What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-09 20:56:34 | Patch Tuesday: Microsoft Warns of Under-Attack Windows Kernel Flaw (lien direct) | Microsoft's scheduled monthly batch of security patches landed with a loud thud Tuesday with fixes for at least 56 security vulnerabilities in a range of operating system and software products. | |||
|
2021-02-09 18:29:39 | Adobe Patches Reader Vulnerability Exploited in the Wild (lien direct) | Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. | Vulnerability | ||
|
2021-02-09 17:10:32 | SentinelOne Snaps up Scalyr in $155M Deal (lien direct) | High-flying endpoint security vendor SentinelOne plans to spend $155 million to acquire log management startup Scalyr, beefing up a crucial technology piece to drive its ambitions in the enterprise cybersecurity market. | |||
|
2021-02-09 15:47:24 | (Déjà vu) Cyberpunk 2077 Video Game Developer Hit by Hack Attack (lien direct) | Polish video game maker CD Projekt RED, the company behind The Witcher and Cyberpunk 2077, said Tuesday hackers had stolen data in a "targeted cyber attack". "An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company said on Twitter. | Hack | ||
|
2021-02-09 15:16:13 | Reinventing Managed Security Services\' Detection and Response (lien direct) | Managed security services are undergoing a timely and significant transformation, armed with new hyperscalable technology stacks, hybrid enterprise and cross-cloud protection complexities, and a demand to evolve from 24/7 eyes-on-glass into hands-on customer-integrated early warning and response. If it wasn't a tired industry cliché we'd probably be adding “next-generation” or NG prefixes to many of these newly transformed managed services. | |||
|
2021-02-09 15:12:30 | Old Iranian Spying Operation Resumes After Long Break (lien direct) | Following a two-year downtime, an Iran-linked cyberespionage operation has recommenced with new second-stage malware and with an updated variant of the Infy malware, according to joint research conducted by cybersecurity firms SafeBreach and Check Point. | Malware | ||
|
2021-02-09 14:25:03 | UN Experts: North Korea Using Cyber Attacks to Update Nukes (lien direct) | North Korea has modernized its nuclear weapons and ballistic missiles by flaunting United Nations sanctions, using cyberattacks to help finance its programs and continuing to seek material and technology overseas for its arsenal, U.N. experts said. | |||
|
2021-02-09 14:09:54 | Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs (lien direct) | An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. | Vulnerability | ||
|
2021-02-09 12:15:21 | U.S. Agencies Publish Ransomware Factsheet (lien direct) | The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation. | Ransomware | ||
|
2021-02-08 22:11:23 | Remote Hacker Caught Poisoning Florida City Water Supply (lien direct) | Hacker Remotely Increased Sodium Hydroxide Levels in Florida City's Water from 100 Parts Per Million to 11,100 Parts Per Million. | |||
|
2021-02-08 15:49:07 | Over 1,200 Iranians Targeted in Domestic Surveillance Campaign (lien direct) | More than 1,200 Iranian citizens have been targeted in extensive cyber-surveillance operations backed by the Iranian government, researchers with cybersecurity firm Check Point report. | |||
|
2021-02-08 14:52:16 | Google Launches Database for Open Source Vulnerabilities (lien direct) | Google last week announced the launch of OSV (Open Source Vulnerabilities), which the internet giant has described as a vulnerability database and triage infrastructure for open source projects. | Vulnerability | ||
|
2021-02-08 14:00:25 | Web Developer Hub SitePoint Discloses Data Breach (lien direct) | Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen. Based in Melbourne, Australia, and established more than two decades ago, SitePoint provides users with access to tutorials and books that can help them learn the basics of web development. | Data Breach | ||
|
2021-02-08 12:30:44 | Government Providers Dominate Cybersecurity M&A Roundup for Week of Feb. 1, 2021 (lien direct) | 
|
|||
|
2021-02-08 09:42:59 | Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration (lien direct) | A recently investigated malicious attack was abusing a locally loaded Chrome extension to exfiltrate data and establish communication with the command and control (C&C) server. | |||
|
2021-02-07 12:01:51 | Google Moves Away From Diet of \'Cookies\' to Track Users (lien direct) | Google is weaning itself off user-tracking "cookies" which allow the web giant to deliver personalized ads but which also have raised the hackles of privacy defenders. | |||
|
2021-02-05 20:00:38 | Google Chrome, Microsoft IE Zero-Days in Crosshairs (lien direct) | Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. | Vulnerability | ||
|
2021-02-05 18:37:18 | Packaging Giant WestRock Says Ransomware Attack Hit Production (lien direct) | Atlanta-based packaging giant WestRock (NYSE: WRK) on Friday shared an update on the recent ransomware incident that impacted the company's information technology (IT) and operational technology (OT) systems. | Ransomware | ||
|
2021-02-05 15:31:59 | Plex Media Server Abused for DDoS Attacks (lien direct) | Malicious actors have been abusing Plex Media Server to amplify distributed denial-of-service (DDoS) attacks, according to application and network performance management company Netscout. | |||
|
2021-02-05 13:31:32 | Open Source Tool Helps Organizations Secure GE CIMPLICITY HMI/SCADA Systems (lien direct) | Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems. | Tool | ||
|
2021-02-05 12:52:52 | Google Paid Out $6.7 Million in Bug Bounty Rewards in 2020 (lien direct) | Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020. | |||
|
2021-02-05 12:27:23 | Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers (lien direct) | In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims. | |||
|
2021-02-04 20:30:54 | Trucking Giant Says Ransomware Attack Had $7.5M Impact (lien direct) | In a filing with the Securities and Exchange Commission (SEC) this week, North American trucking and freight transportation logistics giant Forward Air Corporation said a December 2020 ransomware attack had an impact on its fourth quarter financial results. | Ransomware | ||
|
2021-02-04 20:23:52 | Cisco Patches Critical Vulnerabilities in Small Business Routers, SD-WAN (lien direct) | Cisco this week released software updates to address multiple vulnerabilities across its product portfolio, including critical severity bugs in several small business VPN routers and SD-WAN products. | |||
|
2021-02-04 16:07:37 | New \'Hildegard\' Malware Targets Kubernetes Systems (lien direct) | The hacking group referred to as TeamTNT has been employing a new piece of malware in a recently started campaign targeting Kubernetes environments, security researchers with Palo Alto Networks' Unit 42 reveal. | Malware | Uber | |
|
2021-02-04 15:42:15 | Airbus CyberSecurity Subsidiary Stormshield Discloses Data Breach (lien direct) | Stormshield, a wholly-owned subsidiary of France-based cybersecurity company Airbus CyberSecurity, has disclosed a data breach that resulted in source code and customer information getting compromised. | Data Breach | ||
|
2021-02-04 14:16:24 | Number of ICS Vulnerabilities Continued to Increase in 2020: Report (lien direct) | The number of vulnerabilities discovered in industrial control system (ICS) products in 2020 increased significantly compared to previous years, according to a report released on Thursday by industrial cybersecurity firm Claroty. | |||
|
2021-02-04 13:21:18 | Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks (lien direct) | Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal. | |||
|
2021-02-04 12:43:04 | Canada Probe Concludes Clearview AI Breached Privacy Laws (lien direct) | US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians' privacy rights, Canada's privacy commissioner said Wednesday following an investigation. "What Clearview does is mass surveillance and it is illegal," Privacy Commissioner Daniel Therrien told a teleconference. | |||
|
2021-02-04 12:15:53 | SonicWall Patches SMA Zero-Day Vulnerability Exploited in Attacks (lien direct) | SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access (SMA) 100 series appliances to patch an actively exploited zero-day vulnerability. | Vulnerability | ||
|
2021-02-04 04:32:50 | Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels (lien direct) | Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device. | Vulnerability | ★★★ | |
|
2021-02-03 18:42:05 | Recent Sudo Vulnerability Affects Apple, Cisco Products (lien direct) | Apple's macOS Big Sur operating system and multiple Cisco products are also affected by the recently disclosed major security flaw in the Sudo utility. | Vulnerability | ||
|
2021-02-03 14:52:53 | Virtual Event Today: IoT Lockdown - Join the Virtual Experience (lien direct) | 
|
|||
|
2021-02-03 14:36:56 | Microsoft Sees Spike in BEC Attacks Targeting Schools (lien direct) | In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise (BEC) attacks targeting K-12 school teachers by impersonating their colleagues. | |||
|
2021-02-03 13:40:04 | SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems (lien direct) | Cybersecurity firm Trustwave on Wednesday reported that one of its researchers recently discovered several potentially serious vulnerabilities in products made by Texas-based IT management solutions provider SolarWinds. | |||
|
2021-02-03 12:59:51 | Weak ACLs in Adobe ColdFusion Allow Privilege Escalation (lien direct) | A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites. | Vulnerability | ||
|
2021-02-03 12:12:58 | China-Linked Hackers Exploited SolarWinds Flaw in U.S. Government Attack: Report (lien direct) | Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday. | Vulnerability | ||
|
2021-02-03 11:52:48 | The Drovorub Mystery: Malware NSA Warned About Can\'t Be Found (lien direct) | 
NSA and FBI Released Detailed Information on Drovorub Linux Malware, But Major Cybersecurity Firms Found No Samples
|
Malware | ||
|
2021-02-03 04:38:32 | Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android (lien direct) | Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege. | Guideline | ||
|
2021-02-02 18:32:45 | Embedded Software Developer Wind River Discloses Data Breach (lien direct) | Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party. | Data Breach | ||
|
2021-02-02 16:37:33 | A Swiss Army Knife for Industrial Operations Protection (lien direct) | When we think about a Swiss Army Knife, we immediately picture a high-quality, multi-functional tool to help us tackle a wide array of tasks. The digital equivalent is the smartphone. A more security-specific example is the all-in-one, wireless home protection system. These solutions typically include sensors for windows, doors, and rooms, as well as cameras to remotely see what is happening inside and out, and an app to control everything from wherever you are. | Tool | ||
|
2021-02-02 13:53:50 | Sophisticated Multiplatform Malware \'Kobalos\' Targets Supercomputers (lien direct) | Cybersecurity firm ESET on Tuesday published a report detailing what it described as a previously undocumented piece of malware that had been observed targeting high-performance computing (HPC) clusters. | Malware | ||
|
2021-02-02 13:23:40 | Over 1 Million Impacted by Data Breach at Washington State Auditor (lien direct) | The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen. | Data Breach | ||
|
2021-02-02 12:04:09 | SonicWall Says \'a Few Thousand Devices\' Impacted by Zero-Day Vulnerability (lien direct) | SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks. | Vulnerability | ★★ | |
|
2021-02-02 11:26:42 | Apple Issues Patches for NAT Slipstreaming 2.0 Attack (lien direct) | Apple this week released security updates to address multiple vulnerabilities in macOS and Safari, including a flaw that can be exploited for the recently disclosed NAT Slipstreaming 2.0 attack. | |||
|
2021-02-02 04:56:53 | Cyberspies Delivered Malware to Gamers via Supply Chain Attack (lien direct) | Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company. | Malware | ||
|
2021-02-01 18:33:09 | Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015 (lien direct) | Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack. | |||
|
2021-02-01 15:29:35 | France Tries Three for Attack Plot After Cyber Infiltration (lien direct) | Two French citizens and a Moroccan went on trial in Paris on Monday charged with planning attacks after their cyber network was successfully infiltrated by a French intelligence agent posing as a jihadist. | |||
|
2021-02-01 15:00:20 | Fonix Ransomware Operators Close Shop, Release Decryption Keys (lien direct) | The cybercriminals behind the Fonix ransomware have announced plans to shut down their activity, and have already released the master decryption key for the malware. | Ransomware | ||
|
2021-02-01 14:46:10 | The Positive Impact of the Pandemic on SecOps Collaboration (lien direct) | Collaboration is a Hallmark of Successful Security Teams |
To see everything:
