What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-06 10:39:03 | White House warns of cryptography-cracking quantum computers (lien direct) | President Joe Biden signed a national security memorandum (NSM) on Thursday calling for government agencies to implement measures to mitigate risks posed by guantum computers to US national cyber security. The NSM highlights the dangers of cryptanalytically relevant quantum computers (CRQC), including their potential ability to brake public-key cryptography. Immediate risks include: Endangering civilian and military […] | |||
|
2022-05-06 10:16:45 | South Korea joins NATO Cyber Defence Centre (lien direct) | NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) has admitted South Korea, the first Asian country to join. The country’s National Intelligence Service (NIS) made the announcement today, noting that it will represent South Korea in the centre’s training and research activities. “We plan to strengthen our cyber response capabilities to a world-class level by increasing […] | |||
|
2022-05-05 15:20:05 | One Identity Guest Blog – The password checklist (lien direct) | By Dan Conrad, Security team lead at One Identity It is not a secret that passwords are not a particularly secure method of protection, furthermore in a world where multifactor authentication is becoming the norm, talking about password hygiene seems a little dated but still, according to the Verizon 2021 Data Breach Investigations Report, credentials […] | Data Breach Guideline | ||
|
2022-05-05 10:21:16 | OWASP patches path traversal flaw (lien direct) | The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks. The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched […] | Vulnerability | ||
|
2022-05-05 09:23:17 | 1000s of phishing emails sent from NHS inboxes (lien direct) | New research from the email security firm Inky has revealed that more than 1000 emails were sent from NHS inboxes over a six month period. The firm has claimed that the campaign, beginning October 2021, escalated “dramatically” in March of this year. After the findings were reported to the NHS on April 13, Inky reported that […] | |||
|
2022-05-04 10:40:06 | NCSC updates build environment best practices (lien direct) | The National Cyber Security Centre (NCSC), working alongside the Institute of Engineering and Technology (IET) and the UK’s Centre for the Protection of National Infrastructure (CPNI), has developed new document providing best practices for those involved in the design, management, operation and security of building-related systems. The Code of Practice: Cyber Security in the Built […] | |||
|
2022-05-04 10:01:16 | SEC bolsters cyber and crypto assets team (lien direct) | The Securities and Exchange Commission (SEC) has made serious improvements to its in-house cryptocurrency and cybersecurity skills. The move comes as an attempt to improve investor confidence and enhance the transparency of listed companies. 20 additional positions have been added to the regulator’s newly renamed Crypto Assets and Cyber Unit. Previously known as the Cyber […] | |||
|
2022-05-03 11:07:50 | TLStorm 2.0 – Airports, hospitals, hotels and enterprises at risk to new vulnerabilities (lien direct) | Armis, the unified asset visibility and security platform, disclosed five critical vulnerabilities, known as TLStorm 2.0, in the implementation of TLS communications in multiple models of network switches. The vulnerabilities stem from a similar design flaw identified in the TLStorm vulnerabilities (discovered earlier this year by Armis), expanding the reach of TLStorm to millions […] | |||
|
2022-05-03 09:33:45 | Cyber-espionage group targets Asian telecomms (lien direct) | Researchers at Sentinel Labs have identified a new cluster of malicious cyber activity tracked as Moshen drago, with its efforts aimed at telecommunication service providers in Central Asia. The new threat group does have overlaps with “RedFoxtrot” and “Nomad Panda,” notably including the use of ShadowPad and PlugX malware variants, their activities’ differentiate enough to […] | Malware Threat | ||
|
2022-05-03 09:10:15 | (Déjà vu) Spyware discovered on Spanish PM\'s phone (lien direct) | Spyware has been found on the mobile phones of Pedro Sánchez, prime minister of Spain, and Margarita Robles, the country’s minister of defence. The Spanish government revealed in a press conference given Monday morning that the phones had been infected withy Pegasus spyware, extracting data from both devices. Félix Bolaños, the minister for the presidency, […] | |||
|
2022-05-01 08:47:38 | 4 Reasons Why Data Science Is One of the Best Fields of Work (lien direct) | In the last decade, data science has become one of the most popular and in-demand fields of work. Data scientists are some of the highest-paid professionals in the world, and they get to use their skills to solve interesting problems. If you’re thinking about becoming a data scientist, here are four reasons who it is […] | |||
|
2022-04-29 10:02:16 | Deepfakes set to be used in organised crime (lien direct) | Europol has warned of a projected rise in the use of deepfake technology by organised crime organisations. Deepfakes involve the use of artificial intelligence to create realistic audio and audio-visual content “that convincingly shows people saying or doing things they never did, or create personas that never existed in the first place.” Facing Reality? Law […] | |||
|
2022-04-29 09:46:29 | Global security spending set to reach $198bn by 2025 (lien direct) | Market analysts at GlobalData have predicted that global cybersecurity spending is set to increase by 58%, reaching $198bn by 2025. GlobalData claims that an increasingly tense geopolitical landscape and the COVID-19 pandemic has placed the advantage squarely in the hands of threat actors. Spending will be primarily directed towards software, followed by services and hardware. “The […] | Threat | ||
|
2022-04-28 16:16:44 | KB4Con 2022 – The Latest in Hacking Techniques with the World\'s Most Famous Hacker (lien direct) | KB4Con 2022 ended on a high point as it involved an individual many of the attendees had been excited to hear from – someone who is widely considered to have coined the term hacking. It was none other than computing security consultant, author, “one-time world-most wanted hacker” and Chief Hacking Officer at KnowBe4, Kevin Mitnick. […] | |||
|
2022-04-28 16:14:38 | KB4Con 2022 – Cyber Resilience and the Fourth Industrial Revolution (lien direct) | Humanity has always embraced technology and, today, we are seeing increased IoT integration, cloud adoption and vast wave of remote workers who are connecting to more online infrastructures. However, this is leading many to question the cyber resiliency of organisations, particularly at a time when cyber-attacks are at an all-time high. In fact, according to […] | Guideline | ||
|
2022-04-28 11:21:35 | Ransoms only make up 15% of ransomware costs (lien direct) | Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors. The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption. Ransomware attacks are an increasingly popular […] | Ransomware Threat | ||
|
2022-04-28 08:51:12 | Synopsys Acquires WhiteHat Security to Expand Application Security Software-as-a-Service Capabilities (lien direct) | Yesterday, Synopsys, Inc. announced that it has signed a definitive agreement to acquire WhiteHat Security, a leading provider of application security Software-as-a-Service (SaaS). The addition of WhiteHat Security will provide Synopsys with significant SaaS capabilities and market-segment-leading dynamic application security testing (DAST) technology to strengthen what is considered one of the industry’s broadest application security testing portfolio. […] | Guideline | ★★ | |
|
2022-04-27 10:12:23 | Hackers claim to have breached Coca Cola (lien direct) | The group behind Stormous ransomware has announced the sale of almost 161GB of data allegedly belonging to Coca Cola. The data up for sale includes passwords, financial data and account details. The group is asking for 1.6467000 Bitcoin, or $ 64,396.67 for the data. The announcement follows Stormous publishing a poll in which the group […] | Ransomware | ||
|
2022-04-27 09:25:59 | US pledges $10m for Sandworm information (lien direct) | Authorities in the United States have offered a $10m reward for anyone that can help locate or identify six members of a state-sponsored Russian hacking group responsible for NotPetya. The call for information was issued by the Department of State’s Rewards for Justice (RFJ). The six officers of the Main Intelligence Directorate of the General […] | NotPetya | ||
|
2022-04-26 14:58:53 | Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™ (lien direct) | Synopsys has been named by Gartner, Inc. as a Leader in the “Magic Quadrant for Application Security Testing” for the sixth consecutive year.1 In the report, Gartner evaluated 14 application security testing vendors based on their Completeness of Vision and Ability to Execute. Synopsys placed highest in Ability to Execute and Completeness of Vision for the […] | Guideline | ||
|
2022-04-26 10:13:51 | North Korea targets journalists with novel malware (lien direct) | State sponsored hackers operating out of North Korea have been targeting journalists with a novel malware strain, it has been revealed. The group, known as APT37, distribute the malware through a phishing attack originally discovered by NK news, a US news site specialising in covering news and providing research and analysis about North Korea, using […] | Malware Cloud | APT 37 | |
|
2022-04-26 09:00:11 | Learn Why Adaptive Shield Provides Ultimate SaaS Security Posture Management (lien direct) | Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring that these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is: Each app has […] | ★★★★★ | ||
|
2022-04-25 11:12:01 | Universities lose over £2m to ransomware (lien direct) | A new report by Jisc has revealed that ransomware attacks cost organisations in the UK’s education sector upwards of £2m per incident. Jisc is a non-profit providing the UK’s higher and further education sector with IT services, including the Janet network and incident response. John Chapmans, head of Janet policy and strategy, has warned that […] | Ransomware | ||
|
2022-04-25 09:04:45 | FBI sounds alarm on BlackCat ransomware (lien direct) | The US Federal Bureau of Investigation (FBI) has issued a warning regarding the BlackCat ransonware-as-a-service (RaaS). The ransomware is reported to have hit at least 60 entities globally since its emergence in November of last year to March 2022. Also known as ALPHV and Noberus, BlackCat is notable for being the first malware ever written […] | Ransomware Malware | ||
|
2022-04-22 10:16:36 | FBI warns US farmers of ransomware attacks (lien direct) | The FBI has warned agricultural cooperatives in the US of ransomware attacks that could have devastating impacts on the country’s food supply. A Private Industry Notification issued this week claimed that the farming industry could be viewed as an irresistible target during the planting and harvesting seasons. Successful attacks could have major financial implications and […] | Ransomware | ||
|
2022-04-22 09:55:47 | North Korea funding nuclear program with cyber campaigns (lien direct) | An expert at the United Nations has called for an increased focus on North Korean cyber activity, as they believe it is being used to fund the country’s banned nuclear weapons program. Eric Penton-Voak, a co-ordinator of the the UN group tasked with monitoring the enforcement of sanctions on North Korea made the statement on […] | ★★★★★ | ||
|
2022-04-21 18:43:03 | Live from KB4-Con: Security Culture in the Spotlight (lien direct) | “How strong is your security culture… and are you controlling it?” This is the question posed by Kai Roer, chief research officer and Perry Carpenter, chief strategy officer at KnowBe4 during their session entitled Security Awareness, Behaviour and Culture – The Key to Making it Work at KB4-Con in Orlando. The pair posited to the […] | ★★★★★ | ||
|
2022-04-21 18:34:50 | Live from KB4-Con: KnowBe4 CEO introduces HDR – Human Detection and Response (lien direct) | Today, live from KB4-Con, Knowbe4’s CEO Stu Sjouwerman welcomed KnowBe4 partners and customers to the event and introduced the concept of HDR, or Human Detection and Response to attendees. Similar to the already recognised industry buzz phrase XDR that encapsulates all security defences with the end goal of reducing complexity through integration of many cybersecurity […] | |||
|
2022-04-21 14:44:02 | Five-Eyes issues Russian cyberattack warning (lien direct) | The Five-Eyes joint advisory board has warned that Russia is considering cyber attacks on Western nations as part of its war in Ukraine. Five-Eyes agencies have said several Russian government and military organisations, including the Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the General Staff Main Intelligence Directorate (GRU), have conducted malicious […] | ★★★★ | ||
|
2022-04-21 10:52:22 | Synopsys\' OSSRA report reveals challenges with managing open source risk in software supply chains (lien direct) | Last week, Synopsys released its 2022 Open Source Security and Risk Analysis (OSSRA) report. The report, produced analysed over 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, performed by the Black Duck® Audit Services team. The report highlights trends in open source usage within commercial and proprietary applications and provides insights to help developers […] | |||
|
2022-04-21 09:14:12 | UK government staff hit with billions of malicious emails in 2021 (lien direct) | New research from Comparitech has revealed that UK government employees received 2.4 billion malicious emails in 2021. This equates to around 2400 emails per employee, per year. The tech research firm acquired this information through Freedom of Information Requests. Perhaps more concerning, it’s estimated that employees across 260 organisations clicked 57,000 suspicious links over 2021. Assessed […] | ★★★★ | ||
|
2022-04-20 15:33:40 | NINETEEN GROUP APPOINTS QUEEN\'S AWARD WINNING ESKENZI PR TO PROMOTE UK\'S NEWEST CYBERSECURITY EVENT (lien direct) | Nineteen Group, organisers of the International Cyber Expo, today announces it has partnered with Queen's Award for Enterprise winning technology PR agency, Eskenzi PR to help spread the word about the industry's newest cybersecurity event. Eskenzi PR has been a pillar within the industry for nearly three decades and brings a wealth of experience […] | |||
|
2022-04-20 14:52:50 | Tips for Cybersecurity in Remote Working (lien direct) | The world has had a rough time following the spread of Coronavirus, also referred to as COVID-19. Following the pandemic's impact on economical, political, and social aspects, one of the biggest adoptions was working from home, also referred to as remote working. If companies and businesses were to continue operating and cut down losses, remote […] | ★★★★ | ||
|
2022-04-20 12:21:25 | (Déjà vu) LinkedIn the most impersonated brand for phishing attacks (lien direct) | Research carried out by Check Point Research (CPR) has revealed that LinkedIn is the most impersonated brand for phishing attacks. In its 2022 Q1 Brand Phishing Report, CPR revealed that phishing attacks impersonating LinkedIn made up 52% of all attempts globally in the first quarter of 2022. This is a 44% increase when compared to […] | |||
|
2022-04-20 09:03:11 | One Identity Builds Upon Partner Program Growth with Focus on Partner Needs, Partner Business Model Development (lien direct) | One Identity, a leader in unified identity security, announced yesterday that its One Identity Partner Circle Program had achieved exceptional results during the recently ended fiscal year as evidenced by 80% of global company sales linked to the channel (fiscal year 2022 ended January 31). Other milestones include the addition of more than 600 new […] | Guideline | ||
|
2022-04-19 10:41:45 | (Déjà vu) Blockchain companies warned of North Korean hackers (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the Treasury Department have all warned of new, ongoing attacks targeting blockchain companies, carried out by the Lazarus Group. The activity cluster has been dubbed TraderTraitor, involving the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the […] | Threat Medical | APT 38 APT 28 | |
|
2022-04-19 09:19:52 | Researchers say Pegasus spyware targeted UK PM (lien direct) | The UK Prime Minister’s Office has been targeted by Pegasus spyware over the past two years. Citizen Lab, a Canadian non-profit, has been tracking the use of the spyware, produced by Israel’s NSO group, in recent years. NSO Group is being sued by WhatsApp and Apple as their customers were targeted by the covert malware. It also […] | |||
|
2022-04-19 09:00:50 | The Checklist to Ensure the Ultimate SaaS Security Posture Management (SSPM) (lien direct) | Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility […] | |||
|
2022-04-14 10:41:22 | (Déjà vu) Microsoft disrupts ZLoader Cybercrime Botnet (lien direct) | A global consortium of cybersecurity companies have collaborated with Microsoft to disrupt the Zloader botnet. The operation succeeded in seizing control of 65 domains used to control and communicate with infected hosts. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based […] | |||
|
2022-04-14 09:44:56 | Wind turbine giant hacked (lien direct) | Nordex Group, a major German wind turbine manufacturer, suffered a cyberattack on the 31 March 2022. According to Nordex, the attack was discovered early by IT security teams, who reacted quickly. The company has announced that IT systems across multiple locations and business units were shut down as part of their response protocols. The company […] | ★★★★★ | ||
|
2022-04-13 10:31:57 | 600k worth of crypto stolen by ethical hacker (lien direct) | Authorities in Pinellas Park, Florida have arrested 27-year old Aaron Daniel Motta after he allegedly stole a client’s Trezor hardware wallet and its password while providing security assistance. Motta is a “certified ethical hacker”, and has been charged with grand theft and other computer offenses. The accused is currently self employed and owns Motta Management […] | |||
|
2022-04-13 09:57:41 | RaidForums hacker forum domain seized (lien direct) | RaidForums, one of the world’s largest hacking forums, has been raided and taken down by an international law enforcement operation. The forum was notorious for selling access to stolen personal information. The operation, dubbed “Tourniquet”, involved authorities from the US, UK, Sweden, Portugal and Romania. The investigation culminated in the arrest of the forum’s administrator […] | |||
|
2022-04-12 09:23:52 | CISA warns of Russian state hackers exploiting WatchGuard bug (lien direct) | The Cybersecurity and Infrastructure Security Agency has warned of Russian state actors exploiting a bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, reportedly exploited the high severity privilege escalation flaw (CVE-2022-23176) to develop a new botnet, dubbed “Cyclops Blink”, […] | |||
|
2022-04-12 09:00:53 | What Real-Life SaaS Attack Misconfiguration Exploits Can Teach Us (lien direct) | It's unfortunate, but true: SaaS attacks continue to increase. You can't get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company's SaaS estate. […] | ★★ | ||
|
2022-04-12 08:46:58 | Pegasus spyware targeted EU officials (lien direct) | Several senior European Union (EU) officials were reportedly targeted with Pegasus spyware last year. Among those targeted were European Justice Commissioner Didier Reynders and at least four other commission staff. Reuters has said that it was notified of the claims by two EU officials and documentation it had reviewed. The EU commission reportedly became aware […] | |||
|
2022-04-11 10:01:39 | Fraudsters stole £58m with RATs in 2021 (lien direct) | 2021 saw victims of Remote Access Tool (RAT)scams lost £58m in 2021, official UK police figures show. RAT scams involve scammers taking control of a victims device, typically in order to access bank accounts. Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident. Typically, RAT attacks begin […] | Tool | ★★★ | |
|
2022-04-08 14:30:21 | Server-Side-Request-Forgery Enabled Administrative Account Takeover on FinTech Platform (lien direct) | Salt Labs has uncovered a Server-Side-Request Forgery on a major FinTech platform, enabling an administrative account takeover. Researchers identified API vulnerabilities allowing them to launch attacks where: Attackers could gain administrative access to the banking platform Attackers could leak users' personal data Attackers could access users' banking details and financial transactions Attackers could perform unauthorised […] | ★★★ | ||
|
2022-04-08 10:21:24 | Mobile banking overwhelmingly safer for UK consumers (lien direct) | Mobile banking is the safest way to bank for UK consumers, RiskOps platform for financial risk management Feedzai revealed in their Q2 2022 Financial Crime Report, based on the analysis of over 18 billion global banking transactions throughout 2021. According to the report, banking represented 88% of all banking transactions in the U.K. during this […] | |||
|
2022-04-08 09:19:11 | 50% of security leaders consider quitting due to stress (lien direct) | A new study from Vectra AI has revealed that half of UK cybersecurity leaders consider leaving their jobs due to the pressure they face at work. The security vendor polled 200 security chiefs in the UK in order to better understand the emerging industry health crisis. The study revealed that two out of five security […] | Guideline | ||
|
2022-04-08 09:05:44 | (Déjà vu) Website of Russian oil giant allegedly hacked (lien direct) | Gazprom Neft, the oil arm of Russian state gas company Gazprom, has allegedly suffered a hack on Wednesday bringing down its website. A statement allegedly from Gazprom CEO Alexie Miller was displayed on the website, appearing to criticise Russia’s invasion of Ukraine. Miller is a close friend of President Vladimir Putin. The website went down […] | Hack |
To see everything:
Our RSS (filtrered)
