Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-03-29 21:03:09 |
Hackers Steal Over $600M in Major Crypto Heist (lien direct) |
Hackers stole cryptocurrency worth over $600 million from a digital ledger used by players of the popular online game Axie Infinity, in a major digital cash heist revealed Tuesday.
Interest in cyptocurrency has boomed, along with its values, but the money has also become an attractive target for tech savvy thieves.
|
|
|
|
|
2022-03-29 18:19:05 |
With War Next Door, EU is Warned on Cybersecurity Gaps (lien direct) |
As Russia's invasion of Ukraine accelerates European Union defense cooperation, a watchdog said Tuesday that EU institutions face vulnerabilities on another front: cybersecurity.
|
|
|
|
|
2022-03-29 18:07:58 |
Cloaked Snags $25M Funding to Tackle Data-Sharing Privacy (lien direct) |
A Boston startup has raised $25 million in early-stage funding to tackle the erosion of privacy in today's data sharing ecosystems.
The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace.
|
|
|
|
|
2022-03-29 17:52:34 |
VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations (lien direct) |
VMware on Tuesday announced the availability of patches for a vCenter Server vulnerability that could facilitate attacks against many organizations.
|
Vulnerability
|
|
|
|
2022-03-29 17:34:53 |
Ex-Trump Treasury Secretary\'s PE Firm Buys Mobile Security Company Zimperium for $525M (lien direct) |
Steven Mnuchin's Liberty Strategic Capital acquires majority stake in Dallas, Texas-based Zimperium
|
|
|
|
|
2022-03-29 15:15:52 |
Why Bullying Employees Into Compliance Won\'t Work (lien direct) |
Security leaders need to understand that people working from home require more than technological support to improve security
|
Guideline
|
|
★★
|
|
2022-03-29 14:13:48 |
Critical Vulnerabilities Found in Microsoft Defender for IoT (lien direct) |
Researchers at endpoint security firm SentinelOne on Monday published detailed information on a couple of critical remote code execution vulnerabilities discovered in Microsoft Defender for IoT.
|
|
|
|
|
2022-03-29 12:04:13 |
Sophos Warns of Attacks Exploiting Recent Firewall Vulnerability (lien direct) |
Sophos on Monday raised the alarm about a recently patched Sophos Firewall vulnerability being exploited in attacks.
Impacting the User Portal and Webadmin of Sophos Firewall, the bug is described as an authentication bypass that could lead to remote code execution.
|
Vulnerability
Guideline
|
|
|
|
2022-03-29 11:35:53 |
White House Proposes $10.9 Billion Budget for Cybersecurity (lien direct) |
|
|
|
|
|
2022-03-29 10:36:10 |
SonicWall Patches Critical Vulnerability in Firewall Appliances (lien direct) |
SonicWall has released patches for a critical-severity vulnerability in the web management interface of multiple firewall appliances.
Tracked as CVE-2022-22274 (CVSS score of 9.4), the security flaw is described as a stack-based buffer overflow bug that impacts SonicOS.
|
Vulnerability
|
|
|
|
2022-03-29 09:40:40 |
US Brands Russian Cybersecurity Firm Kaspersky \'Security Threat\' (lien direct) |
US regulators have deemed antivirus software maker Kaspersky a "threat to national security," a designation that will restrict its dealings in the United States.
|
|
|
|
|
2022-03-28 19:28:47 |
Researchers Hack Remote Keyless System of Honda Vehicles (lien direct) |
A researcher has published proof-of-concept (PoC) videos to demonstrate how an attacker can remotely unlock the doors of a Honda vehicle, or even start its engine.
|
Hack
|
|
|
|
2022-03-28 16:52:22 |
Checkmarx Finds Threat Actor \'Fully Automating\' NPM Supply Chain Attacks (lien direct) |
Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem.
|
Threat
|
|
|
|
2022-03-28 16:01:29 |
Estonian Ransomware Operator Sentenced to Prison in US (lien direct) |
An Estonian man was sentenced to 66 months in prison in the United States for his role in ransomware attacks that caused more than $53 million in losses.
The cybercriminal, Maksim Berezan, who was arrested in Latvia and later extradited to the United States, pleaded guilty in April 2021 to conspiracy to commit wire fraud and device fraud.
|
Ransomware
Guideline
|
|
|
|
2022-03-28 13:42:05 |
German Authorities Seize Spyware Firm FinFisher\'s Accounts (lien direct) |
German authorities have seized accounts belonging to the spyware company FinFisher amid an investigation into whether it broke export laws by selling its products to authoritarian governments.
|
|
|
★★
|
|
2022-03-28 13:36:26 |
Critical Remote Code Execution Vulnerability in Sophos Firewall (lien direct) |
Sophos on Friday announced the rollout of urgent patches for a critical authentication bypass vulnerability in the web portal of its Sophos Firewall product.
Reported by an external researcher via the Sophos bug bounty program, the vulnerability is tracked as CVE-2022-1040 and impacts Sophos Firewall v18.5 MR3 (18.5.3) and older releases.
|
Vulnerability
|
|
|
|
2022-03-28 10:47:38 |
(Déjà vu) CISA Adds 66 Vulnerabilities to \'Must Patch\' List (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has added 66 vulnerabilities to its list of known exploited security holes.
|
|
|
|
|
2022-03-27 11:58:30 |
Google Issues Emergency Fix for Chrome Zero-Day (lien direct) |
Google has issued an emergency security update for Chrome 99 to resolve a vulnerability for which a public exploit already exists.
|
Vulnerability
|
|
|
|
2022-03-25 17:29:10 |
US, EU Sign Data Transfer Deal to Ease Privacy Concerns (lien direct) |
The European Union and United States made a breakthrough in their yearslong battle over the privacy of data that flows across the Atlantic with a preliminary agreement Friday that paves the way for Europeans' personal information to be stored in the U.S.
|
|
|
|
|
2022-03-25 15:38:53 |
Chinese Hackers Seen Targeting Ukraine Post-Invasion (lien direct) |
A known threat actor has launched what appears to be the first Chinese hacking attempts targeting Ukraine digital assets since the Russian invasion a month ago.
|
Threat
|
|
|
|
2022-03-25 15:17:13 |
MixMode Banks $45 Million in Series B Funding (lien direct) |
Cyberattacks detection technology provider MixMode has announced the closing of a $45 million Series B funding round led by PSG, with participation from Entrada Ventures.
|
|
|
|
|
2022-03-25 13:42:35 |
The Elusive Goal of Network Security (lien direct) |
While it's never perfect, it can always get better
|
|
|
|
|
2022-03-25 12:42:19 |
FBI: 649 Ransomware Attacks Reported on Critical Infrastructure Organizations in 2021 (lien direct) |
The Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) says it received 649 complaints of ransomware attacks targeting critical infrastructure organizations in 2021.
|
Ransomware
|
|
|
|
2022-03-25 11:27:39 |
How European Rulings Imperil Flagship Google Product (lien direct) |
Lax laws and sweetheart deals are becoming a thing of the past for big tech firms, particularly in Europe where a series of rulings is posing a major threat to one of Google's flagship products.
More than half of the world's websites use Google Analytics to help their owners understand the behavior of users.
|
Threat
|
|
|
|
2022-03-24 20:52:45 |
North Korea Gov Hackers Caught Sharing Chrome Zero-Day (lien direct) |
Malware hunters at Google have spotted signs that North Korean government hackers are sharing zero-day browser exploits for use in waves of targeted attacks hitting U.S. news media, crypto-banks and IT organizations.
|
|
|
|
|
2022-03-24 19:23:06 |
The Chaos (and Cost) of the Lapsus$ Hacking Carnage (lien direct) |
|
|
|
|
|
2022-03-24 15:42:32 |
New Vidar Infostealer Campaign Hidden in Help File (lien direct) |
Researchers discovered an email malware campaign in February 2022 that demonstrates the complexity attackers are introducing to the delivery mechanism in order to avoid detection. The new campaign delivers an old but frequently updated infostealer: Vidar.
|
Malware
|
|
|
|
2022-03-24 15:23:22 |
Over 100 Building Controllers in Russia Vulnerable to Remote Hacker Attacks (lien direct) |
A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia.
|
Hack
|
|
|
|
2022-03-24 14:23:22 |
Enterprise Browser Startup Island Snags Massive Funding Round (lien direct) |
An early-stage startup building a security-themed enterprise browser has raised $115 million at a $1.3 billion valuation, becoming a cybersecurity unicorn less than two months after emerging from stealth with $100 million in funding.
|
|
|
|
|
2022-03-24 13:20:29 |
Russian Operator of Cybercrime Marketplace Indicted in US (lien direct) |
A Russian national has been indicted in the United States for allegedly operating a cybercrime marketplace where stolen credit card information and online banking account data was being traded.
|
|
|
|
|
2022-03-24 12:37:47 |
Many Critical Flaws Patched in Delta Electronics Energy Management System (lien direct) |
At least 30 vulnerabilities were found in the past year in the DIAEnergie industrial energy management system made by Delta Electronics. The company says it has created patches for all of them, but for now most of those patches are only available on demand.
|
|
|
|
|
2022-03-24 11:29:09 |
VMware Patches Critical Vulnerabilities in Carbon Black App Control (lien direct) |
VMware this week announced software updates that address two critical-severity vulnerabilities in its Carbon Black App Control product.
An application allow listing solution, Carbon Black App Control allows security teams to secure enterprise systems by locking them down to prevent unwanted changes, and to maintain continuous compliance.
|
|
|
|
|
2022-03-24 11:08:21 |
Achieving Positive Outcomes With Multi-Domain Cyber and Open Source Intelligence (lien direct) |
The Many Faces of Threat Intelligence: Part 2
|
Threat
|
|
|
|
2022-03-24 09:37:12 |
Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers (lien direct) |
HP this week announced that more than 200 printer models are impacted by a severe remote code execution vulnerability that was exploited by researchers at the Pwn2Own hacking contest last year, where participants earned a total of more than $1 million.
|
Vulnerability
|
|
|
|
2022-03-23 18:43:55 |
Theta Lake Raises $50 Million in Series B Funding Round (lien direct) |
Theta Lake, a company that specializes in compliance and security solutions for collaboration platforms, on Wednesday announced raising $50 million in a Series B funding round.
|
|
|
|
|
2022-03-23 18:28:38 |
Ransomware, Malware-as-a-Service Dominate Threat Landscape (lien direct) |
Ransomware continues to expand with double-extortion now the standard; the malware-as-a-service model is now common; and criminals are increasingly 'living off the land', according to data from Red Canary.
|
Threat
|
|
|
|
2022-03-23 15:47:14 |
A Sheep in Wolf\'s Clothing: Technology Alone is a Security Facade (lien direct) |
The power of the technology to defend our IT systems is only as good as our ability to evolve it in the face of ever-changing adversary tradecraft
|
|
|
|
|
2022-03-23 14:42:43 |
Compliance Startup Trustero Emerges From Stealth With $8 Million in Funding (lien direct) |
Trustero, a Palo Alto, California-based startup offering Compliance-as-a-Service (CaaS) for enterprises, has emerged from stealth mode with $8 million in seed funding.
The investment round was led by Zetta Venture Partners, with participation from Engineering Capital and Vertex Ventures.
|
|
|
|
|
2022-03-23 14:26:08 |
Chinese Cyberspies Seen Using macOS Variant of \'Gimmick\' Malware (lien direct) |
In late 2021, incident response and threat intelligence firm Volexity observed a Chinese threat actor using a macOS variant of the malware known as Gimmick.
|
Malware
Threat
|
|
|
|
2022-03-23 14:00:01 |
Analysis Shows How Fast Various Ransomware Strains Encrypt 100,000 Files (lien direct) |
Cybersecurity researchers at Splunk have conducted an analysis to determine how long it takes various ransomware strains to encrypt files on compromised systems.
|
Ransomware
|
|
|
|
2022-03-23 13:04:49 |
Virtual Event Today: Supply Chain Security Summit & Expo (lien direct) |
|
|
|
|
|
2022-03-23 11:40:26 |
Microsoft, Okta Confirm Data Breaches Involving Compromised Accounts (lien direct) |
Microsoft and Okta have both confirmed suffering data breaches after a cybercrime group announced targeting them, but the companies claim impact is limited.
|
|
|
|
|
2022-03-23 00:03:52 |
FBI Sees Growing Russian Hacker Interest in US Energy Firms (lien direct) |
The FBI is warning that it has seen increased interest by Russian hackers in energy companies since the start of Russia's war against Ukraine, though it is offering no indication that a specific cyberattack is planned.
|
|
|
|
|
2022-03-22 20:11:17 |
\'Secrets Sprawl\' Haunts Software Supply Chain Security (lien direct) |
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of valuable corporate secrets -- API keys, usernames and passwords, and security certificates -- publicly exposed in corporate repositories.
|
|
|
|
|
2022-03-22 17:22:44 |
\'Serpent\' Backdoor Used in Malware Attacks on French Entities (lien direct) |
French organizations in the construction, government, and real estate sectors have been targeted with a new backdoor in a string of malware attacks, according to a warning from Proofpoint.
|
Malware
|
|
|
|
2022-03-22 16:05:15 |
QNAP Devices Targeted in New Wave of DeadBolt Ransomware Attacks (lien direct) |
Internet search engine Censys on Monday warned that a new wave of DeadBolt ransomware attacks has been targeting network-attached storage (NAS) devices made by QNAP.
|
Ransomware
|
|
|
|
2022-03-22 13:51:00 |
Demystifying Zero Trust (lien direct) |
While many vendors use terms that include "zero trust," they often use it to mean different things
|
|
|
|
|
2022-03-22 13:50:15 |
Application Security Firm ForAllSecure Raises $21 Million (lien direct) |
Application security testing firm ForAllSecure this week announced that it has closed a $21 million Series B investment round that brings the total raised by the company to $36 million.
The funding round was co-led by Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA).
|
|
|
|
|
2022-03-22 12:34:53 |
Over 1 Million Impacted in Data Breach at Texas Dental Services Provider (lien direct) |
Dental and orthodontic care provider JDC Healthcare Management (JDC) has revealed that the information of a large number of Texans was compromised in a data breach discovered last year.
|
Data Breach
|
|
|
|
2022-03-22 11:51:19 |
High-Severity UEFI Vulnerabilities Patched in Dell Enterprise Laptops (lien direct) |
Firmware security company Binarly this week disclosed the details of several vulnerabilities that impact the Unified Extensible Firmware Interface (UEFI) of multiple Dell enterprise laptop models.
|
|
|
|