Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-08-17 23:14:52 |
Adobe Plugs Critical Photoshop Security Flaws (lien direct) |
Adobe has issued a warning for a pair of major security vulnerabilities affecting its popular Photoshop image manipulation software.
The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday.
|
|
|
|
|
2021-08-17 16:03:33 |
Houdini Malware Returns and Amazon\'s Sidewalk Enter Corporate Networks (lien direct) |
The nature of a secure access service edge (SASE) platform provides visibility into a large number of internet data flows – and the larger the platform, the more dataflows can be analyzed. An analysis of more than 250 billion network flows during Q2 2021 shows increasing threats, a new use of an old malware, and the growing incidence of consumer devices in the workplace.
|
Malware
|
|
|
|
2021-08-17 15:16:26 |
High-Severity Command Injection Vulnerability Found in Fortinet Firewall (lien direct) |
Researchers have discovered a vulnerability in Fortinet's FortiWeb web application firewall (WAF), and while it has been classified as high severity, the actual risk of exploitation in the wild seems low.
|
Vulnerability
|
|
|
|
2021-08-17 14:03:36 |
FBI Reportedly Exposed Secret Terrorist Watchlist (lien direct) |
Security researcher Bob Diachenko claims to have discovered an unprotected Elasticsearch database containing 1.9 million records related to what appeared to be a terrorist watchlist of the United States government.
|
|
|
|
|
2021-08-17 13:37:15 |
Rural Sewage Plants Hit by Ransomware Attacks in Maine (lien direct) |
A pair of ransomware attacks on sewage treatment plants in rural Maine communities demonstrates that small towns need to be just as vigilant as larger communities in protecting against hackers, local officials said.
|
Ransomware
|
|
|
|
2021-08-17 12:01:35 |
Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability (lien direct) |
Researchers at FireEye's threat intelligence and incident response unit Mandiant have identified a critical vulnerability that exposes millions of IoT devices to remote attacks.
|
Vulnerability
Threat
|
|
|
|
2021-08-17 11:36:47 |
Google Awards $42,000 for Two Serious Chrome Vulnerabilities (lien direct) |
Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities.
|
|
|
|
|
2021-08-16 20:04:37 |
T-Mobile Acknowledges Breach of Customer Data, Launches Probe (lien direct) |
T-Mobile on Monday acknowledged a breach of customer information after a hacker group claimed to have obtained records of 100 million of the operator's US customers and offered some of the data on the dark web.
|
|
|
|
|
2021-08-16 19:31:46 |
Colonial Pipeline Confirms Personal Information Impacted in Ransomware Attack (lien direct) |
Colonial Pipeline has started sending out notification letters to inform more than 5000 people that their personal information was compromised in a ransomware attack earlier this year.
|
Ransomware
|
|
|
|
2021-08-16 18:35:12 |
Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK (lien direct) |
A large number of IoT systems could be exposed to remote hacker attacks due to serious vulnerabilities found in software development kits (SDKs) provided to device manufacturers by Taiwan-based semiconductor company Realtek.
|
|
|
|
|
2021-08-16 16:34:04 |
Defeating the False Sense of Cyber Safety (lien direct) |
For multiple reasons, people generally don't take cybersecurity anywhere near as seriously as physical safety
|
|
|
|
|
2021-08-16 14:26:04 |
Experts: False Claims on Voting Machines Obscure Real Flaws (lien direct) |
The aftermath of the 2020 election put an intense spotlight on voting machines as supporters of former President Donald Trump claimed victory was stolen from him. While the theories were unproven - and many outlandish and blatantly false - election security experts say there are real concerns that need to be addressed.
|
|
|
|
|
2021-08-16 14:04:15 |
Facebook Adds End-to-End Encryption to Calls in Messenger (lien direct) |
Facebook has updated the end-to-end encryption features in Messenger to provide users with more secure voice and video calling capabilities.
|
|
|
|
|
2021-08-16 12:43:52 |
Cybersecurity M&A Roundup for August 9-15, 2021 (lien direct) |
|
|
|
|
|
2021-08-16 12:20:27 |
Understanding and Improving the Burden on Threat Hunters (lien direct) |
Despite increased security budgets, threat hunters say they are under-resourced and overstretched
|
Threat
|
|
|
|
2021-08-16 11:48:00 |
Hacker Pleads Guilty to SIM Swapping Attacks, Cryptocurrency Theft (lien direct) |
A Rockport, Massachusetts, man has pleaded guilty over his role in a scheme targeting people who had high-value social media accounts or who were believed to have large amounts of cryptocurrency.
|
Guideline
|
|
|
|
2021-08-16 11:07:12 |
Cyber Leader Calls for Nonpartisan Path to Securing the Vote (lien direct) |
Those entrusted with securing the nation's voting systems must remain nonpartisan as a myriad of complex and growing risks continue to threaten U.S. elections, one of the nation's top cybersecurity officials said Saturday.
|
|
|
|
|
2021-08-13 12:57:37 |
Voltage Glitching Attack on AMD Chips Poses Risk to Cloud Environments (lien direct) |
Researchers have described a voltage glitching attack that shows AMD's Secure Encrypted Virtualization (SEV) technology may not provide proper protection for confidential data in cloud environments.
The research was conducted by a team from the Technical University of Berlin (TU Berlin) and it was detailed in a paper published this week.
|
|
|
|
|
2021-08-13 10:08:59 |
Hackers Deploying Backdoors on Exchange Servers via ProxyShell Vulnerabilities (lien direct) |
Threat actors have started exploiting the recently disclosed Microsoft Exchange Server vulnerabilities to deliver web shells that give them access to the compromised system.
|
|
|
|
|
2021-08-13 09:56:55 |
UN Experts Call for More Rules on Countries\' Use of Spyware (lien direct) |
Human rights experts working with the United Nations on Thursday called on countries to pause the sale and transfer of spyware and other surveillance technology until they set rules governing its use, to ensure it won't impinge upon human rights.
|
|
|
|
|
2021-08-12 17:57:49 |
Hacker Dubbed \'Mr White Hat\' to Return Entire Stolen Crypto Fortune (lien direct) |
A firm specializing in transferring cryptocurrency said Thursday that a hacker they are calling "Mr White Hat" was giving back all $613 million in digital loot from a record haul.
Poly Network had put out word previously that nearly half of the digital assets swiped early this week had been returned.
|
|
|
|
|
2021-08-12 17:35:16 |
Trend Micro Confirms In-the-Wild Zero-Day Attacks (lien direct) |
Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products.
|
|
|
|
|
2021-08-12 15:53:00 |
Microsoft Confirms (Yet Another) PrintNightmare Flaw as Ransomware Actors Pounce (lien direct) |
Exasperated Windows fleet administrators woke up Thursday to news of a new, unpatched Print Spooler vulnerability that leaves machines exposed to remote code execution attacks.
|
Ransomware
Vulnerability
|
|
|
|
2021-08-12 15:16:35 |
New \'Allstar\' App Enforces Security Best Practices for GitHub Projects (lien direct) |
The Open Source Security Foundation (OpenSSF) on Wednesday announced the availability of a new GitHub app that can be used to automatically and continuously enforce security best practices for GitHub projects.
|
|
|
|
|
2021-08-12 13:10:53 |
August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws (lien direct) |
Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products.
The vendors have provided patches, mitigations, and general security recommendations for reducing the risk of attacks.
|
|
|
|
|
2021-08-12 11:48:33 |
The Curious Case of the $600 Million Crypto Heist (lien direct) |
Cryptocurrency investors have been transfixed over the past few days by the antics of a mysterious hacker who stole more than $600 million -- before giving some of it back.
But is the thief a good samaritan who stole the money to expose a dangerous security flaw, or did they simply realize they were about to be caught?
|
|
|
|
|
2021-08-12 11:29:47 |
Cloud Considerations Learned from the Pandemic (lien direct) |
Over the last 18 months, there have been massive scale changes in how everyone works, learns and socializes online primarily due to the pandemic. We all had to stay home; a switch flipped and being online was more critical than ever before.
|
|
|
|
|
2021-08-12 10:32:17 |
Ransomware Gang Leaks Files Allegedly Stolen From Accenture (lien direct) |
Consulting giant Accenture on Wednesday confirmed being targeted by hackers. The confirmation came just hours before a ransomware gang started leaking files allegedly stolen from the company.
|
Ransomware
|
|
|
|
2021-08-11 18:32:42 |
Mandiant Snaps Up Attack Surface Management Startup Intrigue (lien direct) |
FireEye's Mandiant unit announced on Tuesday that it has acquired Intrigue, a provider of attack surface management technology for enterprises.
|
|
|
|
|
2021-08-11 18:07:16 |
Hackers Return Portion of Record Crypto Heist Haul (lien direct) |
A firm specializing in transferring cryptocurrency said that hackers have sent back a portion of the digital loot from a record haul.
|
|
|
|
|
2021-08-11 17:29:41 |
Politics and Security Don\'t Mix (lien direct) |
There are plenty of issues and challenges every security team already faces. There's no need to add politics to them.
|
|
|
|
|
2021-08-11 14:39:56 |
Decryption Key for Ransomware Delivered via Kaseya Attack Made Public (lien direct) |
A key that can be used to decrypt files encrypted by the REvil ransomware delivered as part of the Kaseya attack has been made public.
|
Ransomware
|
|
★★★★
|
|
2021-08-11 12:31:23 |
OwnBackup Raises $240 Million at $3.35 Billion Valuation (lien direct) |
New Jersey-based data protection solutions provider OwnBackup on Tuesday announced raising $240 million in a Series E funding round at a valuation of $3.35 billion.
|
|
|
|
|
2021-08-11 11:26:03 |
Intel Patches High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers (lien direct) |
Intel on Tuesday released six new security advisories to inform customers about the availability of firmware and software updates that address a total of 15 vulnerabilities across several products.
|
|
|
|
|
2021-08-11 10:21:43 |
Nine Critical and High-Severity Vulnerabilities Patched in SAP Products (lien direct) |
German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.
|
|
|
|
|
2021-08-11 10:17:09 |
A Closer Look at Intel\'s Hardware-Enabled Threat Detection Push (lien direct) |
|
Threat
|
|
|
|
2021-08-11 01:57:05 |
Consumer Antivirus Firms NortonLifeLock and Avast to Merge in $8.6 Billion Deal (lien direct) |
Consumer cybersecurity firms NortonLifeLock (NASDAQ: NLOK) and Prague-based Avast announced on Tuesday that the two firms have agreed to merge in a deal valued between roughly $8.1-$8.6 billion.
|
|
|
|
|
2021-08-11 00:32:05 |
Record Cryptocurrency Heist Valued at $600 Million (lien direct) |
A firm specializing in transferring cryptocurrency said Tuesday that hackers cracked its security, making off with a record-setting haul potentially worth $600 million.
Poly Network put out a plea for the stolen Ethereum, BinanceChain and OxPolygon tokens to be shunned by traders running "wallets" for storing cryptocurrency.
|
|
|
|
|
2021-08-10 18:35:36 |
Adobe Warns of Critical Flaws in Magento, Connect (lien direct) |
Software maker Adobe has shipped security patches for flaws in its Adobe Magento and Connect product lines, warning that exploitation could lead to remote code execution attacks.
|
Guideline
|
|
|
|
2021-08-10 18:16:39 |
Microsoft Patch Tuesday: Windows Flaw Under Active Attack (lien direct) |
The zero-day attacks against Microsoft's software products continue to pile up with a new warning from Redmond about a zero-day attack hitting a security defect in the Windows Update Medic Service.
|
|
|
|
|
2021-08-10 16:59:17 |
NGO Files Hundreds of Complaints Over \'Cookie Banner Terror\' (lien direct) |
Online privacy campaigners on Tuesday said they had filed hundreds of complaints against websites and platforms in Europe over violations of rules on cookies, the files that track user activity.
|
|
|
|
|
2021-08-10 14:49:02 |
Firefox 91 Brings New Privacy, Security Improvements (lien direct) |
Mozilla on Tuesday released Firefox 91, a version of the web browser that brings enhanced cookie clearing, HTTPS by default in private browsing mode, and patches for several high-severity vulnerabilities.
|
|
|
|
|
2021-08-10 13:33:44 |
Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration (lien direct) |
Organizations have been warned that a misconfiguration in Salesforce Communities can lead to the exposure of sensitive information.
|
Guideline
|
|
|
|
2021-08-10 11:43:05 |
Google Discontinuing Bluetooth Titan Security Key (lien direct) |
Google on Monday announced that it's discontinuing the Bluetooth version of the Titan Security Key and it will only offer devices that have near-field communication (NFC) functionality.
|
|
|
|
|
2021-08-10 11:00:45 |
How to Train Your SOC Staff: What Works and What Doesn\'t (lien direct) |
We're all familiar with the shortage of talent to staff security operations centers (SOCs), the challenge of hiring qualified cyber security professionals, and that burnout and overwork makes it impossible to keep good staff. So why not make an effort to hang on to your security analysts and make sure they stay up to the challenge?
|
|
|
|
|
2021-08-10 10:21:04 |
At Least 30,000 Internet-Exposed Exchange Servers Vulnerable to ProxyShell Attacks (lien direct) |
Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices.
|
Threat
|
|
|
|
2021-08-09 16:22:56 |
A Deeper Dive Into Zero-Trust and Biden\'s Cybersecurity Executive Order (lien direct) |
On May 12, 2021, President Biden signed an Executive Order (EO) on Improving the Nation's Cybersecurity. It is a detailed overview of the Federal government's plan to better secure America – and it calls out zero-trust as a major pillar of that process.
The Executive Order
|
|
|
|
|
2021-08-09 14:33:28 |
(Déjà vu) OT Security Firm SIGA Raises $8.1 Million in Series B Funding Round (lien direct) |
SIGA OT Solutions, an Israel-based company that specializes in operational technology (OT) cybersecurity solutions, on Monday announced raising $8.1 million in a Series B funding round.
|
|
|
|
|
2021-08-09 13:09:44 |
Vulnerability Affecting Routers From Many Vendors Exploited Days After Disclosure (lien direct) |
Cybercriminals quickly started exploiting a vulnerability that affects routers and modems from many vendors that use the same underlying firmware.
On August 3, cybersecurity firm Tenable published a blog post describing a vulnerability affecting routers that use firmware from Arcadyan, a Taiwan-based provider of networking solutions.
|
Vulnerability
|
|
|
|
2021-08-09 12:35:59 |
Joplin: City Computer Shutdown Was Ransomware Attack (lien direct) |
The insurer for Joplin paid $320,00 to an unknown person after a ransomware attack shut down the city's government's computer system last month, Joplin City Manager Nick Edwards said Thursday.
|
Ransomware
|
|
|