What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-11 19:04:23 | Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest (lien direct) | Adobe on Tuesday announced security updates for several products, including for Acrobat and Reader, in which the software giant patched a total of 26 vulnerabilities. | |||
|
2022-01-11 18:24:26 | Details Disclosed for Recent Vulnerabilities in SonicWall Remote Access Appliances (lien direct) | Rapid7 today shared details on a series of vulnerabilities that SonicWall patched in the Secure Mobile Access (SMA) 100 series secure access gateway products last month. | |||
|
2022-01-11 16:23:12 | With the \'Great Resignation\' Comes the \'Great Exfiltration\' (lien direct) | Research shows the “Great Resignation” phenomenon is accompanied by a “Great Exfiltration” as people leave their jobs and take company data with them | |||
|
2022-01-11 15:42:08 | Millions of Routers Impacted by NetUSB Kernel Vulnerability (lien direct) | A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns. | Vulnerability | ||
|
2022-01-11 15:06:36 | Moxie Marlinspike Steps Down as Signal CEO (lien direct) | Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton. | |||
|
2022-01-11 15:00:53 | CISA Steps up Public and Private Sector Collaboration in 2021 (lien direct) | We just concluded a very eventful year for the cybersecurity industry. Starting with an unprecedented wave of ransomware attacks on critical infrastructure targets, 2021 finished with the infamous Log4j vulnerabilities, which present a severe and ongoing threat to organizations and governments around the world. | Ransomware Threat | ||
|
2022-01-11 14:32:26 | Honeywell Launches New OT Cybersecurity Solution for Commercial Buildings (lien direct) | Honeywell on Tuesday announced the launch of a new cybersecurity solution for operational technology (OT) in commercial buildings. | |||
|
2022-01-11 13:11:49 | CISA Unaware of Any Significant Log4j Breaches in U.S. (lien direct) | CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it's currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities. | |||
|
2022-01-11 12:50:36 | Microsoft Details \'powerdir\' macOS Vulnerability Leading to Data Leaks (lien direct) | A vulnerability addressed recently in Apple's macOS platform could be exploited to gain unauthorized access to a user's personal data, Microsoft explains. | Vulnerability | ||
|
2022-01-11 12:27:51 | Industrial Firms Advised Not to Ignore Security Risks Posed by URL Parsing Confusion (lien direct) | Researchers from industrial cybersecurity firm Claroty and developer security company Snyk have analyzed more than a dozen URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. Industrial organizations have been advised not to ignore these findings. | Guideline | ||
|
2022-01-11 12:02:10 | Is the \'Great Resignation\' Impacting Cybersecurity? (lien direct) | The so-called 'great resignation' currently upending the U.S. labor market is starting to affect cybersecurity programs with a growing number of senior leaders opting for early retirement and mid-level managers leaving in droves for less stressful, fully remote work opportunities. | Guideline | ||
|
2022-01-11 11:24:57 | MRIoA Discloses Data Breach Affecting 134,000 People (lien direct) | Medical Review Institute of America (MRIoA) on Friday started notifying some individuals that their personal information was compromised in a cyberattack. | Data Breach | ||
|
2022-01-11 01:35:09 | Europol Ordered to Delete Data Not Linked With Crime (lien direct) | The European Union crime agency has been ordered by the 27-nation bloc's data protection watchdog to erase information related to individuals with no proven link to crime. The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019. | |||
|
2022-01-10 19:16:52 | Apache Foundation Calls Out Open-Source Leechers (lien direct) | The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem. | |||
|
2022-01-10 15:50:13 | U.S. Government Issues Warning Over Commercial Surveillance Tools (lien direct) | The U.S. State Department and the National Counterintelligence and Security Center (NCSC) on Friday issued a warning over the use of commercial surveillance tools. | |||
|
2022-01-10 15:31:35 | Abcbot DDoS Botnet Linked to Older Cryptojacking Campaign (lien direct) | The relatively recent Abcbot botnet appears to be operated by the same cybercriminals that launched a Xanthe-based cryptojacking campaign first detailed a couple of years ago, Cado Security says. | |||
|
2022-01-10 13:29:27 | SecurityWeek Cyber Insights 2022: Ransomware (lien direct) | 
|
Ransomware | ||
|
2022-01-10 13:04:03 | SonicWall Patches Y2K22 Bug in Email Security, Firewall Products (lien direct) | Cybersecurity firm SonicWall says it has released patches for some of its email security and firewall products to address a bug that resulted in failed junk box and message log updates. | |||
|
2022-01-10 12:42:44 | WordPress 5.8.3 Patches Several Injection Vulnerabilities (lien direct) | WordPress 5.8.3, a security release that became available last week, patches four injection-related vulnerabilities. Two of the flaws are SQL injections - one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC). | |||
|
2022-01-10 11:27:33 | Indian Cyberspies Expose Their Operation After Infecting Themselves With RAT (lien direct) | The India-linked threat actor tracked as Patchwork was observed employing a new variant of the BADNEWS backdoor in a recent campaign, but the hackers also infected one of their own computers, giving researchers a glimpse into their operations. | Threat | ||
|
2022-01-10 09:33:23 | QNAP Urges Users to Secure NAS Devices as Attacks Surge (lien direct) | Taiwan-based QNAP Systems on Friday warned users of an increase in attacks targeting network-attached storage (NAS) appliances, urging them to secure their devices as soon as possible. | |||
|
2022-01-07 19:17:48 | Attackers Hitting VMWare Horizon Servers With Log4j Exploits (lien direct) | Threat hunters in the U.K.'s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw. | Threat | ||
|
2022-01-07 16:08:17 | Eight New macOS Malware Families Emerged in 2021 (lien direct) | Eight new macOS malware families emerged in 2021, according to Patrick Wardle, a security researcher who specializes in Apple products. | Malware | ||
|
2022-01-07 15:35:29 | Log4Shell-Like Vulnerability Found in Popular H2 Database (lien direct) | A critical, unauthenticated remote code execution vulnerability has been impacting the H2 database console since 2008. An open-source Java SQL database, H2 is an in-memory solution that eliminates the need to store data on disk, and is one of the most popular Maven packages, having roughly 7,000 artifact dependencies, | Vulnerability | ||
|
2022-01-07 13:48:33 | Cyber Ninjas Faces Fine Over Arizona Election Review Records (lien direct) | A judge said Thursday he will fine Cyber Ninjas, the contractor that led Arizona Republicans' 2020 election review, $50,000 a day if the firm doesn't immediately turn over public records related to the unprecedented inquiry. | |||
|
2022-01-07 12:35:19 | California Man Pleads Guilty Over Role in $50 Million Fraud Scheme (lien direct) | A California man this week admitted before a U.S. district judge to his role in a $50 million internet-enabled fraud scheme. Court documents claim that, between 2012 and 2020, Allen Giltman, 56, of Irvine, California, created fraudulent websites to ask for funds from investors. | |||
|
2022-01-07 12:12:38 | Online Pharmacy Service Ravkoo Discloses Data Breach (lien direct) | United States-based online pharmacy service Ravkoo this week started notifying patients of a data breach that potentially resulted in the exposure of personal information. | Data Breach | ||
|
2022-01-07 12:07:57 | Polish Leader Admits Country Bought Powerful Israeli Spyware (lien direct) | Poland's most powerful politician has acknowledged that the country bought advanced spyware from the Israeli surveillance software maker NSO Group, but denied that it was being used to target his political opponents. | |||
|
2022-01-07 11:38:19 | Thousands of School Websites Go Offline Due to Ransomware Attack on Finalsite (lien direct) | Thousands of school websites around the world went offline this week as a result of a ransomware attack on Finalsite, a US-based company that provides digital marketing and communications solutions to schools. On its website, Finalsite claims that 8,000 schools across 110 countries use its services, and it launches 300 new websites every year. | Ransomware | ||
|
2022-01-07 11:09:37 | Swiss Army Knifes WhatsApp at Work (lien direct) | Switzerland's army has banned the use of WhatsApp whilst on duty, a spokesman confirmed Thursday, in favour of a Swiss messaging service deemed more secure in terms of data protection. The ban also applies to using other messaging apps like Signal and Telegram on soldiers' private phones during service operations. | |||
|
2022-01-07 01:00:47 | Rights Group Verifies Polish Senator Was Hacked With Spyware (lien direct) | Amnesty International said Thursday it has independently confirmed that powerful spyware from the Israeli surveillance software maker NSO Group was used to hack a Polish senator multiple times in 2019 when he was running the opposition's parliamentary election campaign. | Hack | ||
|
2022-01-06 20:22:05 | Biometric Face Authentication Firm iProov Takes $70M Investment (lien direct) | iProov, a provider of online biometric face authentication, announced on Thursday that it has received a $70 million growth investment from Sumeru Equity Partners. | |||
|
2022-01-06 16:08:23 | Fresh Warnings Issued Over Abuse of Google Services (lien direct) | U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals. FBI warns about Google Voice abuse | |||
|
2022-01-06 14:54:23 | Microsoft Announces Zero-Touch Onboarding for \'Defender for Endpoint\' on iOS (lien direct) | Microsoft this week announced the public preview of zero-touch onboarding for Defender for Endpoint on iOS. With the new capability, organizations can deploy Defender for Endpoint on iOS across devices in their environment without requiring any form of user interaction, as long as those devices are enrolled with Microsoft Endpoint Manager. | |||
|
2022-01-06 14:11:07 | Senators Ask DHS, DOT About Transportation Infrastructure Cybersecurity (lien direct) | Several U.S. senators have sent a letter to the Department of Homeland Security (DHS) and the Department of Transportation (DOT), requesting information about the cybersecurity of the nation's transportation infrastructure. | |||
|
2022-01-06 13:49:20 | The Second Building Block for the SOC of the Future: An Open Integration Framework (lien direct) | The SOC of the future must be data driven, so it's essential that systems and tools can work together | |||
|
2022-01-06 13:18:21 | NY AG: Credential Stuffing Impacts 1.1 Million Users at 17 Companies (lien direct) | New York Attorney General Letitia James this week announced the results of an investigation into credential stuffing, which resulted in the discovery of 1.1 million compromised accounts associated with 17 companies. | |||
|
2022-01-06 12:00:16 | Hackers Hit Major Portuguese Media Group, Take Down Websites (lien direct) | One of Portugal's leading media conglomerates said Thursday that a group calling itself “Lapsus$” hacked the company's online services, taking down some of its most popular websites and contacting subscribers. | Guideline | ★★★★ | |
|
2022-01-06 11:46:29 | Chemicals Company Element Solutions Discloses Cybersecurity Incident (lien direct) | Florida-based specialty chemicals company Element Solutions on Wednesday revealed that it had experienced a cybersecurity incident. | ★★★★ | ||
|
2022-01-06 11:14:56 | France Hits Google, Facebook With Huge Fines Over \'Cookies\' (lien direct) | French regulators have hit Google and Facebook with 210 million euros ($237 million) in fines over their use of "cookies", the data used to track users online, authorities said Thursday. | ★★★★ | ||
|
2022-01-05 18:57:25 | Malware Can Fake iPhone Shutdown via \'NoReboot\' Technique (lien direct) | Researchers at mobile security firm ZecOps have shown how a piece of iOS malware can achieve “persistence” on a device by faking its shutdown process. | Malware | ||
|
2022-01-05 17:59:41 | Zloader Banking Malware Exploits Microsoft Signature Verification (lien direct) | The aggressive Zloader banking malware campaign is exploiting Microsoft's digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point. | Malware | ||
|
2022-01-05 17:47:55 | VMware Plugs Security Holes in Workstation, Fusion and ESXi (lien direct) | VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks. | Vulnerability | ||
|
2022-01-05 16:41:14 | Recorded Future Acquires SecurityTrails in $65M Deal (lien direct) | With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets. | Threat | ||
|
2022-01-05 15:14:27 | ICS Vendors Respond to Log4j Vulnerabilities (lien direct) | 
|
|||
|
2022-01-05 14:53:28 | Defense Contractors Must do More to Conceal Their Attack Surface (lien direct) | The world is entering a new era dominated by the rise of peer competitors like China and Russia, who are increasingly exerting their geo-political influence. After two decades of fighting a counter terrorist focused war where the tools of the US and its allies were far superior, the competitive landscape is changing significantly. | ★★★★★ | ||
|
2022-01-05 13:15:17 | (Déjà vu) Chrome 97 Patches 37 Vulnerabilities (lien direct) | Google this week announced the release of Chrome 97 in the stable channel with a total of 37 security fixes, including 24 for vulnerabilities reported by external researchers. | |||
|
2022-01-05 12:24:25 | Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates (lien direct) | Google this week published information on the first set of 2022 security updates for Android, describing a total of 48 vulnerabilities that were addressed across Android OS, Pixel devices, and Android Automotive OS. | |||
|
2022-01-05 12:13:01 | FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action (lien direct) | The U.S. Federal Trade Commission (FTC) on Tuesday informed companies that they could face legal action if their customers are impacted by an attack that involves exploitation of the recent Log4j vulnerabilities. | Vulnerability | ||
|
2022-01-05 10:58:58 | (Déjà vu) Broward Health Data Breach Impacts 1.3 Million People (lien direct) | More than 1.3 million people were impacted in a data breach at Broward Health, the Florida hospital system has revealed. | Data Breach |
To see everything:
Our RSS (filtrered)
