Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-03-03 09:49:46 |
Microsoft Expands Secured-core to Servers, IoT Devices (lien direct) |
Microsoft this week announced Secured-core Server and Edge Secured-core, two solutions aimed at improving the security of servers and connected devices.
|
|
|
|
|
2021-03-02 23:09:19 |
Microsoft: 4 Exchange Server Zero-Days Under Attack by Chinese Hacking Group (lien direct) |
|
|
|
★★
|
|
2021-03-02 19:56:39 |
Hackers Control Perl.com Domain Months Before Hijack (lien direct) |
The Perl.com domain was hijacked in January 2021, but hackers seemingly took control of it four months prior, in September 2020.
|
|
|
|
|
2021-03-02 16:00:46 |
Google Patches Critical Remote Code Execution Vulnerability in Android (lien direct) |
Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component.
|
Vulnerability
|
|
|
|
2021-03-02 15:47:00 |
New \'Unc0ver\' Jailbreak Uses Vulnerability That Apple Said Was Exploited (lien direct) |
The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January.
|
Vulnerability
|
|
|
|
2021-03-02 14:41:10 |
Universal Health Services Takes $67 Million Hit From Cyberattack (lien direct) |
Healthcare services provider Universal Health Services (UHS) last week revealed that a cyberattack it fell victim to in September 2020 had an estimated financial impact of $67 million.
|
|
|
★★★
|
|
2021-03-02 12:53:27 |
Dairy Giant Lactalis Targeted by Hackers (lien direct) |
France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach.
The company said a malicious third party attempted to breach its computer network, but it immediately took action to contain the attack. This included restricting access to public resources.
|
|
|
|
|
2021-03-02 04:40:16 |
Ryuk Ransomware With Worm-Like Capabilities Spotted in the Wild (lien direct) |
In early 2021, security researchers identified a variant of the infamous Ryuk ransomware that is capable of lateral movement within the infected networks.
|
Ransomware
|
|
|
|
2021-03-01 23:49:03 |
AI Panel Urges US to Boost Tech Skills Amid China\'s Rise (lien direct) |
|
|
|
|
|
2021-03-01 21:57:17 |
US Right-Wing Platform Gab Acknowledges it Was Hacked (lien direct) |
The CEO of Gab, a social network favored by the US political right, said the platform had been attacked by "demon hackers" after an activist group released user data described as an important resource for research on the far right.
|
|
|
|
|
2021-03-01 20:43:46 |
Suspected Chinese APT Group Targets Power Plants in India (lien direct) |
Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting a wide range of critical infrastructure targets in India, including power plants, electricity distribution centers and Indian seaports.
|
|
|
|
|
2021-03-01 18:28:53 |
Asian Food Distribution Giant JFC International Hit by Ransomware (lien direct) |
JFC International, a major distributor and wholesaler of Asian food products, last week revealed that it was recently targeted in a ransomware attack that disrupted some of its IT systems.
The attack apparently only impacted JFC International's Europe Group, which said it had notified authorities, employees and business partners about the incident.
|
Ransomware
|
|
|
|
2021-03-01 17:21:00 |
Inside the Ransomware Economy (lien direct) |
The trouble with ransomware is well known at this point.
|
Ransomware
|
|
|
|
2021-03-01 15:27:36 |
Auth0 Names Jameeka Green Aaron as Chief Information Security Officer (lien direct) |
Identity-as-a-Service (IDaaS) company Auth0 announced on Monday that Jameeka Green Aaron has joined the company as Chief Information Security Officer (CISO).
|
|
|
|
|
2021-03-01 14:15:56 |
Boat Building Giant Beneteau Says Cyberattack Disrupted Production (lien direct) |
French boat maker Groupe Beneteau is working on restoring operations after falling victim to a cyber-attack roughly ten days ago.
Founded in 1884, the Vendée, France-based company employs more than 8,000 people in France, the United States, Poland, Italy and China, and focuses on two business lines: boats and leisure homes.
|
|
|
|
|
2021-03-01 13:41:24 |
NSA Publishes Guidance on Adoption of Zero Trust Security (lien direct) |
The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.
|
|
|
★★★
|
|
2021-03-01 13:17:34 |
US Shifts State Grant Focus to Extremism, Cyberthreats (lien direct) |
State and local governments will be required to spend a portion of nearly $1.9 billion in annual federal public safety grants on the fight against domestic extremism and improved cybersecurity, the Department of Homeland Security said Thursday.
|
|
|
|
|
2021-03-01 12:17:14 |
Cybersecurity M&A Round-Up for February 2021 (lien direct) |
|
|
|
|
|
2021-03-01 11:24:11 |
Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall (lien direct) |
A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult.
|
Vulnerability
Threat
|
|
|
|
2021-03-01 02:44:53 |
IT Asset Management Firm Axonius Raises $100 Million (lien direct) |
IT asset management company Axonius has raised $100 million in Series D funding, the company told SecurityWeek Sunday. Led by private equity firm Stripes, the latest funding round brings the total amount raised by the New York based company to $195 million at more than $1 billion valuation.
|
|
|
|
|
2021-02-27 20:05:31 |
Judge Approves $650M Facebook Privacy Lawsuit Settlement (lien direct) |
A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users.
|
|
|
|
|
2021-02-26 21:27:36 |
HYAS Raises $16 Million to Hunt Adversary Infrastructure (lien direct) |
HYAS, a Victoria, Canada-based provider of threat intelligence based on adversary infrastructure, announced this week that it has closed a $16 million Series B round of funding led by S3 Ventures.
|
Threat
|
|
|
|
2021-02-26 19:24:21 |
Meet the Vaccine Appointment Bots, and Their Foes (lien direct) |
Having trouble scoring a COVID-19 vaccine appointment? You're not alone. To cope, some people are turning to bots that scan overwhelmed websites and send alerts on social media when slots open up.
|
|
|
|
|
2021-02-26 18:29:53 |
Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts (lien direct) |
In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered.
|
Hack
Threat
|
|
|
|
2021-02-26 15:40:40 |
Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps (lien direct) |
An analysis of 40 COVID-19 contact tracing applications for Android has led to the discovery of numerous security and privacy issues, according to a new research paper.
Contact tracing applications have been created to help authorities automate the process of identifying those who have been in close contact with infected individuals.
|
|
|
|
|
2021-02-26 13:42:41 |
Microsoft Releases Open Source Resources for Solorigate Threat Hunting (lien direct) |
Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack.
|
Threat
|
Solardwinds
Solardwinds
|
|
|
2021-02-26 11:54:50 |
Unprotected Private Key Allows Remote Hacking of Rockwell Controllers (lien direct) |
Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.
|
Vulnerability
|
|
|
|
2021-02-26 11:44:46 |
TikTok owner ByteDance to pay $92M in US privacy Settlement (lien direct) |
TikTok's Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois privacy law.
|
|
|
|
|
2021-02-26 04:48:42 |
Here\'s How North Korean Hackers Stole Data From Isolated Network Segment (lien direct) |
During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.
|
Threat
|
APT 38
APT 28
|
|
|
2021-02-25 20:19:29 |
The Race to Find Profits in Securing Email (lien direct) |
|
|
|
|
|
2021-02-25 15:30:45 |
Cisco Patches Severe Flaws in Network Management Products, Switches (lien direct) |
Cisco this week released patches for over a dozen vulnerabilities affecting multiple products, including three critical bugs impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.
|
|
|
|
|
2021-02-25 14:37:41 |
Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack (lien direct) |
Ukraine's National Security and Defense Council (NSDC) this week published two press releases describing cyberattacks aimed at the country.
|
|
|
|
|
2021-02-25 13:58:47 |
Securing Today\'s Networks Requires Consolidation and Collaboration (lien direct) |
Security Teams Need the Ability to Launch a Coordinated and Consistent Response to Threats Using a Variety of Tools
|
|
|
|
|
2021-02-25 12:10:40 |
Google Funds Linux Kernel Security Development (lien direct) |
Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform.
|
|
|
|
|
2021-02-25 11:47:07 |
Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability (lien direct) |
Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.
|
Vulnerability
|
|
|
|
2021-02-25 04:28:48 |
Google Discloses Details of Remote Code Execution Vulnerability in Windows (lien direct) |
Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.
|
Vulnerability
|
|
|
|
2021-02-25 01:49:28 |
Washington Senate OKs Measure Creating State Office of Cybersecurity (lien direct) |
In response to a security breach that exposed personal information from around 1.6 million unemployment claims filed last year, the Washington Senate has unanimously passed a measure that creates a state Office of Cybersecurity.
|
|
|
★★★
|
|
2021-02-24 23:06:08 |
PerimeterX Banks $57M for Bot Protection Expansion (lien direct) |
Looking to take advantage of a growing global market for its bot protection technologies, PerimeterX has banked a new $57 million round of venture capital funding.
The San Mateo, Calif,-based company said the new money would drive its push into new geographies and verticals.
|
|
|
|
|
2021-02-24 20:13:51 |
(Déjà vu) GitHub Hires Mike Hanley as Chief Security Officer (lien direct) |
Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).
|
|
|
|
|
2021-02-24 16:11:30 |
Webinar Today: Evaluating Vendor Risk With Security Ratings (lien direct) |
|
|
|
★★★★★
|
|
2021-02-24 15:48:05 |
New \'LazyScripter\' Hacking Group Targets Airlines (lien direct) |
A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association (IATA), cybersecurity firm Malwarebytes reported on Wednesday.
|
Threat
|
|
|
|
2021-02-24 14:27:03 |
Four Additional Threat Groups Seen Targeting Industrial Organizations in 2020 (lien direct) |
A total of 15 threat groups have been observed targeting industrial organizations, according to industrial cybersecurity firm Dragos.
|
Threat
|
|
|
|
2021-02-24 13:44:46 |
Hackers Leak Data Stolen From Jet Maker Bombardier (lien direct) |
Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.
|
Ransomware
|
|
|
|
2021-02-24 12:46:50 |
Vietnamese Hackers Target Human Rights Defenders: Amnesty (lien direct) |
Between February 2018 and November 2020, Vietnam-linked hacking group Ocean Lotus targeted Vietnamese human rights activists in the country and abroad with spyware, a new report from Amnesty International reveals.
|
|
APT 32
|
|
|
2021-02-24 12:25:48 |
Twitter Shuts Down Four Networks of State-Sponsored Disinformation Accounts (lien direct) |
Twitter this week announced that it has suspended multiple accounts that were found to be part of four networks involved in disinformation activities associated with Armenia, Iran, and Russia.
|
|
|
|
|
2021-02-24 12:02:51 |
Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks (lien direct) |
VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges.
|
Vulnerability
|
|
|
|
2021-02-24 03:03:47 |
New Firefox Feature Ups the Ante Against Cookie-Based Tracking (lien direct) |
Mozilla this week announced improved user privacy in Firefox 86, with the introduction of a new feature aimed at preventing the tracking of users from site to site.
|
|
|
|
|
2021-02-24 01:11:22 |
Tech Firms Say There\'s Little Doubt Russia Behind Major Hack (lien direct) |
Leading technology companies said Tuesday that a months-long breach of corporate and government networks was so sophisticated, focused and labor-intensive that a nation had to be behind it, with all the evidence pointing to Russia.
|
Hack
Guideline
|
|
|
|
2021-02-23 18:34:51 |
Enterprises Warned of Growing Risk Posed by Initial Access Brokers (lien direct) |
The services provided by a class of cybercriminals known as initial access brokers are increasingly sought-after and the risk posed to enterprises is growing, according to digital risk protection company Digital Shadows.
|
|
|
|
|
2021-02-23 15:13:43 |
Highly Active \'Gamaredon\' Group Provides Services to Other APTs (lien direct) |
New evidence suggests that the Russia-linked threat actor Gamaredon is a hack-for-hire group that offers its services to other advanced persistent threat (APT) actors, similar to crimeware gangs, according to security researchers with Cisco's Talos division.
|
Threat
|
|
|