What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-12 13:44:54 | (Déjà vu) ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Vulnerabilities (lien direct) | Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products. The companies have released patches and mitigations to address these vulnerabilities. | |||
|
2021-10-12 11:21:34 | GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket (lien direct) | Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. | Vulnerability | ||
|
2021-10-12 11:02:26 | Cloud Security Company Wiz Raises $250 Million at $6 Billion Valuation (lien direct) | Wiz on Monday announced raising $250 million in a Series C funding round, which brings the total raised by the cloud security company to $600 million. | |||
|
2021-10-12 10:12:10 | Vulnerabilities Expose exacqVision Video Surveillance Systems to Remote Attacks (lien direct) | Researchers at cybersecurity firm Tenable have discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls. | |||
|
2021-10-12 10:10:46 | Meeting Backup Requirements for Cyber Insurance Coverage (lien direct) | Many companies wrongly assume that having backups in the cloud can prevent or reduce the impacts of a ransomware attack | Ransomware | ||
|
2021-10-12 01:34:32 | Apple Confirms iOS 15 Zero-Day Exploitation (lien direct) | Apple rushes out iOS 15.0.2 to address a remote code execution vulnerability that is being actively exploited Apple's iOS zero-day problems appear to be getting worse. | Vulnerability | ||
|
2021-10-11 18:25:55 | Engineering Company Weir Group Discloses Ransomware Hack (lien direct) | Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. | Ransomware Hack | ||
|
2021-10-11 17:04:04 | Microsoft Exposes Iran-linked APT Targeting U.S., Israeli Defense Tech Sectors (lien direct) | Threat hunters at Microsoft are raising the alarm about a new Iran-linked threat actor caught using password-spraying techniques to break into defense technology companies in the United States, Israel and parts of the Middle East. | Threat | ||
|
2021-10-11 15:04:19 | Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist (lien direct) | Human rights organization Amnesty International last week reported identifying a link between an Indian cybersecurity company and the infrastructure used by a hacking group in an attack that attempted to deliver Android and Windows spyware to an activist in the West African country of Togo. | |||
|
2021-10-11 14:19:44 | InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks (lien direct) | Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available. | |||
|
2021-10-11 12:45:04 | NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks (lien direct) | The National Security Agency last week issued guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA) techniques. | |||
|
2021-10-11 12:02:21 | (Déjà vu) Cybersecurity M&A Roundup for October 1-10, 2021 (lien direct) | 
A total of nine cybersecurity-related acquisitions were announced in the first 10 days of October 2021.
|
|||
|
2021-10-11 11:04:04 | Cyberattacks Concerning to Most in US: Pearson/AP-NORC Poll (lien direct) | Most Americans across party lines have serious concerns about cyberattacks on U.S. computer systems and view China and Russia as major threats, according to a new poll. | |||
|
2021-10-11 09:57:15 | CISA Releases Remote Access Guidance for Government Agencies (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case. | |||
|
2021-10-08 14:39:26 | Google Patches Four Severe Vulnerabilities in Chrome (lien direct) | Google this week announced the release of an updated Chrome version for Windows, Mac and Linux, to address a total of four high-severity vulnerabilities in the browser. Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system. | |||
|
2021-10-08 14:26:39 | FontOnLake Linux Malware Used in Targeted Attacks (lien direct) | A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. | Malware | ||
|
2021-10-08 12:16:53 | Lots and Lots of Bots: Looking at Botnet Activity in 2021 (lien direct) | A botnet today can be used as a foundation for bad actors to carry out other attacks later | |||
|
2021-10-08 11:03:32 | Apache Releases Another Patch for Actively Exploited HTTP Server Zero-Day (lien direct) | The Apache HTTP Server Project on Thursday announced the release of another update in response to a recently discovered zero-day vulnerability after determining that the initial fix was incomplete. | Vulnerability | ||
|
2021-10-08 10:45:11 | CIA Creates Working Group on China as Threats Keep Rising (lien direct) | The CIA said Thursday it will create a top-level working group on China as part of a broad U.S. government effort focused on countering Beijing's influence. | |||
|
2021-10-08 10:14:00 | Twitch Struggles With Hackers and Hate Raid Bots (lien direct) | Twitch, Amazon's popular live video streaming platform, on Thursday said hackers took advantage of a mistake in a server configuration tweak to steal data. A massive trove of confidential Twitch data dumped on the internet included records showing top game play streamers took in millions of dollars during the past year. | |||
|
2021-10-08 08:36:06 | Attackers Encrypt VMware ESXi Server With Python Ransomware (lien direct) | A recently observed attack employed a Python-based ransomware variant to target an organization's VMware ESXi server and encrypt all virtual disks, Sophos reports. | Ransomware | ||
|
2021-10-07 16:06:33 | Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies (lien direct) | A report published by Mandiant on Thursday details the activities and tools of FIN12, a highly aggressive ransomware group that has likely made a significant amount of money over the past years. | Ransomware | ||
|
2021-10-07 14:55:55 | Iran-linked MalKamak Hackers Targeting Aerospace, Telcos With ShellClient RAT (lien direct) | Operation GhostShell Believed to be Linked to Iranian Threat Actor | Threat | ||
|
2021-10-07 14:46:17 | Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches (lien direct) | Cisco this week released patches for multiple high-severity vulnerabilities affecting its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products. Successful exploitation of these vulnerabilities could allow attackers to cause a denial of service (DoS) condition, execute arbitrary commands as root, or elevate privileges. | |||
|
2021-10-07 14:11:43 | How Integration is Evolving: The X Factor in XDR (lien direct) | XDR must be approached as an open architecture where integration is the linchpin Over the past couple of months, I've talked about how adversaries are evolving their approaches to attacks and the ripple effect that is having on our approach to detection and response. | |||
|
2021-10-07 13:47:51 | Microsoft: Russia Behind 58% of Detected State-Backed Hacks (lien direct) | Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said. | |||
|
2021-10-07 13:09:57 | Nigerian Man Living in U.S. Charged Over Role in BEC Scheme (lien direct) | A Nigerian national residing in Buffalo, New York, was indicted this week for facilitating a business email compromise (BEC) scam that resulted in hundreds of thousands of dollars being stolen from various companies. Charged with conspiracy to commit wire fraud, the man, Eric Iwu, aka James, 32, faces up to 20 years in prison and a fine of $250,000. | |||
|
2021-10-07 10:44:24 | Medtronic Recalls Medical Devices Due to Security Risks That Can Lead to Injury, Death (lien direct) | Medical device maker Medtronic is recalling remote controllers used with some of its insulin pumps due to cybersecurity risks that could lead to injury and even death. | Guideline | ||
|
2021-10-07 09:39:11 | Building a Secure Remote Connection Solution for Today\'s Business (lien direct) | The need for secure and reliable connectivity continues to be top of mind for many organizations. The persistence of the pandemic is making this essential. But even if it wasn't, many organizations are now committed to implementing permanent hybrid work and learning models, where employees and student alternate between on-premises and remote participation. The challenge of this transition involves more than just simple connectivity. | |||
|
2021-10-06 19:48:51 | Streaming Site Twitch Confirms Hack (lien direct) | Amazon's popular live video streaming platform Twitch said Wednesday hackers had broken into its network after reports of exposed confidential company data surfaced online. The service, where users often stream live video game play, confirmed the break-in on Twitter. | Hack | ||
|
2021-10-06 19:20:32 | DevOps Security Startup Mondoo Scores $15M Investment (lien direct) | Mondoo, a startup that provides security tools for DevOps teams, has raised $15 million in funding ($12 million in a new Series A round, and $3 million from a previously undisclosed seed round). The Series A funding round was Led by Atomico with participation from a range of high-profile private investors. | |||
|
2021-10-06 19:15:08 | US Poised to Go After Contractors Who Don\'t Report Breaches (lien direct) | The Justice Department is poised to sue government contractors and other companies who receive U.S. government grants if they fail to report breaches of their cyber systems, the department's No. 2 official said Wednesday. | ★★★★ | ||
|
2021-10-06 18:13:04 | Ransomware Risk Assessment Service Aims to Deflect Attacks (lien direct) | The function of cybersecurity is not to eliminate all attacks and compromises – that's impossible – but to make the attack so expensive and time-consuming on the attacker that he simply moves on to an easier target. That is the purpose of a new product/service designed to make commodity ransomware attacks less easy for the attacker. | Ransomware | ||
|
2021-10-06 18:04:21 | ESET Discovers UEFI Bootkit in Cyber Espionage Campaign (lien direct) | Threat hunters at ESET are training the spotlight on a previously undocumented UEFI bootkit capable of hijacking the EFI System Partition (ESP) to maintain persistence on infected Windows machines. | |||
|
2021-10-06 14:14:31 | Yubico Enables Biometric Logins With New YubiKey Bio Series (lien direct) | Yubico this week announced the general availability of YubiKey Bio Series, its first security key to support biometric authentication on desktop computers. | |||
|
2021-10-06 13:10:54 | Microsec.ai Exits Stealth With Cloud Application Runtime Protection Platform (lien direct) | Microsec.ai on Tuesday emerged from stealth mode to deliver a Cloud Native Application Protection Platform (CNAPP) solution designed to protect cloud-native applications at runtime. The company's agentless CNAPP solution aims to secure multi-cloud IaaS and PaaS environments, as well as containers and data, through a single, unified interface. | |||
|
2021-10-06 12:42:03 | Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS (lien direct) | A distributed control system (DCS) product offered by Honeywell is affected by vulnerabilities that could allow malicious actors to disrupt industrial processes. | |||
|
2021-10-06 12:14:46 | The New Paradigm for Work from Anywhere: Zero Trust Network Access (ZTNA) (lien direct) | It is important to listen to early adopters of ZTNA, as they can provide insights into key factors to success and help avoid pitfalls | |||
|
2021-10-06 12:01:12 | Gravwell Emerges From Stealth With Data Fusion Platform for Security Teams (lien direct) | Enterprise data fusion and analytics company Gravwell on Wednesday emerged from stealth mode with $3 million in seed funding from Next Frontier Capital, Gula Tech Adventures, Kickstart Fund, and Revolution's Rise of the Rest. | |||
|
2021-10-06 11:34:29 | Firefox 93 Improves Protection Against Tracking, Insecure Downloads (lien direct) | Mozilla this week released Firefox 93 to the stable channel with several security improvements, including better privacy protections, patches, and anti-tracking capabilities. Starting with Firefox 93, the browser blocks insecure HTTP downloads on encrypted (HTTPS) pages, to keep users safe from potentially unwanted or even malicious downloads. | ★★ | ||
|
2021-10-06 11:06:32 | (Déjà vu) Over 100,000 Apache HTTP Servers Affected by Actively Exploited Zero-Day Flaw (lien direct) | Users are urged to immediately patch an Apache HTTP Server zero-day vulnerability that has been exploited in the wild. More than 100,000 servers appear to be exposed to attacks. | Vulnerability | ||
|
2021-10-06 11:04:46 | What\'s in a Threat Group Name? An Inside Look at the Intricacies of Nation-State Attribution (lien direct) | Understanding the naming conventions of various threat groups can help us better understand the overall threat landscape | Threat | ||
|
2021-10-06 10:47:00 | Audit: Cybersecurity Weak for Many Kansas School Districts (lien direct) | Many Kansas school districts aren't taking basic steps to protect their computer systems and the privacy of sensitive information collected about students, according to a legislative audit release Tuesday. | |||
|
2021-10-06 10:24:11 | Superhero Passwords Pose Serious Risk to Personal, Enterprise Accounts (lien direct) | Superheroes may be able to save everyone in a fantasy world, but they can't keep online accounts secure in the digital era, Mozilla warns. With hundreds of thousands of occurrences in breach datasets, superhero passwords aren't a strong account protection method, even when the real identities of superheroes are used instead. | |||
|
2021-10-06 08:22:11 | Misconfigured Apache Airflow Instances Expose Sensitive Information (lien direct) | Security researchers with Intezer have discovered several misconfigured Apache Airflow instances that exposed sensitive information to anyone on the Internet. Improperly secured, the Airflow instances were found to expose credentials of cloud services providers, social media platforms, and payment processing services, including AWS, Slack, PayPal, and others. | |||
|
2021-10-05 18:13:43 | Chase Bank Heavily Targeted Via XBALTI Phishing Kit (lien direct) | During the three months from mid-May to mid-August 2021, researchers detected a 300% increase in phishing URLs within their own telemetry targeting Chase Bank. Chase was the sixth most targeted brand, behind obvious companies as PayPal, Apple, and Facebook. | |||
|
2021-10-05 16:53:44 | Adaptive Shield Raises $30M for SaaS Security Posture Management (lien direct) | Adaptive Shield, an Israeli cybersecurity startup that specializes in software-as-a-service (SaaS) application security, on Tuesday announced the closing of a $30 million Series B funding round to expand operations around the world. | |||
|
2021-10-05 14:32:28 | Cloud Security Company Orca Raises $550 Million in Extended Series C Round (lien direct) | Cloud security company Orca Security on Tuesday announced that it has raised $550 million in an extended Series C funding round, at a valuation of $1.8 billion. | |||
|
2021-10-05 13:57:05 | Arizona Launches Command Center to Combat Cyberattacks (lien direct) | Arizona Gov. Doug Ducey has launched a Cyber Command Center that will deal with threats to government computers. At a ceremony Monday at the Department of Public Safety's Arizona Counter Terrorism Information Center in Phoenix, Ducey said the command center will be critical in ensuring the state's cyber infrastructure remains safe and secure. | |||
|
2021-10-05 13:30:42 | Secure Data Collaboration Firm Duality Technologies Raises $30 Million (lien direct) | Privacy-focused data collaboration solutions provider Duality Technologies today announced that it has raised $30 million in Series B funding. To date, the company has received a total of $49 million. | ★★ |
To see everything:
Our RSS (filtrered)
