Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-23 11:51:07 |
Industrial Cybersecurity Firm SynSaber Launches With $2.5M in Seed Funding (lien direct) |
SynSaber, a new industrial cybersecurity company, announced its launch this week with $2.5 million in seed funding from SYN Ventures, Rally Ventures and Cyber Mentor Fund.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-23 11:02:17 |
Estonian Botnet Operator Pleads Guilty in U.S. Court (lien direct) |
An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-23 08:49:16 |
Kaseya Obtains Universal Decryptor for Ransomware Attack Victims (lien direct) |
IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 19:36:35 |
Akamai Software Update Triggers Internet Outages (lien direct) |
Websites were briefly knocked offline Thursday after a software update triggered a glitch at network specialty firm Akamai.
Reports of internet outages from locations around the world spiked at website Downdetector, with US-based Akamai saying some websites were offline for as long as an hour.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 18:49:31 |
Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million (lien direct) |
European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 15:03:10 |
Atlassian Patches Critical Vulnerability in Jira Data Center Products (lien direct) |
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 14:15:29 |
Google Cloud Unveils New SOC, IDS Solutions (lien direct) |
Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers (SOCs) and Cloud Intrusion Detection System (IDS) for network-based threat detection.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 12:54:44 |
China-Linked APT31 Abuses Hacked Routers in Attacks, France Warns (lien direct) |
The French National Agency for the Security of Information Systems (ANSSI) on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks.
|
Threat
|
APT 31
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 11:52:38 |
CISA Details Malware Used in Attacks Targeting Pulse Secure Devices (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 11:30:00 |
Is Your SecOps Solution Keeping Up? (lien direct) |
The goal of any SecOps system is to collect, correlate, and assess data gathered from every corner of the network to detect and investigate anomalous behavior and then respond promptly to thwart an attack before its damage is done. And when networks were primarily contained within a clearly defined and static perimeter, this was not just an aspirational goal. It was well within the ability of virtually any SecOps team.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 11:23:21 |
Dell Patches Critical Vulnerabilities in OpenManage Enterprise (lien direct) |
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities.
A systems management and monitoring application, Dell OpenManage Enterprise provides administrators with a comprehensive view of Dell EMC servers, network switches, and storage in their environment.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 11:01:02 |
UK Man Arrested in Spain, Charged in US With Twitter Hack (lien direct) |
A British man has been charged in the United States in connection with a Twitter hack last summer that compromised the accounts of prominent politicians, celebrities and technology moguls, the Justice Department said Wednesday.
|
Hack
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-22 02:00:06 |
Biden to Meet Next Month With Private Sector on Cyber Issues (lien direct) |
President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 19:55:00 |
Google Cloud Introduces New Zero Trust Offerings for Government (lien direct) |
Google Cloud this week announced a new set of services aimed at help federal, state, and local government organizations in the United States to implement Zero Trust architecture.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 19:43:20 |
Saudi Aramco Facing $50M Cyber Extortion Over Leaked Data (lien direct) |
Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company - files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand - likely came from one of its contractors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 17:31:25 |
Ransomware Attack on UK Rail System - Spray and Pray or Targeted? (lien direct) |
Northern Rail, one of the UK's local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack last week.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 17:01:51 |
Microsoft Acquires Cloud Security Start-up CloudKnox (lien direct) |
After years of mostly sitting on the sidelines, Microsoft is starting to be aggressive with cybersecurity acquisitions.
The world's largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help companies manage and secure access to cloud accounts and data.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 15:53:54 |
DNSFilter Raises $30 Million in Series A Funding (lien direct) |
Cybersecurity firm raises $30 Million to support growth of its AI-based DNS threat protection system
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 15:13:24 |
Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems (lien direct) |
Researchers at industrial cybersecurity firm Claroty have identified a series of vulnerabilities that have enabled them to demonstrate how malicious actors could abuse cloud-based management platforms when targeting industrial organizations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 13:33:18 |
Oracle Releases July 2021 CPU With 342 Security Patches (lien direct) |
Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update (CPU). More than half of the addressed vulnerabilities could be exploited remotely without authentication.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 13:16:12 |
Chrome 92 Brings Several Privacy, Security Improvements (lien direct) |
Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 12:17:17 |
Macron Among 14 Heads of States on Potential Spyware List (lien direct) |
French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group, Amnesty International said Tuesday.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 11:45:19 |
Millions of Devices Affected by Vulnerability in HP, Samsung, Xerox Printer Drivers (lien direct) |
A printer driver shipped to millions of computers since 2005 is affected by a vulnerability that can be exploited for privilege escalation, according to endpoint security company SentinelOne.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 11:27:10 |
Zero Trust, We Must (lien direct) |
Daily headlines about cyber-attacks and data breaches (e.g., City of Tulsa, Guess, Morgan Stanley, Rural Al
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 10:03:49 |
Adobe Patches 21 Vulnerabilities Across Seven Products (lien direct) |
Security updates released by Adobe on Tuesday for seven of its products patch a total of 21 vulnerabilities, including 15 flaws that have been assigned a critical severity rating.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 08:47:25 |
Fortinet Patches Remote Code Execution Vulnerability in FortiManager, FortiAnalyzer (lien direct) |
Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-21 04:07:04 |
Google Enhances Protections in Cloud Armor Web Security Service (lien direct) |
Google announced recently that it has expanded the capabilities of Cloud Armor, a service that provides distributed denial of service (DDoS) protections and a web application firewall (WAF) to keep customers safe from web attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 21:01:10 |
Russian Hacker Levashov Sentenced to Time Already Served (lien direct) |
A Russian hacker known internationally as the “bot master” was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicious software.
|
Spam
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 19:51:00 |
New Cybersecurity Order Issued for US Pipeline Operators (lien direct) |
The Department of Homeland Security on Tuesday announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 15:55:58 |
Rapid7 Acquires Threat Intelligence Firm Intsights for $335 Million (lien direct) |
Boston- based cybersecurity firm Rapid7 announced on Tuesday that it has shelled out $335 million to acquire threat intelligence startup Intsights.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 15:10:19 |
Life in Lockdown: Offices Are Empty of People, Full of Risky IoT Devices (lien direct) |
During lockdown, offices have been empty and quiet – but not dead. Networks have continued to run, and IoT devices have continued to operate unattended. Many of these devices have communicated in plain text leaving the networks vulnerable.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 15:00:05 |
U.S. Government Attributes ICS Attacks to Russia, China, Iran (lien direct) |
Hacking Operation Sought to Help China Develop Cyberattack Capabilities for Damaging and Disrupting U.S. Pipelines
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 14:56:20 |
Success of Ransomware Attacks Shows the State of Cybersecurity (lien direct) |
Ransomware is incredibly popular because it works, and it is very profitable for the attackers
|
Ransomware
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 13:38:03 |
Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks (lien direct) |
A high-severity vulnerability affecting Rockwell Automation's MicroLogix 1100 programmable logic controllers (PLCs) can be exploited to cause a device to enter a persistent fault condition.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 12:58:24 |
China Says Washington Hack Claims \'Fabricated\', Condemns US Allies (lien direct) |
China on Tuesday said the US had "fabricated" allegations it carried out a massive Microsoft hack, countering that Washington was the "world champion" of cyber attacks while raging at American allies for signing up to a rare joint statement of condemnation.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 12:32:36 |
Microsoft Adds Teams Mobile Applications to Bug Bounty Program (lien direct) |
Microsoft on Monday announced that it has included the Teams mobile applications for Android and iOS within the scope of its bug bounty programs.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 11:38:45 |
(Déjà vu) Cybersecurity M&A Roundup for July 9-19, 2021 (lien direct) |
A total of 11 cybersecurity-related acquisitions were announced between July 9 and July 19, 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 11:01:48 |
UN Rights Chief Alarmed by Reported Use of Powerful Spyware (lien direct) |
The United Nations' human rights chief voiced alarm Monday over the reported use of military-grade malware from Israel-based NSO Group to spy on journalists, human rights activists and political dissidents.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 10:47:30 |
Mitigating Threats to Encryption From Quantum and Bad Random (lien direct) |
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 10:32:30 |
Researchers: Apple Quietly Patched 0-Click Wi-Fi Code Execution Vulnerability in iOS (lien direct) |
Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-20 02:19:49 |
EXPLAINER: Target List of Israeli Hack-for-Hire Firm Widens (lien direct) |
Human rights and press freedom activists are up in arms about a new report on NSO Group, the notorious Israeli hacker-for-hire company. The report, by a global media consortium, expands public knowledge of the target list used in NSO's military-grade spyware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 22:54:52 |
Microsoft Cracks Down on Malicious Homoglyph Domains (lien direct) |
Microsoft on Monday announced that it secured a court order to take down numerous malicious homoglyph domains that a criminal group registered to impersonate legitimate sites of various businesses, predominantly located in North America.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 18:20:31 |
Juniper Patches Critical Third-Party Flaws Across Product Portfolio (lien direct) |
Juniper Networks has shipped security patches to cover numerous vulnerabilities across its product portfolio, including a series of critical bugs in third-party software used in Juniper's product portfolio.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 16:51:49 |
Collective Intelligence: Realities and Hardships of Crowdsourced Threat Intel (lien direct) |
Enterprise security teams need to move from the consumption of crowdsourced threat intelligence (CTI) to an additional mode of contribution
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 16:26:39 |
Pegasus Scandal Shows Risk of Israel\'s Spy-tech Diplomacy: Experts (lien direct) |
Reports that Israel-made Pegasus spyware has been used to monitor activists, journalists and politicians around the world highlight the diplomatic risks of nurturing and exporting "oppressive technology", experts warned Monday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 15:17:22 |
Law Firm Campbell Conroy & O\'Neil Discloses Ransomware Attack (lien direct) |
Prominent law firm Campbell Conroy & O'Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised.
|
Ransomware
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 14:51:49 |
Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities (lien direct) |
Cisco's Talos threat intelligence and research unit has disclosed the details of several critical vulnerabilities affecting a router monitoring application made by Taiwan-based industrial and IoT solutions provider Advantech.
The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers.
|
Tool
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 13:44:03 |
U.S., Allies Officially Accuse China of Microsoft Exchange Attacks (lien direct) |
U.S. Charges Four Alleged Members of Chinese Hacking Group APT40
The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government.
|
Industrial
|
APT 40
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 12:07:29 |
OPSWAT Acquires Industrial Cybersecurity Firm Bayshore Networks (lien direct) |
OPSWAT, which specializes in cybersecurity solutions for critical infrastructure, on Monday announced the acquisition of industrial cybersecurity company Bayshore Networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-07-19 10:52:55 |
Ireland Joins EU Covid Travel Pass System After Ransomware Attack Delay (lien direct) |
Ireland dramatically loosened international travel restrictions on Monday, joining an EU-wide pandemic passport scheme weeks later than the rest of the bloc after a ransomware attack hobbled healthcare IT systems.
|
Ransomware
|
|
|