Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-06 15:30:52 |
Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack (lien direct) |
Microsoft on Friday released alternative mitigation measures for organizations who have not been able to immediately apply emergency out-of-band patches released earlier this week that address vulnerabilities being exploited to siphon e-mail data from corporate Microsoft Exchange servers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 22:46:08 |
Software Icon McAfee Charged in Cryptocurrency Scam (lien direct) |
The creator off McAfee computer security software faces charges he cashed in on a "pump-and-dump" scheme, promoting cryptocurrencies on Twitter to drive up their value.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 17:01:32 |
Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers (lien direct) |
Thousands of mobile applications expose user data through insecurely implemented cloud containers, according to a new report from security vendor Zimperium.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 15:15:49 |
Ransomware Takedowns Underscore Need for Private-Public Cybersecurity Collaboration (lien direct) |
The recent disruption of Emotet, conducted by a worldwide coalition of law enforcement agencies, has huge significance. There are the obvious cybersecurity implications of disrupting what's been called the “most dangerous malware in the world,” but it's also a strong reminder of the importance of public and private collaboration in fighting cybercrime.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 14:42:44 |
Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA (lien direct) |
SITA, a multinational company that specializes in air transport communications and IT, this week confirmed falling victim to a cyberattack that appears to have impacted multiple airlines around the world.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 13:17:55 |
NSA, DHS Issue Guidance on Protective DNS (lien direct) |
The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) this week published joint guidance on Protective DNS (PDNS).
Designed to translate domain names into IP addresses, the Domain Name System (DNS) is a key component of Internet and network communications.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 12:54:26 |
Report: Russian Hackers Exploit Lithuanian Infrastructure (lien direct) |
Hacker groups linked to Russian intelligence conducted cyber-attacks against top Lithuanian officials and decision-makers last year and used the Baltic nation's technology infrastructure as a base to hit targets elsewhere, a report by Lithuania's intelligence service said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 12:17:58 |
Supermicro, Pulse Secure Respond to Trickbot\'s Ability to Target Firmware (lien direct) |
Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware's ability to target firmware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 11:39:50 |
Three New Malware Strains Linked to SolarWinds Hackers (lien direct) |
Microsoft and cybersecurity firm FireEye on Thursday published blog posts detailing several new pieces of malware that they believe are linked to the hackers behind the supply chain attack targeting Texas-based IT management solutions provider SolarWinds.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 10:59:14 |
South Africa Opposes WhatsApp-Facebook Data Sharing (lien direct) |
South Africa's information regulator has protested WhatsApp's plans to share user data with Facebook, vowing to engage directly with the popular messaging app to ensure its compliance to national privacy laws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-05 09:52:22 |
Someone Is Hacking Cybercrime Forums and Leaking User Data (lien direct) |
Since the beginning of this year, an unknown threat actor has been hacking cybercrime forums and leaking user data publicly or offering it for sale.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 17:27:32 |
Privilege Escalation Bugs Patched in Linux Kernel (lien direct) |
A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel.
Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.
|
Guideline
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 15:59:17 |
Managed Services Provider CompuCom Hit by Malware (lien direct) |
Managed services provider CompuCom was recently targeted in a cyberattack that led to some disruption to customer services and internal operations.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 15:17:53 |
Cybercriminals Finding Ways to Bypass \'3D Secure\' Fraud Prevention System (lien direct) |
Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure (3DS), which is designed to improve the security of online credit and debit card transactions.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 14:23:59 |
Cybercriminals Target Industrial Organizations in Information Theft Campaign (lien direct) |
A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 14:00:41 |
German Officials Want Emails, IMs Tied to Real-World ID (lien direct) |
Germany security officials are proposing that Internet companies should link a user's real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 13:46:44 |
Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability (lien direct) |
Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 12:50:36 |
Multiple Cyberspy Groups Target Microsoft Exchange Servers via Zero-Day Flaws (lien direct) |
Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 11:19:20 |
Qualys Confirms Unauthorized Access to Data via Accellion Hack (lien direct) |
Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion's FTA product.
|
Ransomware
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 04:45:42 |
Microsoft Pays $50,000 Bounty for Account Takeover Vulnerability (lien direct) |
A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 22:09:26 |
Okta to Acquire Rival Auth0 in $6.5 Billion Deal (lien direct) |
Identity and access management giant Okta (NASDAQ: OKTA) late Wednesday announced plans buy rival Auth0 in an all-stock transaction valued at roughly $6.5 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 19:21:06 |
New CISO Hires at Uber, Square, SailPoint (lien direct) |
Ride-sharing giant Uber has quietly snapped up veteran security leader Latha Maripuri to be its Chief Information Security Officer (CISO).
A formal announcement has not yet been made but Maripuri, a security leader with stints at IBM and NewsCorp, has shared the news on her LinkedIn profile.
|
Guideline
|
Uber
Uber
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 18:18:12 |
Intel Paid Out $800,000 Per Year Through Bug Bounty Program (lien direct) |
Over 230 Vulnerabilities Patched in Intel Products in 2020
Intel patched 231 vulnerabilities in its products last year, roughly the same as in the previous year, when it fixed 236 flaws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 15:44:00 |
Jetty Flaw Can Be Exploited to Inflate Target\'s Cloud Bill, Cause Disruption (lien direct) |
A vulnerability affecting Eclipse Jetty web servers can be exploited by an attacker to inflate a targeted organization's cloud services bill or cause disruption, according to security researchers at tech company Synopsys.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 15:23:03 |
VMware Patches Remote Code Execution Vulnerability in View Planner (lien direct) |
VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 15:01:15 |
Google Vows to Stop Tracking Individual Browsing for Ads (lien direct) |
Google on Wednesday pledged to steer clear of tracking individual online activity when it begins implementing a new system for targeting ads without the use of so-called "cookies."
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 13:22:12 |
Chrome 89 Patches Actively Exploited Vulnerability (lien direct) |
Google this week announced the availability of Chrome 89 in the stable channel, with patches for a total of 47 vulnerabilities, including one that has been exploited in the wild.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 12:22:14 |
Should You Be Concerned About the Recently Leaked Spectre Exploits? (lien direct) |
A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. While some experts say this could increase the risk of exploitation for malicious purposes, others believe there is no reason for concern.
|
Malware
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 12:03:52 |
The Different Flavors of Cyber Resilience (lien direct) |
Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 09:49:46 |
Microsoft Expands Secured-core to Servers, IoT Devices (lien direct) |
Microsoft this week announced Secured-core Server and Edge Secured-core, two solutions aimed at improving the security of servers and connected devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 23:09:19 |
Microsoft: 4 Exchange Server Zero-Days Under Attack by Chinese Hacking Group (lien direct) |
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 19:56:39 |
Hackers Control Perl.com Domain Months Before Hijack (lien direct) |
The Perl.com domain was hijacked in January 2021, but hackers seemingly took control of it four months prior, in September 2020.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 16:00:46 |
Google Patches Critical Remote Code Execution Vulnerability in Android (lien direct) |
Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 15:47:00 |
New \'Unc0ver\' Jailbreak Uses Vulnerability That Apple Said Was Exploited (lien direct) |
The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 14:41:10 |
Universal Health Services Takes $67 Million Hit From Cyberattack (lien direct) |
Healthcare services provider Universal Health Services (UHS) last week revealed that a cyberattack it fell victim to in September 2020 had an estimated financial impact of $67 million.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 12:53:27 |
Dairy Giant Lactalis Targeted by Hackers (lien direct) |
France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach.
The company said a malicious third party attempted to breach its computer network, but it immediately took action to contain the attack. This included restricting access to public resources.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 04:40:16 |
Ryuk Ransomware With Worm-Like Capabilities Spotted in the Wild (lien direct) |
In early 2021, security researchers identified a variant of the infamous Ryuk ransomware that is capable of lateral movement within the infected networks.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 23:49:03 |
AI Panel Urges US to Boost Tech Skills Amid China\'s Rise (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 21:57:17 |
US Right-Wing Platform Gab Acknowledges it Was Hacked (lien direct) |
The CEO of Gab, a social network favored by the US political right, said the platform had been attacked by "demon hackers" after an activist group released user data described as an important resource for research on the far right.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 20:43:46 |
Suspected Chinese APT Group Targets Power Plants in India (lien direct) |
Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting a wide range of critical infrastructure targets in India, including power plants, electricity distribution centers and Indian seaports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 18:28:53 |
Asian Food Distribution Giant JFC International Hit by Ransomware (lien direct) |
JFC International, a major distributor and wholesaler of Asian food products, last week revealed that it was recently targeted in a ransomware attack that disrupted some of its IT systems.
The attack apparently only impacted JFC International's Europe Group, which said it had notified authorities, employees and business partners about the incident.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 17:21:00 |
Inside the Ransomware Economy (lien direct) |
The trouble with ransomware is well known at this point.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 15:27:36 |
Auth0 Names Jameeka Green Aaron as Chief Information Security Officer (lien direct) |
Identity-as-a-Service (IDaaS) company Auth0 announced on Monday that Jameeka Green Aaron has joined the company as Chief Information Security Officer (CISO).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 14:15:56 |
Boat Building Giant Beneteau Says Cyberattack Disrupted Production (lien direct) |
French boat maker Groupe Beneteau is working on restoring operations after falling victim to a cyber-attack roughly ten days ago.
Founded in 1884, the Vendée, France-based company employs more than 8,000 people in France, the United States, Poland, Italy and China, and focuses on two business lines: boats and leisure homes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 13:41:24 |
NSA Publishes Guidance on Adoption of Zero Trust Security (lien direct) |
The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 13:17:34 |
US Shifts State Grant Focus to Extremism, Cyberthreats (lien direct) |
State and local governments will be required to spend a portion of nearly $1.9 billion in annual federal public safety grants on the fight against domestic extremism and improved cybersecurity, the Department of Homeland Security said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 12:17:14 |
Cybersecurity M&A Round-Up for February 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 11:24:11 |
Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall (lien direct) |
A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult.
|
Vulnerability
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 02:44:53 |
IT Asset Management Firm Axonius Raises $100 Million (lien direct) |
IT asset management company Axonius has raised $100 million in Series D funding, the company told SecurityWeek Sunday. Led by private equity firm Stripes, the latest funding round brings the total amount raised by the New York based company to $195 million at more than $1 billion valuation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-27 20:05:31 |
Judge Approves $650M Facebook Privacy Lawsuit Settlement (lien direct) |
A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users.
|
|
|
|