Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 15:59:17 |
Managed Services Provider CompuCom Hit by Malware (lien direct) |
Managed services provider CompuCom was recently targeted in a cyberattack that led to some disruption to customer services and internal operations.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 15:17:53 |
Cybercriminals Finding Ways to Bypass \'3D Secure\' Fraud Prevention System (lien direct) |
Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure (3DS), which is designed to improve the security of online credit and debit card transactions.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 14:23:59 |
Cybercriminals Target Industrial Organizations in Information Theft Campaign (lien direct) |
A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 14:00:41 |
German Officials Want Emails, IMs Tied to Real-World ID (lien direct) |
Germany security officials are proposing that Internet companies should link a user's real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 13:46:44 |
Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability (lien direct) |
Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 12:50:36 |
Multiple Cyberspy Groups Target Microsoft Exchange Servers via Zero-Day Flaws (lien direct) |
Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 11:19:20 |
Qualys Confirms Unauthorized Access to Data via Accellion Hack (lien direct) |
Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion's FTA product.
|
Ransomware
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-04 04:45:42 |
Microsoft Pays $50,000 Bounty for Account Takeover Vulnerability (lien direct) |
A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 22:09:26 |
Okta to Acquire Rival Auth0 in $6.5 Billion Deal (lien direct) |
Identity and access management giant Okta (NASDAQ: OKTA) late Wednesday announced plans buy rival Auth0 in an all-stock transaction valued at roughly $6.5 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 19:21:06 |
New CISO Hires at Uber, Square, SailPoint (lien direct) |
Ride-sharing giant Uber has quietly snapped up veteran security leader Latha Maripuri to be its Chief Information Security Officer (CISO).
A formal announcement has not yet been made but Maripuri, a security leader with stints at IBM and NewsCorp, has shared the news on her LinkedIn profile.
|
Guideline
|
Uber
Uber
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 18:18:12 |
Intel Paid Out $800,000 Per Year Through Bug Bounty Program (lien direct) |
Over 230 Vulnerabilities Patched in Intel Products in 2020
Intel patched 231 vulnerabilities in its products last year, roughly the same as in the previous year, when it fixed 236 flaws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 15:44:00 |
Jetty Flaw Can Be Exploited to Inflate Target\'s Cloud Bill, Cause Disruption (lien direct) |
A vulnerability affecting Eclipse Jetty web servers can be exploited by an attacker to inflate a targeted organization's cloud services bill or cause disruption, according to security researchers at tech company Synopsys.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 15:23:03 |
VMware Patches Remote Code Execution Vulnerability in View Planner (lien direct) |
VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 15:01:15 |
Google Vows to Stop Tracking Individual Browsing for Ads (lien direct) |
Google on Wednesday pledged to steer clear of tracking individual online activity when it begins implementing a new system for targeting ads without the use of so-called "cookies."
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 13:22:12 |
Chrome 89 Patches Actively Exploited Vulnerability (lien direct) |
Google this week announced the availability of Chrome 89 in the stable channel, with patches for a total of 47 vulnerabilities, including one that has been exploited in the wild.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 12:22:14 |
Should You Be Concerned About the Recently Leaked Spectre Exploits? (lien direct) |
A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. While some experts say this could increase the risk of exploitation for malicious purposes, others believe there is no reason for concern.
|
Malware
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 12:03:52 |
The Different Flavors of Cyber Resilience (lien direct) |
Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-03 09:49:46 |
Microsoft Expands Secured-core to Servers, IoT Devices (lien direct) |
Microsoft this week announced Secured-core Server and Edge Secured-core, two solutions aimed at improving the security of servers and connected devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 23:09:19 |
Microsoft: 4 Exchange Server Zero-Days Under Attack by Chinese Hacking Group (lien direct) |
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 19:56:39 |
Hackers Control Perl.com Domain Months Before Hijack (lien direct) |
The Perl.com domain was hijacked in January 2021, but hackers seemingly took control of it four months prior, in September 2020.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 16:00:46 |
Google Patches Critical Remote Code Execution Vulnerability in Android (lien direct) |
Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 15:47:00 |
New \'Unc0ver\' Jailbreak Uses Vulnerability That Apple Said Was Exploited (lien direct) |
The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 14:41:10 |
Universal Health Services Takes $67 Million Hit From Cyberattack (lien direct) |
Healthcare services provider Universal Health Services (UHS) last week revealed that a cyberattack it fell victim to in September 2020 had an estimated financial impact of $67 million.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 12:53:27 |
Dairy Giant Lactalis Targeted by Hackers (lien direct) |
France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach.
The company said a malicious third party attempted to breach its computer network, but it immediately took action to contain the attack. This included restricting access to public resources.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-02 04:40:16 |
Ryuk Ransomware With Worm-Like Capabilities Spotted in the Wild (lien direct) |
In early 2021, security researchers identified a variant of the infamous Ryuk ransomware that is capable of lateral movement within the infected networks.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 23:49:03 |
AI Panel Urges US to Boost Tech Skills Amid China\'s Rise (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 21:57:17 |
US Right-Wing Platform Gab Acknowledges it Was Hacked (lien direct) |
The CEO of Gab, a social network favored by the US political right, said the platform had been attacked by "demon hackers" after an activist group released user data described as an important resource for research on the far right.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 20:43:46 |
Suspected Chinese APT Group Targets Power Plants in India (lien direct) |
Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting a wide range of critical infrastructure targets in India, including power plants, electricity distribution centers and Indian seaports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 18:28:53 |
Asian Food Distribution Giant JFC International Hit by Ransomware (lien direct) |
JFC International, a major distributor and wholesaler of Asian food products, last week revealed that it was recently targeted in a ransomware attack that disrupted some of its IT systems.
The attack apparently only impacted JFC International's Europe Group, which said it had notified authorities, employees and business partners about the incident.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 17:21:00 |
Inside the Ransomware Economy (lien direct) |
The trouble with ransomware is well known at this point.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 15:27:36 |
Auth0 Names Jameeka Green Aaron as Chief Information Security Officer (lien direct) |
Identity-as-a-Service (IDaaS) company Auth0 announced on Monday that Jameeka Green Aaron has joined the company as Chief Information Security Officer (CISO).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 14:15:56 |
Boat Building Giant Beneteau Says Cyberattack Disrupted Production (lien direct) |
French boat maker Groupe Beneteau is working on restoring operations after falling victim to a cyber-attack roughly ten days ago.
Founded in 1884, the Vendée, France-based company employs more than 8,000 people in France, the United States, Poland, Italy and China, and focuses on two business lines: boats and leisure homes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 13:41:24 |
NSA Publishes Guidance on Adoption of Zero Trust Security (lien direct) |
The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 13:17:34 |
US Shifts State Grant Focus to Extremism, Cyberthreats (lien direct) |
State and local governments will be required to spend a portion of nearly $1.9 billion in annual federal public safety grants on the fight against domestic extremism and improved cybersecurity, the Department of Homeland Security said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 12:17:14 |
Cybersecurity M&A Round-Up for February 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 11:24:11 |
Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall (lien direct) |
A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult.
|
Vulnerability
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-03-01 02:44:53 |
IT Asset Management Firm Axonius Raises $100 Million (lien direct) |
IT asset management company Axonius has raised $100 million in Series D funding, the company told SecurityWeek Sunday. Led by private equity firm Stripes, the latest funding round brings the total amount raised by the New York based company to $195 million at more than $1 billion valuation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-27 20:05:31 |
Judge Approves $650M Facebook Privacy Lawsuit Settlement (lien direct) |
A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 21:27:36 |
HYAS Raises $16 Million to Hunt Adversary Infrastructure (lien direct) |
HYAS, a Victoria, Canada-based provider of threat intelligence based on adversary infrastructure, announced this week that it has closed a $16 million Series B round of funding led by S3 Ventures.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 19:24:21 |
Meet the Vaccine Appointment Bots, and Their Foes (lien direct) |
Having trouble scoring a COVID-19 vaccine appointment? You're not alone. To cope, some people are turning to bots that scan overwhelmed websites and send alerts on social media when slots open up.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 18:29:53 |
Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts (lien direct) |
In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered.
|
Hack
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 15:40:40 |
Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps (lien direct) |
An analysis of 40 COVID-19 contact tracing applications for Android has led to the discovery of numerous security and privacy issues, according to a new research paper.
Contact tracing applications have been created to help authorities automate the process of identifying those who have been in close contact with infected individuals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 13:42:41 |
Microsoft Releases Open Source Resources for Solorigate Threat Hunting (lien direct) |
Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack.
|
Threat
|
Solardwinds
Solardwinds
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 11:54:50 |
Unprotected Private Key Allows Remote Hacking of Rockwell Controllers (lien direct) |
Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 11:44:46 |
TikTok owner ByteDance to pay $92M in US privacy Settlement (lien direct) |
TikTok's Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois privacy law.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-26 04:48:42 |
Here\'s How North Korean Hackers Stole Data From Isolated Network Segment (lien direct) |
During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.
|
Threat
|
APT 38
APT 28
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-25 20:19:29 |
The Race to Find Profits in Securing Email (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-25 15:30:45 |
Cisco Patches Severe Flaws in Network Management Products, Switches (lien direct) |
Cisco this week released patches for over a dozen vulnerabilities affecting multiple products, including three critical bugs impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-25 14:37:41 |
Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack (lien direct) |
Ukraine's National Security and Defense Council (NSDC) this week published two press releases describing cyberattacks aimed at the country.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-25 13:58:47 |
Securing Today\'s Networks Requires Consolidation and Collaboration (lien direct) |
Security Teams Need the Ability to Launch a Coordinated and Consistent Response to Threats Using a Variety of Tools
|
|
|
|