Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-07-28 14:45:17 |
Cyber Asset Management Platform Noetic Launches With $20 Million in Funding (lien direct) |
Cyber asset management and controls platform Noetic Cyber emerged from stealth mode today and also announced that it has raised $20 million in Series A funding.
|
|
|
|
|
2021-07-28 14:10:44 |
Hospital Network Reveals Cause of 2020 Cyberattack (lien direct) |
A cyberattack that crippled the computer systems of a hospital network affecting six hospitals in Vermont and New York last fall happened after an employee opened a personal email on a company laptop while on vacation, a University of Vermont Health Network official said Tuesday.
|
|
|
|
|
2021-07-28 13:59:00 |
Leveraging People in the Email Security Battle (lien direct) |
A combination of humans and technology is needed to truly move the needle on email security
|
|
|
|
|
2021-07-28 13:25:30 |
Survey Shows Reasons for Cloud Misconfigurations are Many and Complex (lien direct) |
Using 'policy as code' helps the security team to be a cloud highway builder rather than a cloud toll booth operator
|
|
|
|
|
2021-07-28 12:31:39 |
University of San Diego Health Says Personal Information Stolen in Data Breach (lien direct) |
University of San Diego Health this week revealed that personal information was accessed in a data breach involving unauthorized access to some employee email accounts.
|
Data Breach
|
|
|
|
2021-07-28 11:37:28 |
Iranian Spies Maintained Social Media Persona for Years Before Targeting Defense Contractor (lien direct) |
An Iranian state-sponsored threat actor tracked as TA456 maintained a social media account for several years before engaging with their intended victim, cybersecurity firm Proofpoint reports.
|
Threat
|
|
|
|
2021-07-28 11:13:44 |
IBM: Average Cost of Data Breach Exceeds $4.2 Million (lien direct) |
A global study commissioned by IBM Security shows that the average cost of a data breach exceeded $4.2 million during the coronavirus pandemic, which the company pointed out is the highest in the 17-year history of its “Cost of a Data Breach” report.
|
Data Breach
|
|
|
|
2021-07-28 10:28:32 |
In 1st Visit to Intel Agency, Biden Warns of Cyber Conflict (lien direct) |
President Joe Biden used his first visit with rank-and-file members of the U.S. intelligence community - a part of government that was frequently criticized by his predecessor Donald Trump - to make a promise that he will “never politicize” their work.
|
|
|
|
|
2021-07-28 09:35:28 |
Cyber Insurance Firm At-Bay Raises $185 Million at $1.35 Billion Valuation (lien direct) |
Cyber insurance firm At-Bay on Tuesday announced raising $185 million in a Series D funding round at a post-money valuation of $1.35 billion, which gives the company “unicorn” status.
|
|
|
|
|
2021-07-27 18:47:20 |
CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products (lien direct) |
Industrial automation software provider CODESYS this month informed customers about a dozen vulnerabilities affecting various products. More than half of these flaws were discovered by Cisco Talos and their details were disclosed on Monday.
|
|
|
|
|
2021-07-27 16:06:33 |
Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years (lien direct) |
Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years.
|
Vulnerability
|
|
|
|
2021-07-27 15:09:19 |
Vulnerabilities Allow Hacking of Zimbra Webmail Servers With Single Email (lien direct) |
Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals.
|
|
|
|
|
2021-07-27 13:53:21 |
1Password Raises $100 Million at $2 Billion Valuation (lien direct) |
Password management solutions provider 1Password today announced receiving a $100 million investment that increases its valuation to $2 billion. Previously, the company raised $200 million in a Series A funding round.
|
|
|
|
|
2021-07-27 13:02:48 |
Critical Vulnerability Found in Sunhillo Aerial Surveillance Product (lien direct) |
An unauthenticated OS command injection vulnerability in the Sunhillo SureLine application could allow an attacker to execute arbitrary commands with root privileges, according to security researchers with the NCC Group.
|
Vulnerability
|
|
|
|
2021-07-27 12:32:38 |
Kaseya Denies Paying Cybercriminals Who Launched Ransomware Attack (lien direct) |
IT management software firm Kaseya on Monday said it did not pay any money to cybercriminals, following speculation that it may have paid a ransom to obtain a decryptor that would allow customers hit by the recent ransomware attack to recover their files.
|
Ransomware
|
|
|
|
2021-07-27 12:09:31 |
Vulnerability in Popular Survey Tool Exploited in Possible Chinese Attacks on U.S. (lien direct) |
A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States.
|
Threat
Tool
Vulnerability
|
|
|
|
2021-07-27 11:32:21 |
S.Africa\'s Port Terminals Still Disrupted Days After Cyber-Attack (lien direct) |
South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals.
The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said.
|
|
|
|
|
2021-07-27 11:30:00 |
Why Are Users Ignoring Multi-Factor Authentication? (lien direct) |
|
|
|
|
|
2021-07-27 10:29:15 |
Creating an Effective Threat Hunting Program with Limited Resources (lien direct) |
Developing various data sets for threat hunting engagements will further mature your program and help uncover the unknown
|
Threat
|
|
|
|
2021-07-27 01:03:29 |
Judge: Ex-CIA Worker Can Represent Himself in Espionage Case (lien direct) |
A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday.
|
|
|
|
|
2021-07-26 19:36:42 |
Apple Patches \'Actively Exploited\' Mac, iOS Security Flaw (lien direct) |
Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices.
|
Malware
|
|
|
|
2021-07-26 16:19:56 |
Firefox 90 Drops Support for FTP Protocol (lien direct) |
Mozilla has completely removed support for the File Transfer Protocol (FTP) from the latest release of its flagship Firefox web browser.
|
|
|
|
|
2021-07-26 14:50:28 |
No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion (lien direct) |
No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion.
|
Ransomware
|
|
|
|
2021-07-26 14:00:16 |
Amnesty Urges Moratorium on Surveillance Technology in Pegasus Scandal (lien direct) |
Allegations that governments used phone malware supplied by an Israeli firm to spy on journalists, activists and heads of state have "exposed a global human rights crisis," Amnesty International said, asking for a moratorium on the sale and use of surveillance technology.
|
Malware
|
|
|
|
2021-07-26 13:36:36 |
What We Learn from MITRE\'s Most Dangerous Software Weaknesses List (lien direct) |
A look into MITRE's 2021 CWE Top 25 Most Dangerous Software Weaknesses
|
|
|
|
|
2021-07-26 12:26:33 |
Leading Threat to Industrial Security is Not What You Think (lien direct) |
As attackers become more sophisticated, so do their attacks. This in turn exposes threat vectors that once were thought to be well protected, or at least not interesting enough to attack. Nowhere is this truer than in industrial control systems (ICS) environments.
|
Threat
|
|
|
|
2021-07-26 12:23:41 |
GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies (lien direct) |
GitLab last week announced the release of a new open source tool designed to help software developers identify malicious code in their projects' dependencies.
|
Tool
|
|
|
|
2021-07-26 11:14:05 |
Enterprises Warned of New PetitPotam Attack Exposing Windows Domains (lien direct) |
Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain.
|
|
|
|
|
2021-07-23 16:00:21 |
Threat Actors Target Kubernetes Clusters via Argo Workflows (lien direct) |
Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer.
|
|
Uber
|
|
|
2021-07-23 15:03:10 |
House Passes Several Critical Infrastructure Cybersecurity Bills (lien direct) |
The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.
|
|
|
|
|
2021-07-23 14:03:56 |
TikTok fined €750,000 for Violating Children\'s Privacy (lien direct) |
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data.
|
|
|
|
|
2021-07-23 14:00:17 |
Dutch Police Arrest Alleged Member of \'Fraud Family\' Cybercrime Gang (lien direct) |
Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.”
|
|
|
|
|
2021-07-23 13:02:21 |
Cyber Risk Management Firm Safe Security Raises $33 Million (lien direct) |
Cyber risk measurement and mitigation platform provider Safe Security this week announced that it has received a $33 million strategic investment led by BT Group.
The funds, Safe Security says, will be used to double the size of its engineering team, as well as to increase the company's spending on research and development.
|
|
|
|
|
2021-07-23 11:51:07 |
Industrial Cybersecurity Firm SynSaber Launches With $2.5M in Seed Funding (lien direct) |
SynSaber, a new industrial cybersecurity company, announced its launch this week with $2.5 million in seed funding from SYN Ventures, Rally Ventures and Cyber Mentor Fund.
|
|
|
|
|
2021-07-23 11:02:17 |
Estonian Botnet Operator Pleads Guilty in U.S. Court (lien direct) |
An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet.
|
Guideline
|
|
|
|
2021-07-23 08:49:16 |
Kaseya Obtains Universal Decryptor for Ransomware Attack Victims (lien direct) |
IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files.
|
Ransomware
|
|
|
|
2021-07-22 19:36:35 |
Akamai Software Update Triggers Internet Outages (lien direct) |
Websites were briefly knocked offline Thursday after a software update triggered a glitch at network specialty firm Akamai.
Reports of internet outages from locations around the world spiked at website Downdetector, with US-based Akamai saying some websites were offline for as long as an hour.
|
|
|
|
|
2021-07-22 18:49:31 |
Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million (lien direct) |
European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing.
|
Vulnerability
|
|
|
|
2021-07-22 15:03:10 |
Atlassian Patches Critical Vulnerability in Jira Data Center Products (lien direct) |
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products.
|
Vulnerability
|
|
|
|
2021-07-22 14:15:29 |
Google Cloud Unveils New SOC, IDS Solutions (lien direct) |
Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers (SOCs) and Cloud Intrusion Detection System (IDS) for network-based threat detection.
|
Threat
|
|
|
|
2021-07-22 12:54:44 |
China-Linked APT31 Abuses Hacked Routers in Attacks, France Warns (lien direct) |
The French National Agency for the Security of Information Systems (ANSSI) on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks.
|
Threat
|
APT 31
|
|
|
2021-07-22 11:52:38 |
CISA Details Malware Used in Attacks Targeting Pulse Secure Devices (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.
|
Malware
|
|
|
|
2021-07-22 11:30:00 |
Is Your SecOps Solution Keeping Up? (lien direct) |
The goal of any SecOps system is to collect, correlate, and assess data gathered from every corner of the network to detect and investigate anomalous behavior and then respond promptly to thwart an attack before its damage is done. And when networks were primarily contained within a clearly defined and static perimeter, this was not just an aspirational goal. It was well within the ability of virtually any SecOps team.
|
|
|
|
|
2021-07-22 11:23:21 |
Dell Patches Critical Vulnerabilities in OpenManage Enterprise (lien direct) |
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities.
A systems management and monitoring application, Dell OpenManage Enterprise provides administrators with a comprehensive view of Dell EMC servers, network switches, and storage in their environment.
|
|
|
★★★★★
|
|
2021-07-22 11:01:02 |
UK Man Arrested in Spain, Charged in US With Twitter Hack (lien direct) |
A British man has been charged in the United States in connection with a Twitter hack last summer that compromised the accounts of prominent politicians, celebrities and technology moguls, the Justice Department said Wednesday.
|
Hack
|
|
★★★
|
|
2021-07-22 02:00:06 |
Biden to Meet Next Month With Private Sector on Cyber Issues (lien direct) |
President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday.
|
|
|
|
|
2021-07-21 19:55:00 |
Google Cloud Introduces New Zero Trust Offerings for Government (lien direct) |
Google Cloud this week announced a new set of services aimed at help federal, state, and local government organizations in the United States to implement Zero Trust architecture.
|
|
|
|
|
2021-07-21 19:43:20 |
Saudi Aramco Facing $50M Cyber Extortion Over Leaked Data (lien direct) |
Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company - files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand - likely came from one of its contractors.
|
|
|
|
|
2021-07-21 17:31:25 |
Ransomware Attack on UK Rail System - Spray and Pray or Targeted? (lien direct) |
Northern Rail, one of the UK's local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack last week.
|
Ransomware
|
|
|
|
2021-07-21 17:01:51 |
Microsoft Acquires Cloud Security Start-up CloudKnox (lien direct) |
After years of mostly sitting on the sidelines, Microsoft is starting to be aggressive with cybersecurity acquisitions.
The world's largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help companies manage and secure access to cloud accounts and data.
|
|
|
|