What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-21 14:23:27 | Providing Developers Value-Focused Feedback in Security Software Development (lien direct) | I recently wrote an article on attracting and retaining A-Players, and one of the key elements was to ensure that leadership share the mission with developers to create a sense of purpose. | Guideline | ||
|
2021-09-21 14:09:40 | OpenOffice Vulnerability Exposes Users to Code Execution Attacks (lien direct) | A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents. | Vulnerability | ||
|
2021-09-21 12:51:31 | Details of 100M Visitors to Thailand Exposed Online: Research Firm (lien direct) | More than 106 million travellers to Thailand had their personal details exposed online in August, a cybersecurity research company that discovered the data said Monday, but the leak was quickly plugged by authorities. | |||
|
2021-09-21 11:40:32 | Identity Solutions Provider Saviynt Raises $130 Million (lien direct) | Identity and access governance solutions provider Saviynt on Monday announced that it has received a $130 million investment from HPS Investment Partners and PNC Bank. To date, the company has raised $170 million in funding. | |||
|
2021-09-21 11:05:03 | Ransomware Group Demands Millions From U.S. Farmer Cooperative (lien direct) | Cybercriminals are hoping to obtain millions of dollars from a major farmer cooperative in the United States after they breached its systems, encrypted files, and stole vast amounts of data. | |||
|
2021-09-21 03:45:05 | Attacks Targeting OMIGOD Vulnerability Ramping Up (lien direct) | Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month. | Vulnerability | ||
|
2021-09-20 19:06:06 | Apple Ships iOS 15 with MFA Code Generator (lien direct) | Apple on Monday rolled out a major refresh of its flagship iOS mobile platform, adding a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features. | |||
|
2021-09-20 17:40:58 | Cybercriminals Linked to Italian Mafia Arrested by European Police (lien direct) | Spanish and Italian authorities have dismantled an organized crime group allegedly involved in online fraud, money laundering, and other illegal activities. | |||
|
2021-09-20 14:59:45 | EventBuilder Exposed Information of Over 100,000 Event Registrants (lien direct) | Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform. | |||
|
2021-09-20 13:11:59 | Attackers Use Linux Binaries as Loaders for Windows Malware (lien direct) | Using Microsoft's Windows Subsystem for Linux (WSL), attackers have leveraged Linux binaries to load payloads into Windows processes, according to researchers with Black Lotus Labs, the threat intelligence unit of tech company Lumen. | Malware Threat | ||
|
2021-09-20 12:32:40 | Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers (lien direct) | The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers. | |||
|
2021-09-20 11:49:17 | Ongoing Phishing Campaign Targets APAC, EMEA Governments (lien direct) | Government departments in at least 7 countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions have been targeted in a phishing campaign that has been ongoing since spring 2020. | |||
|
2021-09-20 11:14:52 | Indonesia Says No Evidence of Alleged Chinese Intel Hack (lien direct) | Indonesian authorities have found no evidence that the country's main intelligence service's computers were compromised, after a U.S.-based private cybersecurity company alerted them of a suspected breach of its internal networks by a Chinese hacking group, an official said. | Hack | ||
|
2021-09-20 10:26:33 | Nigerian Threat Actor Targeting Aviation Industry Since 2018 (lien direct) | A threat actor likely operating out of Nigeria has been engaged in various malicious campaigns for the past five years and it has mainly targeted the aviation industry for the last two, Cisco's Talos security researchers reveal. | Threat | ||
|
2021-09-17 16:39:33 | Credit Union\'s Legal Battle With Tech Giant Fiserv Rumbles On (lien direct) | Local credit union, Bessemer System Federal Credit Union (BSFCU), sued Fortune 500 tech giant Fiserv over 'amateurish security lapses' in 2019. Fiserv counterclaimed with a motion to dismiss, and Bessemer motioned to dismiss the counterclaim. | |||
|
2021-09-17 15:01:26 | AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data (lien direct) | Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system. | Vulnerability | ||
|
2021-09-17 13:38:08 | Operator of \'DownThem\' DDoS Attack Service Convicted (lien direct) | An Illinois man who operated an infamous online service allowing users to launch distributed denial-of-service (DDoS) attacks on selected targets was found guilty of three felonies. | |||
|
2021-09-17 13:21:34 | Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S. (lien direct) | Muhammad Fahd, a 35-year-old Pakistani national, has been sentenced to 12 years of prison in the United States for his role in a scheme that involved illegally unlocking AT&T phones and hacking into the telecoms giant's systems. | |||
|
2021-09-17 12:53:32 | Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance (lien direct) | Microsoft on Thursday published additional guidance on addressing recently disclosed vulnerabilities in the Open Management Infrastructure (OMI) framework, along with new protections to resolve the bugs within affected Azure Virtual Machine (VM) management extensions. | |||
|
2021-09-17 12:19:38 | German Election Authority Confirms Likely Cyber Attack (lien direct) | Suspected hackers last month briefly disrupted the website of the authority running Germany's September 26 general election, a spokesman for the body told AFP Wednesday. | |||
|
2021-09-17 11:29:06 | U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have sounded the alarm over in-the-wild attacks targeting a recently disclosed vulnerability in Zoho's ManageEngine ADSelfService Plus product. | Vulnerability | ||
|
2021-09-17 11:23:42 | Court Rejects Lawsuit Against NSA on "State Secrets" Grounds (lien direct) | A divided federal appeals court has upheld the dismissal of an ACLU lawsuit challenging a portion of the National Security Agency's warrantless surveillance of Americans' international email and phone communications. | ★★★★★ | ||
|
2021-09-17 10:27:29 | Cybersecurity M&A Roundup for September 1-15, 2021 (lien direct) | 
|
|||
|
2021-09-16 20:14:21 | Endpoint Security Platform Kolide Banks $17 Million Investment (lien direct) | Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date. | |||
|
2021-09-16 20:09:11 | Google Helps OSTIF Boost Security of Open Source Projects (lien direct) | Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects. | |||
|
2021-09-16 18:34:17 | Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021 (lien direct) | Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021. | |||
|
2021-09-16 14:16:20 | UN Urges Moratorium on AI Tech That Threatens Rights (lien direct) | 
|
|||
|
2021-09-16 13:41:14 | Researchers Create Toolkit for Hardware Security Tests on Apple\'s Mobile Processors (lien direct) | A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple's mobile processors and used the findings to devise a cache timing attack. | |||
|
2021-09-16 13:01:07 | (Déjà vu) How Threat Response is Evolving (lien direct) | As adversaries changed their view of an attack to include vectors across an organization, defenders have had to evolve their approach as well. This is best captured by Mark Harris from Gartner who observed that adversaries have shifted their focus of attacks from infecting files to infecting systems and now to infecting the entire enterprise. Previously, I talked about how this has impacted our approach to threat detection. | Threat | ||
|
2021-09-16 12:05:57 | Several Access Bypass, CSRF Vulnerabilities Patched in Drupal (lien direct) | Drupal developers on Wednesday informed users that updates released for Drupal 8.9, 9.1 and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass. | |||
|
2021-09-16 11:45:31 | Mass Personal Data Theft From Paris Covid Tests: Hospitals (lien direct) | Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday. | |||
|
2021-09-16 11:13:01 | Neosec Emerges From Stealth With $20.7 Million in Funding (lien direct) | Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round. | |||
|
2021-09-16 10:51:24 | Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations (lien direct) | Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators. | Ransomware Vulnerability Threat | ||
|
2021-09-15 15:01:52 | Regular Users Can Now Remove Password From Their Microsoft Account (lien direct) | Microsoft on Wednesday informed owners of consumer accounts that they can now go completely passwordless and rely on other, more secure authentication methods. | |||
|
2021-09-15 14:09:56 | Cloud Backup Company Rewind Raises $65 Million (lien direct) | Cloud backup company Rewind has announced raising $65 million in a Series B funding round, which brings the total amount invested in the firm to more than $80 million. | |||
|
2021-09-15 13:16:58 | Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks (lien direct) | Four of the fixes that Microsoft released as part of its September 2021 Patch Tuesday updates deal with vulnerabilities in the Open Management Infrastructure (OMI) software agent embedded in Azure services. | |||
|
2021-09-15 12:58:05 | 3 Former US Officials Charged in UAE Hacking Scheme (lien direct) | Three former U.S. intelligence and military officials have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Department described Tuesday as the first of its kind. | |||
|
2021-09-15 12:02:49 | SAP Patches Critical Vulnerabilities With September 2021 Security Updates (lien direct) | German software maker SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products. | |||
|
2021-09-15 11:37:33 | (Déjà vu) ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities (lien direct) | Siemens and Schneider Electric on Tuesday published a total of 25 advisories to address more than 40 vulnerabilities affecting their industrial control system (ICS) products. Siemens | |||
|
2021-09-15 11:00:17 | Zoom Introduces End-to-End Encrypted Phone Calls (lien direct) | Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone. | |||
|
2021-09-15 10:53:19 | The Ongoing Reciprocal Relationship Between APTs and Cybercriminals (lien direct) | The two main villains of the cyber security world are the nation state-backed Advance Persistent Threats (APTs) and cybercriminals, with their comprehensive infrastructure and circles known as the dark web. Both threat actors are independent, each with its own goals, actors and methods. However, over the years there has been quite a lot of cross-pollination between the two. | Threat | ||
|
2021-09-15 08:43:45 | Cobalt Strike Beacon Reimplementation \'Vermilion Strike\' Targets Windows, Linux (lien direct) | Security researchers with Intezer have identified a reimplementation of the infamous Cobalt Strike Beacon payload, which features completely new code. | |||
|
2021-09-14 19:33:24 | General Promises US \'Surge\' Against Foreign Cyberattacks (lien direct) | The general who leads U.S. efforts to thwart foreign-based cyberattacks, and punish those responsible, says he's mounting a “surge” to fight incursions that have debilitated government agencies and companies responsible for critical infrastructure. | Guideline | ||
|
2021-09-14 18:32:41 | Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole (lien direct) | Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine. | |||
|
2021-09-14 18:28:31 | Apple Security Flaw: How do \'Zero-Click\' Attacks Work? (lien direct) | Apple has spent the past week rushing to develop a fix for a major security flaw which allows spyware to be downloaded on an iPhone or iPad without the owner even clicking a button. But how do such "zero-click" attacks work, and can they be stopped? | |||
|
2021-09-14 15:39:12 | Now LIVE: SecurityWeek\'s 2021 CISO Forum, Presented by Cisco (Virtual Event) (lien direct) | 
|
|||
|
2021-09-14 15:32:33 | The Implications of China\'s New Personal Information Protection Law (lien direct) | The cornerstone of Chinese national and international policy is a fundamental principle: China First. So, while its new data privacy law, the Personal Information Protection Law (PIPL), will provide solid protection for its people's personal information nationally, internationally the law can be used as a weapon. | |||
|
2021-09-14 15:01:27 | CISA Appoints Kiersten Todt as New Chief of Staff (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday announced that it has appointed Kiersten Todt as its new chief of staff. | |||
|
2021-09-14 14:07:11 | Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System (lien direct) | Switzerland's national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (roughly $271,000) for critical vulnerabilities identified in a future digital voting system. | |||
|
2021-09-14 13:34:50 | Nearly Half of On-Premises Databases Vulnerable to Attacks: Study (lien direct) | A five-year study conducted by cybersecurity firm Imperva showed that nearly half of on-premises databases globally have at least one vulnerability that could expose them to attacks. | Vulnerability |
To see everything:
Our RSS (filtrered)
