Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-15 02:10:23 |
Most Federal Credit Unions Lack Strong Email Security Set Ups (lien direct) |
Financial institutions have always been at the forefront of battling cybercrime. As one of the most targeted industries, they face multiple threats, such as phishing, spear phishing and banking malware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 22:16:47 |
Apple: WebKit Bugs Exploited to Hack Older iPhones (lien direct) |
Apple late Monday shipped an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 21:00:28 |
CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack (lien direct) |
Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach.
|
Hack
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 17:49:18 |
Researchers Attribute SITA Cyberattack to Chinese Hackers (lien direct) |
The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say.
|
Threat
Guideline
|
APT 41
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 16:03:14 |
Microsoft Disrupts Large-Scale BEC Campaign (lien direct) |
Microsoft today announced it disrupted a large-scale business email compromise (BEC) campaign in which the attackers used forwarding rules to access messages related to financial transactions.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 15:38:19 |
CISA Warns of Threat Posed by Ransomware to Industrial Systems (lien direct) |
Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).
|
Ransomware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 13:48:27 |
Akamai Taps Boaz Gelbord as New Security Chief (lien direct) |
Edge security and content delivery giant Akamai Technologies has tapped Boaz Gelbord to lead its cybersecurity program.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 13:24:10 |
G7 Tells Russia to Crack Down on Ransomware, Other Cybercrime (lien direct) |
At the latest Group of Seven (G7) summit, held June 11-13 in the UK, Western leaders called on Russia to take action against those who conduct ransomware attacks and other cybercrimes from within its borders.
|
Ransomware
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 12:56:18 |
Cybersecurity Training Company Immersive Labs Raises $75 Million (lien direct) |
Cyber skills development platform provider Immersive Labs today announced that it raised $75 million in Series C funding. The round brings the total raised by the company to $123 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 11:45:32 |
Google Offers UK Watchdog Role in Browser Cookie Phase-Out (lien direct) |
Google is offering U.K. regulators a role overseeing its phasing out of ad-tracking technology from its Chrome browser, in a package of commitments the tech giant is proposing to apply globally to head off a competition investigation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-14 11:14:31 |
(Déjà vu) Cybersecurity M&A Roundup for June 7-13, 2021 (lien direct) |
Several cybersecurity-related acquisitions and mergers were announced between June 7 and 13, 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-12 11:01:04 |
Apple Reaffirms Privacy Stance Amid Trump Probe Revelations (lien direct) |
Seeking to protect its image as a guardian of personal privacy, Apple maintains it was blindsided and handcuffed by a Trump administration probe that resulted in the company handing over phone data from two Democratic congressmen.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 18:59:35 |
Volkswagen America Discloses Data Breach Impacting 3.3 Million (lien direct) |
Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America (together VWGoA).
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 17:39:13 |
Wray: FBI Frowns on Ransomware Payments Despite Recent Trend (lien direct) |
The FBI's director told lawmakers Thursday that the bureau discourages ransomware payments to hacking groups even as major companies in the past month have participated in multimillion-dollar transactions aimed at getting their systems back online.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 15:57:16 |
Recorded Future Unveils $20M Threat-Intel Investment Fund (lien direct) |
Christopher Ahlberg wants to “build a significant threat-intel company” and he isn't shy about looking externally for technology innovation around data intelligence tools.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 15:06:34 |
COO of Security Company Charged for Cyberattack on Medical Center (lien direct) |
The U.S. Department of Justice this week announced charges against Vikas Singla, the chief operating officer of a metro-Atlanta cybersecurity company, for allegedly targeting the Gwinnett Medical Center in a disruptive cyberattack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 14:44:05 |
(Déjà vu) RSA Spins Out Fraud and Risk Intelligence Unit as Standalone Company Outseer (lien direct) |
RSA Security this week announced that its fraud and risk intelligence unit has become a new standalone company named Outseer.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 14:18:41 |
McDonald\'s Says Hackers Breached Data in Taiwan, South Korea (lien direct) |
Fast food giant McDonald's on Friday said hackers breached their servers and accessed data from customers in Taiwan and South Korea.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 13:09:45 |
GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability (lien direct) |
GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system.
The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 12:32:49 |
Canada Privacy Watchdog Slams Police Use of Facial Recognition Tool (lien direct) |
Federal police broke Canada's privacy laws by using a US company's controversial facial recognition software in hundreds of searches, an independent parliamentary watchdog ruled Thursday.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 11:48:46 |
Alibaba\'s Lazada Launches Public Bug Bounty Program (lien direct) |
Southeast Asian e-commerce platform Lazada on Thursday announced the launch of a public bug bounty program with YesWeHack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 10:58:31 |
Gaming Giant EA Confirms Breach, Theft of Source Code (lien direct) |
California-based gaming giant Electronic Arts (EA) has confirmed that hackers gained access to some of its systems and managed to steal source code, but claimed that no user data was compromised.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 10:38:25 |
Italy Sets Up Cybersecurity Agency After Russia Warnings (lien direct) |
Italy has created a national cybersecurity agency following warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian "interference."
The new agency was approved in a cabinet meeting late on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-11 10:13:05 |
Authorities Take Down Stolen Login Credentials Marketplace Slilpp (lien direct) |
Law enforcement agencies in the United States, Germany, the Netherlands, and Romania have taken down the stolen login credentials marketplace Slilpp, the U.S. Department of Justice announced on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 22:50:51 |
Attackers Leverage SonicWall VPN Flaw to Compromise SRA Appliances (lien direct) |
Malicious hackers are exploiting an old VPN security flaw to compromise SonicWall SRC (secure remote access) devices, according to a warning from security vendor CrowdStrike.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 15:01:23 |
Flaws in Rockwell Software Impact Products From Schneider Electric, GE and Others (lien direct) |
Several vulnerabilities discovered by Kaspersky researchers in Rockwell Automation software impact industrial products from Schneider Electric, GE and other vendors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 13:40:18 |
GitHub Starts Scanning for Exposed Package Registry Credentials (lien direct) |
GitHub this week announced that it has started scanning code hosted on its platform for package registry credentials, including RubyGems and PyPI secrets.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 12:56:04 |
Honeywell Launches OT Cybersecurity Monitoring and Response Service (lien direct) |
American industrial giant Honeywell this week announced a new cybersecurity monitoring and incident response service for industrial organizations.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 12:04:34 |
US Drops Trump Order Targeting TikTok, Plans Its Own Review (lien direct) |
The White House dropped Trump-era executive orders intended to ban the popular apps TikTok and WeChat and will conduct its own review aimed at identifying national security risks with software applications tied to China, officials said Wednesday.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 11:39:40 |
Webinar Today: CISO Guide to Preventing Vendor Email Compromise (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 11:26:55 |
ALPACA: New TLS Attack Allows User Data Extraction, Code Execution (lien direct) |
Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle (MitM) attacker to extract user data or execute arbitrary code.
The new attack, dubbed ALPACA, has been described as an “application layer protocol content confusion attack.”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 11:07:17 |
Google Patches Chrome Zero-Day Used by Commercial Exploit Company (lien direct) |
Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild.
Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 01:01:59 |
Meat Company JBS Confirms it Paid $11M Ransom in Cyberattack (lien direct) |
The world's largest meat processing company says it paid the equivalent of $11 million to hackers who broken into its computer system late last month.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 18:20:36 |
Tough Fight Looms Against Ransomware \'Epidemic\' (lien direct) |
The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 17:49:56 |
Kubeflow Deployments Targeted in New Crypto-mining Campaign (lien direct) |
A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 16:55:54 |
Amazon Sidewalk Mesh Network Raises Security, Privacy Concerns (lien direct) |
Amazon this week activated its proprietary mesh network known as Sidewalk, linking tens of millions of Amazon smart devices, each sharing a tiny sliver of their bandwidth to provide a wide network of connectivity even when and where WiFi service is poor or unavailable.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 15:09:13 |
Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning (lien direct) |
Cisco's Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 14:02:08 |
Intel Releases 29 Advisories to Describe 73 Vulnerabilities Affecting Its Products (lien direct) |
Intel this week announced the availability of patches for 73 vulnerabilities identified across multiple products, including several high-severity flaws that can be exploited to escalate privileges.
According to Intel, more than half of the bugs were discovered internally and 40% were reported through its bug bounty program.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 13:27:49 |
Cyber Risk Management Firm Brinqa Raises $110 Million (lien direct) |
Cyber risk management solutions provider Brinqa this week announced that it received $110 million in growth capital from private equity firm Insight Partners.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 11:58:20 |
Pipeline CEO Defends Paying Ransom Amid Cyberattack (lien direct) |
A pipeline company CEO on Tuesday defended his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in U.S. history.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 11:27:08 |
Siemens, Schneider Electric Inform Customers About Tens of Vulnerabilities (lien direct) |
Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The companies have provided patches and recommendations for reducing the risk of exploitation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 10:28:49 |
\'What\'s the Price Today?\': FBI Phone App Reaped Secrets of Global Drug Networks (lien direct) |
One drug trafficker texted another that he had a "job" and a proven way to get it done: two kilograms of cocaine from Bogota using the French embassy's protected diplomatic pouch.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 08:47:22 |
Endpoint Management Startup Aiden Technologies Closes $2.9 Million Seed Round (lien direct) |
Automated endpoint management startup Aiden Technologies on Tuesday announced that it closed a $2.9 million seed funding round led by Right Side Capital Management.
Congress Avenue Ventures, the Gaingels, and SAJE Investments also participated in the round, along with various advisors and strategic individual investors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 21:43:19 |
SAP Patches Critical Vulnerabilities in NetWeaver (lien direct) |
German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 20:04:59 |
NYC\'s 1,000-Lawyer Law Department Targeted by Cyberattack (lien direct) |
New York City's law department was been hit with a cyberattack that forced officials to take the 1,000-lawyer agency offline, but Mayor Bill de Blasio said he believes no data was compromised in the hack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 18:27:58 |
Microsoft Raises Alarm for New Windows Zero-Day Attacks (lien direct) |
Microsoft's Patch Tuesday will take on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 17:28:43 |
Adobe Patches Major Security Flaws in PDF Reader, Photoshop (lien direct) |
Adobe's product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 15:02:41 |
Organizations Warned About DoS Flaws in Popular Open Source Message Brokers (lien direct) |
Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 13:52:16 |
CISA Announces Vulnerability Disclosure Policy Platform (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 13:02:30 |
Critical Vulnerabilities Patched in Android With June 2021 Security Updates (lien direct) |
Google this week announced the availability of the latest monthly security patches for the Android operating system, which address more than 50 vulnerabilities, including several rated critical severity.
|
|
|
|