of collection, while necessary, creates gaps that need to be constantly re-assessed on the fly. Excluding /tmp from collection may be the right move to reduce noise, but leaves it as a perfect staging ground for malware. Practitioners must find ways to monitor these blind spots with lower granularity “tripwires” such as file integrity monitoring. Writing detections over selected data. While having the subset of selected data is a good start, this is likely to still be too much noise to process. We found that at this point, detection engineering practices could then be implemented on the selected data – ideally in a normalized schema alongside other security telemetry, to promote pivoting. Response actions We’re talking about core network infrastructure, which does not respond well to aggressive tactics. While on a user endpoint we may think nothing of terminating a suspected rogue process or isolating a device from a network, doing either on a network appliance could have catastrophic availability impacts to a user network. In our experience, at this stage some firm guardrails, setting expectations and stopping response activity from making the incident worse, were tremendously helpful. Key challenges: Network availability impacts. “Turning it off and on again” hits different when we’re talking about an entire organization’s internet access. Implementing any response actions – scalable/automated or otherwise – must be treated as a potentially highly impactful business change, and must follow a change management process. Network vs control plane (again). It matters at the point of data collection, and it matters during remediation too. Knowing where jurisdiction ends between the responder and the user of the network is vital to ensure a limit of exploitation for response actions, and a limit of exposure for any adverse impact. Commercial and legal limitations. At this point, the conversation begins to expand past technical response practitioners and to members of the extended response team – particularly Legal and the executive suite. Among the questions to raise with those stakeholders: Who owns the risk if a response action disables a network? Who owns the risk if that action isn’t taken, leaving the network vulnerable? Conclusion Necessity is the mother of invention, and it is fair to say that Pacific Rim has shown us that there is more to do in the field of incident response for network appliances. The application of these basic principles has allowed us to protect our customers to a level that we never thought possible, but it has also identified some important limitations that practitioners need to address – some in their own organizations, some in-house at each vendor, some industry-wide. Topics such as network availability, data privacy, and limits of liability, when it comes to response actions, require not only technical but commercial and legal frameworks. Difficult as these topics may be to discuss, let alone implement, it is a conversation we must entertain in multiple venues if we are to keep up with the evolution of these threats. Sophos X-Ops is happy to collaborate with others and share additional detailed IOCs on a case-by-case basis. Contact us via pacific_rim[@]sophos.com. For the full story, please see our landing page: Sophos Pacific Rim: Sophos defensive and counter-offensive operation with nation-state adversaries in China.

  • CVE-2024-50347 | Laravel reverb bis 1.3.x API Endpoint schwache Authentisierung (GHSA-pfrr-xvrf-pxjx)
    par vuldb.com le 31 octobre 2024 à 23h10

    In Laravel reverb bis 1.3.x wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente API Endpoint. Durch das Manipulieren mit unbekannten Daten kann eine schwache Authentisierung-Schwachstelle ausgenutzt werden. Das Advisory kann von github.com heruntergeladen werden. Eine eindeutige Identifikation der Schwachstelle wird mit CVE-2024-50347 vorgenommen. Der Angriff kann über das Netzwerk passieren. Es ist soweit kein Exploit verfügbar. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

  • Our CISO’s view of Pacific Rim – Sophos News
    par OSINT without Borders le 31 octobre 2024 à 21h22

    Sophos is not the first cybersecurity vendor to find its perimeter products the target of sustained nation-state attack. If anything is special about the series of events we reveal in “Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats“, it’s that we are reporting this hunt / counter-hunt activity as fully as ongoing investigations allow to illustrate precisely what the security industry is facing in terms of the determination and aggressiveness of certain attackers. Through it, we’ve learned a great deal about countermeasures. This essay presents three sets of observations that other defenders can apply. To raise the adversary’s cost, burn the adversary’s capability. Sophos is large enough to be able to muster serious resources in emergencies, but still nimble enough to respond rapidly and creatively to put the hurt on an attacker. In this situation, we had the home-field advantage of firewalls being relatively predictable environments. Compared to activity on general-purpose endpoints, attackers are compelled to work harder to be quiet and unobtrusive on firewalls. Measure that against the general high target value of firewalls – powerful Linux devices, always on, good connectivity, situated by their nature in trusted places on the network – and you can see both why an attacker would wish to be there and why we were able to meet the attacker effectively on that field. To be sure, there were a few extraordinary (and tense) moments as we watched the attacker evolving their creative abilities; the UEFI bootkit – we believe it to be the very first observed instance of a bootkit utilized for persistence on firewalls – comes to mind. But that sort of creativity comes at a high cost. A world in which attackers are compelled to find ways to dwell in memory and use UEFI bootkits for persistence is a world in which most defenders would, again, say they had a home-field advantage. (And then they can get on with the process of detecting and responding to those very specific tactics.) Telemetry has been a major factor in our home-field advantage since the start of activity. One of our first actions early in the Asnarök activity (spring 2020) was to issue an automatically deployed hotfix to not only patch the CVE-2020-12271 bug but to improve fleet-wide observability, increasing the volume and the types of telemetry returned to us for analysis. In the years that followed, telemetry, and the associated detection-and-response processes, became an important pillar of our Product Security program. Privacy concerns were of course front-and-center in our thinking (even though the sort of technical internal system data we needed didn’t touch, for instance, PII), so balancing those concerns and the customer-safety benefits of increased data collection was a painstaking process, especially as law enforcement became involved. Of course, defending devices that are on-premises in customer environments has its own constraints. In many cases, those take the form of outdated firmware or end-of-life hardware that’s still in “use” far beyond actual usefulness. The second lesson learned in the course of this series of investigations may seem anti-end-user or unenforceable, but in 2024, it bears serious discussion. For the good of users and of the internet at large, both hotfixes and end-of-life must become non-optional for firewalls. A firewall that’s purchased and then not updated for five years is, frankly, no longer a firewall. A firewall so old it cannot take new hotfixes is, frankly, no longer a firewall. There’s a lively discussion to be had around end-of-life issues with hardware, but let’s take up the hotfix question first. We know that many administrators, particularly those who still adhere to habits and practices developed in the boxed-software era, are wary of applying patches that they have not themselves tested (even though the *-as-a-Service era has smoothed that process to a large degree). Though we agree that hands-on attention to patches and hotfixes is fair and justified for many other devices on production systems, we argue that firewalls administrators need to recognize the time-criticality of updates to these highly specialized systems, and to trust their vendor to rapidly fix issues for them. Of course, this trust must be earned; recent events have made crystal-clear the seriousness of trusting automatic updates, especially for highly privileged applications. Vendors need to take their updating responsibility seriously with rigorous testing, staggered deployments, transparency into all changes and, critically, detection and response processes built to ensure they can react in a way that materially reduces harm across their customer base. Over time, as the internet evolves, even the most diligently updated hardware will reach the end of its ability to cost-effectively support necessary updates and features. At some point, these older devices become not just dead, but actively undead and dangerous, as the events described in Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns show all too well. The firewall becomes a kind of “digital detritus,” the hardware equivalent of the old and unattended data described by Jillian Burrowes many years ago – out of date and destined to be abused. A conversation about how to reduce the attack surface such devices present is a difficult, large, and important conversation – one we believe our vendor community, and the larger defender community, should undertake sooner rather than later. Security is a team sport. Offense is a team effort. Defense needs to be a team effort. And “team” is the operative, the necessary scope here. Sophos’ story is everyone’s story. Not only are we not the only targets, evidence (both public and more closely held) indicates that we’re not even the infosec concern getting the worst of it. As our story shows, the attacks on our perimeter devices were a multi-faceted team effort, the methods of ingress and persistence passed around from criminal group to criminal group. To even the sides, businesses must seek communion with industry peers, with government and law-enforcement entities, and even with independent or even anonymous security researchers. Companies based in Europe and the West may find the structures for public-private relationships far different from those in nations such as China, but this is a rally cry for all of us to leverage our collective intelligence to fight back. In the course of these events, we have worked with a great number and variety of government partners; we list a number of them at the end of the main article. Sophos participates in organizations such as JCDC because it’s the right thing to do, but in the last couple of years we are increasingly seeing real benefits, real information sharing, real analysis, real muscle put into takedowns. As momentum builds, defenders need to find the most effective ways their organizations can take a seat at the table(s) that make sense for their businesses. As our saga shows, the adversaries don’t hesitate. But the fellowship of defenders isn’t just for those with badges or business cards. Bug bounties – once controversial, and still under-appreciated as a form of defender cooperation – also play a part in a strong defender community. On multiple occasions in the course of these events, we paid bounties to researchers reporting vulnerabilities similar, or identical to, those found to be in use by the attacker(s). In at least one case the reported vulnerability was already being used against high-value targets, leading to potential questions of how that happened and how the researcher might have been related to the attackers. Here’s our answer to those questions: Who cares. Do we know how, or if, the researcher and the attacker(s) are related? No. Can we? Highly unlikely. Does it matter? Not really – the only thing that’s important, and the thing that makes it worth it to have paid the bounty, is that we were able to significantly disrupt an ongoing operation and help victims recover from a serious attack. How many more victims could the adversary have compromised, had the issue (CVE-2022-1040) not come to our attention via our bug bounty program? As detailed elsewhere, this saga continues. The wheels of law enforcement sometimes grind slowly, and the entities we believe to be behind this multi-year effort are still very much active. (Indeed, global conflicts have become far more complicated since this all started half a decade ago.) Inside Sophos, the multi-team efforts required to quickly parry waves of attacks have led us to refine and improve in-house processes here – some large, some very small. Those improvements are also an ongoing process. We now make our case to the rest of the industry: Join us in working to raise adversaries’ costs by burning their capability; to find a way to sweep away security detritus that once helped to protect the internet, but now only hurts it; and in treating cyber-defense as a team effort, as the adversaries do. Sophos X-Ops is happy to collaborate with others and share additional detailed IOCs on a case-by-case basis. Contact us via pacific_rim[@]sophos.com. For the full story, please see our landing page: Sophos Pacific Rim: Sophos defensive and counter-offensive operation with nation-state adversaries in China.

  • Attention à vos recherches Google ! Le gouvernement va les surveiller avec l’IA
    par Mariano R. le 31 octobre 2024 à 20h19

    Et si le gouvernement pouvait observer vos recherches sur Google, vos scrolls infinis sur TikTok ou vos posts sur Instagram ? Pour mieux cerner les préoccupations des Français, Matignon met le cap sur la surveillance numérique avec l’IA aux commandes… Et vous risquez de ne rien voir venir ! Mais derrière cette initiative se cache un objectif clair ; prendre le pouls de la société et affiner la stratégie de communication publique. Bienvenue dans l’ère de la surveillance intelligente où chaque clic pourrait en dire long sur vous ! En France, le gouvernement, par le biais de son Service d’information (SIG), envisage de renforcer l’analyse des recherches en ligne des citoyens. Avec ce nouvel appel d’offres, le SIG compte s’attaquer aux réseaux sociaux, mais également aux moteurs de recherche. Ce dispositif comprend désormais le « social listening » et « search listening ». Il ne s’agit plus seulement de surveiller ce que les gens publient, mais bien ce qu’ils recherchent et comment leurs intérêts évoluent au fil du temps. Vos recherches Google bientôt sous surveillance ! Le gouvernement français pourrait bientôt observer de près ce que nous cherchons sur le web. Grâce à l’IA, le SIG, sous la direction du Premier ministre, souhaite analyser en profondeur nos activités en ligne pour mieux comprendre les préoccupations et attentes des citoyens. Le SIG a déjà l’habitude de surveiller les réseaux sociaux comme TikTok et Instagram pour détecter des tendances et des discussions d’actualité. Mais ce n’est pas tout ! Ils vont maintenant s’attaquer à un terrain encore plus vaste, dont les moteurs de recherche. Autrement dit, le gouvernement pourrait inspecter de manière anonyme tout ce que nous tapons dans Google. Par ailleurs, ils analysent ces données pour repérer des signaux faibles, comme les appels à rassemblements en ligne. Et ce projet représente un investissement de 5,05 millions d’euros sur quatre ans, soit 1,26 million d’euros par an. Matignon surveillera bientot nos recherches Google, TikTok & Instagram. Un appel d’offres destiné à l’écoute sociale sur Internet est lancé. Objectifs : scruter les requêtes en ligne des Français et identifier les signaux faibles comme les appels à manifester. @infosmondefrance pic.twitter.com/Z2HJIrZsDA— Sylvie Gérard (@gerard0327) October 31, 2024 Cette fois-ci, le contrat public lancé se divise en cinq parties, au lieu des trois prévues en 2021. L’idée est d’élargir le champ d’analyse pour mieux décoder les thématiques qui nous intéressent, leur fréquence, leur popularité selon les régions, et même les liens entre divers sujets. Je dirais que l’IA va travailler dur pour extraire des tendances significatives de nos recherches et des réseaux sociaux. Évidemment, tout cela fait réfléchir. Que devient donc notre vie privée ? Le SIG promet de respecter le Règlement général sur la protection des données (RGPD). Le gouvernement anonymisera les informations collectées. Toutefois, pour beaucoup, ce type de surveillance reste délicat. L’enjeu ici consiste à s’assurer que le gouvernement utilise ces données uniquement pour comprendre et non pour contrôler. Et vous ? Est-ce que cette initiative vous rassure ou vous inquiète ? Êtes-vous prêt à sacrifier un peu de votre vie privée pour obtenir plus de sécurité ou de compréhension sociale ? Exprimez vos réactions dans les commentaires ! Cet article Attention à vos recherches Google ! Le gouvernement va les surveiller avec l’IA a été publié sur LEBIGDATA.FR.

  • Mimecast Fortifies Email and Insider Risk Defences with AI-Powered Enhancements
    par Marc Jacob le 31 octobre 2024 à 17h55

    Mimecast has announced AI-powered enhancements across its product offerings: Advanced Business Email Compromise (BEC) Protection and market-leading content inspection for its Incydr data protection solution. Cyber risk is evolving at break-neck speed, with a wide spectrum of threats organisations must combat. By deploying AI where it counts, Mimecast helps ensure businesses can keep ahead of attackers while safeguarding their critical IP. These two advancements – spanning email security and insider threat management – deploy natural language processing (NLP) to ensure businesses can keep ahead in the ever-expanding threat landscape. Mimecast's Advanced BEC Protection strengthens security defences with intelligent detection BEC attacks remain one of the biggest threats faced by global organisations of all sizes, the tactic is used in 25% of all financially motivated attacks1. As payloadless attacks become more sophisticated, companies need protection that continuously learns and adapts to effectively mitigate these threats. Utilizing AI and NLP to correlate billions of signals to catch threats, Mimecast's Advanced BEC Protection is engineered to keep communications safe regardless of the attack, all through one integrated platform. This advancement is designed to keep pace with evolving threats, learning from communication patterns. It prevents sophisticated attacks by identifying unusual activity, building a social graph of user interaction, and analysing semantic intent to determine the purpose of an email. By layering in the latest AI technology with Mimecast's proven defences, Advanced BEC Protection is built to provide encompassing threat detection. Key benefits include: • Detection of payloadless attacks - Mimecast's Advanced BEC Protection goes beyond links and files, identifying threats that rely on persuasion. Equipped with industry-leading AI capabilities, like NLP, the platform can identify the characteristics of the risk — not just the risk itself — so companies can help eliminate threats by monitoring for risky phrases and semantic intent to identify the purpose of an email. • Strengthened defenses with integrated protection - Mimecast's comprehensive BEC solution is designed to leverage threat feeds, email authentication protocols and advanced, AI-driven detection capabilities to combat a wide range of attacks. • Increased visibility into threats targeting your users - Mimecast's Advanced BEC Protection doesn't just block attacks, it is also engineered to offer administrators insight into the risky characteristics that led to the verdict on each email, such as the sender relationship and persuasive phrases utilised. Advanced BEC Protection, which is part of Mimecast's connected Human Risk Management platform, will allow the company to deliver on its mission of transforming the way organisations manage and mitigate risk. Mimecast moves the needle on insider risk with evolution of Incydr data protection solution Mimecast's Incydr data protection solution is now equipped with AI-based content inspection capabilities to identify and protect sensitive and confidential data. This new NLP capability enhances the Incydr PRISM system to better detect, score, and respond to events involving PII and PCI data. This new feature is designed to bolster the Incydr library of 250+ Incydr Risk Indicators (IRIs) with new IRIs for PII and PCI entities, such as SSNs and credit card numbers. It is also designed to enable administrators to create their own custom IRIs to analyse content for keywords and number strings unique to their corporate intellectual property. With the new capabilities, the Incydr solution now: • Utilizes AI-based content inspection executed in the cloud – ensuring no endpoint performance impact or user disruption • Detects and alerts on PII and PCI content patterns, out-of-the-box, for multiple file types – including images • Enables detection of custom content patterns and keywords, such as files containing “Attorney/Client Privilege” • Prioritizes events by analysing data sensitivity using file metadata, source, and content patterns These new Incydr capabilities are currently in limited early access, with general availability targeting December 2024.

  • A lightning-fast, modular secret scanner and endpoint extractor in Golang!
    par /u/0x736961774f le 31 octobre 2024 à 17h28

    submitted by /u/0x736961774f [link] [comments]

  • Linkedin sanctionnée pour violation RGPD
    par Sébastien SPISS le 31 octobre 2024 à 16h11

    Une nouvelle sanction RGPD infligée par la DPC (Data Protection Commission) irlandaise à l’encontre de LinkedIn, pour non-respect des règles de protection des données personnelles en lien avec le RGPD (Règlement Général sur la Protection des Données). L’article Linkedin sanctionnée pour violation RGPD est apparu en premier sur Actecil.

  • CVE-2024-8185 | HashiCorp Vault/Vault Enterprise bis 1.18.0 API Endpoint Denial of Service
    par vuldb.com le 31 octobre 2024 à 16h08

    Es wurde eine kritische Schwachstelle in HashiCorp Vault and Vault Enterprise bis 1.18.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Komponente API Endpoint. Mittels Manipulieren mit unbekannten Daten kann eine Denial of Service-Schwachstelle ausgenutzt werden. Auf discuss.hashicorp.com kann das Advisory eingesehen werden. Die Verwundbarkeit wird unter CVE-2024-8185 geführt. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Es ist soweit kein Exploit verfügbar. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

  • RGPD et concurrence déloyale : ce que vous devez savoir
    par Sébastien SPISS le 31 octobre 2024 à 15h11

    Respecter le RGPD (Règlement Général sur la Protection des Données) n’est pas une mince affaire. La conformité requiert des investissements économiques et humains considérables, et certains peuvent être tentés de contourner ces règles pour obtenir un avantage concurrentiel. Mais que se passe-t-il si un concurrent profite de son non-respect du RGPD pour proposer des prix plus attractifs ? Peut-on contester cette pratique pour concurrence déloyale ? La réponse de la CJUE est claire : oui ! L’article RGPD et concurrence déloyale : ce que vous devez savoir est apparu en premier sur Actecil.

A lire également