What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-10 10:42:59 | European Cybersecurity Blogger Awards 2021– Winners Announced! (lien direct) | Yet another year has passed, and so too has another evening celebrating the industry's best bloggers, podcasters, and social media personalities! Unfortunately, we've had to skip the pub again and opt for a virtual awards ceremony but as usual, we remain consistent with the alcohol supply. Thanks to our sponsors Qualys and KnowBe4, cocktail kits were delivered for free to all […] | |||
|
2021-06-08 16:13:19 | Software Giant Expands its Capabilities with Acquisition of Code Dx (lien direct) | Synopsys, Inc. has just recently announced that it has acquired Code Dx, provider of an award-winning application security risk management solution that automates and accelerates the discovery, prioritisation, and remediation of software vulnerabilities. This move by the software giant will allow customers to receive consolidated risk reporting and prioritisation across correlated software vulnerability data produced […] | Vulnerability | ||
|
2021-06-08 12:43:23 | Synopsys discovers denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ (lien direct) | The Synopsys Cybersecurity Research Center (CyRC) has exposed three separate denial of service vulnerabilities in open source message broker applications. Message brokers are used in software systems to enable multiple independent components to reliably and robustly exchange information. RabbitMQ, EMQ X, and VerneMQ are three open source message brokers. In each, CyRC research uncovered input that causes […] | |||
|
2021-06-07 14:59:37 | EVENT: OMICRON presents online conference on securing critical infrastructure (lien direct) | Due to the introduction of the EU Directive on Security of Network and Information Systems in 2016, cybersecurity measures are becoming increasingly important, especially for critical infrastructure such as electricity or water supply, or for large industrial companies. Our concise online conference will explore the ongoing technical challenges faced in securing critical infrastructure against potential […] | ★★★★ | ||
|
2021-06-07 11:49:31 | New AT&T Cybersecurity USM Anywhere Advisors Service Helps to Establish and Maintain Threat Detection and Response Effectiveness (lien direct) | AT&T Cybersecurity has announced its AT&T USM Anywhere platform will now offer on-demand advisory service for new and existing customers to tackle threat detection and response faster. The company recognises that security teams are often overwhelmed and understaffed. Therefore, the ability to confidently respond to threats is limited by the maturity of their cybersecurity technologies to react quickly to alerts. Also, […] | Threat | ||
|
2021-06-03 10:51:47 | White House contacts Russia following JBS ransomware attack (lien direct) | The White House has been in contact with Russia following a ransomware attack on JBS, the world’s largest meatpacking company. The attack which took place earlier this week resulted in the shutdown of operations in Australia and America. The White House has offered JBS assistance from the Department of Agriculture. JBS has been working alongside […] | Ransomware | ||
|
2021-06-03 10:22:56 | New York\'s subway breached by hackers (lien direct) | The Metropolitan Transportation Authority (M.T.A) was victim to a cyberattack in April when a hacking group accessed the authorities computer systems. The hacking group who are thought to have ties with China breached three M.T.A's computer systems. The breach took place over 2 days in April but was left unchecked for several days until it […] | |||
|
2021-06-02 14:46:33 | DOJ seized two domains used by NOBELIUM to impersonate USAID (lien direct) | The US Department of Justice (DOJ) has seized two Internet domains following a phishing campaign that impersonated the U.S. Agency for International Development (USAID) in order to distribute malware. The attacks were disclosed by Microsoft last Thursday. Microsoft stated that the campaign was conducted by NOBELIUM, a Russian state-affiliated hacking group also known as The […] | ★★★★ | ||
|
2021-06-02 14:08:09 | XSS Vulnerability found in WordPress Plugin (lien direct) | A security researcher has discovered an XSS vulnerability in the ReDi Restaurant Reservation WordPress plugin. Bastijn Ouwendijk has publically shared his findings of the popular WordPress plugin which is used to manage reservations for online businesses. The ReDi Restaurant Reservation plug-in currently has more than 1000+ live installations. Ouwendijk stated in his poster that attackers […] | Vulnerability | ||
|
2021-06-02 13:14:04 | Six million players\' profiles leaked following cloud misconfiguration (lien direct) | AMT Games has accidentally exposed almost six million players profiles due to a misconfigured cloud database. The Chinese game developer produces a number of titles, which have millions of downloads. Players of the popular Battle for the Galaxy title have been affected by the data leak, which has seen 1.5TB of data exposed from an […] | |||
|
2021-05-28 08:15:29 | FBI warns of Fortinet vulnerabilities (lien direct) | FBI has issued a warning about vulnerabilities in Fortinet after an APT group hacked a local government office. According to ZDnet, the FBI release did not say which government office had been attacked through a Fortigate appliance. The flash alert was issued on Thursday after it discovered that a local government office was attacked through […] | ★★★★ | ||
|
2021-05-28 08:09:09 | Army sends memo to remote workers reminding them of IoT security risks in-home (lien direct) | GCN has reported that the Army has reminded remote workers in-home IoT devices pose security risks. The Army wants to be sure remote workers aren't allowing smart devices in their home to listen in on any government-related conversations. In a memo dated 25th May, Army CIO Raj G. Iyer described mandatory procedures teleworkers must use […] | ★★★★★ | ||
|
2021-05-27 08:03:28 | Crypto fraud on social media is rife (lien direct) | Computer Weekly has reported that millions of pounds are lost to crypto fraud on social media. According to Action Fraud, more than £63m has been lost nationally by victims of investment fraud via a social media platform. British citizens have lost this huge sum of money in the past year to investment fraud conducted via […] | ★★★★★ | ||
|
2021-05-27 07:56:55 | Which? gives banks deadline on disclosing fraud refund rates (lien direct) | Banks have been urged by Which? to disclose fraud refund rates, according to Money Expert. It reported that the consumer advocacy agency has told banks they should reveal how often they reimburse customers who fall victim to bank transfer scams and has given financial institutions until Friday to disclose their reimbursement rates. This comes after […] | ★★★ | ||
|
2021-05-27 07:48:30 | VSCode Extension vulnerabilities could lead to cyberattacks on the supply chain (lien direct) | The Hacker News has reported that newly discovered bugs in VSCode Extensions could lead to supply chain attacks. The severe security flaws uncovered in the popular Visual Studio Code extensions could enable attackers to compromise local machines and build/deployment systems through a developer’s integrated development environment (IDE). The vulnerable extensions can also be exploited to […] | Guideline | ||
|
2021-05-26 08:10:02 | Almost half of British organisations aren\'t reporting data breaches, Crowdstrike finds (lien direct) | Nearly half of firms aren’t reporting data breaches, which is a problem since GDPR demands businesses who suffered a breach to report it within 72 hours. However, new figures from cybersecurity firm CrowdStrike suggest many British firms aren't reporting data breaches in a timely manner, as is required per General Data Protection Regulation (GDPR). Crowdstrike […] | ★★★ | ||
|
2021-05-26 08:04:15 | (Déjà vu) VMware issues critical patch on vCenter Server installs (lien direct) | According to Bleeping Computer, VMware is warning of a critical bug affecting all vCenter Server installs and the company is urging its customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that impacts all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs […] | Vulnerability | ||
|
2021-05-26 07:54:35 | Recent ransomware attacks prompt action from two-thirds of companies (lien direct) | In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the second half of 2021. According to the report, the severe disruptions caused by these attacks has […] | Ransomware | ||
|
2021-05-25 07:59:31 | (Déjà vu) Bose reports data breach following ransomware attack (lien direct) | Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company’s systems in early March. A breach notification letter filed with New Hampshire’s Office of the Attorney General by Bose stated the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.” | Ransomware Data Breach | ★★★★ | |
|
2021-05-25 07:54:09 | It\'s GDPR\'s 3rd Anniversary! (lien direct) | To celebrate the third Anniversary of GDPR, let’s have a look at some stories from around the web on its impact and effectiveness over the years: The New Statesman thinks getting hacked should be more expensive: https://www.newstatesman.com/business/sectors/2021/05/why-getting-hacked-should-be-more-expensive Here, Tripwire takes a look at GDPR’s impact on cloud service providers: Impact of GDPR on Cloud […] | ★★★ | ||
|
2021-05-25 07:42:34 | Latest MacOS patch sees fix for zero-day screenshot malware (lien direct) | Apple has released its macOS Big Sur 11.4 that expands support for external GPUs, fixes bugs in Safari and more. In addition, this update also makes the system more secure by patching an exploit that let sneaky malware take screenshots without the user being aware. Jamf, an Apple-focused mobile device management company, reported that the […] | Malware Patching | ||
|
2021-05-24 10:46:17 | Reinventing Asset Management for Cybersecurity Professionals (lien direct) | In conversations with our customers, it's very clear that organisations need to establish a comprehensive view of their IT asset infrastructure because you can't secure what you don't know or can't see. But that comprehensive view needs to be specific to the security team, which has a different role than IT teams concerned with inventory, […] | |||
|
2021-05-24 07:56:01 | City Police COVID loan fraud probes on the up (lien direct) | City police opened 50 per cent more Covid loan fraud probes in February, according to a City AM report. It noted that the City of London police had begun more investigations into fraud connected to the government's Bounce Back Loan scheme (BBLs) in February than the prior month. In fact, police opened 26 fraud probes […] | ★★★★ | ||
|
2021-05-24 07:46:47 | Damage of SITA data breach still unfolding as Air India compromised (lien direct) | Tech Crunch has reported that a recently found Air India passenger data breach indicates that the SITA hack is worse than first anticipated. Three months after air transport data giant SITA reported its own data breach, the damage is still mounting. Air India said this week that personal data of about 4.5 million passengers had […] | Data Breach Hack | ★★★★★ | |
|
2021-05-21 12:20:30 | How has Covid-19 changed our relationship with digital identity? (lien direct) | Almost every day, no matter where we go or what we do, we often have to provide proof that we are who we say we are. This can be when you open up a bank account, collect a parcel from the post office, or when you make certain purchases. What all these situations have in […] | |||
|
2021-05-20 11:58:33 | Beating ransomware criminals at their own game (lien direct) | With the steady stream of recent ransomware headlines from Colonial Pipeline to the Irish Health Service, it is clear that attempts to stem the wave of successful attacks are not working. The worry of waking up to a ransom message is what keeps many IT security managers and their bosses awake at night. For cybercriminals, […] | Ransomware | ||
|
2021-05-20 08:41:30 | Bug allowed strangers to access Eufy camera feeds (lien direct) | Eufy warned its customers this week after discovering an internal server bug that gave strangers the power to access and control private home-video feeds for an entire day. Customers were also given access to do the same to other users. The vulnerability was the result of a planned server upgrade, which accidentally connected Eufy customers […] | Vulnerability | ||
|
2021-05-20 08:26:10 | Domain Group targeted in phishing attack (lien direct) | Domain Group, an Australian digital real estate business has recently confirmed being targeted in a phishing attack. Jason Pellegrino, CEO of Domain Group, released a statement, in which he stated that “[they] have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made […] | |||
|
2021-05-19 13:57:56 | Round Table: The Smartest Person in the Room (lien direct) | The Eskenzi Cyber Book and Film Club delves into some of the themes that emerge from Christian Espinosa's best-selling book, 'The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity'. Chaired by co-founder of Eskenzi PR, Neil Stinchcombe, Christian is joined by Stephen Khan – Head of Tech and Cyber Security Risk at HSBC and Chair of ClubCISO as well […] | ★★★★★ | ||
|
2021-05-19 13:19:51 | KnowBe4 launches PhishFlip (lien direct) | KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, has announced a new product feature called PhishFlipTM, which turns real-world phishing attacks into safe, simulated phishing templates. A majority of data breaches begin with a phishing attack and the threat continues to grow. According to the fourth quarter 2020 Phishing Activity […] | Threat | ||
|
2021-05-19 12:47:52 | Synopsys Unveils Technology Alliance Partner Program, Adds Integrations for Application Security Orchestration Solution (lien direct) | Synopsys, Inc. has announced the expansion of the Technology Alliance Partner (TAP) segment of the Software Integrity Group's new Global Partner Program at RSA Conference. Synopsys is showcasing integrations between the company's Intelligent Orchestration solution and technology partner tools, including CloudBees and GitHub Actions. With more than 40 DevOps ecosystem vendors currently engaged, the TAP […] | |||
|
2021-05-19 08:43:37 | Issues with legacy data and IT systems (lien direct) | The National Audit Office (NAO) has said that the Covid-19 pandemic has “laid bare” issues caused by legacy IT within the government. The report analysing the government and the pandemic exposed some significant issues with regards to legacy data and IT systems. A large part of the government’s Covid-19 response has been the use and […] | ★★★★★ | ||
|
2021-05-19 08:24:07 | 2.9 million DDoS attacks recorded in Q1 2021 (lien direct) | Researchers from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT) have reported that the first quarter of 2021 saw the launch of approximately 2.9 Distributed Denial of Service (DDoS) attacks. This is a 31% increase to the amount launched at the same time last year. The researchers claimed that “the first two months of the […] | ★★ | ||
|
2021-05-18 08:42:58 | Ireland\'s HSE refuses to pay ransom (lien direct) | Following the cyber attack on the Ireland’s Health Service Executive (HSE), the attackers have sought a ransom. HSE has, however, stated they will not be paying the hackers, even while the country’s healthcare and social services continue dealing with the disruption of the ransomware, which has been described as potentially the ‘most significant’ case of […] | ★★★ | ||
|
2021-05-18 08:24:26 | Strange – but effective – cyber defence trick (lien direct) | Recently, KrebsOnSecurity discovered that close to all ransomware strains have a particular built-in failsafe: they will not install on a device that uses specific virtual keyboards, specifically Russian or Ukrainian. Several Russian-language affiliate moneymaking programmes, including Darkside, prevent their criminal associates to install any malicious software on devices in several Eastern European countries. This is […] | Ransomware | ||
|
2021-05-17 08:35:15 | Irish healthcare system suffers two cyber-attacks (lien direct) | It has been confirmed that Ireland’s healthcare system fell victim to two cyber-attacks on Thursday and Friday last week. The Department of Health reported that its IT systems were shut down after the first ransomware attack on Thursday. On Friday a similar attack was launched against the Health Service Executive (HSE) causing “substantial” cancellations to […] | Ransomware | ||
|
2021-05-17 08:28:31 | Insurance giant hit by ransomware (lien direct) | Over the weekend AXA, an insurance giant based in Thailand, Malaysia, Hong Kong and the Philippines, reported falling victim to a ransomware attack. The attack is claimed to have been perpetrated by the Avaddon ransomware group, which has said it stole 3 TB of sensitive data from AXA’s Asian operations. The attack was not limited […] | Ransomware | ||
|
2021-05-14 15:58:21 | Are your remote or furloughed employees a security threat? (lien direct) | The evolution of the workplace has accelerated over the past year for reasons too painfully obvious to mention. In light of the office exodus, employers have been set the enormous task of adapting and accommodating a remote workforce and managing morale in the face of furloughs. Among the many practical challenges is shoring up your […] | |||
|
2021-05-14 09:50:05 | Heightened work-related stress and increased workloads are taking their toll on technology leader\'s mental wellbeing (lien direct) | A CISOs workday is riddled with high-stress situations as they constantly battle the deluge of threats emerging from the ever-expanding threat landscape. Therefore it is no wonder that the majority of technology leaders are feeling stressed. In recent years the challenges that CISOs face have only intensified. Since the pandemic, security professionals have had […] | Threat Guideline | ||
|
2021-05-13 10:07:40 | Unlock your potential with an intensive cybersecurity retraining bootcamp (lien direct) | The skills gap in cybersecurity is a much-discussed problem in the industry. Diversity is another issue that employers and educational institutions are trying to tackle, but changes are somewhat slow to come. And as the economy moves further into the digital age, it was clear to see people need help changing their career. These were […] | |||
|
2021-05-10 21:52:31 | Protected: Password Security – Now\'s the time to get serious (lien direct) | There is no excerpt because this is a protected post. | |||
|
2021-05-10 11:06:31 | Where DevOps collides with identity security (lien direct) | DevOps is fast becoming a central part of enterprise IT. For entirely understandable reasons, too. As organisations mature and grow, unintended IT silos often prevent the innovation of new products and services from taking flight. DevOps represents the unification of Development and Operations teams and, within that, huge gains for productivity, efficiency and innovation in […] | |||
|
2021-05-10 11:00:58 | Hurrah – It\'s (patch) Tuesday! (lien direct) | When you look at the root causes of a breach – the most prevalent cause is human error. But dig a little deeper and that human error is often failure to patch known security vulnerabilities – many of which have gone unnoticed for not just a few days, but often months and years. This past […] | |||
|
2021-05-07 15:41:46 | Three US healthcare providers suffer data breach (lien direct) | Following a ransomware attack on the administrative services company, CaptureRx, at least three US healthcare providers suffered a data breach. The attach occurred on February 6, and an investigation was launched almost two weeks later, discovering that several files had been accessed by an unauthorised user. The personal health information (PHI) of more than 24,000 […] | Ransomware Data Breach | ||
|
2021-05-07 13:35:49 | Risk to Financial Services and Insurance Organisations increased by 125% in 2020, report reveals (lien direct) | Despite the increased use of mobile device management (MDM), mobile phishing among financial services was at an all-time high last year. A report conducted by endpoint security expert, Lookout, revealed a 125% increase in exposure to considerable risk in both financial services and insurance organisations. The financial report also uncovered that the risk exposure to […] | |||
|
2021-05-07 13:34:05 | Obrela teams up with ABS to boost industrial defences against cyberattacks (lien direct) | The recent cyber-attack against Oldsmar Water Plant in Florida has increased concerns over cybercriminals targeting industrial organisations and highlighted that the cyber-physical attacks that have been predicted for years, are now happening. In February this year, it was announced that cybercriminals had broken into the water plant and changed the level of sodium hydroxide being fed […] | |||
|
2021-05-07 10:09:24 | NCSC provides guidance on cybersecurity for smart cities (lien direct) | The National Cyber Security Centre (NCSC) has released a set of security principles for local authorities to help protect smart city technology from cyber threats. Along with the guidance, it is warning that compromise of a single system in a smart city could have a negative impact across the network if badly designed, this includes […] | ★★★★ | ||
|
2021-05-06 13:07:24 | It\'s World Password Day – Here\'s what the experts say (lien direct) | Passwords essentially are the gateways to our digital lives. From business accounts, social media, shopping, banking – you name it – if they're compromised, it can have big implications. To mark the day, we've compiled the advice of some of the world's leading experts in cybersecurity to help keep individuals and, ultimately, businesses safer on […] | Guideline | ||
|
2021-05-06 11:42:51 | Belgium\'s parliament suffer DDoS attack (lien direct) | On Tuesday the internet service provider Belnet fell victim to a cyberattack. The attack took place at 11:00am CEST when the company experienced a distributed denial of service (DDoS) attack. This resulted in Belnet’s servers being overloaded and preventing any availability of their online services. The attack affected any website with .be domains. As a […] | |||
|
2021-05-05 16:38:04 | 21Nails: Multiple Critical Vulnerabilities in Exim Mail Server (lien direct) | Researchers from Qualys released a study that found 21 unique vulnerabilities in the Exim mail server. Some of these can be linked together to obtain full remote unauthenticated code execution and gain root privileges. In a blog post, the Qualys Research Team said that the vulnerabilities potentially affect numerous organisations due to an estimated 60% […] |
To see everything:
Our RSS (filtrered)
