What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-13 18:58:26 | OpenSSF Bags $10 Million Investment (lien direct) | The Linux Foundation has secured a new $10 million investment that will help expand and support the Open Source Security Foundation (OpenSSF). | |||
|
2021-10-13 18:27:31 | Intel, VMWare Join Patch Tuesday Parade (lien direct) | Technology giants Intel Corp. and VMWare joined the Patch Tuesday parade this week, rolling out fixes for security defects that expose users to malicious hacker attacks. | |||
|
2021-10-13 15:14:52 | Vendor Risk Management Firm Black Kite Raises $22 Million (lien direct) | Black Kite, a provider of third-party cyber risk rating services, announced today that it has raised $22 million in a Series B funding round led by Volition Capital, bringing the total raised by the Boston, Mass.-based company to more than $33.1 million. | |||
|
2021-10-13 14:40:12 | OT Cybersecurity Firm Shift5 Raises $20 Million to Protect Planes, Trains and Tanks (lien direct) | Shift5, an operational technology (OT) cybersecurity company specializing in transportation infrastructure and weapons systems, this week announced raising $20 million in a Series A funding round. The funding was led by 645 Ventures, with participation from Squadra Ventures, General Advance, and First In. | |||
|
2021-10-13 13:43:00 | Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Minutes (lien direct) | Over the past few months, a threat actor has been increasingly breaching enterprise networks to steal data and extort victims, but without disrupting their operations, researchers with the NCC Group reveal. | Threat | ||
|
2021-10-13 13:08:35 | US Talks Global Cybersecurity Without a Key Player: Russia (lien direct) | Russia, which hosts many of the criminal syndicates behind ransomware attacks around the world was not invited to an international counter-ransomware event | Ransomware | ||
|
2021-10-13 12:20:12 | Apple Points to Android Malware Infections in Argument Against Sideloading on iOS (lien direct) | Apple Threat Analysis Report Highlights Risks Posed by Sideloading on iOS Apple on Wednesday published a 30-page threat analysis report in an effort to show why allowing sideloading on iOS would pose serious privacy and security risks to iPhone users. | Malware Threat | ||
|
2021-10-13 10:07:23 | SAP Patches Critical Vulnerabilities in Environmental Compliance (lien direct) | On Tuesday, its October 2021 Security Patch Day, SAP announced the release of 13 new security notes and an update for a previously released note. Three of the notes are rated Hot News. | |||
|
2021-10-12 20:13:06 | CrowdStrike Launches Falcon XDR, Free Edition of Humio Data Warehouse (lien direct) | CrowdStrike made two major announcements at its own Fal.Con (virtual) conference this week, launching a free Community Edition of Humio, and announcing Falcon XDR. | |||
|
2021-10-12 19:53:49 | MS Patch Tuesday: 71 Vulns, One Exploited as Zero-Day (lien direct) | The Microsoft Patch Tuesday freight train for October rolled in with fixes for at least 71 security defects in Windows products and components and an urgent warning about a newly discovered zero-day cyberespionage campaign. | |||
|
2021-10-12 18:22:47 | Medical Technology Company Olympus Discloses Cyberattack (lien direct) | Japanese medical technology company Olympus this week revealed that its operations in the Americas were affected by a cyberattack. Detected on October 10, the attack forced the company to shut down some of its systems, but Olympus says that it is already working on restoring them back to normal. | |||
|
2021-10-12 17:57:58 | Adobe Patches Critical Code Execution Vulnerabilities in Several Products (lien direct) | Adobe on Tuesday announced that it has patched a total of 10 vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. | |||
|
2021-10-12 15:50:58 | CISO Forum Panel: Navigating SBOMs and Supply Chain Security Transparency (lien direct) | At SecurityWeek's 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. The conversation covers edge cases that are turning out to be more troublesome than anticipated and what might come next after SBOM and where there are opportunities for innovation (e.g., new tooling or standa | |||
|
2021-10-12 15:08:23 | Cybereason Partners With Google Chronicle on XDR Product (lien direct) | Extended Detection and Response (XDR) is touted as the security solution for the increasingly complex modern IT ecosphere. The principle is to extend EDR threat hunting beyond the endpoint and across the entire infrastructure. Cybereason has announced a partnership with Google Chronicle – the latter to provide ecosphere data, and the former to provide the threat hunting capability. | Threat | ||
|
2021-10-12 13:59:16 | Microsoft Azure Hit by 2.4 Tbps DDoS Attack (lien direct) | Microsoft on Monday revealed that an Azure customer was targeted in late August in a massive distributed denial of service (DDoS) attack that peaked at 2.4 Tbps (terabytes per second). | |||
|
2021-10-12 13:44:54 | (Déjà vu) ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Vulnerabilities (lien direct) | Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products. The companies have released patches and mitigations to address these vulnerabilities. | |||
|
2021-10-12 11:21:34 | GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket (lien direct) | Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. | Vulnerability | ||
|
2021-10-12 11:02:26 | Cloud Security Company Wiz Raises $250 Million at $6 Billion Valuation (lien direct) | Wiz on Monday announced raising $250 million in a Series C funding round, which brings the total raised by the cloud security company to $600 million. | |||
|
2021-10-12 10:12:10 | Vulnerabilities Expose exacqVision Video Surveillance Systems to Remote Attacks (lien direct) | Researchers at cybersecurity firm Tenable have discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls. | |||
|
2021-10-12 10:10:46 | Meeting Backup Requirements for Cyber Insurance Coverage (lien direct) | Many companies wrongly assume that having backups in the cloud can prevent or reduce the impacts of a ransomware attack | Ransomware | ||
|
2021-10-12 01:34:32 | Apple Confirms iOS 15 Zero-Day Exploitation (lien direct) | Apple rushes out iOS 15.0.2 to address a remote code execution vulnerability that is being actively exploited Apple's iOS zero-day problems appear to be getting worse. | Vulnerability | ||
|
2021-10-11 18:25:55 | Engineering Company Weir Group Discloses Ransomware Hack (lien direct) | Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. | Ransomware Hack | ||
|
2021-10-11 17:04:04 | Microsoft Exposes Iran-linked APT Targeting U.S., Israeli Defense Tech Sectors (lien direct) | Threat hunters at Microsoft are raising the alarm about a new Iran-linked threat actor caught using password-spraying techniques to break into defense technology companies in the United States, Israel and parts of the Middle East. | Threat | ||
|
2021-10-11 15:04:19 | Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist (lien direct) | Human rights organization Amnesty International last week reported identifying a link between an Indian cybersecurity company and the infrastructure used by a hacking group in an attack that attempted to deliver Android and Windows spyware to an activist in the West African country of Togo. | |||
|
2021-10-11 14:19:44 | InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks (lien direct) | Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available. | |||
|
2021-10-11 12:45:04 | NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks (lien direct) | The National Security Agency last week issued guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA) techniques. | |||
|
2021-10-11 12:02:21 | (Déjà vu) Cybersecurity M&A Roundup for October 1-10, 2021 (lien direct) | 
A total of nine cybersecurity-related acquisitions were announced in the first 10 days of October 2021.
|
|||
|
2021-10-11 11:04:04 | Cyberattacks Concerning to Most in US: Pearson/AP-NORC Poll (lien direct) | Most Americans across party lines have serious concerns about cyberattacks on U.S. computer systems and view China and Russia as major threats, according to a new poll. | |||
|
2021-10-11 09:57:15 | CISA Releases Remote Access Guidance for Government Agencies (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case. | |||
|
2021-10-08 14:39:26 | Google Patches Four Severe Vulnerabilities in Chrome (lien direct) | Google this week announced the release of an updated Chrome version for Windows, Mac and Linux, to address a total of four high-severity vulnerabilities in the browser. Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system. | |||
|
2021-10-08 14:26:39 | FontOnLake Linux Malware Used in Targeted Attacks (lien direct) | A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. | Malware | ||
|
2021-10-08 12:16:53 | Lots and Lots of Bots: Looking at Botnet Activity in 2021 (lien direct) | A botnet today can be used as a foundation for bad actors to carry out other attacks later | |||
|
2021-10-08 11:03:32 | Apache Releases Another Patch for Actively Exploited HTTP Server Zero-Day (lien direct) | The Apache HTTP Server Project on Thursday announced the release of another update in response to a recently discovered zero-day vulnerability after determining that the initial fix was incomplete. | Vulnerability | ||
|
2021-10-08 10:45:11 | CIA Creates Working Group on China as Threats Keep Rising (lien direct) | The CIA said Thursday it will create a top-level working group on China as part of a broad U.S. government effort focused on countering Beijing's influence. | |||
|
2021-10-08 10:14:00 | Twitch Struggles With Hackers and Hate Raid Bots (lien direct) | Twitch, Amazon's popular live video streaming platform, on Thursday said hackers took advantage of a mistake in a server configuration tweak to steal data. A massive trove of confidential Twitch data dumped on the internet included records showing top game play streamers took in millions of dollars during the past year. | |||
|
2021-10-08 08:36:06 | Attackers Encrypt VMware ESXi Server With Python Ransomware (lien direct) | A recently observed attack employed a Python-based ransomware variant to target an organization's VMware ESXi server and encrypt all virtual disks, Sophos reports. | Ransomware | ||
|
2021-10-07 16:06:33 | Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies (lien direct) | A report published by Mandiant on Thursday details the activities and tools of FIN12, a highly aggressive ransomware group that has likely made a significant amount of money over the past years. | Ransomware | ||
|
2021-10-07 14:55:55 | Iran-linked MalKamak Hackers Targeting Aerospace, Telcos With ShellClient RAT (lien direct) | Operation GhostShell Believed to be Linked to Iranian Threat Actor | Threat | ||
|
2021-10-07 14:46:17 | Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches (lien direct) | Cisco this week released patches for multiple high-severity vulnerabilities affecting its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products. Successful exploitation of these vulnerabilities could allow attackers to cause a denial of service (DoS) condition, execute arbitrary commands as root, or elevate privileges. | |||
|
2021-10-07 14:11:43 | How Integration is Evolving: The X Factor in XDR (lien direct) | XDR must be approached as an open architecture where integration is the linchpin Over the past couple of months, I've talked about how adversaries are evolving their approaches to attacks and the ripple effect that is having on our approach to detection and response. | |||
|
2021-10-07 13:47:51 | Microsoft: Russia Behind 58% of Detected State-Backed Hacks (lien direct) | Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said. | |||
|
2021-10-07 13:09:57 | Nigerian Man Living in U.S. Charged Over Role in BEC Scheme (lien direct) | A Nigerian national residing in Buffalo, New York, was indicted this week for facilitating a business email compromise (BEC) scam that resulted in hundreds of thousands of dollars being stolen from various companies. Charged with conspiracy to commit wire fraud, the man, Eric Iwu, aka James, 32, faces up to 20 years in prison and a fine of $250,000. | |||
|
2021-10-07 10:44:24 | Medtronic Recalls Medical Devices Due to Security Risks That Can Lead to Injury, Death (lien direct) | Medical device maker Medtronic is recalling remote controllers used with some of its insulin pumps due to cybersecurity risks that could lead to injury and even death. | Guideline | ||
|
2021-10-07 09:39:11 | Building a Secure Remote Connection Solution for Today\'s Business (lien direct) | The need for secure and reliable connectivity continues to be top of mind for many organizations. The persistence of the pandemic is making this essential. But even if it wasn't, many organizations are now committed to implementing permanent hybrid work and learning models, where employees and student alternate between on-premises and remote participation. The challenge of this transition involves more than just simple connectivity. | |||
|
2021-10-06 19:48:51 | Streaming Site Twitch Confirms Hack (lien direct) | Amazon's popular live video streaming platform Twitch said Wednesday hackers had broken into its network after reports of exposed confidential company data surfaced online. The service, where users often stream live video game play, confirmed the break-in on Twitter. | Hack | ||
|
2021-10-06 19:20:32 | DevOps Security Startup Mondoo Scores $15M Investment (lien direct) | Mondoo, a startup that provides security tools for DevOps teams, has raised $15 million in funding ($12 million in a new Series A round, and $3 million from a previously undisclosed seed round). The Series A funding round was Led by Atomico with participation from a range of high-profile private investors. | |||
|
2021-10-06 19:15:08 | US Poised to Go After Contractors Who Don\'t Report Breaches (lien direct) | The Justice Department is poised to sue government contractors and other companies who receive U.S. government grants if they fail to report breaches of their cyber systems, the department's No. 2 official said Wednesday. | ★★★★ | ||
|
2021-10-06 18:13:04 | Ransomware Risk Assessment Service Aims to Deflect Attacks (lien direct) | The function of cybersecurity is not to eliminate all attacks and compromises – that's impossible – but to make the attack so expensive and time-consuming on the attacker that he simply moves on to an easier target. That is the purpose of a new product/service designed to make commodity ransomware attacks less easy for the attacker. | Ransomware | ||
|
2021-10-06 18:04:21 | ESET Discovers UEFI Bootkit in Cyber Espionage Campaign (lien direct) | Threat hunters at ESET are training the spotlight on a previously undocumented UEFI bootkit capable of hijacking the EFI System Partition (ESP) to maintain persistence on infected Windows machines. | |||
|
2021-10-06 14:14:31 | Yubico Enables Biometric Logins With New YubiKey Bio Series (lien direct) | Yubico this week announced the general availability of YubiKey Bio Series, its first security key to support biometric authentication on desktop computers. |
To see everything:
Our RSS (filtrered)
