What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-30 00:54:59 | Stealthy RotaJakiro Backdoor Targeting Linux Systems (lien direct) | Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems. It has been undetected for at least three years, and operates as a backdoor. Four samples have now been discovered, all using the same C2s. The earliest was discovered in 2018. None of the samples were labeled malware by VirusTotal. | Malware | ||
|
2021-04-29 20:43:33 | BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices (lien direct) | Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks. | |||
|
2021-04-29 15:04:59 | Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks (lien direct) | F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM), but fixes are not available for all impacted versions. | Vulnerability | ||
|
2021-04-29 14:35:46 | DigitalOcean Discloses Breach Involving Billing Information (lien direct) | Cloud solutions provider DigitalOcean has started informing some customers that their billing information may have been compromised after someone exploited a vulnerability in the company's systems. | Vulnerability | APT 32 | |
|
2021-04-29 13:07:08 | Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation (lien direct) | Threat detection and response solutions provider Vectra AI on Thursday announced that it has raised $130 million at a valuation of $1.2 billion, which makes the company the latest cybersecurity unicorn. | |||
|
2021-04-29 12:40:30 | Effective Security Needs to See and Interrupt Every Step in an Attack Chain (lien direct) | The best defense in depth strategy should not include loading up your network with a plethora of point solutions | |||
|
2021-04-29 11:59:49 | Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip (lien direct) | Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip. | Vulnerability | ||
|
2021-04-29 11:27:22 | FluBot Android Malware Expected to Start Targeting U.S. (lien direct) | The FluBot Android malware is spreading fast across Europe using an SMS package delivery scheme and it's soon expected to arrive in the United States as well, cybersecurity company Proofpoint warned this week. | Malware | ||
|
2021-04-29 10:27:10 | Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks (lien direct) | Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks. | Threat | ||
|
2021-04-29 04:01:01 | Chinese Cyberspies Target Military Organizations in Asia With New Malware (lien direct) | A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday. | Malware | ||
|
2021-04-29 01:39:41 | US Government Taking Creative Steps to Counter Cyberthreats (lien direct) | An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it | Hack Tool | ||
|
2021-04-28 16:00:25 | Death of the Manual Pen-Test: Blind Spots, Limited Visibility (lien direct) | Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. The reasons are not difficult to understand: the cost and coverage of manual testing is too high and too limited. | Vulnerability | ||
|
2021-04-28 15:14:27 | CISO Conversations: Raytheon and BAE Systems CISOs on Leadership, Future Threats (lien direct) | 
|
|||
|
2021-04-28 14:59:36 | Google Data Protection Case to be Heard in UK Supreme Court (lien direct) | Google on Wednesday began a legal bid at Britain's highest court to try to block a class action alleging that it illegally tracked millions of iPhone users. The hearing at the Supreme Court will hear arguments for two days before judges decide whether the claim against the internet search giant should proceed. | |||
|
2021-04-28 14:02:59 | Cyberspace Solarium Commission: CISA Funding Should Increase by at Least $400M (lien direct) | In a letter to the United States House Committee on Appropriations, two members of the Cyberspace Solarium Commission are asking for an increase in funding for the Cybersecurity and Infrastructure Security Agency (CISA) in fiscal year 2022. | |||
|
2021-04-28 13:13:07 | Navy SEALs to Shift From Counterterrorism to Global Threats (lien direct) | Navy SEAL platoons are beefing up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence | |||
|
2021-04-28 12:41:17 | DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation (lien direct) | DevSecOps company Sysdig on Wednesday announced becoming a “unicorn” after raising $188 million in a Series F funding round at a valuation of $1.19 billion. | |||
|
2021-04-28 11:05:48 | Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords (lien direct) | New service can tell a company which users have a password known to hackers, without having to know the usernames | |||
|
2021-04-28 11:02:33 | Russia-Linked \'Ghostwriter\' Disinformation Campaign Tied to Cyberspy Group (lien direct) | A widespread disinformation campaign dubbed Ghostwriter is believed to be the work of a state-sponsored cyber-espionage group, cybersecurity firm FireEye reported on Wednesday. | |||
|
2021-04-28 08:43:52 | Google Patches Yet Another Serious V8 Vulnerability in Chrome (lien direct) | An update released this week by Google for Chrome 90 patches yet another serious vulnerability affecting the V8 JavaScript engine used by the web browser. The flaw, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from Chinese cybersecurity firm Singular Security Lab. | Vulnerability | ||
|
2021-04-27 19:33:22 | FBI/DHS Issue Guidance for Network Defenders to Mitigate Russian Gov Hacking (lien direct) | The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service (SVR) via the cyber actor known as APT 29 (aka the Dukes, Cozy Bear, Yttrium and CozyDuke). | Threat | APT 29 APT 29 | |
|
2021-04-27 15:55:01 | US Air Force Adopts Zero Trust to Secure Flightline Operations (lien direct) | 
Zero trust is an important part of business transformation. As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used.
|
|||
|
2021-04-27 15:38:27 | Sift Raises $50M at \'Unicorn\' Valuation (lien direct) | Fraud prevention technology provider Sift is now the 14th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding. | |||
|
2021-04-27 14:40:09 | Endpoint Management Firm Automox Raises $110 Million (lien direct) | Cyber hygiene and patch management company Automox on Tuesday announced raising $110 million in a Series C funding round that brings the total raised by the firm to more than $152 million. | |||
|
2021-04-27 13:29:38 | Adobe Releases Open Source Anomaly Detection Tool "OSAS" (lien direct) | Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop' (OSAS), a new tool designed to help security teams discover anomalies in datasets. | Tool | ||
|
2021-04-27 13:03:32 | Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply (lien direct) | Power management solutions provider Eaton has released patches for its Intelligent Power Manager (IPM) software to address several potentially serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply. | |||
|
2021-04-27 11:39:04 | CISA, NIST Provide New Resource on Software Supply Chain Attacks (lien direct) | In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) provide information on software supply chain attacks, the associated risks, and how organizations can mitigate them. | |||
|
2021-04-27 11:13:25 | Apple Patches macOS Security Bypass Vulnerability Exploited by \'Shlayer\' Malware (lien direct) | Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group. | Malware Vulnerability Threat | ||
|
2021-04-27 10:28:31 | DC Police Department Hit by Apparent Extortion Attack (lien direct) | The Washington, D.C., police department said Monday that its computer network was breached, and a Russian-speaking ransomware syndicate claimed to have stolen sensitive data, including on informants, that it threatened to share with local criminal gangs unless police paid an unspecified ransom. | Ransomware | ||
|
2021-04-27 02:01:42 | Officials Say School District Near Albany Hit by Cyberattack (lien direct) | An Albany-area school district is investigating a malware attack that forced students in grades 7 through 12 into all-remote learning on Monday, district officials announced. | Malware | ||
|
2021-04-27 00:26:52 | Apple\'s iPhone Privacy Clampdown Arrives After 7-Month Delay (lien direct) | Apple is following through on its pledge to crack down on Facebook and other snoopy apps that secretly shadow people on their iPhones in order to target more advertising at users. | |||
|
2021-04-27 00:16:39 | NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability (lien direct) | A newly identified NTLM (New Technology LAN Manager) relay attack abuses a remote procedure call (RPC) vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal. | Vulnerability | ||
|
2021-04-26 22:17:55 | Apple iOS 14.5 Patches 50 Security Vulnerabilities (lien direct) | Apple on Monday shipped the long-awaited iOS and iPadOS 14.5 update with patches for at least 50 documented security vulnerabilities. | |||
|
2021-04-26 15:05:53 | Oilfield Services Company Gyrodata Discloses Data Breach (lien direct) | Oilfield services company Gyrodata last week revealed that it was recently targeted in a cyberattack that resulted in sensitive employee information being compromised. Houston, Texas-based Gyrodata provides surveying and wireline services for oil and gas, mining, and civil engineering projects. | Data Breach | ||
|
2021-04-26 14:49:52 | Thoma Bravo Buys Proofpoint in $12.3 Billion All-Cash Deal (lien direct) | Enterprise security vendor Proofpoint has been acquired by private equity firm Thoma Bravo in an all-cash transaction that values Proofpoint at approximately $12.3 billion. | |||
|
2021-04-26 14:06:14 | Window Snyder Launches IoT Security Company Thistle Technologies (lien direct) | IoT device security startup Thistle Technologies launched last week with $2.5 million in seed funding from Silicon Valley venture capital firm True Ventures. | |||
|
2021-04-26 13:10:00 | Uninstall Command Completes Emotet Botnet Cleanup Operation (lien direct) | Roughly one million computers are getting rid of the Emotet malware after law enforcement agencies served them an update meant to trigger an uninstall process on April 25. | Malware | ||
|
2021-04-26 12:42:20 | Cybersecurity M&A Roundup for April 19-25, 2021 (lien direct) | 
|
|||
|
2021-04-26 11:53:46 | Outages Blamed on Malware Still Plaguing Budget Airlines (lien direct) | A technology provider says a malware attack triggered a dayslong outage that has caused reservations systems to crash at about 20 low-cost airlines around the world. The company, Radixx, said it noticed “unusual activity” around its reservations program on Tuesday. It did not describe the malware or say how it got into the program. | Malware | ||
|
2021-04-26 11:06:57 | Passwordstate Users Told to Reset All Passwords Following Cyberattack (lien direct) | Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software's In-Place Upgrade functionality. | |||
|
2021-04-25 10:52:53 | Apple Moving Forward on App Privacy, Despite Pushback (lien direct) | An update to the software powering some billion iPhones around the world kicks in Monday with an enhanced privacy feature critics fear will roil the internet advertising world. | |||
|
2021-04-25 00:25:55 | The Big Pentagon Internet Mystery Now Partially Solved (lien direct) | 
|
|||
|
2021-04-24 16:03:02 | Security Researcher Dan Kaminsky Passes Away (lien direct) | The cybersecurity world woke up Saturday to news of the sudden passing of Dan Kaminsky, a celebrated hacker who is widely credited with pioneering research work on DNS security. Kaminsky was 42. | |||
|
2021-04-23 16:56:47 | Tor-Based Linux Botnet Abuses IaC Tools to Spread (lien direct) | A recently observed malware botnet targeting Linux systems is employing many of the emerging techniques among cyber-criminals, such as the use of Tor proxies, legitimate DevOps tools, and the removal of competing malware, according to new research from anti-malware vendor Trend Micro. | Malware | ||
|
2021-04-23 15:02:53 | Zoom Is 16th CVE Numbering Authority Appointed in 2021 (lien direct) | Non-profit research and development organization MITRE on Friday announced that video conferencing giant Zoom has been named a CVE Numbering Authority (CNA). | |||
|
2021-04-23 13:51:53 | New Initiative to Protect U.S. Electrical Grid From Cyberattacks: Feedback Friday (lien direct) | The U.S. Department of Energy (DOE) this week kicked off a 100-day plan whose goal is to improve the cybersecurity of electric utilities - specifically their industrial control systems (ICS) - and secure the energy sector supply chain. | |||
|
2021-04-23 13:15:52 | Files on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks (lien direct) | Following a wave of ransomware attacks, network-attached storage (NAS) appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices. | Ransomware Malware | ||
|
2021-04-23 10:39:17 | Perception Point Raises $28 Million Grow Collaboration Protection Platform (lien direct) | Perception Point, an Israeli startup focused on protecting against threats coming through collaboration tools, email and other cloud-based services, announced this week that it has raised $28 million in Series B funding, bringing the total amount raised by the company to $48 million. | |||
|
2021-04-23 03:46:34 | Deep Instinct Raises $100 Million in Series D Funding Round (lien direct) | Deep Instinct, a New York-based company that provides threat protection products powered by deep learning, on Thursday announced that it has raised $100 million in a Series D funding round. | Threat | ||
|
2021-04-22 17:59:28 | APT Abuses Pulse Secure, SolarWinds Appliances at the Same Organization (lien direct) | The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) has raised an alarm for a new cyberattack in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes. |
To see everything:
