Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-12-16 16:59:13 |
Corellium Lands $25 Million Investment for Virtualization Tech (lien direct) |
Fresh off a high-profile legal triumph over Apple, virtualization technology startup Corellium is now enjoying the attention of investors with Paladin Capital Group leading a $25 million funding round.
|
Guideline
|
|
|
|
2021-12-16 16:18:47 |
Thousands of Industrial Systems Targeted With New \'PseudoManuscrypt\' Spyware (lien direct) |
Tens of thousands of devices around the world, including many industrial control systems (ICS) and government computers, have been targeted in what appears to be an espionage campaign that involves a new piece of malware dubbed PseudoManuscrypt, Kaspersky revealed on Thursday.
|
Malware
|
|
|
|
2021-12-16 15:13:42 |
Upskilling Cyber Defenders Requires a Readiness Environment (lien direct) |
The cybersecurity threat landscape never stands still. New threats and threat actors appear all the time. They are highly trained, well-funded, and leverage the newest tools to pursue some form of cybercrime - extortion, terrorism, data theft, the list goes on.
|
Threat
|
|
★★★★
|
|
2021-12-16 15:03:18 |
Iran-Linked APT Abuses Slack in Attacks on Asian Airline (lien direct) |
The Iran-linked advanced persistent threat (APT) actor MuddyWater was observed deploying a backdoor that abuses Slack on the network of an Asian airline, IBM Security X-Force reports.
|
Threat
|
|
★★★★★
|
|
2021-12-16 14:41:29 |
SecurityWeek Announces Virtual Cybersecurity Event Schedule for 2022 (lien direct) |
SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, today announced its official lineup of virtual cybersecurity events for 2022.
|
Guideline
|
|
|
|
2021-12-16 13:31:05 |
CISA Calls for Improved Critical Infrastructure Security (lien direct) |
The United States Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday called on critical infrastructure owners and operators to improve their security stance against malicious cyberattacks.
|
|
|
|
|
2021-12-16 13:08:18 |
North American Propane Distributor \'Superior Plus\' Discloses Ransomware Attack (lien direct) |
North American propane distributor Superior Plus this week announced that it had to shut down certain computer systems after falling victim to a ransomware attack.
The company says it discovered the breach on Sunday, December 12, and that, as a response, it took steps to mitigate impact on corporate data and operations.
|
Ransomware
|
|
|
|
2021-12-16 12:10:50 |
Threat Groups Reportedly Working on Log4Shell Worm (lien direct) |
Experts Comment on Concerns Related to Log4Shell Worm
|
|
|
|
|
2021-12-16 11:39:58 |
Iran-Linked Hackers Attack Israeli Targets: Company (lien direct) |
An Iran-linked hacking group attacked seven Israeli targets over a 24-hour period this week, an Israeli cybersecurity firm said, in the latest episode of cyberwarfare between the rival states.
|
|
|
|
|
2021-12-16 11:12:40 |
Noname Security Raises $135 Million at \'Unicorn\' Valuation (lien direct) |
API security platform Noname Security on Wednesday announced that it has become a cybersecurity unicorn after closing a $135 million Series C funding round.
|
|
|
|
|
2021-12-15 21:31:01 |
Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw (lien direct) |
If defenders needed any more urgency to patch and mitigate the explosive Log4j zero-day, along comes word that APT actors linked to China, Iran, North Korea and Turkey have already pounced and are actively exploiting the CVSS 10.0 vulnerability.
|
|
|
|
|
2021-12-15 20:57:52 |
Investors Bet Big on Cloud Security Startups Ermetic, Dazz (lien direct) |
Venture capital investors are continuing to bet big on cloud security technologies with two early-stage startups announcing a combined $130 million in funding for products to help businesses secure cloud deployments.
|
|
|
|
|
2021-12-15 20:33:05 |
US, Australia Agree to Share Phone, Text Records in Criminal Probes (lien direct) |
The United States and Australia signed an agreement Wednesday to ease access by their justice departments to digital phone and email records needed in criminal investigations.
|
|
|
|
|
2021-12-15 18:50:30 |
API Security Firm Cequence Raises $60 Million (lien direct) |
The rapid adoption of APIs to facilitate both digital transformation and the pandemic-related growth in online commerce has caused a rush to market. But as with all code produced and released in haste, there are frequent problems. Cyberattacks against APIs have become a growth area for cybercriminals.
|
|
|
|
|
2021-12-15 14:51:31 |
U.S. Government Launches \'Hack DHS\' Bug Bounty Program (lien direct) |
The United States Department of Homeland Security (DHS) this week announced the launch of a bug bounty program focused on identifying vulnerabilities in its systems.
|
|
|
|
|
2021-12-15 14:26:00 |
Industry Reactions to Log4Shell Vulnerability (lien direct) |
The widely used Log4j logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including profit-driven cybercriminals and state-sponsored groups.
|
Tool
Vulnerability
|
|
|
|
2021-12-15 14:04:56 |
Facebook Will Reward Researchers for Reporting Scraping Bugs (lien direct) |
Facebook Paid Out $2.3 Million in Bug Bounties in 2021
Social media giant Facebook today announced that it is expanding its bug bounty and data bounty programs to reward security researchers for reporting scraping vulnerabilities and databases.
|
|
|
|
|
2021-12-15 14:00:20 |
Railway Cybersecurity Firm Cylus Raises $30 Million (lien direct) |
Tel Aviv, Israel-based railway cybersecurity firm Cylus has raised $30 million in a Series B funding round led by U.S. firm Ibex Investors and joined by Vertex Growth Fund, Strides International Business, Magma Venture Partners, Vertex Ventures Israel, Zohar Zisapel, and Glenrock Israel.
|
|
|
|
|
2021-12-15 12:58:51 |
SAP Patches Log4Shell Vulnerability in 20 Applications (lien direct) |
German software maker SAP is scrambling to patch the Log4Shell vulnerability in its applications and has rolled out fixes for tens of other severe flaws in its products.
|
Vulnerability
|
|
|
|
2021-12-15 12:42:48 |
Recent Ransomware Trends Reinforce the Need for Cyber Hygiene, Collaboration (lien direct) |
It's no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ones we hear about. For every attack that makes the headlines, there are many more that don't.
|
Ransomware
|
|
|
|
2021-12-15 12:33:33 |
Sysdig Raises $350 Million at $2.5 Billion Valuation (lien direct) |
Container and cloud security company Sysdig on Wednesday announced raising $350 million in a Series G funding round, at a valuation of $2.5 billion.
|
|
|
|
|
2021-12-15 11:49:57 |
Log4Shell Tools and Resources for Defenders (lien direct) |
Type:
Story
Image:
Link:
Log4Shell Tools and Resources for Defenders - Continuously Updated
Log4Shell Tools and Resources for Defenders - Continuously Updated
|
|
|
|
|
2021-12-15 11:47:36 |
Problematic Log4j Functionality Disabled as More Security Issues Come to Light (lien direct) |
Developers of the widely used Apache Log4j Java-based logging tool have disabled problematic functionality as more security issues have come to light.
|
Tool
|
|
|
|
2021-12-15 09:40:31 |
Web Browsing Security Firm Guardio Raises $47 Million (lien direct) |
Web browsing protection tool Guardio on Tuesday announced that it came out of bootstrap mode with $47 million in funding.
Guardio's first ever investment round was led by Tiger Global. Cerca Partners, Emerge, Samsung Next, Union, and Vintage also participated.
|
Tool
|
|
|
|
2021-12-15 04:54:29 |
HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack (lien direct) |
HR management platform Ultimate Kronos Group (UKG) on Monday started notifying customers that it fell victim to a ransomware attack that took down multiple applications over the weekend.
|
Ransomware
|
|
|
|
2021-12-15 03:11:17 |
EXPLAINER: The Security Flaw That\'s Freaked Out the Internet (lien direct) |
Security pros say it's one of the worst computer vulnerabilities they've ever seen.
|
|
|
|
|
2021-12-15 02:13:24 |
Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (lien direct) |
Chinese and Iranian state actors are exploiting the recently disclosed “Log4Shell” vulnerability that has sparked chaos across the tech world, cybersecurity firm Mandiant warned late Tuesday.
|
Vulnerability
|
|
|
|
2021-12-14 21:30:34 |
Dan Kaminsky Inducted into Internet Hall of Fame (lien direct) |
Famed hacker Dan Kaminsky has been inducted in the Internet Society's Hall of Fame for his groundbreaking contributions to DNS (domain name system) security.
|
|
|
|
|
2021-12-14 19:17:57 |
Microsoft Patches 67 Security Flaws, Including Zero-Day Exploited by Emotet (lien direct) |
Microsoft's security response engine revved into overdrive this month with the release of patches for 67 documented Windows software vulnerabilities, including a zero-day bug that's already been exploited by one of the most professional and long lasting cybercrime gangs.
|
|
|
|
|
2021-12-14 18:32:27 |
Adobe Joins Security Patch Tuesday Frenzy (lien direct) |
Software maker Adobe has issued critical warnings for security vulnerabilities in multiple products running on Windows and macOS machines.
|
|
|
|
|
2021-12-14 16:00:24 |
Apple Patches Vulnerabilities That Earned Hackers $500,000 at Chinese Contest (lien direct) |
The iOS and macOS security updates released on Monday by Apple patch vulnerabilities that earned researchers more than $500,000 at a Chinese hacking contest earlier this year.
|
|
|
|
|
2021-12-14 14:11:35 |
Log4Shell Tools and Resources for Defenders - Continuously Updated (lien direct) |
The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.
|
Tool
Vulnerability
|
|
|
|
2021-12-14 13:30:39 |
Iranian APT Targets Middle East Telecoms Operators in Espionage Campaign (lien direct) |
A cyberespionage campaign targeting telecoms operators, IT services organizations, and a utility company in the Middle East and other parts of Asia has been linked to the Iran-nexus advanced persistent threat (APT) actor tracked as MuddyWater, Symantec reports.
|
Threat
|
|
|
|
2021-12-14 13:00:40 |
Officials: Virginia IT Agency Hit With Ransomware Attack (lien direct) |
The information technology agency that serves Virginia's legislature has been hit by a ransomware attack that has substantially affected its operations, state officials said Monday.
|
Ransomware
|
|
|
|
2021-12-14 12:16:40 |
Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (lien direct) |
Several types of malware are being delivered in attacks exploiting the recently disclosed Log4j vulnerability named Log4Shell and LogJam.
|
Malware
Vulnerability
|
|
|
|
2021-12-14 11:57:17 |
Chrome 96 Update Patches Exploited Zero-Day Vulnerability (lien direct) |
Google on Monday announced a Chrome 96 update that patches five vulnerabilities, including a zero-day that has been exploited in attacks.
The most severe of these vulnerabilities can be exploited to execute arbitrary code in the context of the browser.
|
Vulnerability
|
|
|
|
2021-12-14 11:20:49 |
Connect: The Fourth Pillar of Industrial Cybersecurity (lien direct) |
Recent attacks on U.S. critical infrastructure and actions by the U.S. government, including the July 28, 2021 National Security Memorandum, have added urgency to the need to modernize industrial control systems' cybersecurity capabilities.
|
|
|
|
|
2021-12-14 11:07:53 |
Cybersecurity is Under Assault, And It\'s Growing Worse (lien direct) |
You don't have to look very far for evidence of just how widespread cybercrime has become. Unfortunately, many of us don't even have to look beyond our own inboxes. And sadly, the situation is getting worse. It is now bad enough that in April, the U.S. proposed a bipartisan lawmaker group form a “Civilian Cybersecurity Reserve,” to create a surge capacity of cyber expertise, patterned after the National Guard, that would respond to incidents affecting government networks.
|
|
|
|
|
2021-12-14 09:34:08 |
Industrial Organizations Targeted in Log4Shell Attacks (lien direct) |
Industrial organizations are exposed to attacks leveraging a recently disclosed - and already exploited - vulnerability affecting the widely used Log4j logging utility.
|
Vulnerability
|
|
|
|
2021-12-13 20:08:46 |
Apple Patches 42 Security Flaws in Latest iOS Refresh (lien direct) |
Apple has released a major point-update to its flagship iOS mobile operating system, beefing up app privacy protections and patching at least 42 security defects that expose users to malicious hacker attacks.
|
Patching
|
|
|
|
2021-12-13 16:08:01 |
Ransomware Affiliate Arrested in Romania (lien direct) |
Europol and the Romanian National Police on Monday announced the arrest of an individual allegedly involved in a ransomware operation targeting multiple high-profile organizations.
The suspect, a 41-year-old from Craiova, Romania, was arrested in the early hours of the morning at his house.
|
Ransomware
|
|
|
|
2021-12-13 14:48:10 |
Logistics Firm Hellmann Scrambling to Recover From Cyberattack (lien direct) |
International logistics company Hellmann Worldwide Logistics is scrambling to restore operations after a cyberattack forced it to isolate its central data center from the rest of its environment.
|
|
|
|
|
2021-12-13 13:45:28 |
(Déjà vu) Cybersecurity M&A Roundup for December 1-12, 2021 (lien direct) |
Eighteen cybersecurity-related acquisitions were announced December 1-12, 2021.
|
|
|
|
|
2021-12-13 13:40:52 |
Germany Jails Operators of \'Cyberbunker\' Darknet Hub (lien direct) |
Eight people were handed jail sentences in Germany on Monday for operating a web-hosting service in a former NATO bunker that enabled illegal trade in drugs, stolen data and child pornography.
|
|
|
|
|
2021-12-13 12:31:08 |
CISA Expands \'Must-Patch\' List With Log4j, FortiOS, Other Vulnerabilities (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 13 new vulnerabilities to its list of security errors known to be exploited, including Apache Log4j and Fortinet FortiOS bugs that were disclosed last week.
|
|
|
|
|
2021-12-13 11:31:45 |
Companies Respond to Log4Shell Vulnerability as Attacks Rise (lien direct) |
Government organizations and the private sector are responding to the disclosure of a critical vulnerability affecting the widely used Log4j logging utility, as exploitation attempts are on the rise.
|
Vulnerability
|
|
★★
|
|
2021-12-13 11:00:58 |
Mirai-Based \'Manga\' Botnet Targets Recent TP-Link Vulnerability (lien direct) |
A newly discovered variant of the Mirai-based Manga botnet is targeting a vulnerability in TP-Link routers that was addressed last month.
|
Vulnerability
|
|
|
|
2021-12-13 09:38:50 |
Indian PM\'s Twitter Hacked Again by Crypto Scammers (lien direct) |
Indian Prime Minister Narendra Modi's Twitter account was hacked Sunday with a message declaring his country had adopted bitcoin as legal tender and was distributing the cryptocurrency to citizens.
Modi is a prolific tweeter and is the world's most popular incumbent politician on the platform, with more than 73 million followers on his main account.
|
|
|
|
|
2021-12-10 17:10:37 |
Hackers Steal Research Data From Sweden\'s Volvo Cars (lien direct) |
Swedish manufacturer Volvo Cars said Friday that hackers had stolen research and development data from its systems in a cyberattack.
The company, owned by China's Geely, "has become aware that one of its file repositories has been illegally accessed by a third party," it said.
|
|
|
|
|
2021-12-10 16:53:07 |
Exploits Swirling for Major Security Defect in Apache Log4j (lien direct) |
Enterprise security response teams are bracing for a hectic weekend as public exploits -- and in-the-wild attacks -- circulate for a gaping code execution hole in the widely used Apache Log4j utility.
|
|
|
|