Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 18:32:45 |
Embedded Software Developer Wind River Discloses Data Breach (lien direct) |
Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 16:37:33 |
A Swiss Army Knife for Industrial Operations Protection (lien direct) |
When we think about a Swiss Army Knife, we immediately picture a high-quality, multi-functional tool to help us tackle a wide array of tasks. The digital equivalent is the smartphone. A more security-specific example is the all-in-one, wireless home protection system. These solutions typically include sensors for windows, doors, and rooms, as well as cameras to remotely see what is happening inside and out, and an app to control everything from wherever you are.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 13:53:50 |
Sophisticated Multiplatform Malware \'Kobalos\' Targets Supercomputers (lien direct) |
Cybersecurity firm ESET on Tuesday published a report detailing what it described as a previously undocumented piece of malware that had been observed targeting high-performance computing (HPC) clusters.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 13:23:40 |
Over 1 Million Impacted by Data Breach at Washington State Auditor (lien direct) |
The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 12:04:09 |
SonicWall Says \'a Few Thousand Devices\' Impacted by Zero-Day Vulnerability (lien direct) |
SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.
|
Vulnerability
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 11:26:42 |
Apple Issues Patches for NAT Slipstreaming 2.0 Attack (lien direct) |
Apple this week released security updates to address multiple vulnerabilities in macOS and Safari, including a flaw that can be exploited for the recently disclosed NAT Slipstreaming 2.0 attack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-02 04:56:53 |
Cyberspies Delivered Malware to Gamers via Supply Chain Attack (lien direct) |
Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 18:33:09 |
Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015 (lien direct) |
Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 15:29:35 |
France Tries Three for Attack Plot After Cyber Infiltration (lien direct) |
Two French citizens and a Moroccan went on trial in Paris on Monday charged with planning attacks after their cyber network was successfully infiltrated by a French intelligence agent posing as a jihadist.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 15:00:20 |
Fonix Ransomware Operators Close Shop, Release Decryption Keys (lien direct) |
The cybercriminals behind the Fonix ransomware have announced plans to shut down their activity, and have already released the master decryption key for the malware.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 14:46:10 |
The Positive Impact of the Pandemic on SecOps Collaboration (lien direct) |
Collaboration is a Hallmark of Successful Security Teams
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 14:30:28 |
Russian Hack Brings Changes, Uncertainty to US Court System (lien direct) |
Trial lawyer Robert Fisher is handling one of America's most prominent counterintelligence cases, defending an MIT scientist charged with secretly helping China. But how he'll handle the logistics of the case could feel old school: Under new court rules, he'll have to print out any highly sensitive documents and hand-deliver them to the courthouse.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 13:49:37 |
CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds.
|
Threat
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 12:16:20 |
OwnBackup Achieves \'Unicorn\' Status With $167.5 Million Funding Round (lien direct) |
Cloud data protection provider OwnBackup has completed a $167.5 million Series D funding round, which helped it reach “unicorn” status, at a valuation close to $1.4 billion. To date, the company has raised a total of more than $267.5 million in funding.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 11:34:21 |
Root9B, Fidem in Cybersecurity M&A Round-Up for January 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-02-01 09:50:30 |
Hijacked Perl.com Domain Hosted on IP Address Linked to Malicious Activity (lien direct) |
The Perl.com domain, which since 1997 had been serving articles about Perl programming, was hijacked last week.
Managed by The Perl Foundation, the site had David Farrell as editor, but received contributions for numerous Perl programming language enthusiasts, including Brian Foy, who also authored several books on Perl.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-31 11:57:43 |
OT Cybersecurity Firm Mission Secure Raises $5.6 Million in Series B Funding (lien direct) |
Mission Secure, a provider of visibility and cybersecurity solutions for industrial environments, announced this week that it has closed a Series B financing round in the amount of $5.6 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 16:35:06 |
UScellular Breach Allowed Hackers to Port Customer Phone Numbers (lien direct) |
Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a data breach.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 16:19:22 |
Unemployment Fraud - Preying on Those Most in Need (lien direct) |
The Covid-19 pandemic has been raging for nearly a year now. With the pandemic has come a tremendous amount of uncertainty. Many of us wonder when we will be able to return to normal life, when we will be able to see family and friends, and when we might resume those everyday activities we used to take for granted.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 16:06:57 |
Tanium Announces $150 Million Funding Investment From Ontario Teachers\' (lien direct) |
Endpoint management and security solutions provider Tanium this week announced the sale of $150 million in common stock to Ontario Teachers' Pension Plan Board.
Ontario Teachers' made the funding investment through its Teachers' Innovation Platform (TIP), which is involved in late-stage venture and growth equity investments in validated technologies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 14:37:22 |
Elusive Lebanese Threat Actor Compromised Hundreds of Servers (lien direct) |
A threat actor believed to be tied to the Lebanese government has compromised hundreds of servers pertaining to organizations worldwide, while maintaining a low profile, threat intelligence firm ClearSky reveals.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 14:35:27 |
Deep Analysis of More than 60,000 Breach Reports Over Three Years (lien direct) |
Hackers Are Winning Battles, While Victims are Gaming the Notification Laws
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 13:13:50 |
Attacks on Individuals Fall as Cybercrime Shifts Tactics (lien direct) |
Cybercriminals shifted away from stealing individual consumers' information in 2020 to focus on bigger, more profitable attacks on businesses, according to a report from the Identity Theft Resource Center.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 12:44:34 |
Encrypted Services Providers Concerned About EU Proposal for Encryption Backdoors (lien direct) |
European encrypted services providers ProtonMail, Threema, Tresorit and Tutanota on Thursday urged European Union policy makers to rethink plans that would require the implementation of encryption backdoors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 04:42:22 |
TPG Capital Acquires Majority Stake in PAM Solutions Provider Centrify (lien direct) |
Private equity firm TPG Capital on Thursday announced that it has agreed to acquire a majority stake in privileged access management (PAM) solutions provider Centrify.
Founded in 2004, Santa Clara, Calif.-based Centrify provides a platform designed to enforce least privilege access at scale, across enterprise networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-29 04:29:34 |
Many WordPress Sites Affected by Vulnerabilities in \'Popup Builder\' Plugin (lien direct) |
Multiple vulnerabilities patched recently in the popular WordPress plugin Popup Builder could be exploited to perform various malicious actions on affected websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 20:31:16 |
Apple Adds \'BlastDoor\' to Secure iPhones From Zero-Click Attacks (lien direct) |
Apple has quietly added several anti-exploit mitigations into its flagship mobile operating system in what appears to be a specific response to zero-click iMessage attacks observed in the wild.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 19:07:46 |
For Microsoft, Security is a $10 Billion Business (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 18:03:03 |
Security Resolutions to Make in 2021 (lien direct) |
The new year is already several weeks old, but it is still a great time to take stock, look ahead, and plan to make 2021 the best year yet. However, to do this, an organization needs to look back into 2020 to learn lessons from a particularly challenging time in cybersecurity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 16:16:45 |
Many European CISOs Shift Focus to Mobile Security: Survey (lien direct) |
A majority of chief information security officers (CISOs) in Europe said their cybersecurity strategy now focuses on mobile devices as a result of employees increasingly working remotely due to the pandemic, IT management and cybersecurity solutions provider Ivanti said in a report published this week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 13:36:34 |
Law Enforcement Planning Emotet Cleanup Operation Following Botnet Takedown (lien direct) |
Following a takedown operation earlier this month, authorities are taking steps towards cleaning up systems infected with the Emotet malware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 12:56:45 |
Apple to Crack Down on Tracking iPhone Users in Early Spring (lien direct) |
Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. The delay in its anticipated rollout aims to placate Facebook and other digital services that depend on such data surveillance to help sell ads.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-28 12:44:11 |
Stack Overflow Shares Technical Details on 2019 Hack (lien direct) |
Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 21:21:15 |
NetWalker Ransomware\'s Sites Seized by Law Enforcement (lien direct) |
Law enforcement authorities in the U.S. and Europe have seized the dark web sites associated with the NetWalker ransomware operations and also charged a Canadian national in relation to the malware.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 20:30:18 |
Ten-Year Old Sudo Vulnerability Gives Root Privileges on Host (lien direct) |
A major security hole in the Sudo utility could be abused by unprivileged users to gain root privileges on the vulnerable host, Qualys reports.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 18:24:10 |
CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 15:22:37 |
In the Hacker\'s Crosshairs: Active Directory (lien direct) |
Organizations Need to Adjust Their Security Strategies to Match Modern Threats
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 14:31:33 |
Emotet Botnet Disrupted in Global Law Enforcement Operation (lien direct) |
Authorities have managed to disrupt the infrastructure of the Emotet botnet, as part of an international effort of law enforcement agencies across Europe and North America.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 13:33:00 |
Cypriot National Admits in U.S. Court to Extorting Website Owners (lien direct) |
A Cypriot national has admitted in a United States court to hacking websites based in the U.S., stealing user data, and demanding ransom payments from the site owners to keep the data private.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 13:06:01 |
Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack (lien direct) |
Hundreds of industrial organizations have apparently received a piece of malware named Sunburst as part of the supply chain attack that hit IT management and monitoring firm SolarWinds last year, Kaspersky's ICS CERT unit reported on Tuesday.
|
Malware
|
Solardwinds
Solardwinds
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 09:49:45 |
Pwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits (lien direct) |
Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-27 02:33:37 |
Norway to Fine Dating App Grindr $11.7M Over Privacy Breach (lien direct) |
Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 20:18:34 |
Firefox Cracks Down on Supercookies to Improve User Privacy (lien direct) |
Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 19:52:04 |
Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day (lien direct) |
Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting a pair of security vulnerabilities.
The patches -- contained in iOS 14.4 and iPadOS 14.4 -- are currently being pushed to mobile users via the automatic updating mechanism.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 18:57:39 |
More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack (lien direct) |
Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it's unclear if it was specifically targeted.
|
Hack
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 15:14:58 |
NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks (lien direct) |
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 14:35:26 |
Google Says Chrome Cookie Replacement Plan Making Progress (lien direct) |
Google says it's making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 14:15:27 |
Several DDoS Attack Records Broken in 2020 (lien direct) |
Several companies that provide services for mitigating distributed denial-of-service (DDoS) attacks reported seeing records being broken in 2020.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 12:51:17 |
Australian Corporate Regulator Discloses Breach Involving Accellion Software (lien direct) |
The Australian Securities and Investments Commission (ASIC) on Monday disclosed a security incident that involved Accellion software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-01-26 12:47:17 |
CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO (lien direct) |
|
|
|
|