What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-30 12:02:50 | Contactless Payment Card Hack Affects Apple Pay, Visa (lien direct) | A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned. | Hack | ||
|
2021-09-30 11:20:19 | Turkish National Charged for DDoS Attack on U.S. Company (lien direct) | A Turkish national has been indicted in the Northern District of Illinois for launching a distributed denial-of-service (DDoS) attack against a hospitality company headquartered in the United States. | |||
|
2021-09-30 10:40:22 | Optimizing Monitoring Services For Intelligence Teams (lien direct) | How do you make sure you are choosing the right solutions for your organization? | |||
|
2021-09-29 19:32:34 | Facebook Open-Sources \'Mariana Trench\' Code Analysis Tool (lien direct) | Facebook's security team on Wednesday pulled the curtain on Mariana Trench, an open-source tool that it has been using internally to identify vulnerabilities in Android and Java applications. | Tool | ||
|
2021-09-29 18:00:44 | Behavioral Analytics Provider ForMotiv Raises $6 Million (lien direct) | Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round. The company has raised a total of $7.5 million to date. ForMotiv's new funding round was led by Vestigo Ventures. DreamIt Ventures and Plug & Play Ventures also participated. | |||
|
2021-09-29 17:03:38 | Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal (lien direct) | Edge security and content delivery giant Akamai Technologies on Wednesday announced plans to spend $600 million to acquire Guardicore, an Israeli micro-segmentation technology startup. Akamai said the deal would add new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise. | Ransomware Malware | ||
|
2021-09-29 16:29:56 | Cyberespionage Implant Delivered via Targeted Government DNS Hijacking (lien direct) | Threat hunters at Kaspersky have intercepted a new cyberespionage implant being delivered via targeted DNS hijacking of government zones in Eastern Europe and published a new report Wednesday with clues linking the malware to the SolarWinds attackers. | Malware | ||
|
2021-09-29 15:29:03 | How to Spot an Ineffective Security Practitioner (lien direct) | Root out ineffective security practitioners to keep your security teams protected and engaged in a productive manner | |||
|
2021-09-29 14:56:32 | China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal (lien direct) | Several China-linked cyberespionage groups were observed intensifying attacks on a major telecom firm in Afghanistan just as the United States was finalizing its withdrawal from the country. | |||
|
2021-09-29 13:39:51 | COVID-19\'s Healthcare Feeding Frenzy for Cybercriminals (lien direct) | The COVID-19 pandemic has enlarged the threat landscape for all industry sectors; but none more so than healthcare. The primary areas of concern include insecure working from home, and stress related lax behavior at the office. | Threat | ||
|
2021-09-29 13:36:03 | NSA, CISA Issue Guidance on Selecting and Securing VPNs (lien direct) | The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) this week published a new document to help government organizations select and secure virtual private network (VPN) solutions. | |||
|
2021-09-29 11:42:13 | Google Announces Rewards for Tsunami Security Scanner Plugins (lien direct) | Google this week announced that it is offering monetary payouts to individuals who help expand the detection capabilities of the Tsunami security scanner. Two types of contributions are currently accepted in the experimental reward program, namely vulnerability detection plugins and web application fingerprints. | Vulnerability | ||
|
2021-09-29 11:08:37 | CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday informed organizations that some cameras made by Chinese video surveillance vendor Hikvision are affected by a critical vulnerability. | |||
|
2021-09-29 10:40:14 | Russia Detains Head of Cybersecurity Group on Treason Charges (lien direct) | A Moscow court on Wednesday ordered the co-founder of one of Russia's leading cybersecurity firms, Group-IB, to be detained on charges of treason. Founded in 2003, Group-IB specializes in the detection and prevention of cyberattacks and works with Interpol and several other global institutions. | Guideline | ||
|
2021-09-28 17:28:54 | Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers (lien direct) | Microsoft on Monday published a blog post detailing a piece of malware used by the threat actor behind the SolarWinds attack to exfiltrate data from compromised servers. | Malware Threat | ||
|
2021-09-28 17:15:09 | Colossus Ransomware Hits Automotive Company in the U.S. (lien direct) | A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox. Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data. | Ransomware | ||
|
2021-09-28 16:39:40 | FinSpy Surveillance Spyware Fitted With UEFI Bootkit (lien direct) | Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform stealthy infections on target machines. | |||
|
2021-09-28 13:57:04 | Tokenization vs. Encryption for Data Protection Compliance (lien direct) | 
|
|||
|
2021-09-28 13:56:05 | QNAP Patches Critical Vulnerabilities in QVR Software (lien direct) | QNAP, the Taiwan-based maker of network-attached storage (NAS) appliances, this week announced the availability of patches for a couple of critical vulnerabilities in its QVR video management solution. Tracked as CVE-2021-34348 and CVE-2021-34351 and featuring a CVSS score of 9.8, the vulnerabilities could be abused remotely to run arbitrary commands on affected systems. | |||
|
2021-09-28 13:19:47 | Enterprises Warned About Zix-Themed Credential Phishing Attacks (lien direct) | Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be related to services offered by security company Zix. | |||
|
2021-09-28 12:20:39 | Trend Micro Patches Critical Vulnerability in Server Protection Solution (lien direct) | Trend Micro has released patches for a critical authentication bypass vulnerability in Trend Micro ServerProtect. Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. | Vulnerability | ||
|
2021-09-28 11:45:18 | Cyber Insurance Firm Coalition Raises $205 Million at $3.5 Billion Valuation (lien direct) | San Francisco-based cyber insurance company Coalition has raised $205 million in a Series E funding round, at a valuation of over $3.5 billion. The firm has raised more than $500 million to date. | |||
|
2021-09-28 11:19:08 | ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage (lien direct) | Switzerland-based web and application security company ImmuniWeb on Tuesday announced the launch of a free online tool designed to help organizations identify unprotected cloud storage. | Tool | ★★★ | |
|
2021-09-28 10:30:10 | US Cryptocurrency Promoter Pleads Guilty to Advising NKorea (lien direct) | A prominent American cryptocurrency promoter and former hacker has pleaded guilty to advising North Korea on using virtual money to avoid international controls, a New York court said Monday. | Guideline | ||
|
2021-09-28 09:57:25 | OWASP Top 10 Updated With Three New Categories (lien direct) | On its 20th anniversary, the Open Web Application Security Project (OWASP) released the final version of their revised Top 10 list of the most critical risks to web applications, which includes three new categories, as well as position shifts compared to the previous report, released in 2017. | |||
|
2021-09-28 03:55:19 | Quad Nations Commit to Fostering a Secure Technology Ecosystem (lien direct) | The Quad countries (Australia, India, Japan, and the United States) on Friday announced a partnership to foster the development of secure technology. | |||
|
2021-09-27 17:27:50 | Cloudflare Introduces Email Security Tools (lien direct) | Internet security and performance company Cloudflare is celebrating its 11th anniversary this week and on Monday it introduced several email security tools. Cloudflare is entering the email security market with some free tools that its customers can use to create custom email addresses, manage email routing, and prevent email phishing and spoofing. | |||
|
2021-09-27 14:19:59 | Frustrated Researcher Discloses Three Unpatched iOS Vulnerabilities (lien direct) | A researcher has made public the details of three unpatched iOS vulnerabilities after he became frustrated with how Apple runs its bug bounty program. The researcher, Denis Tokarev (aka illusionofchaos), disclosed his findings last week on the Russian IT blog Habr. | |||
|
2021-09-27 13:53:24 | UK-Based Threat Detection Firm SenseOn Raises $20 Million (lien direct) | SenseOn, a UK-based threat detection company, today announced that it has raised $20 million in Series A funding to scale its AI-based cybersecurity platform business. | Threat | ||
|
2021-09-27 12:56:54 | Controversial Web Host Epik Confirms Customer Data Exposed in Breach (lien direct) | Controversial web services provider Epik last week confirmed that sensitive information pertaining to its customers was stolen in a data breach. | |||
|
2021-09-27 11:31:26 | VMware Confirms In-the-Wild Exploitation of vCenter Server Vulnerability (lien direct) | VMware has confirmed that the recently patched vCenter Server vulnerability tracked as CVE-2021-22005 has been exploited in the wild, and some researchers say it has been chained with another flaw that was fixed in the same round of updates. | Vulnerability | ||
|
2021-09-27 10:39:58 | Encrypted Messaging App Signal Hit by Brief Outage (lien direct) | Encrypted instant messaging app Signal was hit by a brief outage late Sunday that interrupted services on the platform at the same time as localised interruptions on other social media services. | |||
|
2021-09-27 10:01:34 | Chrome 94 Update Patches Actively Exploited Zero-Day Vulnerability (lien direct) | Google has shipped an urgent Chrome update to address yet another zero-day vulnerability that has been actively exploited in attacks. Tracked as CVE-2021-37973, the security bug is described as a use-after-free issue in the Portals API, a web page navigation technology that pre-renders content when transitioning to a new page, for a seamless experience. | Vulnerability | ||
|
2021-09-27 08:38:40 | Threat Actor Targets Indian Government With Commercial RATs (lien direct) | A threat actor is employing commercial remote access Trojans (RATs) in a series of malicious attacks targeting Indian government and military personnel, Cisco's Talos security researchers warn. | Threat | ||
|
2021-09-25 13:33:46 | States at Disadvantage in Race to Recruit Cybersecurity Pros (lien direct) | Austin Moody wanted to apply his cybersecurity skills in his home state of Michigan, teaming up with investigators for the State Police to analyze evidence and track down criminals. But the recent graduate set the idea aside after learning an unpaid internship was his only way into the Michigan agency. | |||
|
2021-09-24 16:39:22 | EU Denounces Alleged Russian Hacking Ahead of German Vote (lien direct) | The European Union on Friday condemned alleged Russian cyber attacks that have targeted Germany in the run up to this weekend's election for Chancellor Angela Merkel's successor. | |||
|
2021-09-24 15:30:03 | FamousSparrow Cyberspies Exploit ProxyLogon in Attacks on Governments, Hotels (lien direct) | A cyberespionage group active since at least 2019 started exploiting ProxyLogon one day after the Microsoft Exchange vulnerability was publicly disclosed, ESET security researchers say. | Vulnerability | ||
|
2021-09-24 14:44:43 | Google Says Threat Actors Using New Code Signing Tricks to Evade Detection (lien direct) | Financially motivated threat actors have started using new code signing tricks to increase the chances of their software evading detection on Windows systems, Google's Threat Analysis Group reported on Thursday. | Threat | ||
|
2021-09-24 13:10:38 | SonicWall Patches Critical Vulnerability in SMA Appliances (lien direct) | SonicWall has published a security advisory and a security notice to inform customers about a critical vulnerability affecting some of its Secure Mobile Access (SMA) appliances. | Vulnerability | ||
|
2021-09-24 12:10:06 | LG to Acquire Vehicle Cybersecurity Firm Cybellum (lien direct) | South Korean electronics giant LG Electronics on Thursday announced plans to acquire Israel-based automotive cybersecurity company Cybellum for roughly $240 million. | |||
|
2021-09-24 11:38:31 | CISA Opens IPv6 Guidance to Public Feedback (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced that it's asking for public feedback on new IPv6 guidance for federal agencies. | |||
|
2021-09-24 11:00:19 | Port of Houston Target of Suspected Nation-State Hack (lien direct) | A major U.S. port was the target last month of suspected nation-state hackers, according to officials. The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.” | Hack | ||
|
2021-09-24 10:24:16 | F5 to Acquire Threat Stack for $68 Million in Cash (lien direct) | Cloud application and security solutions provider F5 this week announced that it has agreed to acquire threat detection firm Threat Stack for $68 million in cash. Threat Stack provides a platform that monitors cloud, hybrid cloud, multi-cloud, and containerized environments, and can automatically correlate events to identify suspicious activity. | Threat | ||
|
2021-09-24 09:30:06 | Working Securely From Anywhere With Zero Trust (lien direct) | Over the past year, two things have become clear. First, the network infrastructure organizations need to operate in today's increasingly digital world will continue to evolve. And second, rather than “returning to normal,” the future will be even more fragmented than ever. Users will need faster access to a growing number of applications and resources deployed across an increasingly distributed infrastructure. Those applications will continue to deliver richer and more complex data. | |||
|
2021-09-23 20:39:09 | Apple Confirms New Zero-Day Attacks on Older iPhones (lien direct) | Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform. | Vulnerability | ||
|
2021-09-23 18:09:00 | Improving Security Posture to Lower Insurance Premiums (lien direct) | Cyber insurance is a new branch of an old industry. That industry has centuries of experience in insuring shipping and a hundred or more years of insuring motor cars -- but only a few decades of cyber knowledge. It has comparatively little knowledge of either cyber risk or the financial insurance risk – and nobody yet knows where this new journey will take it. | |||
|
2021-09-23 17:39:21 | Web Security Provider Jscrambler Raises $15 Million (lien direct) | Client-side web security provider Jscrambler on Thursday announced that a $15 million Series A financing round led by Ace Capital Partners. Existing investors Sonae IM and Portugal Ventures also participated. | |||
|
2021-09-23 15:21:02 | Report: Suspected Chinese Hack Targets Indian Media, Gov\'t (lien direct) | A U.S.-based private cybersecurity company said Wednesday it has uncovered evidence that an Indian media conglomerate, a police department and the agency responsible for the country's national identification database have been hacked, likely by a state-sponsored Chinese group. | Hack | ||
|
2021-09-23 14:47:31 | Apple Deprecates Outdated TLS Protocols in iOS, macOS (lien direct) | Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms. Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients. | |||
|
2021-09-23 14:05:05 | Third-Party Risk Management Firm Panorays Raises $42 Million (lien direct) | Third-party risk management solutions provider Panorays on Thursday announced raising $42 million in a Series B funding round. |
To see everything:
Our RSS (filtrered)
