What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-23 20:04:00 | Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play (lien direct) | The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say. | |||
|
2022-09-23 18:11:24 | CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit (lien direct) | The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government. | |||
|
2022-09-23 15:22:53 | Cyberattackers Compromise Microsoft Exchange Servers Via Malicious OAuth Apps (lien direct) | Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions. | Spam | ||
|
2022-09-23 15:05:23 | How Europe Is Using Regulations to Harden Medical Devices Against Attack (lien direct) | Manufacturers need to document a medical device's intended use and operational environment, as well as plan for misuse, such as a cyberattack. | |||
|
2022-09-23 14:00:00 | Neglecting Open Source Developers Puts the Internet at Risk (lien direct) | From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks. | |||
|
2022-09-23 13:00:27 | Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11 (lien direct) | With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference. | ★★★ | ||
|
2022-09-23 00:00:00 | Researchers Uncover Mysterious \'Metador\' Cyber-Espionage Group (lien direct) | Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group. | |||
|
2022-09-22 20:48:20 | Developer Leaks LockBit 3.0 Ransomware-Builder Code (lien direct) | Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well. | Threat | ||
|
2022-09-22 20:27:27 | CircleCI, GitHub Users Targeted in Phishing Campaign (lien direct) | Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials. | |||
|
2022-09-22 19:49:28 | Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking (lien direct) | Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte. | Deloitte | ||
|
2022-09-22 19:38:12 | Feds Sound Alarm on Rising OT/ICS Threats From APT Groups (lien direct) | NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems. | |||
|
2022-09-22 18:31:41 | Malicious npm Package Poses as Tailwind Tool (lien direct) | Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts. | Tool | ||
|
2022-09-22 14:15:55 | Allurity Acquires Spanish Multinational Aiuken Cybersecurity (lien direct) | . | |||
|
2022-09-22 14:00:00 | Twitter\'s Whistleblower Allegations Are a Cautionary Tale for All Businesses (lien direct) | Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully. | |||
|
2022-09-22 13:50:03 | StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs (lien direct) | Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched. | |||
|
2022-09-22 13:44:05 | Palo Alto Networks 5G-Native Security Now Available on Microsoft Azure Private Multi-Access Edge Compute (lien direct) | . | |||
|
2022-09-21 22:12:04 | Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist (lien direct) | The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code - highlighting a challenging cybersecurity environment in the sector. | |||
|
2022-09-21 21:51:43 | Quantify Risk, Calculate ROI (lien direct) | SecurityScorecard's ROI Calculator helps organizations quantify cyber-risk to understand the financial impact of a cyberattack. | |||
|
2022-09-21 20:30:00 | Threat Actor Abuses LinkedIn\'s Smart Links Feature to Harvest Credit Cards (lien direct) | The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents. | |||
|
2022-09-21 18:36:17 | Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance (lien direct) | At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes. | Cloud | APT 37 | |
|
2022-09-21 18:09:52 | Hackers Paralyze 911 Operations in Suffolk County, NY (lien direct) | Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls. | |||
|
2022-09-21 18:00:00 | Data Scientists Dial Back Use of Open Source Code Due to Security Worries (lien direct) | Data scientists, who often choose open source packages without considering security, increasingly face concerns over the unvetted use of those components, new study shows. | |||
|
2022-09-21 17:00:00 | Don\'t Wait for a Mobile WannaCry (lien direct) | Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon. | Wannacry Wannacry | ||
|
2022-09-21 16:18:23 | Cyber Insurers Clamp Down on Clients\' Self-Attestation of Security Controls (lien direct) | After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures. | |||
|
2022-09-21 15:28:37 | 15-Year-Old Python Flaw Slithers into Software Worldwide (lien direct) | An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559. | Vulnerability | ||
|
2022-09-21 14:00:00 | Ransomware: The Latest Chapter (lien direct) | As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks. | Ransomware | ||
|
2022-09-21 03:33:20 | Microsoft Brings Zero Trust to Hardware in Windows 11 (lien direct) | A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats. | |||
|
2022-09-20 20:33:17 | ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat (lien direct) | Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises. | Malware Threat | ||
|
2022-09-20 19:14:05 | 2-Step Email Attack Uses Powtoon Video to Execute Payload (lien direct) | The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials. | |||
|
2022-09-20 19:00:45 | Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Data (lien direct) | The airline and the fintech giant both fell to successful phishing attacks against employees. | |||
|
2022-09-20 18:20:52 | Cast AI Introduces Cloud Security Insights for Kubernetes (lien direct) | The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability. | Uber | ||
|
2022-09-20 17:37:16 | Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords (lien direct) | It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services. | |||
|
2022-09-20 17:16:29 | Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks (lien direct) | Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals. | Ransomware | ||
|
2022-09-20 17:00:00 | How to Dodge New Ransomware Tactics (lien direct) | The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves. | Ransomware Threat | ||
|
2022-09-20 16:44:32 | No Enterprise Push for Quantum Without Regulatory Push (lien direct) | What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure. | |||
|
2022-09-20 14:59:23 | New Kaspersky EDR Optimum further simplifies protection against evasive threats (lien direct) | . | |||
|
2022-09-20 14:52:32 | ThreatQuotient Enhances Data-Driven Automation Capabilities with New ThreatQ TDR Orchestrator Features (lien direct) | Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations. | |||
|
2022-09-20 14:46:38 | SASE Bucks Economic Uncertainty with Over 30% Growth in 2Q 2022, According to Dell\'Oro Group (lien direct) | Overall SASE Spend on Pace to Top $6 Billion in 2022. | |||
|
2022-09-20 14:34:51 | Invicti Security and ESG Report on How Companies are Shifting for Higher Quality, Secure Application Code (lien direct) | The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations. | |||
|
2022-09-20 14:24:25 | Byos Releases Free Assessment Tool to Provide Companies with Tailored Network Security Recommendations (lien direct) | Assessment tool instantly generates a detailed report breaking down a company's current network security maturity and recommended next steps. | Tool | ||
|
2022-09-20 14:00:00 | Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure (lien direct) | A call for federal agency "review and assessment" of cyber-safety plans at water treatment plants should better protect customers and move the industry forward. | |||
|
2022-09-20 00:00:00 | CrowdStrike Investment Spotlights API Security (lien direct) | The investment in Salt Security underscores the fact that attacks targeting APIs are increasing. | |||
|
2022-09-19 21:24:55 | Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack (lien direct) | The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways. | Uber | ||
|
2022-09-19 21:01:00 | Rockstar Games Confirms \'Grand Theft Auto 6\' Breach (lien direct) | The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets. | |||
|
2022-09-19 18:12:03 | Cyberattackers Make Waves in Hotel Swimming Pool Controls (lien direct) | Pool controllers exposed to the Internet with default passwords let threat actors tweak pool pH levels, and potentially more. | Threat | ||
|
2022-09-19 16:59:00 | 5 Ways to Improve Fraud Detection and User Experience (lien direct) | If we know a user is legitimate, then why would we want to make their user experience more challenging? | |||
|
2022-09-19 16:58:47 | TPx Introduces Penetration Scanning, Expands Security Advisory Services (lien direct) | TPx, a leading nationwide managed services provider (MSP) delivering cybersecurity, managed networks, and cloud communications, today announced the addition of penetration scanning to its Security Advisory Services portfolio. | Guideline | ||
|
2022-09-19 14:00:00 | Cyberattack Costs for US Businesses up by 80% (lien direct) | Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge. | |||
|
2022-09-16 20:37:57 | Attacker Apparently Didn\'t Have to Breach a Single System to Pwn Uber (lien direct) | Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments. | Uber Uber | ||
|
2022-09-16 20:00:00 | Tackling Financial Fraud With Machine Learning (lien direct) | Financial services firms need to learn how - and when - to put machine learning to use. |
To see everything:
Our RSS (filtrered)
