Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-02-04 14:16:24 |
Number of ICS Vulnerabilities Continued to Increase in 2020: Report (lien direct) |
The number of vulnerabilities discovered in industrial control system (ICS) products in 2020 increased significantly compared to previous years, according to a report released on Thursday by industrial cybersecurity firm Claroty.
|
|
|
|
|
2021-02-04 13:21:18 |
Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks (lien direct) |
Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal.
|
|
|
|
|
2021-02-04 12:43:04 |
Canada Probe Concludes Clearview AI Breached Privacy Laws (lien direct) |
US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians' privacy rights, Canada's privacy commissioner said Wednesday following an investigation.
"What Clearview does is mass surveillance and it is illegal," Privacy Commissioner Daniel Therrien told a teleconference.
|
|
|
|
|
2021-02-04 12:15:53 |
SonicWall Patches SMA Zero-Day Vulnerability Exploited in Attacks (lien direct) |
SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access (SMA) 100 series appliances to patch an actively exploited zero-day vulnerability.
|
Vulnerability
|
|
|
|
2021-02-04 04:32:50 |
Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels (lien direct) |
Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.
|
Vulnerability
|
|
★★★
|
|
2021-02-03 18:42:05 |
Recent Sudo Vulnerability Affects Apple, Cisco Products (lien direct) |
Apple's macOS Big Sur operating system and multiple Cisco products are also affected by the recently disclosed major security flaw in the Sudo utility.
|
Vulnerability
|
|
|
|
2021-02-03 14:52:53 |
Virtual Event Today: IoT Lockdown - Join the Virtual Experience (lien direct) |
|
|
|
|
|
2021-02-03 14:36:56 |
Microsoft Sees Spike in BEC Attacks Targeting Schools (lien direct) |
In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise (BEC) attacks targeting K-12 school teachers by impersonating their colleagues.
|
|
|
|
|
2021-02-03 13:40:04 |
SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems (lien direct) |
Cybersecurity firm Trustwave on Wednesday reported that one of its researchers recently discovered several potentially serious vulnerabilities in products made by Texas-based IT management solutions provider SolarWinds.
|
|
|
|
|
2021-02-03 12:59:51 |
Weak ACLs in Adobe ColdFusion Allow Privilege Escalation (lien direct) |
A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges.
The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites.
|
Vulnerability
|
|
|
|
2021-02-03 12:12:58 |
China-Linked Hackers Exploited SolarWinds Flaw in U.S. Government Attack: Report (lien direct) |
Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday.
|
Vulnerability
|
|
|
|
2021-02-03 11:52:48 |
The Drovorub Mystery: Malware NSA Warned About Can\'t Be Found (lien direct) |
NSA and FBI Released Detailed Information on Drovorub Linux Malware, But Major Cybersecurity Firms Found No Samples
|
Malware
|
|
|
|
2021-02-03 04:38:32 |
Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android (lien direct) |
Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege.
|
Guideline
|
|
|
|
2021-02-02 18:32:45 |
Embedded Software Developer Wind River Discloses Data Breach (lien direct) |
Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party.
|
Data Breach
|
|
|
|
2021-02-02 16:37:33 |
A Swiss Army Knife for Industrial Operations Protection (lien direct) |
When we think about a Swiss Army Knife, we immediately picture a high-quality, multi-functional tool to help us tackle a wide array of tasks. The digital equivalent is the smartphone. A more security-specific example is the all-in-one, wireless home protection system. These solutions typically include sensors for windows, doors, and rooms, as well as cameras to remotely see what is happening inside and out, and an app to control everything from wherever you are.
|
Tool
|
|
|
|
2021-02-02 13:53:50 |
Sophisticated Multiplatform Malware \'Kobalos\' Targets Supercomputers (lien direct) |
Cybersecurity firm ESET on Tuesday published a report detailing what it described as a previously undocumented piece of malware that had been observed targeting high-performance computing (HPC) clusters.
|
Malware
|
|
|
|
2021-02-02 13:23:40 |
Over 1 Million Impacted by Data Breach at Washington State Auditor (lien direct) |
The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen.
|
Data Breach
|
|
|
|
2021-02-02 12:04:09 |
SonicWall Says \'a Few Thousand Devices\' Impacted by Zero-Day Vulnerability (lien direct) |
SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.
|
Vulnerability
|
|
★★
|
|
2021-02-02 11:26:42 |
Apple Issues Patches for NAT Slipstreaming 2.0 Attack (lien direct) |
Apple this week released security updates to address multiple vulnerabilities in macOS and Safari, including a flaw that can be exploited for the recently disclosed NAT Slipstreaming 2.0 attack.
|
|
|
|
|
2021-02-02 04:56:53 |
Cyberspies Delivered Malware to Gamers via Supply Chain Attack (lien direct) |
Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company.
|
Malware
|
|
|
|
2021-02-01 18:33:09 |
Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015 (lien direct) |
Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.
|
|
|
|
|
2021-02-01 15:29:35 |
France Tries Three for Attack Plot After Cyber Infiltration (lien direct) |
Two French citizens and a Moroccan went on trial in Paris on Monday charged with planning attacks after their cyber network was successfully infiltrated by a French intelligence agent posing as a jihadist.
|
|
|
|
|
2021-02-01 15:00:20 |
Fonix Ransomware Operators Close Shop, Release Decryption Keys (lien direct) |
The cybercriminals behind the Fonix ransomware have announced plans to shut down their activity, and have already released the master decryption key for the malware.
|
Ransomware
|
|
|
|
2021-02-01 14:46:10 |
The Positive Impact of the Pandemic on SecOps Collaboration (lien direct) |
Collaboration is a Hallmark of Successful Security Teams
|
|
|
|
|
2021-02-01 14:30:28 |
Russian Hack Brings Changes, Uncertainty to US Court System (lien direct) |
Trial lawyer Robert Fisher is handling one of America's most prominent counterintelligence cases, defending an MIT scientist charged with secretly helping China. But how he'll handle the logistics of the case could feel old school: Under new court rules, he'll have to print out any highly sensitive documents and hand-deliver them to the courthouse.
|
Hack
|
|
|
|
2021-02-01 13:49:37 |
CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds.
|
Threat
|
|
★★★★★
|
|
2021-02-01 12:16:20 |
OwnBackup Achieves \'Unicorn\' Status With $167.5 Million Funding Round (lien direct) |
Cloud data protection provider OwnBackup has completed a $167.5 million Series D funding round, which helped it reach “unicorn” status, at a valuation close to $1.4 billion. To date, the company has raised a total of more than $267.5 million in funding.
|
|
|
|
|
2021-02-01 11:34:21 |
Root9B, Fidem in Cybersecurity M&A Round-Up for January 2021 (lien direct) |
|
|
|
|
|
2021-02-01 09:50:30 |
Hijacked Perl.com Domain Hosted on IP Address Linked to Malicious Activity (lien direct) |
The Perl.com domain, which since 1997 had been serving articles about Perl programming, was hijacked last week.
Managed by The Perl Foundation, the site had David Farrell as editor, but received contributions for numerous Perl programming language enthusiasts, including Brian Foy, who also authored several books on Perl.
|
|
|
|
|
2021-01-31 11:57:43 |
OT Cybersecurity Firm Mission Secure Raises $5.6 Million in Series B Funding (lien direct) |
Mission Secure, a provider of visibility and cybersecurity solutions for industrial environments, announced this week that it has closed a Series B financing round in the amount of $5.6 million.
|
|
|
|
|
2021-01-29 16:35:06 |
UScellular Breach Allowed Hackers to Port Customer Phone Numbers (lien direct) |
Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a data breach.
|
|
|
|
|
2021-01-29 16:19:22 |
Unemployment Fraud - Preying on Those Most in Need (lien direct) |
The Covid-19 pandemic has been raging for nearly a year now. With the pandemic has come a tremendous amount of uncertainty. Many of us wonder when we will be able to return to normal life, when we will be able to see family and friends, and when we might resume those everyday activities we used to take for granted.
|
|
|
|
|
2021-01-29 16:06:57 |
Tanium Announces $150 Million Funding Investment From Ontario Teachers\' (lien direct) |
Endpoint management and security solutions provider Tanium this week announced the sale of $150 million in common stock to Ontario Teachers' Pension Plan Board.
Ontario Teachers' made the funding investment through its Teachers' Innovation Platform (TIP), which is involved in late-stage venture and growth equity investments in validated technologies.
|
|
|
|
|
2021-01-29 14:37:22 |
Elusive Lebanese Threat Actor Compromised Hundreds of Servers (lien direct) |
A threat actor believed to be tied to the Lebanese government has compromised hundreds of servers pertaining to organizations worldwide, while maintaining a low profile, threat intelligence firm ClearSky reveals.
|
Threat
|
|
|
|
2021-01-29 14:35:27 |
Deep Analysis of More than 60,000 Breach Reports Over Three Years (lien direct) |
Hackers Are Winning Battles, While Victims are Gaming the Notification Laws
|
|
|
|
|
2021-01-29 13:13:50 |
Attacks on Individuals Fall as Cybercrime Shifts Tactics (lien direct) |
Cybercriminals shifted away from stealing individual consumers' information in 2020 to focus on bigger, more profitable attacks on businesses, according to a report from the Identity Theft Resource Center.
|
|
|
|
|
2021-01-29 12:44:34 |
Encrypted Services Providers Concerned About EU Proposal for Encryption Backdoors (lien direct) |
European encrypted services providers ProtonMail, Threema, Tresorit and Tutanota on Thursday urged European Union policy makers to rethink plans that would require the implementation of encryption backdoors.
|
|
|
|
|
2021-01-29 04:42:22 |
TPG Capital Acquires Majority Stake in PAM Solutions Provider Centrify (lien direct) |
Private equity firm TPG Capital on Thursday announced that it has agreed to acquire a majority stake in privileged access management (PAM) solutions provider Centrify.
Founded in 2004, Santa Clara, Calif.-based Centrify provides a platform designed to enforce least privilege access at scale, across enterprise networks.
|
|
|
|
|
2021-01-29 04:29:34 |
Many WordPress Sites Affected by Vulnerabilities in \'Popup Builder\' Plugin (lien direct) |
Multiple vulnerabilities patched recently in the popular WordPress plugin Popup Builder could be exploited to perform various malicious actions on affected websites.
|
|
|
|
|
2021-01-28 20:31:16 |
Apple Adds \'BlastDoor\' to Secure iPhones From Zero-Click Attacks (lien direct) |
Apple has quietly added several anti-exploit mitigations into its flagship mobile operating system in what appears to be a specific response to zero-click iMessage attacks observed in the wild.
|
|
|
|
|
2021-01-28 19:07:46 |
For Microsoft, Security is a $10 Billion Business (lien direct) |
|
|
|
|
|
2021-01-28 18:03:03 |
Security Resolutions to Make in 2021 (lien direct) |
The new year is already several weeks old, but it is still a great time to take stock, look ahead, and plan to make 2021 the best year yet. However, to do this, an organization needs to look back into 2020 to learn lessons from a particularly challenging time in cybersecurity.
|
|
|
|
|
2021-01-28 16:16:45 |
Many European CISOs Shift Focus to Mobile Security: Survey (lien direct) |
A majority of chief information security officers (CISOs) in Europe said their cybersecurity strategy now focuses on mobile devices as a result of employees increasingly working remotely due to the pandemic, IT management and cybersecurity solutions provider Ivanti said in a report published this week.
|
|
|
|
|
2021-01-28 13:36:34 |
Law Enforcement Planning Emotet Cleanup Operation Following Botnet Takedown (lien direct) |
Following a takedown operation earlier this month, authorities are taking steps towards cleaning up systems infected with the Emotet malware.
|
|
|
|
|
2021-01-28 12:56:45 |
Apple to Crack Down on Tracking iPhone Users in Early Spring (lien direct) |
Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. The delay in its anticipated rollout aims to placate Facebook and other digital services that depend on such data surveillance to help sell ads.
|
|
|
|
|
2021-01-28 12:44:11 |
Stack Overflow Shares Technical Details on 2019 Hack (lien direct) |
Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems.
|
Hack
|
|
|
|
2021-01-27 21:21:15 |
NetWalker Ransomware\'s Sites Seized by Law Enforcement (lien direct) |
Law enforcement authorities in the U.S. and Europe have seized the dark web sites associated with the NetWalker ransomware operations and also charged a Canadian national in relation to the malware.
|
Ransomware
|
|
|
|
2021-01-27 20:30:18 |
Ten-Year Old Sudo Vulnerability Gives Root Privileges on Host (lien direct) |
A major security hole in the Sudo utility could be abused by unprivileged users to gain root privileges on the vulnerable host, Qualys reports.
|
Vulnerability
|
|
|
|
2021-01-27 18:24:10 |
CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities.
|
|
|
|
|
2021-01-27 15:22:37 |
In the Hacker\'s Crosshairs: Active Directory (lien direct) |
Organizations Need to Adjust Their Security Strategies to Match Modern Threats
|
|
|
|