Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 15:10:25 |
High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices (lien direct) |
Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 15:07:25 |
New Variant of Buer Malware Loader Written in Rust to Evade Detection (lien direct) |
A new variant of the Buer malware loader has been detected, written in Rust. The original version is written in C. Rust is efficient, easy-to-use, and an increasingly popular programming language – Microsoft uses it, and joined the Rust Foundation in February 2021.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 13:26:45 |
Trend Micro Unveils New OT Endpoint Security Solution Made by TXOne (lien direct) |
Cybersecurity firm Trend Micro on Monday announced a new endpoint security solution developed by TXOne Networks for devices in operational technology (OT) environments.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 12:09:11 |
Acronis Raises $250 Million at $2.5 Billion Valuation (lien direct) |
Cyber protection solutions provider Acronis on Tuesday announced that it has raised $250 million at a valuation of $2.5 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 08:39:43 |
ATT&CK v9 Introduces Containers, Google Workspace (lien direct) |
MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 02:32:03 |
Apple Warns of New Zero-Day Attacks on iOS, MacOS (lien direct) |
Apple's problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and MacOS devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 19:07:18 |
Alaska Court System Briefly Forced Offline Amid Cyber Threat (lien direct) |
The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 16:26:25 |
Pulse Secure Ships Belated Fix for VPN Zero-Day (lien direct) |
Embattled VPN technology vendor Pulse Secure on Monday updated an “out-of-cycle” advisory with patches for four major security vulnerabilities, including belated cover for an issue that's already been exploited by advanced threat actors.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 13:22:12 |
(Déjà vu) Cybersecurity M&A Roundup: 30 Deals Announced in April 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 12:29:06 |
Tesla Car Hacked Remotely From Drone via Zero-Click Exploit (lien direct) |
Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. They carried out the attack from a drone.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 11:25:18 |
NSA Issues Guidance on Securing IT-OT Connectivity (lien direct) |
The U.S. National Security Agency (NSA) last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 11:06:19 |
The Anti-Fraud Lifecycle (lien direct) |
It is a known fact that cybercriminals choose the path of least resistance. Naturally, easy cashout methods with good returns are much more favorable than methods that are high risk, complicated or yield small profits. While this is not the only factor in determining how much fraud is committed through a certain vector (for example, it takes time for cashout methods to become public knowledge in cybercriminal circles and thus become widely adopted), it is a major aspect.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 00:59:25 |
Effort to Protect Consumer Data Privacy Stalls in Florida (lien direct) |
A campaign by Gov. Ron DeSantis to help Floridians regain ownership of the troves of data that companies collect came to a halt Friday, when state lawmakers could not agree on how tightly to limit how Big Data harvests and uses people's information.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 17:43:33 |
Unknown Chinese APT Targets Russian Defense Sector (lien direct) |
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 17:27:45 |
Task Force Calls for Aggressive US \'Anti-Ransomware\' Campaign (lien direct) |
A task force attached to the Institute for Security and Technology (IST) has released set of recommendations to combat the ransomware scourge currently hitting organizations around the world.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 14:57:36 |
Contract Tracing Breach Impacts Private Info of 72K People (lien direct) |
Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation, the state Health Department said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 14:38:22 |
Security Operations and Management Startup StrikeReady Emerges From Stealth (lien direct) |
Cloud-based security operations and management startup StrikeReady this week emerged from stealth mode after raising $3.6 million in seed funding.
Led by 11.2 Capital, the funding round also saw participation from Outlier Venture Capital and from various Silicon Valley angel investors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 14:03:48 |
SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched (lien direct) |
A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday.
|
Ransomware
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 11:10:55 |
Cybersecurity Community Unhappy With GitHub\'s Proposed Policy Updates (lien direct) |
GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 09:59:26 |
Dutch Government Pauses Coronavirus App Over Data Leak Fears (lien direct) |
The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 08:53:27 |
BIND Vulnerabilities Expose DNS Servers to Remote Attacks (lien direct) |
The Internet Systems Consortium (ISC) has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service (DoS) attacks and one possibly even for remote code execution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 00:54:59 |
Stealthy RotaJakiro Backdoor Targeting Linux Systems (lien direct) |
Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems. It has been undetected for at least three years, and operates as a backdoor.
Four samples have now been discovered, all using the same C2s. The earliest was discovered in 2018. None of the samples were labeled malware by VirusTotal.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 20:43:33 |
BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices (lien direct) |
Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 15:04:59 |
Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks (lien direct) |
F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM), but fixes are not available for all impacted versions.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 14:35:46 |
DigitalOcean Discloses Breach Involving Billing Information (lien direct) |
Cloud solutions provider DigitalOcean has started informing some customers that their billing information may have been compromised after someone exploited a vulnerability in the company's systems.
|
Vulnerability
|
APT 32
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 13:07:08 |
Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation (lien direct) |
Threat detection and response solutions provider Vectra AI on Thursday announced that it has raised $130 million at a valuation of $1.2 billion, which makes the company the latest cybersecurity unicorn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 12:40:30 |
Effective Security Needs to See and Interrupt Every Step in an Attack Chain (lien direct) |
The best defense in depth strategy should not include loading up your network with a plethora of point solutions
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 11:59:49 |
Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip (lien direct) |
Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 11:27:22 |
FluBot Android Malware Expected to Start Targeting U.S. (lien direct) |
The FluBot Android malware is spreading fast across Europe using an SMS package delivery scheme and it's soon expected to arrive in the United States as well, cybersecurity company Proofpoint warned this week.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 10:27:10 |
Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks (lien direct) |
Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 04:01:01 |
Chinese Cyberspies Target Military Organizations in Asia With New Malware (lien direct) |
A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 01:39:41 |
US Government Taking Creative Steps to Counter Cyberthreats (lien direct) |
An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it
|
Hack
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 16:00:25 |
Death of the Manual Pen-Test: Blind Spots, Limited Visibility (lien direct) |
Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. The reasons are not difficult to understand: the cost and coverage of manual testing is too high and too limited.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 15:14:27 |
CISO Conversations: Raytheon and BAE Systems CISOs on Leadership, Future Threats (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 14:59:36 |
Google Data Protection Case to be Heard in UK Supreme Court (lien direct) |
Google on Wednesday began a legal bid at Britain's highest court to try to block a class action alleging that it illegally tracked millions of iPhone users.
The hearing at the Supreme Court will hear arguments for two days before judges decide whether the claim against the internet search giant should proceed.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 14:02:59 |
Cyberspace Solarium Commission: CISA Funding Should Increase by at Least $400M (lien direct) |
In a letter to the United States House Committee on Appropriations, two members of the Cyberspace Solarium Commission are asking for an increase in funding for the Cybersecurity and Infrastructure Security Agency (CISA) in fiscal year 2022.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 13:13:07 |
Navy SEALs to Shift From Counterterrorism to Global Threats (lien direct) |
Navy SEAL platoons are beefing up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 12:41:17 |
DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation (lien direct) |
DevSecOps company Sysdig on Wednesday announced becoming a “unicorn” after raising $188 million in a Series F funding round at a valuation of $1.19 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 11:05:48 |
Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords (lien direct) |
New service can tell a company which users have a password known to hackers, without having to know the usernames
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 11:02:33 |
Russia-Linked \'Ghostwriter\' Disinformation Campaign Tied to Cyberspy Group (lien direct) |
A widespread disinformation campaign dubbed Ghostwriter is believed to be the work of a state-sponsored cyber-espionage group, cybersecurity firm FireEye reported on Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-28 08:43:52 |
Google Patches Yet Another Serious V8 Vulnerability in Chrome (lien direct) |
An update released this week by Google for Chrome 90 patches yet another serious vulnerability affecting the V8 JavaScript engine used by the web browser.
The flaw, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from Chinese cybersecurity firm Singular Security Lab.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 19:33:22 |
FBI/DHS Issue Guidance for Network Defenders to Mitigate Russian Gov Hacking (lien direct) |
The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service (SVR) via the cyber actor known as APT 29 (aka the Dukes, Cozy Bear, Yttrium and CozyDuke).
|
Threat
|
APT 29
APT 29
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 15:55:01 |
US Air Force Adopts Zero Trust to Secure Flightline Operations (lien direct) |
Zero trust is an important part of business transformation. As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 15:38:27 |
Sift Raises $50M at \'Unicorn\' Valuation (lien direct) |
Fraud prevention technology provider Sift is now the 14th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 14:40:09 |
Endpoint Management Firm Automox Raises $110 Million (lien direct) |
Cyber hygiene and patch management company Automox on Tuesday announced raising $110 million in a Series C funding round that brings the total raised by the firm to more than $152 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 13:29:38 |
Adobe Releases Open Source Anomaly Detection Tool "OSAS" (lien direct) |
Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop' (OSAS), a new tool designed to help security teams discover anomalies in datasets.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 13:03:32 |
Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply (lien direct) |
Power management solutions provider Eaton has released patches for its Intelligent Power Manager (IPM) software to address several potentially serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 11:39:04 |
CISA, NIST Provide New Resource on Software Supply Chain Attacks (lien direct) |
In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) provide information on software supply chain attacks, the associated risks, and how organizations can mitigate them.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 11:13:25 |
Apple Patches macOS Security Bypass Vulnerability Exploited by \'Shlayer\' Malware (lien direct) |
Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group.
|
Malware
Vulnerability
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-27 10:28:31 |
DC Police Department Hit by Apparent Extortion Attack (lien direct) |
The Washington, D.C., police department said Monday that its computer network was breached, and a Russian-speaking ransomware syndicate claimed to have stolen sensitive data, including on informants, that it threatened to share with local criminal gangs unless police paid an unspecified ransom.
|
Ransomware
|
|
|