Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-19 12:04:56 |
Protecting Against Vaccine-Themed Attacks and Misinformation (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-19 12:01:28 |
Microsoft: SolarWinds Hackers Attempted to Access Our Systems Until January 2021 (lien direct) |
Microsoft said on Thursday that it has completed its internal investigation into the activities conducted by the hackers that breached Texas-based IT management firm SolarWinds.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 18:38:28 |
Access Governance Company SPHERE Raises $10 Million (lien direct) |
New Jersey-based access governance company SPHERE on Thursday announced that it raised $10 million in a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 15:59:45 |
Apple Platform Security Guide Gets Biggest Update to Date (lien direct) |
Apple on Thursday published the latest edition of its Platform Security Guide, which provides detailed technical information on the security technologies and features implemented in its products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 15:10:50 |
France to Boost Cyberdefense After Hospital Malware Attacks (lien direct) |
French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France.
|
Ransomware
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 13:49:48 |
Elevate the Value of Threat Intelligence in the SOC (lien direct) |
Security Operations Centers (SOCs) Are Now Becoming Detection and Response Organizations
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 13:20:51 |
Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 (lien direct) |
A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 12:35:51 |
Hackers Target Myanmar Government Websites in Coup Protest (lien direct) |
Hackers attacked military-run government websites in Myanmar Thursday as a cyber war erupted after authorities shut down the internet for a fourth straight night.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 11:39:19 |
Mac Malware Targeting Apple\'s M1 Chip Emerges (lien direct) |
A researcher has spotted the first piece of Mac malware that appears to have been created specifically for devices with Apple's recently introduced M1 chip.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-18 02:16:44 |
US Still Unraveling \'Sophisticated\' Hack of 9 Gov\'t Agencies (lien direct) |
U.S. authorities are still working to unravel the full scope of the likely Russian hack that gave the “sophisticated” actor behind the breach complete access to files and email from at least nine government agencies and about 100 private companies, the top White House cybersecurity official said Wednesday.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 17:48:21 |
U.S. Charges North Korean Hackers Over $1.3 Billion Bank Heists (lien direct) |
Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 15:32:00 |
Red Canary Raises $81 Million to Grow Security Operations Business (lien direct) |
Red Canary, a Denver, Colo.-based managed detection and response (MDR) firm, has raised $81 million through a Series C founding round led by Summit Partners.
The provider of SaaS-based security operations solutions has now raised more than $125 million to-date, with the new funding being used to support product and personnel expansion.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 15:24:26 |
Research Shows How Solar Energy Installations Can Be Abused by Hackers (lien direct) |
Researchers at cybersecurity firm FireEye have analyzed a gateway device used for solar energy installations, and discovered vulnerabilities that could be useful to malicious hackers.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 14:59:32 |
Actions Enterprises Can Take to Combat Common Fraud Types (lien direct) |
Fraud is a very general term that is used quite commonly in a variety of contexts. Although many of us have heard the term repeatedly, fewer of us have likely ever stopped to think about what fraud really is and what it means.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 14:35:38 |
CISO Conversations: Princeton, Cal State and Ohio State CISOs Talk Higher Ed Cybersecurity (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 14:02:37 |
DevSecOps Firm Spectral Emerges From Stealth With $6.2 Million in Funding (lien direct) |
DevSecOps company Spectral on Wednesday emerged from stealth mode with $6.2 million in seed funding from Israeli venture capital firms Amiti and MizMaa.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 13:08:34 |
Information Posted Online After N Carolina Ransomware Attack (lien direct) |
An investigation into a ransomware attack on a North Carolina county's computer network showed personal information posted for sale on the “dark web,” the county said.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 12:12:39 |
Cybercriminals Leak Files Allegedly Stolen From Law Firm Jones Day (lien direct) |
A group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day, a major U.S.-based law firm that has represented former president Donald Trump, including in his attempts to overturn the results of the recent election.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 11:44:58 |
Digital Warfare: Myanmar\'s Cyber Crackdown Explained (lien direct) |
Myanmar's military has imposed repeated internet blackouts, blocked some social media sites and drafted a cybersecurity bill as it attempts to grind down resistance to its takeover.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-17 09:31:00 |
Three New Vulnerabilities Patched in OpenSSL (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 18:40:55 |
WebKit Zero-Day Vulnerability Exploited in Malvertising Operation (lien direct) |
A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 17:05:08 |
Introducing DAIC: A Suggested System for Preventing BEC Fraud (lien direct) |
BEC Fraud (Business E-mail Compromise) has reached epidemic levels in recent years. In 2019, the FBI's Internet Crime Compliant Center, reported that it received complaints with adjusted losses of over $1.7 billion from this type of scam.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 16:51:21 |
Palo Alto Networks Buys Bridgecrew in \'Shift Left\' Cloud Security Push (lien direct) |
Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio.
The two sides said the deal is valued at $156 million in cash and is expected to close in the third quarter this year.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 15:19:23 |
Facebook Announces Payout Guidelines for Bug Bounty Program (lien direct) |
Facebook on Tuesday announced several new features for its bug bounty program, including an educational resource and payout guidelines.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 14:00:20 |
Strata Raises $11 Million to Tackle Multi-Cloud Identity Management (lien direct) |
Strata Identity, a Boulder, Colo.-based startup that is on a mission to help unify on-premises and cloud-based authentication and access systems for multi-cloud environments, today announced that it has raised $11 million through a Series A funding round led by Menlo Ventures with support from |
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 13:58:06 |
French Firm Centreon Denies \'Damaging\' Hacking Claims (lien direct) |
A major French software firm allegedly targeted by Russian hackers denied Tuesday that its major clients could have been affected by the attack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 13:02:32 |
Several Vulnerabilities Found in Popular File Sharing App SHAREit (lien direct) |
Researchers have discovered several vulnerabilities in the SHAREit Android application, including flaws that could expose sensitive user data and allow remote code execution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-16 11:50:58 |
North Korea \'Tried to Hack\' Pfizer for Vaccine Info - South\'s Spies: Reports (lien direct) |
North Korean hackers tried to break into the computer systems of pharmaceutical giant Pfizer in a search for information on a coronavirus vaccine and treatment technology, South Korea's spy agency said Tuesday, according to reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-15 19:11:52 |
Sandworm Hackers Hit French Monitoring Software Vendor Centreon (lien direct) |
Russia-Linked Threat Group Caught Deploying Backdoors on Linux Servers in an Attack That Triggers New Conversations on Software Supply Chain Security
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-15 16:00:57 |
Many SolarWinds Customers Failed to Secure Systems Following Hack (lien direct) |
Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according to RiskRecon, a Mastercard company that specializes in risk assessment.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-15 14:43:42 |
Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability (lien direct) |
Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-15 13:01:46 |
Cybersecurity M&A Roundup for Week of Feb. 8, 2021 (lien direct) |
Several cybersecurity-related mergers and acquisitions were announced in the second week of February 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-15 11:59:05 |
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises (lien direct) |
VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product.
vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-15 09:33:17 |
Accellion to Retire File Transfer Service Targeted in Attacks (lien direct) |
Accellion has formally announced plans to retire FTA, the large file transfer service that was at the heart of several recently disclosed data breaches.
The 20-year-old service is planned for retirement on April 30, 2021, past which Accellion won't renew licenses for the software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-13 19:18:22 |
Computer Malware Fraudster Gets 2 Years in Prison (lien direct) |
A man who played a key role in a computer malware scam has been sentenced to two years in prison, federal prosecutors say.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-13 11:24:15 |
Vast Majority of Phishing and Malware Campaigns Are Small-Scale and Short-Lived (lien direct) |
Researchers from Google and Stanford University have analyzed the patterns of more than 1.2 billion email-based phishing and malware attacks targeting Gmail users, and found that most attack campaigns are short-lived and sent to fewer than 1,000 targets.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-12 18:24:03 |
U.S. Gov Warning on Water Supply Hack: Get Rid of Windows 7 (lien direct) |
On the heels of last week's lye-poisoning attack against a small water plant in Florida, the U.S. government's cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-12 17:36:13 |
\'Money Mule\' Operator Gets Seven-Year Prison Sentence (lien direct) |
This week the United States sentenced a Ukrainian man to prison for his involvement in a scheme to steal money from the bank accounts of U.S. victims and launder the funds to bank accounts overseas.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-12 15:50:05 |
Vulnerabilities in TCP/IP Stacks Allow for TCP Connection Hijacking, Spoofing (lien direct) |
Improperly generated ISNs (Initial Sequence Numbers) in nine TCP/IP stacks could be abused to hijack connections to vulnerable devices, according to new research from Forescout.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-12 14:52:59 |
Apax Partners Buys Majority Stake in Herjavec Group (lien direct) |
Famed “Shark Tank” investor and cybersecurity entrepreneur Robert Herjavec found himself on the other side of the negotiating table recently, and has agreed to sell a majority stake in the security firm he founded in 2003 to investment group Apex Partners.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-12 13:44:10 |
Industry Reactions to U.S. Water Plant Hack: Feedback Friday (lien direct) |
The U.S.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-12 13:19:31 |
Report Highlights Cyber Risks to US Election Systems (lien direct) |
Election systems in the U.S. are vulnerable to cyber intrusions similar to the one that hit federal agencies and numerous businesses last year and remain a potential target for foreign hacking, according to a report released Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 19:32:52 |
Data Privacy Management Firm WireWheel Raises $20 Million (lien direct) |
Arlington, Va.-based data privacy management company WireWheel on Wednesday announced that it raised $20 million in a Series B funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 19:24:18 |
The Intelligent Edge: An Increasing Target for Bad Actors (lien direct) |
The traditional network perimeter has been replaced with multiple edge environments. These include WAN, multi-cloud, IoT, home offices, the new device edge, and more. Each edge environment comes with its own set of unique risks and vulnerabilities, which is why they have become a prime target for cybercriminals, who are shifting significant resources to strategically target and exploit emerging network edge environments.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 17:59:00 |
SecurityWeek to Host Supply Chain Security Summit on March 10, 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 15:54:23 |
Autonomous Vehicle Security Firm AUTOCRYPT Raises $15 Million (lien direct) |
Autonomous vehicle security solutions provider AUTOCRYPT this week announced that it raised another $13 million in its Series A funding round, which brings the total secured in this round to roughly $15 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 15:10:02 |
Newly Discovered Android Spyware Linked to State-Sponsored Indian Hackers (lien direct) |
Researchers at mobile security firm Lookout have published information on two recently discovered Android spyware families employed by an advanced persistent threat (APT) group named Confucius.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 14:16:59 |
Biden Team Asks Court to Pause Move to Ban TikTok in US (lien direct) |
President Joe Biden's administration has asked a US federal court to pause proceedings aimed at banning TikTok to allow for a fresh review of the national security threat from the popular Chinese-owned video app.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 13:57:34 |
Mobile Health Apps Found to Expose Records of Millions of Users (lien direct) |
An analysis of 30 popular mobile health (mHealth) applications has revealed that all of them expose the full patient records of millions of people.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-11 13:32:05 |
SecurityWeek Announces Virtual Cybersecurity Event Schedule for 2021 (lien direct) |
Security Summits Series Offers Cybersecurity Professionals an Immersive Online Experience to Learn and Connect on Critical Issues
|
|
|
|