Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-07 13:01:03 |
Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks (lien direct) |
Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall (WAF) could expose corporate networks to attacks, according to the researcher who found them.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-07 11:42:13 |
Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports (lien direct) |
Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 20:44:06 |
\'Earth Wendigo\' Hackers Exfiltrate Emails Through JavaScript Backdoor (lien direct) |
A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan.
|
Malware
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 16:48:40 |
Dragos Hires Former PepsiCo Deputy CISO Steve Applegate (lien direct) |
Industrial cybersecurity firm Dragos has hired Steve Applegate, former VP and Deputy CISO at PepsiCo, as Chief Information Security Officer (CISO).
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 15:12:05 |
SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents (lien direct) |
Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 14:07:26 |
U.S. Government Announces \'Hack the Army 3.0\' Bug Bounty Program (lien direct) |
The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 12:08:44 |
Class Action Lawsuit Filed Against SolarWinds Over Hack (lien direct) |
A class action lawsuit was filed on behalf of SolarWinds investors this week over the cybersecurity breach suffered by the Texas-based IT management solutions provider.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 09:23:38 |
Singapore Admits Police Can Access Contact-Tracing Data (lien direct) |
Singapore has admitted data collected for contact-tracing can be accessed by police despite earlier assurances it would only be used to fight the coronavirus, sparking privacy concerns Tuesday about the scheme.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-06 03:47:46 |
Trump Widens US Ban on Chinese Apps as His Term Nears End (lien direct) |
President Donald Trump has signed an executive order banning transactions with eight Chinese apps including Alipay and WeChat Pay in an escalation of a trade war that has been unfolding through most of his term.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 22:02:08 |
US: Hack of Federal Agencies \'Likely Russian in Origin\' (lien direct) |
Top national security agencies confirmed Tuesday that Russia was likely responsible for a massive hack of U.S.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 22:02:01 |
U.S. Releases Cybersecurity Plan for Maritime Sector (lien direct) |
The U.S. government has released a plan with a list of top-priority items to mitigate threats and provide security to the crucial maritime sector.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 21:44:18 |
CIA\'s New Recruitment Website Aims to Diversify Spy Agency (lien direct) |
Wanted: Spies from all backgrounds and walks of life.
Striving to further diversify its ranks, the CIA launched a new website Monday to find top-tier candidates who will bring a broader range of life experiences to the nation's premier intelligence agency
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 20:34:57 |
Crypto-Hijacking Campaign Leverages New Golang RAT (lien direct) |
Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 19:12:20 |
SASE Provider iboss Banks $145 Million Equity Funding (lien direct) |
Cloud-delivered network security startup iboss on Tuesday announced the closing of a new $145 million financing deal to speed up growth in a lucrative market.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 17:33:25 |
Data Security Providers Netwrix and Stealthbits Merge (lien direct) |
Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 15:55:19 |
Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances (lien direct) |
Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller (ADC) and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service (DDoS) attacks.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 14:59:53 |
Google Releases January 2021 Security Updates for Android (lien direct) |
Google this week announced the January 2021 security updates for Android devices, which address 42 vulnerabilities, including four rated critical severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 13:56:53 |
Hackers Exploiting Recently Disclosed Zyxel Vulnerability (lien direct) |
Security researchers have observed the first attempts to compromise Zyxel devices using a recently disclosed vulnerability related to the existence of hardcoded credentials.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 12:39:04 |
US-Built Center in Cyprus to Offer Region Security Training (lien direct) |
A U.S.-funded center in Cyprus will help train officials from countries in the eastern Mediterranean region and the Middle East on the latest techniques in border, customs, maritime and cyber security, the acting head of the U.S. Department of Homeland Security said on Monday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 11:32:03 |
GDPR Fines Exceeded €170 Million in 2020 (lien direct) |
Fines issued for violations of the EU's General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-05 04:59:54 |
Ransomware Attacks Linked to Chinese Cyberspies (lien direct) |
China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files.
|
Ransomware
Tool
|
APT 27
APT 27
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-04 18:53:10 |
Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report (lien direct) |
It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-04 17:27:21 |
Getting SASE, Without the Hyperbole (lien direct) |
Secure Access Service Edge (SASE) Can be a Game-Changer When Compared to Security of the Past
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-04 16:02:46 |
Slack Outage Causing Enterprise Security Hiccups (lien direct) |
Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-04 15:12:42 |
Hardcoded Credentials Expose Zyxel Firewalls and WLAN Controllers to Remote Attacks (lien direct) |
Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges.
Identified by EYE security researcher Niels Teusink, the vulnerability exists because the password for the “zyfwp” user account was stored in plaintext and was visible in one of the binaries on the system.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 19:46:47 |
EU Hints at Huawei Risk in 5G Security Assessment (lien direct) |
The European Union hinted strongly it viewed Chinese tech group Huawei as a security risk to its roll-out of 5G networks in a report released Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 18:20:48 |
Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (lien direct) |
The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, ClearSky's security researchers report.
|
Threat
Conference
|
APT 35
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 16:48:57 |
Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator (lien direct) |
A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 15:04:30 |
Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey (lien direct) |
Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 14:51:37 |
Pass the Hash Remains a Poorly Defended Threat Vector (lien direct) |
In 2010, SANS reported that knowledge of the Pass the Hash attack first described some thirteen years earlier was still poor. By 2019, knowledge of the threat vector that has now been in the public domain for more than two decades has improved, but is still not complete.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 12:32:11 |
Cybersecurity Firms Partner on Open Source Security Technology Development (lien direct) |
A group of cybersecurity companies this week announced the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 12:07:01 |
(Déjà vu) NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws (lien direct) |
After the UK's National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat actors have been exploiting the recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 10:37:41 |
How Blockchain Will Solve Some of IoT\'s Biggest Security Problems (lien direct) |
Blockchain Can Protect Systems and Devices While Supporting IoT Devices that Have Few Security Defenses
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 09:55:22 |
Apple Patches 16 Vulnerabilities With macOS Catalina 10.15 (lien direct) |
Apple this week released its latest desktop operating system iteration, macOS Catalina 10.15, which includes patches for a total of 16 vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 07:23:10 |
No Patch for Critical Code Execution Flaw Affecting D-Link Routers (lien direct) |
A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-09 02:12:47 |
New US-UK Agreement Speeds Law Enforcement\'s Access to User Data (lien direct) |
The United States and the United Kingdom have signed an agreement designed to help law enforcement agencies gain faster access to data related to serious crimes.
This is the first such agreement based on the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which was enacted into U.S. federal law on March 23, 2018.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 23:45:13 |
Twitter Admits Phone Numbers Meant for Security Used for Ads (lien direct) |
Twitter on Tuesday apologized after "inadvertently" using phone numbers and email addresses for advertising even though the personal data was provided for account security.
Twitter users' phone numbers and email addresses -- submitted to allow for account authentication -- were matched with advertisers' own data to enable targeted ads.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 20:28:55 |
(Déjà vu) VMware Completes $2.1 Billion Acquisition of Carbon Black (lien direct) |
Virtualization and cloud infrastructure giant VMWare (NYSE: VMW) announced on Tuesday that it has completed its acquisition of endpoint security firm Carbon Black (NASDAQ: CBLK) in an all-cash transaction for $26 per share, representing an enterprise value of $2.1 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 19:25:28 |
Vulnerabilities Expose TwinCAT Industrial Systems to DoS Attacks (lien direct) |
A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for denial-of-service (DoS) attacks, which may be triggered by malicious actors or by accident.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 19:18:04 |
Email Attacks Using Cloud Services are Increasing (lien direct) |
An analysis of more than 2.2 billion emails between April and June (Q2) 2019 exposes the current tactics, techniques and targets of contemporary attackers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 18:48:18 |
Microsoft Patches 60 Flaws With October 2019 Security Updates (lien direct) |
Microsoft's Patch Tuesday updates for October 2019 fix 60 vulnerabilities, but none of them appear to have been exploited in attacks and only nine are considered critical.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 15:41:36 |
2020 Presidential Candidate Campaign Websites Fail On User Privacy (lien direct) |
Despite everything that has happened over the last four years, the security posture of the 2020 presidential candidates' campaign websites is little better and often worse than it was in 2016.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 14:03:08 |
(Déjà vu) Google Patches Remote Code Execution Bugs in Android 10 (lien direct) |
Google's October 2019 set of security patches for Android address a total of 26 vulnerabilities in the operating system, including a couple of remote code execution bugs impacting Android 10.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 13:45:04 |
Code Execution Vulnerability Impacts NSA Reverse Engineering Tool (lien direct) |
Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.
|
Tool
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 10:25:29 |
Preview: SecurityWeek\'s 2019 ICS Cyber Security Conference (Oct. 21-24 | Atlanta) (lien direct) |
SecurityWeek's 2019 ICS Cyber Security Conference, the largest and longest-running event dedicated to industrial and critical infrastructure cybersecurity, is set to take place in Atlanta, Ga. on October 21-24.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-08 10:18:32 |
Cloud is Creating Security and Network Convergence (lien direct) |
Network Security Expertise is Needed More Than Ever Inside Security Operations Centers and on DevOps Teams
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-07 18:23:50 |
Magecart Group Tied to Cobalt Hackers (lien direct) |
Security researchers were able to link one of the hacking groups operating under the Magecart umbrella to the infamous threat actor known as the Cobalt Group.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-07 15:58:21 |
Patches for Internet Explorer Zero-Day Causing Problems for Many Users (lien direct) |
Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-07 14:24:21 |
NIST\'s Zero Trust Taxonomy Introduces Components, Threats and Migration Routes (lien direct) |
NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-07 13:44:35 |
New Campaign Targets Drupalgeddon2 Flaw to Install Malware (lien direct) |
Hackers continue to target the Drupal vulnerability named Drupalgeddon2 to install malware onto unpatched systems, Akamai's security researchers have discovered.
|
Malware
Vulnerability
|
|
|