Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-09-14 15:39:12 |
Now LIVE: SecurityWeek\'s 2021 CISO Forum, Presented by Cisco (Virtual Event) (lien direct) |
|
|
|
|
|
2021-09-14 15:32:33 |
The Implications of China\'s New Personal Information Protection Law (lien direct) |
The cornerstone of Chinese national and international policy is a fundamental principle: China First. So, while its new data privacy law, the Personal Information Protection Law (PIPL), will provide solid protection for its people's personal information nationally, internationally the law can be used as a weapon.
|
|
|
|
|
2021-09-14 15:01:27 |
CISA Appoints Kiersten Todt as New Chief of Staff (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday announced that it has appointed Kiersten Todt as its new chief of staff.
|
|
|
|
|
2021-09-14 14:07:11 |
Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System (lien direct) |
Switzerland's national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (roughly $271,000) for critical vulnerabilities identified in a future digital voting system.
|
|
|
|
|
2021-09-14 13:34:50 |
Nearly Half of On-Premises Databases Vulnerable to Attacks: Study (lien direct) |
A five-year study conducted by cybersecurity firm Imperva showed that nearly half of on-premises databases globally have at least one vulnerability that could expose them to attacks.
|
Vulnerability
|
|
|
|
2021-09-14 12:56:06 |
BitSight Raises $250 Million at $2.4 Billion Valuation (lien direct) |
Cybersecurity ratings company BitSight on Monday announced receiving a $250 million investment from credit ratings giant Moody's in a deal valuing BitSight at $2.4 billion.
BitSight said it will use the money to further enhance its offerings and capabilities. The company has raised more than $400 million across six funding rounds.
|
|
|
|
|
2021-09-14 11:45:38 |
Belarus, Ukraine Saw Largest Increase in ICS Attacks During H1 2021: Kaspersky (lien direct) |
Some form of malicious activity was detected on roughly one-third of the industrial control system (ICS) computers monitored by Kaspersky in the first half of 2021.
|
|
|
|
|
2021-09-14 11:01:26 |
JumpCloud Raises $159 Million at $2.56 Billion Valuation (lien direct) |
User and device management provider JumpCloud on Monday announced that it has raised $159 million in Series F funding at a $2.56 billion valuation. To date, the company has raised $350 million in funding.
|
|
|
|
|
2021-09-14 10:13:31 |
MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago (lien direct) |
The recently detailed Mēris botnet is targeting devices that were originally compromised three years ago, Latvian network equipment maker MikroTik says.
|
|
|
|
|
2021-09-13 21:51:32 |
Google Warns of Exploited Zero-Days in Chrome Browser (lien direct) |
Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild.
|
|
|
|
|
2021-09-13 18:24:57 |
Apple Ships Urgent Patch for FORCEDENTRY Zero-Days (lien direct) |
Apple on Monday rolled out fixes for a pair of iOS and macOS security defects alongside a warning that these issues belong in the “actively exploited” zero-day category.
|
|
|
|
|
2021-09-13 17:40:35 |
SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs (lien direct) |
A team of researchers has identified what appears to be a new method that malicious actors could use to trick users into connecting to their wireless access points (APs).
|
|
|
|
|
2021-09-13 16:53:46 |
Tens of Thousands of Unpatched Fortinet VPNs Hacked via Old Security Flaw (lien direct) |
A threat actor has leaked online access credentials for 87,000 Fortinet VPN devices that were apparently compromised using a vulnerability identified and patched two years ago.
|
Vulnerability
Threat
|
|
|
|
2021-09-13 16:18:05 |
Tenable to Acquire Accurics in $160M Deal (lien direct) |
Attack surface management pioneer Tenable on Monday announced plans to spend $160 million in cash to snap up Accurics, an early-stage startup selling cloud-native security for DevOps and security teams.
|
|
|
|
|
2021-09-13 15:55:50 |
CISOs Faced With Friction, Resistance From Remote Workers Over Security Controls (lien direct) |
The sudden and forced migration of staff from office working to home working caused by the COVID pandemic is often touted as a success. This is true. It was a logistical success. But the cybersecurity ramifications are only just unfolding; and they need to be tackled.
|
|
|
|
|
2021-09-13 13:38:22 |
Facebook Announces Encrypted WhatsApp Backups (lien direct) |
Facebook has announced plans to further improve WhatsApp privacy and security by allowing users to encrypt their message history backups in the cloud.
|
|
|
|
|
2021-09-13 12:55:56 |
WordPress 5.8.1 Patches Several Vulnerabilities (lien direct) |
WordPress 5.8.1, a security and maintenance release announced last week, fixes 60 bugs and several vulnerabilities.
|
|
|
|
|
2021-09-13 12:33:12 |
Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise (lien direct) |
Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host.
|
|
|
|
|
2021-09-13 11:04:13 |
OpenSSL 3.0 Released After 3 Years of Development (lien direct) |
The OpenSSL Project last week announced the official release of OpenSSL 3.0, a version that has been under development for the past 3 years.
|
|
|
|
|
2021-09-10 18:07:38 |
Cybersecurity Seen as Rising Risk for Airlines After 9/11 (lien direct) |
After remaking their security procedures following the 9/11 attacks to stop airline hijackings, carriers are now faced with rising threats targeting computers and electronic equipment critical to their operations and safety.
|
|
|
|
|
2021-09-10 16:41:13 |
Mēris Botnet Flexes Muscles With 22 Million RPS DDoS Attack (lien direct) |
A series of record-breaking RPS-based distributed denial of service (DDoS) attacks observed over the past month are the result of a new, powerful botnet flexing its muscles to prove its capabilities.
|
|
|
|
|
2021-09-10 16:32:04 |
Google Introduces Private Compute Services for Android (lien direct) |
Google this week introduced a new suite of services designed to improve privacy in the Android operating system.
|
|
|
|
|
2021-09-10 14:39:27 |
ProtonMail (Wrongly?) Criticized for Disclosing User IP to Authorities (lien direct) |
Blaming ProtonMail misses important lessons of the case, as request from authorities ticked the necessary requirements under Swiss law
|
|
|
|
|
2021-09-10 14:33:38 |
Cisco Patches High-Severity Security Flaws in IOS XR (lien direct) |
Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot devices, elevate privileges, or overwrite and read arbitrary files.
|
|
|
|
|
2021-09-10 13:38:38 |
HAProxy Vulnerability Leads to HTTP Request Smuggling (lien direct) |
A critical security vulnerability in HAProxy could allow attackers to bypass security controls and access sensitive data without authorization, according to a warning from security research outfit JFrog.
|
Vulnerability
|
|
|
|
2021-09-10 13:31:48 |
GitHub Patches Security Flaws in Core Node.js Dependencies (lien direct) |
GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks.
|
|
|
|
|
2021-09-10 11:13:12 |
Understanding the Cryptocurrency-Ransomware Connection (lien direct) |
Unfortunately for the law-abiding of the world, ransomware is an idea that caught on immediately and never lost steam. In fact, it's grown to the point that it now contributes to a thriving cybercrime business, often targeting large sectors, including education, finance, healthcare, the legal sector, and manufacturing. According to Fortinet research, by the end of 2020, there were as many as 17,200 devices reporting ransomware each day.
|
Ransomware
|
|
|
|
2021-09-09 17:59:20 |
Mastercard to Acquire Blockchain Analytics Firm CipherTrace (lien direct) |
|
|
|
|
|
2021-09-09 17:29:37 |
Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent (lien direct) |
Finding the right fit for your security team remains a daunting and somewhat challenging task in today's world. There's a well-documented shortage of talent across the cybersecurity industry dating back several years. The COVID-19 pandemic and the challenges it brought have made matters worse.
Recent reports and surveys don't paint a pretty picture.
|
|
|
|
|
2021-09-09 17:11:48 |
Three Ways to Keep Cloud Data Safe From Attackers (lien direct) |
Due to the ease, flexibility and low cost of securely storing and sharing data between commercial cloud providers, by 2025 cloud deployments are expected to be a $68 billion market.
|
|
|
|
|
2021-09-09 15:13:34 |
US Gov Seeks Public Feedback on Draft Federal Zero Trust Strategy (lien direct) |
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
|
|
|
|
|
2021-09-09 15:04:33 |
Canadian-US National Sentenced to Prison for Cybercrime Schemes (lien direct) |
A Canadian and U.S. dual-national was sentenced to 11 years in prison for laundering illicit funds from cybercrime schemes such as business email compromise, ATM cash-outs, and bank cyber-heists.
|
|
|
|
|
2021-09-09 14:47:34 |
Microsoft Warns of Information Leak Flaw in Azure Container Instances (lien direct) |
Microsoft has patched an Azure Container Instances (ACI) vulnerability that could have allowed users to access the information of other Azure customers.
|
Vulnerability
|
|
|
|
2021-09-09 13:17:51 |
Get Ready for PYSA Ransomware Attacks Against Linux Systems (lien direct) |
Linux is increasingly targeted by ransomware. Researchers have now detected indications that the PYSA ransomware, often also known as Mespinoza, is also being readied for Linux targets.
|
Ransomware
|
|
|
|
2021-09-09 10:43:29 |
Is the Taliban a Cyber Threat to the West? (lien direct) |
|
Threat
|
|
|
|
2021-09-08 19:38:04 |
TrueFort Raises $30 Million to Grow Application Protection Platform (lien direct) |
TrueFort, which provides an application visibility and protection platform, announced today that it has closed a $30 million Series B funding round, bringing the total raised by the Weehawken, New Jersey-based company to $47.7 million.
|
|
|
|
|
2021-09-08 17:34:44 |
Zoho Confirms Zero-Day Authentication Bypass Attacks (lien direct) |
Zoho has shipped an urgent patch for an authentication bypass vulnerability in its ManageEngine ADSelfService Plus alongside a warning that the bug is already exploited in attacks.
Tracked as CVE-2021-40539, the security flaw is deemed critical as it could be exploited to take over a vulnerable system.
|
Vulnerability
|
|
|
|
2021-09-08 14:47:52 |
Howard University Cancels Classes, Shuts Campus After Ransomware Attack (lien direct) |
Howard University closed its physical campus and canceled classes this week after experiencing a ransomware attack.
|
Ransomware
|
|
|
|
2021-09-08 14:39:26 |
Google Android Security Update Patches 40 Vulnerabilities (lien direct) |
Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.
|
|
|
|
|
2021-09-08 14:30:32 |
CISA Reminds of Risks Connected to Managed Service Providers (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).
|
|
|
|
|
2021-09-08 10:29:04 |
The Impact of the Pandemic on Today\'s Approach to Cybersecurity (lien direct) |
Security practitioners must figure out how to enable a secure and resilient anywhere workforce to reduce risk
|
|
|
|
|
2021-09-08 01:42:01 |
US-built Databases a Potential Tool of Taliban Repression (lien direct) |
Over two decades, the United States and its allies spent hundreds of millions of dollars building databases for the Afghan people. The nobly stated goal: Promote law and order and government accountability and modernize a war-ravaged land.
|
Tool
|
|
|
|
2021-09-07 21:31:45 |
Critical Flaw in Pac-Resolver NPM Package Affects 290,000 Repositories (lien direct) |
A high severity vulnerability recently addressed in popular NPC package Pac-Resolver could be exploited to execute arbitrary code remotely.
|
Vulnerability
|
|
|
|
2021-09-07 21:24:39 |
Jenkins Says Confluence Service Compromised Using Recent Exploit (lien direct) |
Jenkins over the weekend announced that hackers managed to gain access to one of its servers after exploiting a critical vulnerability affecting Atlassian Confluence Server and Data Center.
|
Vulnerability
|
|
|
|
2021-09-07 20:58:16 |
NETGEAR Patches Severe Vulnerabilities in Business Switches (lien direct) |
NETGEAR has released patches to address severe vulnerabilities in its business-grade smart switches that could lead to complete device takeover.
|
Guideline
|
|
|
|
2021-09-07 20:00:26 |
Microsoft Office Zero-Day Hit in Targeted Attacks (lien direct) |
Microsoft's embattled security response unit is scrambling to deal with another zero-day attack hitting users of its flagship Microsoft Office software suite.
|
|
|
|
|
2021-09-07 18:41:49 |
Germany Admits Police Used Controversial Pegasus Spyware (lien direct) |
The German government admitted Tuesday that its federal police service used controversial Israeli spyware known as Pegasus, parliamentary sources told AFP, drawing immediate criticism from rights groups.
|
|
|
|
|
2021-09-07 15:40:49 |
CISO Conversations: The Difference Between Securing Cities and Businesses (lien direct) |
|
|
|
|
|
2021-09-07 14:26:03 |
Measuring Cybersecurity Training Effectiveness (lien direct) |
As your organization reviews the training program, you could start to identify processes that are broken
|
|
|
|
|
2021-09-07 11:37:18 |
Germany Protests to Russia Over Pre-Election Cyberattacks (lien direct) |
Germany has protested to Russia over attempts to steal data from lawmakers in what it suspects may have been preparation to spread disinformation before the upcoming German election, the Foreign Ministry in Berlin said Monday.
|
|
|
|