Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 08:47:22 |
Endpoint Management Startup Aiden Technologies Closes $2.9 Million Seed Round (lien direct) |
Automated endpoint management startup Aiden Technologies on Tuesday announced that it closed a $2.9 million seed funding round led by Right Side Capital Management.
Congress Avenue Ventures, the Gaingels, and SAJE Investments also participated in the round, along with various advisors and strategic individual investors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 21:43:19 |
SAP Patches Critical Vulnerabilities in NetWeaver (lien direct) |
German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 20:04:59 |
NYC\'s 1,000-Lawyer Law Department Targeted by Cyberattack (lien direct) |
New York City's law department was been hit with a cyberattack that forced officials to take the 1,000-lawyer agency offline, but Mayor Bill de Blasio said he believes no data was compromised in the hack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 18:27:58 |
Microsoft Raises Alarm for New Windows Zero-Day Attacks (lien direct) |
Microsoft's Patch Tuesday will take on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 17:28:43 |
Adobe Patches Major Security Flaws in PDF Reader, Photoshop (lien direct) |
Adobe's product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 15:02:41 |
Organizations Warned About DoS Flaws in Popular Open Source Message Brokers (lien direct) |
Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 13:52:16 |
CISA Announces Vulnerability Disclosure Policy Platform (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 13:02:30 |
Critical Vulnerabilities Patched in Android With June 2021 Security Updates (lien direct) |
Google this week announced the availability of the latest monthly security patches for the Android operating system, which address more than 50 vulnerabilities, including several rated critical severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 12:29:05 |
WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes (lien direct) |
A couple of vulnerabilities discovered in industrial controllers made by WAGO, a German company specializing in electrical connection and automation solutions, can be exploited to disrupt technological processes, which in some cases could lead to industrial accidents, according to Russian cybersecurity firm Positive Technologies.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 11:04:24 |
Apple Unveils VPN-Like Service and New Privacy Features at WWDC 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 10:31:10 |
Hundreds Arrested in \'Staggering\' FBI Encrypted Phone Sting (lien direct) |
Police arrested more than 800 people worldwide in a huge global sting involving encrypted phones that were secretly planted by the FBI, law enforcement agencies said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 17:06:15 |
\'Siloscape\' Malware Targets Windows Server Containers (lien direct) |
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.
|
Malware
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 14:33:10 |
(Déjà vu) Cybersecurity M&A Roundup for June 1-6, 2021 (lien direct) |
Several cybersecurity-related acquisitions were announced between June 1 and June 6, 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 13:11:53 |
Energy Chief Cites Risk of Cyberattacks Crippling Power Grid (lien direct) |
Energy Secretary Jennifer Granholm on Sunday called for more public-private cooperation on cyber defenses and said U.S. adversaries already are capable of using cyber intrusions to shut down the U.S. power grid.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 12:55:35 |
GitHub Updates Policies on Vulnerability Research, Exploits (lien direct) |
Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 12:06:12 |
New Google Tool Helps Developers Visualize Dependencies of Open Source Projects (lien direct) |
Google has launched a new experimental tool designed to help application developers visualize the dependencies of open source projects.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:55:52 |
Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching (lien direct) |
A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches.
|
Vulnerability
Patching
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:36:39 |
Russian Hackers Use New \'SkinnyBoy\' Malware in Attacks on Military, Government Orgs (lien direct) |
The Russia-linked threat group known as APT28 has been observed using a new backdoor in a series of attacks targeting military and government institutions, researchers with threat intelligence company Cluster25 reveal.
|
Malware
Threat
|
APT 28
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:07:46 |
Latvian Woman Charged in US With Role in Cybercrime Group (lien direct) |
A Latvian woman has been charged with developing malicious software used by a cybercrime organization that infected computers worldwide and looted bank accounts of millions of dollars, the Justice Department said Friday.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 15:00:03 |
Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks (lien direct) |
Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service (DDoS) attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 14:15:36 |
EU, Mideast Nations Look to Train at Cyprus Security Center (lien direct) |
Three European Union member nations and three Middle Eastern countries are looking to train personnel in border, customs, maritime and cybersecurity techniques at a cutting-edge U.S.-funded facility in Cyprus that is expected to be ready early next year, the Cypriot foreign minister said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 13:47:45 |
Serious Vulnerabilities Found in CODESYS Software Used by Many ICS Products (lien direct) |
Researchers have discovered 10 vulnerabilities - a majority rated critical or high severity - in CODESYS industrial automation software that is used in many industrial control system (ICS) products.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 13:11:32 |
Building End-to-End Security for 5G Networks (lien direct) |
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 12:53:27 |
XDR Platform Provider SentinelOne Files for IPO (lien direct) |
Endpoint security firm SentinelOne has publicly filed its S-1 registration statement with the SEC for an initial public offering (IPO) of its stock.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 12:08:17 |
White House Urges Private Companies to Help in Fight Against Ransomware (lien direct) |
In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.
|
Ransomware
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 11:41:10 |
Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report (lien direct) |
A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology (OT) systems have experienced some sort of cyber incident in the past year.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 11:04:11 |
Supreme Court Limits Prosecutors\' Use of Anti-Hacking Law (lien direct) |
The Supreme Court on Thursday limited prosecutors' ability to use an anti-hacking law to charge people with computer crimes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 03:55:47 |
Nigerian Arrested in US for Hacking Payroll Services Company (lien direct) |
A Nigerian national was arrested recently in the United States on charges related to hacking into user accounts at a payroll processing company, to steal payroll deposits.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 17:14:28 |
Two Carbanak Gang Members Sentenced to 8 Years in Prison (lien direct) |
Two members of the notorious Carbanak cybergang were sentenced to 8 years in prison, Kazakhstani authorities announced this week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 17:05:39 |
Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN (lien direct) |
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 14:44:13 |
CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 13:49:50 |
Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS (lien direct) |
Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:49:22 |
At Odds: The Promise vs. Operational Reality of Security Solutions (lien direct) |
There's a gap between the promise of a security technology and operational reality
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:39:34 |
Chinese Hackers Using Previously Unknown Backdoor (lien direct) |
Newly discovered cyber weapon uses elaborate multi-stage infection-chain to make detection and analysis difficult
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:22:44 |
Enterprise Mobile Security Startup Hypori Raises $20 Million (lien direct) |
Enterprise mobile security company Hypori this week announced it raised $20 million in a Series A funding round led by GreatPoint Ventures (GPV). To date, the company raised $33.9 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:07:00 |
Biden Says \'Looking\' at Russia Retaliation Over Cyberattack (lien direct) |
US President Joe Biden said Wednesday he is "looking" at possible retaliation after the White House linked Russia to a cyberattack against global meat processing giant JBS.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 11:35:08 |
Many CISOs Blame Cyberattack Surge on Remote Working: VMware (lien direct) |
Cybersecurity professionals have seen a surge in cyberattacks in the past year, and many blamed the trend on more employees working from home due to the COVID-19 pandemic, according to a report published on Thursday by VMware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 10:43:38 |
FBI Confirms REvil Ransomware Involved in JBS Attack (lien direct) |
The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world's largest meat processing company to shut down systems.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 04:08:59 |
Oak9 Launches Infrastructure-as-Code Security Platform With $5.9M in Seed Funding (lien direct) |
oak9 on Wednesday announced the launch of its Infrastructure-as-Code (IaC) security platform, backed by a $5.9 million seed funding round.
IaC is the process of managing and provisioning of infrastructure through code instead of through manual processes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 22:36:27 |
FireEye, Mandiant Split Apart in $1.2B Private Equity Deal (lien direct) |
FireEye (NASDAQ: FEYE) on Wednesday announced plans to sell its products business, including the FireEye name, as part of a $1.2 billion transaction that splits off the Mandiant Solutions unit from the company's endpoint protection and cloud security products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 18:21:02 |
Microsoft Buys ReFirm Labs to Expand IoT Firmware Security Push (lien direct) |
Microsoft's aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 17:15:14 |
Largest Meat Producer Getting Back Online After Cyberattack (lien direct) |
The world's largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 15:31:48 |
Ransomware Attack Hits Nantucket, Martha\'s Vineyard Ferry Service (lien direct) |
Steamship Authority Hit by Cyberattack
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 15:24:08 |
Cisco Discloses Details of macOS SMB Vulnerabilities (lien direct) |
Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system.
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple's own SMB stack is called SMBX.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 15:02:21 |
Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores (lien direct) |
More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at WordPress security company Defiant warns.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 13:05:07 |
Zerodium Offers $100,000 for Pidgin Zero-Day Exploits (lien direct) |
Exploit acquisition firm Zerodium on Tuesday announced that it is offering $100,000 for severe vulnerabilities in Pidgin for Windows and Linux.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 12:06:38 |
Vulnerability in Lasso Library Impacts Products From Cisco, Akamai (lien direct) |
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions.
|
Vulnerability
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 11:11:44 |
Industrial Switches From Several Vendors Affected by Same Vulnerabilities (lien direct) |
Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 10:20:28 |
US Seizes 2 Domain Names Used in Cyberespionage Campaign (lien direct) |
The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 00:41:41 |
(Déjà vu) Meat Producer JBS Says Expects Most Plants Working Wednesday (lien direct) |
A ransomware attack on the world's largest meat processing company disrupted production around the world just weeks after a similar incident shut down a U.S. oil pipeline.
|
Ransomware
|
|
|