What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-16 11:16:20 | (Déjà vu) CISA Removes Windows Vulnerability From \'Must-Patch\' List Due to Buggy Update (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has temporarily removed a Windows flaw from its Known Exploited Vulnerabilities Catalog after it was informed by Microsoft that a recent update can cause problems on some types of systems. | Vulnerability | ||
|
2022-05-16 10:05:34 | Zyxel Firewall Vulnerability Exploitation Attempts Seen One Day After Disclosure (lien direct) | Exploitation attempts targeting a recently disclosed vulnerability affecting Zyxel firewalls started just one day after the flaw's existence came to light. | Vulnerability | ||
|
2022-05-14 19:48:45 | Hired \'Hackers\' Try, and Fail, to Invade Brazil Vote System (lien direct) | More than 20 would-be hackers gathered in the Brazilian electoral authority's headquarters in the capital this week. Their mission: infiltrate the nation's voting system ahead of a hotly anticipated race in October. | |||
|
2022-05-13 15:51:38 | Iran-Linked OilRig APT Caught Using New Backdoor (lien direct) | The Iran-linked hacking group OilRig was observed using a new backdoor in an attack against a government official within Jordan's foreign ministry, according to new research published this week. | APT 34 | ||
|
2022-05-13 15:11:38 | Hackers Can Make Siemens Building Automation Controllers \'Unavailable for Days\' (lien direct) | A vulnerability affecting building automation controllers from Siemens can be exploited to disrupt a device for an extended period of time, according to OT and IoT cybersecurity firm Nozomi Networks. | Vulnerability | ||
|
2022-05-13 13:26:53 | devOcean Emerges From Stealth With Cloud-Native Security Operations Platform (lien direct) | devOcean has emerged from stealth mode with a cloud-native security operations platform and $6 million in funding. The company's seed round was led by Glilot Capital Partners, with participation from angel investors. | APT 32 | ||
|
2022-05-13 12:41:23 | Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (lien direct) | Thousands of Zyxel firewalls could be vulnerable to remote attacks due to a vulnerability discovered recently by cybersecurity firm Rapid7. The vendor was quick to release a patch, but it did not immediately inform customers about it. | Vulnerability | ||
|
2022-05-13 11:22:38 | \'IceApple\' Post-Exploitation Framework Created for Long-Running Operations (lien direct) | CrowdStrike has detailed a new post-exploitation framework that could be the work of a state-sponsored threat actor, one likely linked to China. | Threat | ||
|
2022-05-13 11:08:59 | Critical Vulnerabilities Provide Root Access to InHand Industrial Routers (lien direct) | A total of 17 vulnerabilities have been found in a wireless industrial router made by InHand Networks, including flaws that can be chained to gain root access by getting a user to click on a malicious link. | |||
|
2022-05-13 10:43:10 | Ukrainian Sentenced to US Prison for Selling Hacked Credentials (lien direct) | A Ukrainian national has been sentenced to four years in a US prison for decrypting stolen usernames and passwords and selling them on a dark web marketplace. | ★★ | ||
|
2022-05-13 10:12:51 | Organizations in Europe Targeted With New \'Nerbian\' RAT (lien direct) | Proofpoint's security researchers have documented a new remote access trojan (RAT) being used in a series of recent attacks targeting various industries in multiple European countries. | ★★ | ||
|
2022-05-12 20:37:12 | Maryland Governor Signs Bills to Strengthen Cybersecurity (lien direct) | Gov. Larry Hogan signed measures to strengthen cybersecurity in state and local governments in Maryland on Thursday, after lawmakers approved legislation and big investments earlier this year to protect vital systems against cyberattacks. | ★★ | ||
|
2022-05-12 20:24:54 | Costa Rica Declares Emergency in Ongoing Cyberattack (lien direct) | 
|
Ransomware | ★★ | |
|
2022-05-12 18:00:04 | BalkanID Raises $6M for Intelligent IGA Technology (lien direct) | BalkanID, a startup with ambitious plans to disrupt the Identity Governance and Administration (IGA) space, has banked $5.75 million in seed funding to help organizations find and remediate risky privileges across SaaS and public cloud infrastructure. | ★★ | ||
|
2022-05-12 16:24:06 | Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency (lien direct) | Russia's government has put forward a law to force ride-hailing apps to give the FSB intelligence agency real-time access to their data. The Russian authorities have been ramping up restrictions on public freedoms since the start of Moscow's offensive in Ukraine on February 24. | ★★★★ | ||
|
2022-05-12 14:10:14 | Size of Early Stage Cyber Deals Continues to Surge: DataTribe (lien direct) | Early stage cybersecurity deals continue to surge in terms of valuation and round size, and cyber may be more resilient to economic conditions compared to other verticals, cybersecurity venture capital firm and incubator DataTribe said in its latest Insights report. | ★★ | ||
|
2022-05-12 13:33:17 | Application Security Firm StackHawk Bags $20.7 Million in Series B Funding (lien direct) | Application security startup StackHawk today announced that it has raised $20.7 million in Series B funding, which brings the total investment in the company to $35.3 million. The funding round was co-led by Sapphire Ventures and Costanoa Ventures, with additional investment from Foundry Group and other investors. | ★★ | ||
|
2022-05-12 13:18:29 | Iranian Cyberspy Group Launching Ransomware Attacks Against US (lien direct) | Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities, the Secureworks Counter Threat Unit (CTU) reports. | Ransomware Threat Conference | APT 35 APT 35 | ★★★ |
|
2022-05-12 12:59:47 | Zero Trust Firm Xage Security Adds $6 Million \'Top-up\' to $30 Million Series B Funding (lien direct) | Palo Alto, Calif-based firm Xage has raised a $6 million top-up to the $30 million Series B funding it secured in January 2022. The new financing comes from SCF Partners, an investor in energy and critical infrastructure services, and Overture Venture Capital, which specializes in startups in government, energy and climate. | |||
|
2022-05-12 11:45:21 | HP Patches UEFI Vulnerabilities Affecting Over 200 Computers (lien direct) | HP on Wednesday announced the release of patches for two high-severity vulnerabilities that impact the UEFI firmware of more than 200 laptops, workstations, and other products. | ★★★★ | ||
|
2022-05-12 11:08:03 | Hundreds of Thousands of Konica Printers Vulnerable to Hacking via Physical Access (lien direct) | Researchers at Atos-owned cybersecurity consulting firm SEC Consult analyzed Konica Minolta printers to determine what could be achieved by an attacker who has physical access to a device. The answer: a lot! | ★★★ | ||
|
2022-05-12 10:38:11 | Prepare for What You Wish For: More CISOs on Boards (lien direct) | We have a long way to go to get adequate cybersecurity expertise on boards, but the time has come to make it happen | ★★ | ||
|
2022-05-12 10:19:38 | Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard (lien direct) | Intel on Tuesday announced the release of patches for multiple vulnerabilities across its product portfolio, including a series of high-severity vulnerabilities in the BIOS firmware of several processor models. | ★★★ | ||
|
2022-05-11 15:39:24 | The Importance of Wellness for Security Teams (lien direct) | With the talent shortage in security, employers need to use a variety of tools to recruit and retain top talent | ★★★ | ||
|
2022-05-11 15:37:18 | (Déjà vu) Chrome 101 Update Patches High-Severity Vulnerabilities (lien direct) | Google this week announced the release of a Chrome browser update that resolves a total of 13 vulnerabilities, including nine that were reported by external researchers. Of the externally reported security holes, seven are use-after-free bugs – these types of vulnerabilities could lead to arbitrary code execution. | Guideline | ★★★ | |
|
2022-05-11 15:09:47 | SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineering (lien direct) | Vanity URLs offered by SaaS applications can be spoofed by malicious actors for phishing and social engineering, according to data security and analytics company Varonis. | ★★★ | ||
|
2022-05-11 14:56:25 | Ransomware Attack a Nail in the Coffin as Lincoln College Closes After 157 Years (lien direct) | Ransomware Attack and Covid-19 Blamed for Closure of Abraham Lincoln's Namesake College After 157 Years | ★★ | ||
|
2022-05-11 13:07:49 | Healthcare Technology Provider Omnicell Discloses Ransomware Attack (lien direct) | Healthcare technology company Omnicell revealed in a filing with the United States Securities and Exchange Commission (SEC) that it recently fell victim to a ransomware attack. | Ransomware | ★★★ | |
|
2022-05-11 12:21:09 | ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities (lien direct) | The 15 new advisories released by Siemens and Schneider Electric this Patch Tuesday address a total of 43 vulnerabilities, including ones that have been assigned a “critical” severity rating. | ★★★★ | ||
|
2022-05-11 12:01:48 | Webinar Today: Managing IoT/OT Visibility, Protection and Monitoring in a Zero Trust Environment (lien direct) | 
|
★★★ | ||
|
2022-05-11 11:48:38 | Africa Grapples With Way Forward on Cybercrime (lien direct) | Cyber experts are urging Africa to up its game in the face of criminals targeting the continent's fast-growing internet economy with scams and theft. | ★★ | ||
|
2022-05-11 11:17:40 | SAP Patches Spring4Shell Vulnerability in More Products (lien direct) | As part of its May 2022 Security Patch Day, SAP announced on Tuesday the release of eight new and four updated security notes, including three that address the recent Spring4Shell vulnerability in more products. | Vulnerability | ★★★ | |
|
2022-05-11 10:49:16 | Critical Vulnerability Exploited to \'Destroy\' BIG-IP Appliances (lien direct) | The recently patched F5 BIG-IP vulnerability tracked as CVE-2022-1388 is being increasingly exploited by threat actors, including to “destroy” affected appliances. | Vulnerability Threat | ★★★ | |
|
2022-05-11 10:09:56 | Windows Print Spooler Vulnerabilities Increasingly Exploited in Attacks (lien direct) | The number of attacks targeting Windows Print Spooler vulnerabilities has been increasing, according to cybersecurity firm Kaspersky. | ★★★★ | ||
|
2022-05-11 00:36:09 | Hackers Hit Web Hosting Provider Linked to Oregon Elections (lien direct) | A week before Oregon's primary election, the secretary of state's office is moving to protect the integrity of its online system where campaign finance records are published after a web hosting provider was hit by a ransomware attack. | Ransomware | ★★★★ | |
|
2022-05-10 18:22:58 | Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited (lien direct) | Microsoft on Tuesday released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks. | ★★★★ | ||
|
2022-05-10 18:02:52 | New Malware Samples Indicate Return of REvil Ransomware (lien direct) | New malware samples and a new Tor-based leak website suggest that the REvil ransomware operation has been resumed. Secureworks, which tracks the group behind REvil as Gold Southfield, has conducted an analysis of malware samples apparently created in March and April, and determined that the developer likely has access to the original REvil source code. | Ransomware Malware | ★★★ | |
|
2022-05-10 17:22:14 | Microsoft Azure Vulnerability Allowed Code Execution, Data Theft (lien direct) | Microsoft on Monday shared information on patches and mitigations for a vulnerability impacting Azure Data Factory and Azure Synapse Pipelines. | Vulnerability | ★★★★ | |
|
2022-05-10 16:32:05 | Adobe Warns of \'Critical\' Security Flaws in Enterprise Products (lien direct) | Software maker Adobe on Tuesday shipped patches to cover at least 18 serious security defects in multiple enterprise-facing products and warned that unpatched systems are at risk of remote code execution attacks. | ★★★★ | ||
|
2022-05-10 12:33:20 | Email Security Firm Abnormal Security Raises $210 Million at $4 Billion Valuation (lien direct) | Email security startup Abnormal Security announced today that it has reached a $4 billion valuation after raising $210 million in a Series C investment, which brings the total raised by the AI-focused cybersecurity company to $285 million. | ★★ | ||
|
2022-05-10 12:09:36 | DarkCrystal RAT Offers Many Capabilities for Very Low Price (lien direct) | BlackBerry's security researchers have performed a deep analysis of the DarkCrystal RAT and the dark web activity of its developer. | ★★★★ | ||
|
2022-05-10 11:49:30 | (Déjà vu) West Blames Russia for Satellite Hack Ahead of Ukraine Invasion (lien direct) | Western powers on Tuesday accused Russian authorities of carrying out a cyberattack against a satellite network an hour before the invasion of Ukraine to pave the way for its assault. | Hack | ★★★ | |
|
2022-05-10 11:49:30 | EU Blames Russia for Satellite Hack Ahead of Ukraine Invasion (lien direct) | The European Union on Tuesday accused the Russian authorities of carrying out a cyberattack against a satellite network an hour before the invasion of Ukraine to pave the way for its assault. | Hack | ★★★ | |
|
2022-05-10 11:26:52 | Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability (lien direct) | Indicators of compromise (IoCs) and other resources have been released to help defenders deal with the actively exploited F5 BIG-IP vulnerability tracked as CVE-2022-1388. | Vulnerability | ★★★★ | |
|
2022-05-10 10:51:50 | QNAP Patches Critical Vulnerability in Network Surveillance Products (lien direct) | Taiwanese network-attached storage (NAS) solutions provider QNAP Systems on Friday announced patches for a critical vulnerability impacting some of its network surveillance products. | Vulnerability | ★★★ | |
|
2022-05-10 10:17:22 | Microsoft Flexes Security Vendor Muscles With Managed Services (lien direct) | 
|
★★★ | ||
|
2022-05-10 10:05:31 | 7 Steps to Start Reducing Risk to Your Critical Infrastructure Quickly (lien direct) | In my previous column, I wrote about the steady drumbeat of alerts, news reports, and actual attacks demonstrating that critical infrastructure has been in the crosshairs of nation-state threat actors and cyber criminals for years. Now, evolving intelligence indicates attacks on critical infrastructure networks are taking center stage in the theater of war. | Threat | ★★ | |
|
2022-05-10 00:17:05 | Settlement Curbs Firm\'s Facial Recognition Database in US (lien direct) | Startup Clearview AI has agreed to limit access to its controversial facial recognition database in the United States, settling a lawsuit filed by privacy advocates, a court filing showed Monday. | ★★★ | ||
|
2022-05-09 17:19:16 | U.S. Offers $15 Million Bounty for Leaders of Conti Ransomware Gang (lien direct) | Eager to hunt down key leaders of the Conti ransomware gang, the United States Government is willing to pay up to $10 million for information leading to the identification and/or location of anyone holding a key leadership role in the group. | Ransomware Guideline | ★★★ | |
|
2022-05-09 13:55:07 | Regulator Proposes $1 Million Fine for Colonial Pipeline One Year After Cyberattack (lien direct) | 
|
★★ |
To see everything:
Our RSS (filtrered)
