What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-08 13:25:06 | FBI Warns Businesses of Egregor Ransomware Attacks (lien direct) | Offered under a Ransomware-as-a-Service (RaaS) business model, the Egregor ransomware poses a great threat to businesses due to the use of double extortion, a recent private industry notification from the Federal Bureau of Investigation warns. | Ransomware Threat | ||
|
2021-01-08 12:32:41 | Probe Launched Into Impact of SolarWinds Breach on Federal Courts (lien direct) | An investigation has been launched into the impact of the SolarWinds breach on the computer systems used by federal courts in the United States, which reportedly represented a target of interest to the hackers. | |||
|
2021-01-08 01:44:51 | Russian Hacker Gets 12 Years in Massive Data Theft Scheme (lien direct) | A prolific Russian hacker who stole data from over a dozen U.S. companies and information about over 100 million U.S. consumers was sentenced Thursday to 12 years in prison after admitting involvement in one of the biggest thefts of consumer data from a U.S. financial institution. | Guideline | ||
|
2021-01-07 23:37:05 | Red Hat Buys Container Security Firm StackRox (lien direct) | Red Hat on Thursday snapped up container and Kubernetes security startup StackRox, a deal that speeds up its ambitions in the enterprise cloud market. Financial terms of the deal were not announced. | Uber | ||
|
2021-01-07 21:57:08 | F5 to Acquire Volterra in Deal Valued at $500 Million (lien direct) | F5 Networks (NASDAQ: FFIV) announced on Thursday that it has agreed to acquire Volterra, a Santa Clara, Calif.-based provider of tools that help customers deploy applications and build clouds across multiple cloud providers or their own edge locations. | |||
|
2021-01-07 19:01:38 | Ezuri Memory Loader Abused in Linux Attacks (lien direct) | Security researchers at AT&T's Alien Labs have identified multiple malware attacks leveraging the Ezuri memory loader to execute payloads without writing them to disk. | Malware | ||
|
2021-01-07 18:43:56 | Managed Intelligence Firm Nisos Raises $6 Million (lien direct) | Virginia-based managed intelligence company Nisos announced this week that it raised $6 million in a new funding round. The investment comes from Paladin Capital Group, as well as from Columbia Capital and Skylab Capital. Nisos previously raised $6.1 million from Columbia Capital, a funding round that was announced in early 2019. | |||
|
2021-01-07 15:55:10 | Perseverance. Pushing Security Operations Forward in 2021 (lien direct) | We Have the Capabilities to Persevere and Reach the Next Level of Security Maturity | |||
|
2021-01-07 15:52:24 | Lacework Banks $525 Million as Cloud Security Market Heats Up (lien direct) | Lacework, a five-year-old cybersecurity company that automates security across enterprise cloud deployments, has reached unicorn status with the closing of a $525 million round of Series D financing. | |||
|
2021-01-07 15:12:34 | NSA Issues Guidance on Replacing Obsolete TLS Versions (lien direct) | The National Security Agency (NSA) this week issued guidance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) cybersecurity decision makers, system admins, and network security analysts to replace obsolete versions of the Transport Layer Security (TLS) protocol. | |||
|
2021-01-07 14:48:37 | Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update (lien direct) | An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity. The company has awarded more than $100,000 for these vulnerabilities. | |||
|
2021-01-07 13:01:03 | Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks (lien direct) | Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall (WAF) could expose corporate networks to attacks, according to the researcher who found them. | |||
|
2021-01-07 11:42:13 | Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports (lien direct) | Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports. | |||
|
2021-01-06 20:44:06 | \'Earth Wendigo\' Hackers Exfiltrate Emails Through JavaScript Backdoor (lien direct) | A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan. | Malware | ★★★★★ | |
|
2021-01-06 16:48:40 | Dragos Hires Former PepsiCo Deputy CISO Steve Applegate (lien direct) | Industrial cybersecurity firm Dragos has hired Steve Applegate, former VP and Deputy CISO at PepsiCo, as Chief Information Security Officer (CISO). | ★★ | ||
|
2021-01-06 15:12:05 | SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents (lien direct) | Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them. | |||
|
2021-01-06 14:07:26 | U.S. Government Announces \'Hack the Army 3.0\' Bug Bounty Program (lien direct) | The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne. | |||
|
2021-01-06 12:08:44 | Class Action Lawsuit Filed Against SolarWinds Over Hack (lien direct) | A class action lawsuit was filed on behalf of SolarWinds investors this week over the cybersecurity breach suffered by the Texas-based IT management solutions provider. | Hack | ||
|
2021-01-06 09:23:38 | Singapore Admits Police Can Access Contact-Tracing Data (lien direct) | Singapore has admitted data collected for contact-tracing can be accessed by police despite earlier assurances it would only be used to fight the coronavirus, sparking privacy concerns Tuesday about the scheme. | |||
|
2021-01-06 03:47:46 | Trump Widens US Ban on Chinese Apps as His Term Nears End (lien direct) | President Donald Trump has signed an executive order banning transactions with eight Chinese apps including Alipay and WeChat Pay in an escalation of a trade war that has been unfolding through most of his term. | |||
|
2021-01-05 22:02:08 | US: Hack of Federal Agencies \'Likely Russian in Origin\' (lien direct) | Top national security agencies confirmed Tuesday that Russia was likely responsible for a massive hack of U.S. | Hack | ||
|
2021-01-05 22:02:01 | U.S. Releases Cybersecurity Plan for Maritime Sector (lien direct) | The U.S. government has released a plan with a list of top-priority items to mitigate threats and provide security to the crucial maritime sector. | |||
|
2021-01-05 21:44:18 | CIA\'s New Recruitment Website Aims to Diversify Spy Agency (lien direct) | Wanted: Spies from all backgrounds and walks of life. Striving to further diversify its ranks, the CIA launched a new website Monday to find top-tier candidates who will bring a broader range of life experiences to the nation's premier intelligence agency | |||
|
2021-01-05 20:34:57 | Crypto-Hijacking Campaign Leverages New Golang RAT (lien direct) | Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users. | Tool | ||
|
2021-01-05 19:12:20 | SASE Provider iboss Banks $145 Million Equity Funding (lien direct) | Cloud-delivered network security startup iboss on Tuesday announced the closing of a new $145 million financing deal to speed up growth in a lucrative market. | |||
|
2021-01-05 17:33:25 | Data Security Providers Netwrix and Stealthbits Merge (lien direct) | Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. | |||
|
2021-01-05 15:55:19 | Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances (lien direct) | Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller (ADC) and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service (DDoS) attacks. | Threat | ||
|
2021-01-05 14:59:53 | Google Releases January 2021 Security Updates for Android (lien direct) | Google this week announced the January 2021 security updates for Android devices, which address 42 vulnerabilities, including four rated critical severity. | |||
|
2021-01-05 13:56:53 | Hackers Exploiting Recently Disclosed Zyxel Vulnerability (lien direct) | Security researchers have observed the first attempts to compromise Zyxel devices using a recently disclosed vulnerability related to the existence of hardcoded credentials. | Vulnerability | ||
|
2021-01-05 12:39:04 | US-Built Center in Cyprus to Offer Region Security Training (lien direct) | A U.S.-funded center in Cyprus will help train officials from countries in the eastern Mediterranean region and the Middle East on the latest techniques in border, customs, maritime and cyber security, the acting head of the U.S. Department of Homeland Security said on Monday. | |||
|
2021-01-05 11:32:03 | GDPR Fines Exceeded €170 Million in 2020 (lien direct) | Fines issued for violations of the EU's General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million. | |||
|
2021-01-05 04:59:54 | Ransomware Attacks Linked to Chinese Cyberspies (lien direct) | China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. | Ransomware Tool | APT 27 APT 27 | |
|
2021-01-04 18:53:10 | Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report (lien direct) | It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports. | Threat | ||
|
2021-01-04 17:27:21 | Getting SASE, Without the Hyperbole (lien direct) | Secure Access Service Edge (SASE) Can be a Game-Changer When Compared to Security of the Past | |||
|
2021-01-04 16:02:46 | Slack Outage Causing Enterprise Security Hiccups (lien direct) | Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world. | |||
|
2021-01-04 15:12:42 | Hardcoded Credentials Expose Zyxel Firewalls and WLAN Controllers to Remote Attacks (lien direct) | Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges. Identified by EYE security researcher Niels Teusink, the vulnerability exists because the password for the “zyfwp” user account was stored in plaintext and was visible in one of the binaries on the system. | Vulnerability | ||
|
2019-10-09 19:46:47 | EU Hints at Huawei Risk in 5G Security Assessment (lien direct) | The European Union hinted strongly it viewed Chinese tech group Huawei as a security risk to its roll-out of 5G networks in a report released Wednesday. | |||
|
2019-10-09 18:20:48 | Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (lien direct) | The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, ClearSky's security researchers report. | Threat Conference | APT 35 | |
|
2019-10-09 16:48:57 | Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator (lien direct) | A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator. | Vulnerability | ||
|
2019-10-09 15:04:30 | Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey (lien direct) | Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute. | |||
|
2019-10-09 14:51:37 | Pass the Hash Remains a Poorly Defended Threat Vector (lien direct) | In 2010, SANS reported that knowledge of the Pass the Hash attack first described some thirteen years earlier was still poor. By 2019, knowledge of the threat vector that has now been in the public domain for more than two decades has improved, but is still not complete. | Threat | ||
|
2019-10-09 12:32:11 | Cybersecurity Firms Partner on Open Source Security Technology Development (lien direct) | A group of cybersecurity companies this week announced the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies. | |||
|
2019-10-09 12:07:01 | (Déjà vu) NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws (lien direct) | After the UK's National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat actors have been exploiting the recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks. | Threat | ||
|
2019-10-09 10:37:41 | How Blockchain Will Solve Some of IoT\'s Biggest Security Problems (lien direct) | Blockchain Can Protect Systems and Devices While Supporting IoT Devices that Have Few Security Defenses | |||
|
2019-10-09 09:55:22 | Apple Patches 16 Vulnerabilities With macOS Catalina 10.15 (lien direct) | Apple this week released its latest desktop operating system iteration, macOS Catalina 10.15, which includes patches for a total of 16 vulnerabilities. | |||
|
2019-10-09 07:23:10 | No Patch for Critical Code Execution Flaw Affecting D-Link Routers (lien direct) | A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched. | Vulnerability | ||
|
2019-10-09 02:12:47 | New US-UK Agreement Speeds Law Enforcement\'s Access to User Data (lien direct) | The United States and the United Kingdom have signed an agreement designed to help law enforcement agencies gain faster access to data related to serious crimes. This is the first such agreement based on the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which was enacted into U.S. federal law on March 23, 2018. | |||
|
2019-10-08 23:45:13 | Twitter Admits Phone Numbers Meant for Security Used for Ads (lien direct) | Twitter on Tuesday apologized after "inadvertently" using phone numbers and email addresses for advertising even though the personal data was provided for account security. Twitter users' phone numbers and email addresses -- submitted to allow for account authentication -- were matched with advertisers' own data to enable targeted ads. | |||
|
2019-10-08 20:28:55 | (Déjà vu) VMware Completes $2.1 Billion Acquisition of Carbon Black (lien direct) | Virtualization and cloud infrastructure giant VMWare (NYSE: VMW) announced on Tuesday that it has completed its acquisition of endpoint security firm Carbon Black (NASDAQ: CBLK) in an all-cash transaction for $26 per share, representing an enterprise value of $2.1 billion. | |||
|
2019-10-08 19:25:28 | Vulnerabilities Expose TwinCAT Industrial Systems to DoS Attacks (lien direct) | A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for denial-of-service (DoS) attacks, which may be triggered by malicious actors or by accident. |
To see everything:
Our RSS (filtrered)
