Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 18:32:16 |
Pentagon Cancels Disputed JEDI Cloud Contract With Microsoft (lien direct) |
The Pentagon said Tuesday it is canceling a cloud-computing contract with Microsoft that could eventually have been worth $10 billion and will instead pursue a deal with both Microsoft and Amazon.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 15:46:07 |
British Airways Settles Class Action Over 2018 Data Breach (lien direct) |
British Airways has settled a class action brought by individuals impacted by the data breach suffered by the company in 2018, but terms of the settlement have been kept private.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 15:40:33 |
Hewlett Packard Enterprise Buys Zerto for $374 Million (lien direct) |
Hewlett Packard Enterprise announced it has entered into a definitive agreement to acquire cloud data management and protection provider Zerto. The price tag: $374 million in cash.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 15:01:28 |
Swedish Supermarket Closed by Kaseya Cyberattack (lien direct) |
Most of one of Sweden's leading supermarket chains' 800 shops remained closed on Monday, three days after they were indirectly affected by the cyberattack targeting US company Kaseya.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 13:51:22 |
Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw (lien direct) |
A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall's Network Security Manager (NSM) product.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 12:08:34 |
Combating China\'s Insider Threat: Can New Laws Curb IP Theft by Foreign Spies? (lien direct) |
Theft of U.S. IP is a fundamental part of China's stated intention to be the world leader in science and technology by 2050
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 12:00:44 |
In Crosshairs of Ransomware Crooks, Cyber Insurers Struggle (lien direct) |
In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-06 11:10:45 |
Hackers Demand $70 Million as Kaseya Ransomware Victim Toll Nears 1,500 Firms (lien direct) |
IT management software maker Kaseya on Monday said the recent ransomware attack impacted up to 1,500 organizations, but claimed there was no evidence of malicious modifications to product source code.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-05 11:22:15 |
Scale, Details of Massive Kaseya Ransomware Attack Emerge (lien direct) |
Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-03 12:30:24 |
IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack (lien direct) |
Supply chain cyberattack by REvil ransomware gang on IT management tool could have wide blast radius
|
Ransomware
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 15:59:37 |
Hackers Compromise Mongolian Certificate Authority to Spread Malware (lien direct) |
An unknown threat actor has compromised the servers of Mongolian certificate authority (CA) MonPass and abused the organization's website for malware distribution, according to security researchers at Avast.
|
Malware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 15:24:13 |
Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability (lien direct) |
Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 15:00:10 |
New Ransomware \'Diavol\' Linked to Notorious Cybercrime Gang (lien direct) |
Wizard Spider, the notorious cybercrime gang that operated the TrickBot botnet and the Ryuk and Conti
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 14:20:14 |
Microsoft Confirms \'PrintNightmare\' is New Windows Security Flaw (lien direct) |
Microsoft late Thursday acknowledged a severe security vulnerability in the Print Spooler utility that ships by default on Windows and warned that the bug exposes users to computer takeover attacks.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 14:11:56 |
Ferry Agency: No Sensitive Info Compromised in Cyberattack (lien direct) |
No sensitive information was compromised in a ransomware attack last month on the state agency that provides ferry service between mainland Massachusetts and the islands of Martha's Vineyard and Nantucket.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 13:39:53 |
Director of Cybersecurity at NSA Gets Dedicated Twitter Account (lien direct) |
Rob Joyce, the director of cybersecurity at the National Security Agency (NSA), on Thursday announced that his role now has an official Twitter account.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 11:46:31 |
DHS Hired 300 Cybersecurity Professionals in Last Two Months (lien direct) |
The United States Department of Homeland Security (DHS) on Thursday announced that it has hired nearly 300 cybersecurity professionals over the course of the last two months.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 11:24:53 |
Vulnerabilities in WAGO Devices Expose Industrial Firms to Remote Attacks (lien direct) |
Several critical and high-severity vulnerabilities have been identified in programmable logic controller (PLC) and human-machine interface (HMI) products made by WAGO, a German company specializing in electrical connection and automation solutions.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-02 10:34:00 |
French Tech Firm Charged Over Libya Cyber-Spying (lien direct) |
French prosecutors have charged a French IT company that allegedly helped the regime of Libyan dictator Moamer Kadhafi spy on opposition figures who were later detained and tortured, sources close to the inquiry said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 17:36:12 |
Security Agencies: Russian Cyberspies Used Brute Force Against Hundreds of Orgs (lien direct) |
Security agencies in the United States and United Kingdom issued an advisory on Thursday to warn organizations about an ongoing global campaign involving brute force techniques.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 16:15:12 |
The VC View: Enabling Business via IT Security (lien direct) |
The opportunity for the security industry is to build a remote-ready security program that is equally secure for remote and in-office workers
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 16:14:01 |
SASE Provider Versa Networks Raises $86 Million (lien direct) |
Secure Access Service Edge (SASE) provider Versa Networks this week announced it raised $86 million in Series D funding. To date, the company has received $200 million in funding.
The funding round was led by Princeville Capital and RPS Ventures, with additional participation from existing investors, including Sequoia Capital.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 15:58:02 |
Sevco Security Banks $15 Million Series A Funding (lien direct) |
The enterprise asset management space just got a bit more crowded with the launch of Sevco Security, an early-stage startup selling a “cloud-native security asset intelligence platform.”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 15:47:18 |
University Medical Center Says Hackers Breached Data Server (lien direct) |
A Nevada hospital confirmed its data servers had been breached after a hacking group posted images of personal information online it apparently acquired in a cyber theft.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 15:25:54 |
Becoming Elon Musk – the Danger of Artificial Intelligence (lien direct) |
A Tel Aviv, Israel-based artificial intelligence (AI) firm, with a mission to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents, has developed the opposite: an attack against facial recognition systems that can fool the algorithm into misinterpreting the image.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 15:22:08 |
(Déjà vu) Cybersecurity M&A Roundup: 37 Deals Announced in June 2021 (lien direct) |
A total of 37 cybersecurity-related acquisitions and mergers were announced in June 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 14:49:43 |
Critical, Exploitable Flaws in NETGEAR Router Firmware (lien direct) |
Security researchers at Microsoft are flagging multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 14:17:15 |
Study Finds Insurance Companies Lack Cyber Hygiene (lien direct) |
A study of exposed web-app attack surface reveals that insurance companies are not good at keeping their own security house in order
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 14:12:44 |
Google, OpenSSF Update Scorecards Project With New Security Checks (lien direct) |
Google's Open Source security team, in collaboration with the Open Source Security Foundation (OpenSSF) community, today announced an update to the Scorecards project to include more security checks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 11:54:04 |
Twitter Enables Use of Security Keys as Sole Two-Factor Authentication Method (lien direct) |
Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 11:28:24 |
(Déjà vu) CISA Adds Ransomware Module to Cyber Security Evaluation Tool (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).
|
Ransomware
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 11:07:38 |
Vulnerability Found in Industrial Remote Access Product From Claroty (lien direct) |
The Secure Remote Access (SRA) product of industrial cybersecurity firm Claroty is affected by a vulnerability that could be useful to threat actors targeting industrial organizations.
|
Vulnerability
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 10:28:50 |
Microsoft Exec: Targeting of Americans\' Records \'Routine\' (lien direct) |
Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-01 03:50:52 |
Authorities Take Down DoubleVPN Service for Aiding Cybercriminals (lien direct) |
Law enforcement agencies in Europe, the US, and Canada on Tuesday announced the takedown of DoubleVPN, a virtual private network (VPN) service that allegedly helped cybercriminals conduct nefarious activities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 16:59:19 |
IBM Gifts Threat Hunting Tool to Open Cybersecurity Alliance (lien direct) |
IBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance (OCA).
|
Tool
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 15:09:16 |
Ransomware Increasingly Detected on Industrial Systems: Report (lien direct) |
Trend Micro on Wednesday released a new report describing the threats affecting industrial control system (ICS) endpoints in 2020.
According to the report, ransomware infections saw a significant increase last year, mainly due to a rise in Sodinokibi (REvil), Ryuk, Nefilim and LockBit attacks launched between September and December.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 14:51:29 |
Putin\'s Phone-in Hit by \'Cyberattacks\' (lien direct) |
A televised phone-in with Russian President Vladimir Putin Wednesday was targeted by "powerful" cyberattacks, the state-run Rossiya 24 network which broadcast the event said.
Shown on Kremlin-friendly media, the annual session with Putin sees the president field in real time queries submitted by Russians throughout the country.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 14:08:12 |
Windows Admins Scrambling to Contain \'PrintNightmare\' Flaw Exposure (lien direct) |
Windows network administrators are scrambling to contain the fallout from the release of proof-of-concept code for a nasty Windows Print Spooler vulnerability that exposes Windows servers to remote code execution attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 13:46:13 |
Facebook Sues Four Vietnamese Nationals for Hacking Accounts (lien direct) |
Facebook this week announced filing two lawsuits - one against an organization and its agents and one against four individuals in Vietnam - over advertising-related schemes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 12:48:54 |
Zero-Day Vulnerability Exploited in Recent Attacks on WD Storage Devices (lien direct) |
Western Digital (WD) on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage (NAS) devices involved the exploitation of a zero-day vulnerability.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 12:22:01 |
Noname Security Raises $60 Million in Series B Funding (lien direct) |
API security platform Noname Security today announced that it has raised $60 million in Series B funding. The new round brings the total raised by the company to $85 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 11:39:09 |
Authorities Lag Against Fast-Evolving Cyberspace Threats: Report (lien direct) |
Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests, the International Institute for Strategic Studies said Tuesday.
|
Studies
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 11:14:33 |
Google Working on Patching GCP Vulnerability That Allows VM Takeover (lien direct) |
A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines (VMs) on Google Cloud Platform.
|
Vulnerability
Patching
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-30 00:48:49 |
Colombia Catches Hacker Wanted in the U.S. for \'Gozi\' Virus (lien direct) |
Colombian officials say they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-29 17:09:04 |
Authentication Bypass in Adobe Experience Manager Impacts Large Organizations (lien direct) |
Multiple large organizations were found to be impacted by an authentication bypass in Adobe Experience Manager CRX Package Manager, according to a warning from security vendor Detectify.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-29 14:48:32 |
Anti-Threat Intelligence Firm GreyNoise Scores Investment From CIA-backed In-Q-Tel (lien direct) |
Start-up Helps Combat Analyst Alert Fatigue
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-29 13:41:46 |
New Security Measures Announced for Google Play Developer Accounts (lien direct) |
Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-29 12:58:18 |
High-Severity Vulnerabilities Found in Several Phoenix Contact Industrial Products (lien direct) |
Germany-based industrial solutions provider Phoenix Contact last week informed customers that a total of 10 vulnerabilities have been identified across several of the company's products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-29 12:17:09 |
HealthVerity Raises $100 Million in Series D Funding (lien direct) |
Healthcare data management provider HealthVerity this week announced that it has raised $100 million in Series D funding, which brings the total raised by the company to $142 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-29 11:38:14 |
Malvuln Project Catalogues 260 Vulnerabilities Found in Malware (lien direct) |
|
Malware
|
|
|