Aggregator

Cobalt Strike и Pypykatz открывают путь к полному контролю над сетью.

A threat actor has allegedly claimed responsibility for breaching Cyepro Solutions, a company known for its cloud solutions tailored to the automotive sales industry. The breach, reportedly in July 2024, has potentially compromised the personal information of approximately 97,000 individuals. Breach Details Emerge The news broke when Dark Web Intelligence, a well-known entity in the […]

The post Threat Actor Allegedly Claiming Breach of Cyepr appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

【开奖】批量查询工具权限已开通

分享近期值得关注的IOC

BerBeroka组织由友商趋势科技披露，与DRBControl、TAG33等同源，我们将其与内部团伙合并后一直沿用该名称持续跟踪至今，针对我国金融、医院医疗、游戏等行业攻击，受害规模远超我们之前披露的APT-Q-29和BlackTech

How to avoid malware sent using scam ‘missed parcel’ SMS messages, and what to do if your phone is already infected.

作者：phith0n 原文链接：https://www.leavesongs.com/PENETRATION/nashorn-rce-without-parentheses.html 近期有用户提了一个有趣的问题： 简单来说就是，在Java的Nashorn脚本中，如果不允许使用小括号(、)和中括号[、]，如何执行任意命令？ 1 浏览器JavaScript无括号XSS 我们知道，Nas...

Cybersecurity firm Group-IB has uncovered a sophisticated cybercrime operation targeting Spanish banking customers. The criminal group GXC Team has been using AI-powered phishing tools and Android malware to steal sensitive banking information. This article delves into the GXC Team’s operational methods, the unique characteristics of its malicious tools, its attack strategies, and its effective defense […]

The post Hacker Attacking Bank Users With AI-powered Phishing Tools and Android Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

在补天白帽大会，白帽师傅们不是观众，是共建者!

额外奖励金最高1000元~

OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service
madhav
Tue, 07/30/2024 - 10:20

Oracle stands apart by offering a comprehensive suite of services across all its cloud delivery models, from Oracle Alloy and Dedicated Region Cloud@Customer to its standard Public Cloud service. Regardless of the means of delivery or usage, security, and regulatory compliance are significant hindrances to cloud adoption. These concerns are particularly pressing for large enterprise clients traditionally relying on Oracle's database expertise to safeguard their most sensitive data. The pivotal Thales and Oracle external key management partnership directly addresses the challenge of securely storing data in the cloud in a manner that instills trust in large enterprises.

Continuing in its efforts to innovate for Oracle customers, we at Thales are excited to announce that organizations can now use Thales’ CipherTrust Data Security Platform as a Service (CDSPaaS) with Oracle Cloud Infrastructure (OCI) Vault’s External Key Management Service (EKMS) for full Hold Your Own Key (HYOK) encryption key management. Now customers can be in full control of their OCI keys without having to deploy hardware in their own data center as well as meet their data sovereignty needs.

Overview of CipherTrust Data Security Platform as-a-Service

Until this announcement, businesses have had the option to externally manage their OCI encryption keys by using Thales’ CipherTrust Cloud Key Management (CCKM) as either a physical appliance or virtual machine or sometimes arrayed in a hybrid or multi-cloud architecture. Now, with OCI Vault EKMS support available on the CipherTrust Data Security Platform-as-a-service (CDSPaaS), Thales offers a cloud-based service offering to the mix. Customers should have the choice of how and where they store their encryption keys. And now, they can do just that fully with Thales’ CipherTrust Data Security Platform.

The same underlying CCKM technology from our appliances underpins CDSPaaS. CCKM centralizes the management and storage of cloud encryption keys (from a broad array of CSP (Cloud Service Providers) vendors including Oracle Cloud Infrastructure) as organizations migrate their sensitive data to the cloud. With a single pane of glass view across regions, the CCKM functionality on CDSPaaS consolidates Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) use cases for customers in one straightforward interface to drive greater efficiency and more easily comply with data protection mandates, such as GDPR, Schrems II and the Data Privacy Framework (DPF).

CDSPaaS for OCI Vault EKMS is available to customers via Thales’s Data Protection on Demand (DPoD) Marketplace, a cloud-based online marketplace providing a wide range of cloud HSM (Hardware Security Modules), key management and encryption services. FIPS 140-2 Level 3 certified Luna Cloud HSMs (Hardware Security Modules) hosted in the Thales’ DPoD data centers secure the keys for each CDSPaaS subscription. The service automatically scales to meet the demands placed on it, so customers enjoy the high availability and resilience customary to the cloud. With a 30-day free trial, you can test it now.

Benefits of the Service

• Save time and effort by simplifying security management: Organizations avoid the procurement, configuration, and management cycles involved with purchasing hardware when they subscribe to CDSPaaS. Using Thales’ cloud-based DPoD service, organizations get to value faster with their OCI investments while also side-stepping the administrative costs associated with on-premises and siloed key management.
• Spread out capital investment costs: CDSPaaS subscriptions allow customers to fund their purchase over multiple years instead of experiencing heavy upfront capital expenditures. Thales’ subscription model allows customers to plan their spending in a consistent, reliable manner rather than having to budget inconsistent, one-time expenses.
• Scale when and how you need: CDSPaaS allows customers scale their requirements when they need it. Rather than purchasing hardware and capacity that organizations will need to grow into, CDSPaaS allows customers to add capacity on-demand as they add OCI Vault tenants for a just-in-time approach to meet their business demands more cost-effectively and to reduce their carbon footprint.
• The solution allows customers to address important compliance obligations by remaining in control of their data/encryption keys as their data resides in the cloud. More specifically, it allows European customers to ensure that their data safely resides within the EU under the control.Oracle Addresses European Data Privacy and Sovereignty Requirements with New EU Sovereign Cloud

Conclusion

Enterprises should have the tools to control their data however they see fit. Working with Oracle, we are excited to make this aspiration a reality. Some of the world’s most sensitive data resides in Oracle databases. Together with Oracle, we are making OCI not only possible, but convenient, for these customers and their most important data.

Try A Free Trial

CipherTrust Data Security Platform-as-a-service is available now, and businesses can sign up for a 30-day free trial through the Thales Data Protection on Demand (DPoD) Marketplace by following these three easy steps:

1) Sign up for a DPoD Marketplace account.

2) Select the CDSP (CipherTrust Data Security Platform) service on the DPoD Marketplace and fill in the requested information.

3) Log in and get started with no commitments.

To learn more read the product brief or contact one of our experts here.

Data Security Cloud Security Encryption Compliance Alex Hanway | Director of Business Development
More About This Author > Schema basic

The post OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service appeared first on Security Boulevard.

The most completed and up to date crawlers list including the most common ones, the top SEO and TOOLS crawlers

The post The Complete 2024 Crawler List You Need to Identify All Web Crawlers appeared first on Security Boulevard.

Модель для защиты LLM от вредоносных запросов провалила проверку на прочность.

疑似与印度有关

速修复

每日更新当天鲜活情报和热点漏洞

Cloudflare, best known for its content delivery network (CDN), is marketed as a “Connectivity Cloud”. Part of its offering is protecting a vast number of websites from DDoS attacks [1]. However, its attitude to abuse management and prevention proves a point of contention and we urge Cloudflare to review its anti-abuse policies.

The post Too big to care? – Our disappointment with Cloudflare’s anti-abuse posture appeared first on Security Boulevard.

Picus Security claims just 12% of simulated attacks trigger an alert

青藤，让云更安全

近期，通过投放木马病毒入侵公司电脑，从而冒充企业老板或客户诈骗财会人员的“精准投毒”类电信网络诈骗案件高发，造成相关企业巨大损失。公安部对此高度重视，部署各地公安机关迅速行动、重拳出击，成功侦破一批重点案件，打掉一批诈骗团伙。