What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-03 17:23:53 | USCYBERCOM Warns of Mass Exploitation of Atlassian Vulnerability Ahead of Holiday Weekend (lien direct) | USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are sounding the alarm just before the Labor Day weekend in the U.S., urging organizations to patch a critical vulnerability (CVE-2021-26084) affecting Atlassian Confluence Server and Data Center. | Vulnerability | ||
|
2021-09-03 14:05:52 | Apple Announces Delay of Child Protection Measures (lien direct) | Apple announced Friday that it will delay the rollout of its controversial new child pornography protection tools, accused by some of undermining the privacy of its devices and services. | |||
|
2021-09-02 21:01:17 | Facebook Pays Out $40,000 for Account Takeover Exploit Chain (lien direct) | Social media giant Facebook on Thursday announced a new payout guideline to help vulnerability hunters better understand its bounty decisions related to given bugs. | Vulnerability | ||
|
2021-09-02 19:01:26 | Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft (lien direct) | Software vendor SolarWinds failed to enable an anti-exploit mitigation available since the launch of Windows Vista 15 years ago, an oversight that made it easy for attackers to launch targeted malware attacks in July this year. | Malware | ||
|
2021-09-02 17:25:00 | SOAR Company D3 Security Raises $10 Million (lien direct) | Security orchestration, automation and response (SOAR) provider D3 Security this week announced raising $10 million in growth equity investment from Vistara Growth. D3 Security also said it obtained an additional $5 million in debt financing from a major financial institution. | |||
|
2021-09-02 14:59:09 | Corelight Banks $75M for Network Monitoring Expansion Plans (lien direct) | Network detection and response play Corelight has raised a fresh $75 million funding round to speed up its global expansion ambitions. The San Francisco-based Corelight said the Series D investment was led by Energy Impact Partners and brings the total raised to $160 million. | |||
|
2021-09-02 14:24:47 | Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions (lien direct) | Railway Communication Devices Made by Moxa Affected by 60 Vulnerabilities Railway and other types of wireless communication devices made by Taiwan-based industrial networking and automation firm Moxa are affected by nearly 60 vulnerabilities. | |||
|
2021-09-02 13:32:01 | Israeli Foreign Minister Promises Closer Look at NSO (lien direct) | Israel's foreign minister on Wednesday played down criticism of the country's regulation of the cyberespionage firm NSO Group but vowed to step up efforts to ensure the company's controversial spyware doesn't fall into the wrong hands. | |||
|
2021-09-02 13:06:21 | BrakTooth: New Bluetooth Vulnerabilities Could Affect Millions of Devices (lien direct) | A group of researchers with the Singapore University of Technology and Design have disclosed a family of 16 new vulnerabilities that affect commercial Bluetooth Classic (BT) stacks. | |||
|
2021-09-02 12:31:12 | Recruiting Firm Apparently Pays Ransom After Being Targeted by Hackers (lien direct) | Administrative staffing agency Career Group, Inc. this week started sending notification letters to customers who were affected by a data breach that occurred in late June. | Data Breach | ||
|
2021-09-02 11:47:54 | FTC Bans SpyFone From Surveillance Business for Selling Stalkerware (lien direct) | The U.S. Federal Trade Commission (FTC) this week announced that it has banned stalkerware app maker SpyFone and its CEO, Scott Zuckerman, from the surveillance business. | |||
|
2021-09-02 11:21:26 | Ireland Fines WhatsApp 225M Euros for Breaching EU Privacy Laws (lien direct) | Ireland on Thursday imposed a 225-million-euro fine on Facebook-owned messaging service WhatsApp for breaching EU data privacy laws after European regulators demanded the penalty be increased. | |||
|
2021-09-02 10:47:16 | Recently Patched Confluence Vulnerability Exploited in the Wild (lien direct) | Hackers started exploiting a vulnerability in Atlassian's Confluence enterprise collaboration product just one week after the availability of a patch was announced. | Vulnerability | ||
|
2021-09-02 10:11:38 | Security for a Hybrid Workforce (lien direct) | The move to hybrid working is a perfect time to update and run cyber-hygiene awareness for employees | |||
|
2021-09-01 17:49:54 | CISA, FBI Warn of Increase in Ransomware Attacks on Holidays (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends. | Ransomware | ||
|
2021-09-01 17:26:01 | Singapore\'s GovTech Announces New Vulnerability Rewards Programme (lien direct) | The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000. | Vulnerability | ||
|
2021-09-01 16:15:14 | Mozilla Publishes Results of VPN Security Audit (lien direct) | Mozilla announced on Tuesday that it has made public a report detailing the results of a security audit targeting its Mozilla VPN product. | |||
|
2021-09-01 13:39:57 | Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93 (lien direct) | Google this week announced the release of Chrome 93 with a total of 27 security patches inside, including 19 for vulnerabilities that were reported by external researchers. | |||
|
2021-09-01 12:33:28 | SEC Sanctions Several Companies Over Email Account Hacking (lien direct) | The U.S. Securities and Exchange Commission (SEC) this week announced sanctions against several companies over cybersecurity failures that resulted in email accounts getting hacked and the exposure of customer information. | |||
|
2021-09-01 11:54:45 | (Déjà vu) Cybersecurity M&A Roundup: 42 Deals Announced in August 2021 (lien direct) | 
|
|||
|
2021-09-01 10:58:27 | Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack (lien direct) | A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. | Vulnerability | ||
|
2021-09-01 10:48:19 | Top Five Pitfalls When Considering Client Side Security (lien direct) | When looking to secure online applications and protect them from fraud, enterprises have traditionally turned to preventative and detective controls on the server side. In other words, policies, alongside data, logs, and transaction information have long been a go to mechanism for mitigating risk from security breaches and fraud events. | |||
|
2021-09-01 10:12:09 | Tackling the Threat Intelligence Problem with Multiple Sources and Robust RFI Services (lien direct) | A prevention-only strategy to combat threats is not sufficient; enterprises must incorporate intelligence from all relevant intelligence domains | Threat | ||
|
2021-09-01 09:53:39 | Proxyware Platforms Increasingly Targeted by Cybercriminals (lien direct) | Proxyware platforms are increasingly targeted in cybercrime operations aimed at distributing malware or at monetizing the internet bandwidth of victims, according to Cisco's Talos research and intelligence unit. | Malware | ★★ | |
|
2021-08-31 15:07:23 | New Edition of Pipeline Cybersecurity Standard Covers All Control Systems (lien direct) | The American Petroleum Institute (API) this month published the third edition of its pipeline cybersecurity standard, which focuses on managing cyber risks associated with industrial automation and control environments. | |||
|
2021-08-31 13:38:44 | (Déjà vu) CISA Expands \'Bad Practices\' List With Single-Factor Authentication (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication to its list of bad practices. | |||
|
2021-08-31 13:05:44 | Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems (lien direct) | Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store. | |||
|
2021-08-31 11:24:37 | \'ProxyToken\' Exchange Server Vulnerability Leads to Email Compromise (lien direct) | A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails. | Vulnerability | ||
|
2021-08-31 10:44:26 | Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities (lien direct) | 
|
|||
|
2021-08-31 10:32:07 | A Case for Recruiting and Retaining "Franchise Players" in Security Software Development (lien direct) | Critical elements required to attract and retain A-players for cybersecurity software teams | |||
|
2021-08-31 10:04:36 | CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path (lien direct) | 
|
|||
|
2021-08-31 08:37:07 | Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers (lien direct) | A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable. | |||
|
2021-08-30 19:29:15 | Check Point Buys Cloud Email Security Provider Avanan (lien direct) | Israeli security giant Check Point Software Technologies has joined the cybersecurity shopping spree with Monday's announcement of a deal to purchase Avanan, a startup that sells tech to secure cloud email infrastructure. | |||
|
2021-08-30 12:37:41 | U.S. Justice Department Introduces Cyber Fellowship Program (lien direct) | The United States Department of Justice on Friday officially announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity-related cases. | |||
|
2021-08-30 11:58:30 | Exploitation of Flaws in Delta Energy Management System Could Have \'Dire Consequences\' (lien direct) | An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. | |||
|
2021-08-30 10:55:03 | T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks (lien direct) | American Living in Turkey Takes Credit for T-Mobile Hack | Hack | ||
|
2021-08-30 09:35:20 | CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure Cosmos DB as soon as possible. | Vulnerability | ||
|
2021-08-30 00:39:08 | Experts Warn of Dangers From Breach of Voter System Software (lien direct) | Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections. | |||
|
2021-08-30 00:33:18 | Boston Public Library Hit With Cyberattack (lien direct) | The Boston Public Library was hit with a cyberattack earlier this week that crippled its computer network, the library said in a statement Friday. There is no evidence that sensitive employee or patron data has been compromised, the library posted in a statement on its website. | |||
|
2021-08-27 14:20:06 | FBI Shares IOCs for \'Hive\' Ransomware Attacks (lien direct) | The Federal Bureau of Investigation this week published an alert to provide technical details and indicators of compromise (IOCs) for attacks employing the Hive ransomware. | Ransomware | ★★★ | |
|
2021-08-27 13:56:41 | Vulnerability Allows Remote Hacking of Annke Video Surveillance Product (lien direct) | Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke, a Hong Kong-based global provider of home and business security solutions. | Hack Vulnerability | ||
|
2021-08-27 11:56:31 | Enterprise Technology Management Provider Oomnitza Raises $20 Million (lien direct) | SaaS-based enterprise technology management (ETM) solutions provider Oomnitza this week announced that it has raised $20 million in growth funding. To date, the company has raised $35 million. | |||
|
2021-08-27 11:16:56 | Amazon to Offer Free Cybersecurity Training Materials, MFA Devices (lien direct) | Amazon announced this week that it will soon offer cybersecurity training materials and multi-factor authentication (MFA) devices for free. | |||
|
2021-08-27 11:16:09 | In a Hybrid Workplace, Men Are More Likely to Engage in Risky Behavior Than Women: Study (lien direct) | The likelihood of a complete return to the office post-pandemic is low; the probability of an ongoing hybrid home/office work environment is much higher. Security teams will need to continue and possibly expand their plans to secure remote personal devices operating in a hostile environment perhaps indefinitely. | |||
|
2021-08-27 08:48:32 | Critical Vulnerability Exposed Azure Cosmos DBs for Months (lien direct) | Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos DB instances. | Vulnerability | ||
|
2021-08-26 18:13:01 | FIN8 Hackers Add \'Sardonic\' Backdoor to Malware Arsenal (lien direct) | The financially-motivated threat actor tracked as FIN8 has added a potent new backdoor to its arsenal and is already using it in attacks in-the-wild, according to researchers at endpoint security firm Bitdefender. | Malware Threat | ||
|
2021-08-26 15:39:41 | Engineering Workstations Are Concerning Initial Access Vector in OT Attacks (lien direct) | Organizations that use industrial control systems (ICS) and other operational technology (OT) are increasingly concerned about cyber threats, and while they have taken steps to address risks, many don't know if they have suffered a breach, according to a survey conducted by the SANS Institute on behalf of industrial cybersecurity firm Nozomi Networks. | |||
|
2021-08-26 14:59:02 | Cisco Patches Serious Vulnerabilities in Data Center Products (lien direct) | Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products. | Vulnerability | ||
|
2021-08-26 12:43:57 | Atlassian Patches Critical Code Execution Vulnerability in Confluence (lien direct) | Atlassian this week informed customers about the availability of patches for a critical vulnerability affecting the company's Confluence enterprise collaboration product. | Vulnerability | ||
|
2021-08-26 11:30:00 | How Threat Detection is Evolving (lien direct) | As adversaries have shifted the focus of attacks to achieve their goals, defenders must evolve their approach to threat detection | Threat |
To see everything:
Our RSS (filtrered)
