Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:07:46 |
Latvian Woman Charged in US With Role in Cybercrime Group (lien direct) |
A Latvian woman has been charged with developing malicious software used by a cybercrime organization that infected computers worldwide and looted bank accounts of millions of dollars, the Justice Department said Friday.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 15:00:03 |
Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks (lien direct) |
Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service (DDoS) attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 14:15:36 |
EU, Mideast Nations Look to Train at Cyprus Security Center (lien direct) |
Three European Union member nations and three Middle Eastern countries are looking to train personnel in border, customs, maritime and cybersecurity techniques at a cutting-edge U.S.-funded facility in Cyprus that is expected to be ready early next year, the Cypriot foreign minister said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 13:47:45 |
Serious Vulnerabilities Found in CODESYS Software Used by Many ICS Products (lien direct) |
Researchers have discovered 10 vulnerabilities - a majority rated critical or high severity - in CODESYS industrial automation software that is used in many industrial control system (ICS) products.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 13:11:32 |
Building End-to-End Security for 5G Networks (lien direct) |
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 12:53:27 |
XDR Platform Provider SentinelOne Files for IPO (lien direct) |
Endpoint security firm SentinelOne has publicly filed its S-1 registration statement with the SEC for an initial public offering (IPO) of its stock.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 12:08:17 |
White House Urges Private Companies to Help in Fight Against Ransomware (lien direct) |
In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.
|
Ransomware
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 11:41:10 |
Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report (lien direct) |
A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology (OT) systems have experienced some sort of cyber incident in the past year.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 11:04:11 |
Supreme Court Limits Prosecutors\' Use of Anti-Hacking Law (lien direct) |
The Supreme Court on Thursday limited prosecutors' ability to use an anti-hacking law to charge people with computer crimes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 03:55:47 |
Nigerian Arrested in US for Hacking Payroll Services Company (lien direct) |
A Nigerian national was arrested recently in the United States on charges related to hacking into user accounts at a payroll processing company, to steal payroll deposits.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 17:14:28 |
Two Carbanak Gang Members Sentenced to 8 Years in Prison (lien direct) |
Two members of the notorious Carbanak cybergang were sentenced to 8 years in prison, Kazakhstani authorities announced this week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 17:05:39 |
Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN (lien direct) |
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 14:44:13 |
CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 13:49:50 |
Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS (lien direct) |
Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:49:22 |
At Odds: The Promise vs. Operational Reality of Security Solutions (lien direct) |
There's a gap between the promise of a security technology and operational reality
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:39:34 |
Chinese Hackers Using Previously Unknown Backdoor (lien direct) |
Newly discovered cyber weapon uses elaborate multi-stage infection-chain to make detection and analysis difficult
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:22:44 |
Enterprise Mobile Security Startup Hypori Raises $20 Million (lien direct) |
Enterprise mobile security company Hypori this week announced it raised $20 million in a Series A funding round led by GreatPoint Ventures (GPV). To date, the company raised $33.9 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:07:00 |
Biden Says \'Looking\' at Russia Retaliation Over Cyberattack (lien direct) |
US President Joe Biden said Wednesday he is "looking" at possible retaliation after the White House linked Russia to a cyberattack against global meat processing giant JBS.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 11:35:08 |
Many CISOs Blame Cyberattack Surge on Remote Working: VMware (lien direct) |
Cybersecurity professionals have seen a surge in cyberattacks in the past year, and many blamed the trend on more employees working from home due to the COVID-19 pandemic, according to a report published on Thursday by VMware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 10:43:38 |
FBI Confirms REvil Ransomware Involved in JBS Attack (lien direct) |
The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world's largest meat processing company to shut down systems.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 04:08:59 |
Oak9 Launches Infrastructure-as-Code Security Platform With $5.9M in Seed Funding (lien direct) |
oak9 on Wednesday announced the launch of its Infrastructure-as-Code (IaC) security platform, backed by a $5.9 million seed funding round.
IaC is the process of managing and provisioning of infrastructure through code instead of through manual processes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 22:36:27 |
FireEye, Mandiant Split Apart in $1.2B Private Equity Deal (lien direct) |
FireEye (NASDAQ: FEYE) on Wednesday announced plans to sell its products business, including the FireEye name, as part of a $1.2 billion transaction that splits off the Mandiant Solutions unit from the company's endpoint protection and cloud security products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 18:21:02 |
Microsoft Buys ReFirm Labs to Expand IoT Firmware Security Push (lien direct) |
Microsoft's aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 17:15:14 |
Largest Meat Producer Getting Back Online After Cyberattack (lien direct) |
The world's largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 15:31:48 |
Ransomware Attack Hits Nantucket, Martha\'s Vineyard Ferry Service (lien direct) |
Steamship Authority Hit by Cyberattack
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 15:24:08 |
Cisco Discloses Details of macOS SMB Vulnerabilities (lien direct) |
Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system.
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple's own SMB stack is called SMBX.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 15:02:21 |
Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores (lien direct) |
More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at WordPress security company Defiant warns.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 13:05:07 |
Zerodium Offers $100,000 for Pidgin Zero-Day Exploits (lien direct) |
Exploit acquisition firm Zerodium on Tuesday announced that it is offering $100,000 for severe vulnerabilities in Pidgin for Windows and Linux.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 12:06:38 |
Vulnerability in Lasso Library Impacts Products From Cisco, Akamai (lien direct) |
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions.
|
Vulnerability
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 11:11:44 |
Industrial Switches From Several Vendors Affected by Same Vulnerabilities (lien direct) |
Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 10:20:28 |
US Seizes 2 Domain Names Used in Cyberespionage Campaign (lien direct) |
The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-02 00:41:41 |
(Déjà vu) Meat Producer JBS Says Expects Most Plants Working Wednesday (lien direct) |
A ransomware attack on the world's largest meat processing company disrupted production around the world just weeks after a similar incident shut down a U.S. oil pipeline.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 22:44:15 |
Poisoned Installers Found in Solarwinds Hackers Toolkit (lien direct) |
The ongoing multi-vendor investigations into the Solarwinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 20:03:39 |
Report: Accellion Failed to Notify Customers of FTA Zero-Day (lien direct) |
Accellion failed to notify customers of a zero-day vulnerability in its file transfer application (FTA) and related cyber-attacks targeting the security flaw, according to a new report from professional services firm KPMG.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 19:52:53 |
Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021 (lien direct) |
Exploits for vulnerabilities in Microsoft's Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 19:14:59 |
Meat Producer Ransomware Attack Disrupts Global Production (lien direct) |
A ransomware attack on the world's largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 15:41:08 |
Exabeam Lands $200M Investment, Replaces CEO (lien direct) |
Exabeam, a late-stage startup in the data analytics and SIEM space, has landed a new $200 million funding round that values the company at $2.5 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 13:42:50 |
No Time to Waste: Three Ways to Quickly Reduce Risk in Critical Infrastructure Environments (lien direct) |
Earlier this month, the U.S. experienced it first major shutdown of critical infrastructure due to a cyberattack in the nation's history. When adversaries targeted Colonial Pipeline with a disruptive ransomware attack, critical infrastructure security immediately became a mainstream concern, because the attack is unprecedented in terms of its impact.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 13:16:24 |
[redacted] Emerges From Stealth to Help Companies Pursue, Disrupt Adversaries (lien direct) |
[redacted] emerged from stealth mode on Tuesday with $35 million in Series B funding and a cyber defense and response solution that enables organizations to pursue and disrupt adversaries.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 12:41:33 |
Swedish Public Health Agency Says Disease Database Targeted in Cyberattacks (lien direct) |
The Swedish Public Health Agency (Folkhälsomyndigheten) is currently investigating several attempts to hack into SmiNet, a database that stores reports of infectious diseases, including COVID-19 cases.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 11:36:59 |
(Déjà vu) Cybersecurity M&A Roundup: 36 Deals Announced in May 2021 (lien direct) |
Tens of cybersecurity mergers and acquisitions were announced in May 2021, including by Imperva, Accenture, Cisco, HelpSystems, Splunk, Twilio, and Zscaler.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-01 11:23:01 |
Meat-packing Giant JBS USA Shuts Down Systems Following Cyberattack (lien direct) |
JBS USA, the US subsidiary of the world's largest meat processing company, said Monday that some operations were shut down following a cyberattack that affected its North American and Australian IT network.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 17:02:50 |
Microsoft Creates Cybersecurity Council for the Public Sector in APAC (lien direct) |
Looking to build stronger responses against cyberattacks in the Asia Pacific (APAC) region, Microsoft on Monday announced the creation of a cybersecurity council for the public sector in the region.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 14:02:05 |
Interpol Says 585 People Arrested in APAC Operation Against Cyber-Enabled Crime (lien direct) |
Interpol revealed last week that specialized law enforcement officers in the Asia-Pacific (APAC) region intercepted more than $83 million in fraudulent money transfers as part of a six-month coordinated effort aimed at cyber-enabled financial crime.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 13:18:56 |
Kenyan Arrested in Qatar First Targeted by Phishing Attack (lien direct) |
A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 13:04:35 |
SonicWall Patches Command Injection Flaw in Firewall Management Application (lien direct) |
SonicWall last week announced the availability of patches for a severe vulnerability in its Network Security Manager (NSM) product.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 12:35:09 |
Cybercriminals Target Companies With New \'Epsilon Red\' Ransomware (lien direct) |
A new piece of ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 11:07:15 |
CISA-FBI Alert: 350 Organizations Targeted in Attack Abusing Email Marketing Service (lien direct) |
An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency (CISA) revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-31 10:18:26 |
Activists Launch Action Against \'Cookie Banner Terror\' (lien direct) |
A group of online privacy activists said Monday it is taking action against hundreds of websites over their use of pop-up banners asking users to consent to "cookies", the files that track users' activity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-30 14:19:20 |
US Says Agencies Largely Fended Off Latest Russian Hack (lien direct) |
The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit.
|
Hack
|
|
|