What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-14 18:12:38 | VirusTotal Shares Analysis of 80 Million Ransomware Samples (lien direct) | At least 130 ransomware families were active in 2020 and in the first half of 2021, according to a recent data analysis from Google's VirusTotal scanning service. | Ransomware | ||
|
2021-10-14 15:00:08 | NFT Marketplace OpenSea Patches Flaw Potentially Leading to Cryptocurrency Theft (lien direct) | OpenSea, the world's largest NFT marketplace, has addressed a security vulnerability that could have allowed hackers to hijack user accounts and empty their crypto wallets with the help of maliciously crafted NFTs (non-fungible tokens). | Vulnerability | ||
|
2021-10-14 13:28:42 | Israeli Hospital Targeted in Ransomware Attack (lien direct) | An Israeli hospital was targeted Wednesday by a ransomware attack, officials said, with the state's cyber directorate calling it the first such attack on a hospital in the country. The Hillel Yaffe Medical Center is "currently using alternative systems to treat its patients", it said in a statement, describing the attack as "totally unexpected". | Ransomware | ||
|
2021-10-14 13:17:45 | Cyber Insurance Firm At-Bay Announces $20 Million Series D Extension (lien direct) | At-Bay, the cyber insurance company that aims to reduce ransomware risk, this week announced a $20 million extension to its Series D funding round. | Ransomware | ||
|
2021-10-14 12:54:10 | Hackers Claim to Have Stolen 60 GB of Data From Acer (lien direct) | A group of hackers claims to have stolen more than 60 gigabytes of data after breaching servers belonging to Taiwanese tech giant Acer. In a post on a publicly accessible hacker forum, a group calling itself “Desorden” claimed to have stolen databases and other files from breached Acer India servers. | |||
|
2021-10-14 11:14:55 | Data Privacy Compliance Startup CYTRIO Launches With $3.5 Million in Funding (lien direct) | Data privacy compliance startup CYTRIO this week announced its launch with $3.5 million in seed funding from Dreamit Ventures, Food Retail Ventures and Rockwood Group, as well as angel investors. | |||
|
2021-10-14 10:41:06 | Nations Reveal Ransomware Pain at US-Led Summit (lien direct) | A digital "disaster" in Germany, growing attacks in the United Arab Emirates and even Israel announcing a blitz underway: nations disclosed their struggle Wednesday against cyber-extortionists at a Washington-led anti-ransomware summit. | Ransomware | ||
|
2021-10-14 10:29:36 | How Do We Know About New Phishing Attacks? Because Some Human Reported It. (lien direct) | Keep training your people about the newest threats - the power of the collective is a critical element in how to stop phishing We hear it all the time: “The human is the weakest link!” or “People can't get their heads around the technology so how can we expect them to know bad when they see it?” | |||
|
2021-10-14 09:55:09 | Microsoft Adds Power Platform to Bug Bounty Program (lien direct) | Microsoft this week announced that it is now accepting vulnerability submissions for the Power Platform. Security researchers who hunt for and report security errors in Power Platform can now earn up to $20,000 in bounty rewards for severe flaws, as part of the recently rebranded Dynamics 365 and Power Platform Bounty Program. | Vulnerability | ||
|
2021-10-13 20:51:19 | Necro Python Botnet Starts Targeting Visual Tools DVRs (lien direct) | Security researchers have spotted signs of the Necro Python botnet targeting a vulnerability in Visual Tools DVR systems to install a Monero miner on infected systems. | Vulnerability | ||
|
2021-10-13 18:58:26 | OpenSSF Bags $10 Million Investment (lien direct) | The Linux Foundation has secured a new $10 million investment that will help expand and support the Open Source Security Foundation (OpenSSF). | |||
|
2021-10-13 18:27:31 | Intel, VMWare Join Patch Tuesday Parade (lien direct) | Technology giants Intel Corp. and VMWare joined the Patch Tuesday parade this week, rolling out fixes for security defects that expose users to malicious hacker attacks. | |||
|
2021-10-13 15:14:52 | Vendor Risk Management Firm Black Kite Raises $22 Million (lien direct) | Black Kite, a provider of third-party cyber risk rating services, announced today that it has raised $22 million in a Series B funding round led by Volition Capital, bringing the total raised by the Boston, Mass.-based company to more than $33.1 million. | |||
|
2021-10-13 14:40:12 | OT Cybersecurity Firm Shift5 Raises $20 Million to Protect Planes, Trains and Tanks (lien direct) | Shift5, an operational technology (OT) cybersecurity company specializing in transportation infrastructure and weapons systems, this week announced raising $20 million in a Series A funding round. The funding was led by 645 Ventures, with participation from Squadra Ventures, General Advance, and First In. | |||
|
2021-10-13 13:43:00 | Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Minutes (lien direct) | Over the past few months, a threat actor has been increasingly breaching enterprise networks to steal data and extort victims, but without disrupting their operations, researchers with the NCC Group reveal. | Threat | ||
|
2021-10-13 13:08:35 | US Talks Global Cybersecurity Without a Key Player: Russia (lien direct) | Russia, which hosts many of the criminal syndicates behind ransomware attacks around the world was not invited to an international counter-ransomware event | Ransomware | ||
|
2021-10-13 12:20:12 | Apple Points to Android Malware Infections in Argument Against Sideloading on iOS (lien direct) | Apple Threat Analysis Report Highlights Risks Posed by Sideloading on iOS Apple on Wednesday published a 30-page threat analysis report in an effort to show why allowing sideloading on iOS would pose serious privacy and security risks to iPhone users. | Malware Threat | ||
|
2021-10-13 10:07:23 | SAP Patches Critical Vulnerabilities in Environmental Compliance (lien direct) | On Tuesday, its October 2021 Security Patch Day, SAP announced the release of 13 new security notes and an update for a previously released note. Three of the notes are rated Hot News. | |||
|
2021-10-12 20:13:06 | CrowdStrike Launches Falcon XDR, Free Edition of Humio Data Warehouse (lien direct) | CrowdStrike made two major announcements at its own Fal.Con (virtual) conference this week, launching a free Community Edition of Humio, and announcing Falcon XDR. | |||
|
2021-10-12 19:53:49 | MS Patch Tuesday: 71 Vulns, One Exploited as Zero-Day (lien direct) | The Microsoft Patch Tuesday freight train for October rolled in with fixes for at least 71 security defects in Windows products and components and an urgent warning about a newly discovered zero-day cyberespionage campaign. | |||
|
2021-10-12 18:22:47 | Medical Technology Company Olympus Discloses Cyberattack (lien direct) | Japanese medical technology company Olympus this week revealed that its operations in the Americas were affected by a cyberattack. Detected on October 10, the attack forced the company to shut down some of its systems, but Olympus says that it is already working on restoring them back to normal. | |||
|
2021-10-12 17:57:58 | Adobe Patches Critical Code Execution Vulnerabilities in Several Products (lien direct) | Adobe on Tuesday announced that it has patched a total of 10 vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. | |||
|
2021-10-12 15:50:58 | CISO Forum Panel: Navigating SBOMs and Supply Chain Security Transparency (lien direct) | At SecurityWeek's 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. The conversation covers edge cases that are turning out to be more troublesome than anticipated and what might come next after SBOM and where there are opportunities for innovation (e.g., new tooling or standa | |||
|
2021-10-12 15:08:23 | Cybereason Partners With Google Chronicle on XDR Product (lien direct) | Extended Detection and Response (XDR) is touted as the security solution for the increasingly complex modern IT ecosphere. The principle is to extend EDR threat hunting beyond the endpoint and across the entire infrastructure. Cybereason has announced a partnership with Google Chronicle – the latter to provide ecosphere data, and the former to provide the threat hunting capability. | Threat | ||
|
2021-10-12 13:59:16 | Microsoft Azure Hit by 2.4 Tbps DDoS Attack (lien direct) | Microsoft on Monday revealed that an Azure customer was targeted in late August in a massive distributed denial of service (DDoS) attack that peaked at 2.4 Tbps (terabytes per second). | |||
|
2021-10-12 13:44:54 | (Déjà vu) ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Vulnerabilities (lien direct) | Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products. The companies have released patches and mitigations to address these vulnerabilities. | |||
|
2021-10-12 11:21:34 | GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket (lien direct) | Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. | Vulnerability | ||
|
2021-10-12 11:02:26 | Cloud Security Company Wiz Raises $250 Million at $6 Billion Valuation (lien direct) | Wiz on Monday announced raising $250 million in a Series C funding round, which brings the total raised by the cloud security company to $600 million. | |||
|
2021-10-12 10:12:10 | Vulnerabilities Expose exacqVision Video Surveillance Systems to Remote Attacks (lien direct) | Researchers at cybersecurity firm Tenable have discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls. | |||
|
2021-10-12 10:10:46 | Meeting Backup Requirements for Cyber Insurance Coverage (lien direct) | Many companies wrongly assume that having backups in the cloud can prevent or reduce the impacts of a ransomware attack | Ransomware | ||
|
2021-10-12 01:34:32 | Apple Confirms iOS 15 Zero-Day Exploitation (lien direct) | Apple rushes out iOS 15.0.2 to address a remote code execution vulnerability that is being actively exploited Apple's iOS zero-day problems appear to be getting worse. | Vulnerability | ||
|
2021-10-11 18:25:55 | Engineering Company Weir Group Discloses Ransomware Hack (lien direct) | Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. | Ransomware Hack | ||
|
2021-10-11 17:04:04 | Microsoft Exposes Iran-linked APT Targeting U.S., Israeli Defense Tech Sectors (lien direct) | Threat hunters at Microsoft are raising the alarm about a new Iran-linked threat actor caught using password-spraying techniques to break into defense technology companies in the United States, Israel and parts of the Middle East. | Threat | ||
|
2021-10-11 15:04:19 | Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist (lien direct) | Human rights organization Amnesty International last week reported identifying a link between an Indian cybersecurity company and the infrastructure used by a hacking group in an attack that attempted to deliver Android and Windows spyware to an activist in the West African country of Togo. | |||
|
2021-10-11 14:19:44 | InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks (lien direct) | Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available. | |||
|
2021-10-11 12:45:04 | NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks (lien direct) | The National Security Agency last week issued guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA) techniques. | |||
|
2021-10-11 12:02:21 | (Déjà vu) Cybersecurity M&A Roundup for October 1-10, 2021 (lien direct) | 
A total of nine cybersecurity-related acquisitions were announced in the first 10 days of October 2021.
|
|||
|
2021-10-11 11:04:04 | Cyberattacks Concerning to Most in US: Pearson/AP-NORC Poll (lien direct) | Most Americans across party lines have serious concerns about cyberattacks on U.S. computer systems and view China and Russia as major threats, according to a new poll. | |||
|
2021-10-11 09:57:15 | CISA Releases Remote Access Guidance for Government Agencies (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case. | |||
|
2021-10-08 14:39:26 | Google Patches Four Severe Vulnerabilities in Chrome (lien direct) | Google this week announced the release of an updated Chrome version for Windows, Mac and Linux, to address a total of four high-severity vulnerabilities in the browser. Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system. | |||
|
2021-10-08 14:26:39 | FontOnLake Linux Malware Used in Targeted Attacks (lien direct) | A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. | Malware | ||
|
2021-10-08 12:16:53 | Lots and Lots of Bots: Looking at Botnet Activity in 2021 (lien direct) | A botnet today can be used as a foundation for bad actors to carry out other attacks later | |||
|
2021-10-08 11:03:32 | Apache Releases Another Patch for Actively Exploited HTTP Server Zero-Day (lien direct) | The Apache HTTP Server Project on Thursday announced the release of another update in response to a recently discovered zero-day vulnerability after determining that the initial fix was incomplete. | Vulnerability | ||
|
2021-10-08 10:45:11 | CIA Creates Working Group on China as Threats Keep Rising (lien direct) | The CIA said Thursday it will create a top-level working group on China as part of a broad U.S. government effort focused on countering Beijing's influence. | |||
|
2021-10-08 10:14:00 | Twitch Struggles With Hackers and Hate Raid Bots (lien direct) | Twitch, Amazon's popular live video streaming platform, on Thursday said hackers took advantage of a mistake in a server configuration tweak to steal data. A massive trove of confidential Twitch data dumped on the internet included records showing top game play streamers took in millions of dollars during the past year. | |||
|
2021-10-08 08:36:06 | Attackers Encrypt VMware ESXi Server With Python Ransomware (lien direct) | A recently observed attack employed a Python-based ransomware variant to target an organization's VMware ESXi server and encrypt all virtual disks, Sophos reports. | Ransomware | ||
|
2021-10-07 16:06:33 | Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies (lien direct) | A report published by Mandiant on Thursday details the activities and tools of FIN12, a highly aggressive ransomware group that has likely made a significant amount of money over the past years. | Ransomware | ||
|
2021-10-07 14:55:55 | Iran-linked MalKamak Hackers Targeting Aerospace, Telcos With ShellClient RAT (lien direct) | Operation GhostShell Believed to be Linked to Iranian Threat Actor | Threat | ||
|
2021-10-07 14:46:17 | Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches (lien direct) | Cisco this week released patches for multiple high-severity vulnerabilities affecting its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products. Successful exploitation of these vulnerabilities could allow attackers to cause a denial of service (DoS) condition, execute arbitrary commands as root, or elevate privileges. | |||
|
2021-10-07 14:11:43 | How Integration is Evolving: The X Factor in XDR (lien direct) | XDR must be approached as an open architecture where integration is the linchpin Over the past couple of months, I've talked about how adversaries are evolving their approaches to attacks and the ripple effect that is having on our approach to detection and response. |
To see everything:
Our RSS (filtrered)
