Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-25 14:17:19 |
Old Vulnerability Exploited to Hack, Wipe WD Storage Devices (lien direct) |
Many owners of My Book Live and My Book Live Duo network-attached storage (NAS) devices made by Western Digital (WD) reported having their files wiped, and it seems that it's the result of an attack exploiting an old vulnerability.
|
Vulnerability
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-25 12:38:30 |
Google Rolling Out Security Update for Google Drive (lien direct) |
Google this week announced a security update for Google Drive that is meant to make sharing links more secure for files stored with the service.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-25 11:51:47 |
Member of FIN7 Cybercrime Gang Sentenced to Prison in U.S. (lien direct) |
A Ukrainian man has been sentenced to seven years in prison in the United States for his role within the cybercrime group known as FIN7.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-25 11:08:59 |
Vulnerabilities Expose Fortinet Firewalls to Remote Attacks (lien direct) |
A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands. The flaw can pose an even more serious risk if it's chained with a misconfiguration and another recently discovered security hole.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-25 10:07:27 |
Dutch Group Launches Data Harvesting Claim Against TikTok (lien direct) |
A Dutch consumer group is launching a 1.5 billion euro ($1.8 billion) claim against TikTok over what it alleges is unlawful harvesting of personal data from users of the popular video sharing platform.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-25 08:45:07 |
Researchers Detail Exploit Chain for Hijacking Atlassian Accounts (lien direct) |
Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company's Bitbucket-hosted source code. Atlassian patched the flaws before their details were made public.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 20:22:58 |
Eclypsium: BIOSConnect Flaws Haunt Millions of Dell Computers (lien direct) |
Security researchers at Eclypsium have figured out a way to exploit a set of high-severity vulnerabilities that expose millions of Dell computers to stealthy hacker attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 19:02:06 |
Zyxel Warns Customers of Attacks on Security Appliances (lien direct) |
Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 18:26:17 |
Google Delays Phase Out of Tracking Tech by Nearly 2 Years (lien direct) |
Google will delay by nearly two years the phase out of Chrome web browser technology that tracks users for ad purposes, saying that it needs more time to develop a replacement system.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 17:01:04 |
EU Announces New Joint Cyber Unit to Protect Against Critical Attacks (lien direct) |
Joint Cyber Unit will create more situational awareness and guarantee preparedness to large-scale cybersecurity crises
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 15:05:00 |
Cybersecurity Companies Join Forces Against Controversial DMCA Section (lien direct) |
The Electronic Frontier Foundation (EFF) along with nearly two dozen cybersecurity companies have signed a statement regarding the use of a controversial section of the Digital Millennium Copyright Act (DMCA) against security researchers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 13:52:18 |
Google Expands Open Source Vulnerabilities Database (lien direct) |
Google today announced the expansion of the Open Source Vulnerabilities (OSV) database to include information on bugs identified in Go, Rust, Python, and DWF open source projects.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 13:12:10 |
XDR is a Destination, Not a Solution (lien direct) |
If we define XDR as a solution, SOCs can't reach their ultimate destination because, as a solution, XDR can't be a holistic approach
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 12:45:49 |
Cybersecurity is Never Out-of-Office (lien direct) |
Things to consider which may help keep attacks at bay and allow everyone to enjoy their well-earned break
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 12:39:28 |
Threat Monitoring Firm FYEO Announces Acquisition as It Emerges From Stealth (lien direct) |
Threat monitoring and identity access management provider FYEO on Wednesday announced that it emerged from stealth mode with the acquisition of threat intelligence company Intelliagg.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 12:11:08 |
Weidmueller Patches Dozen Vulnerabilities in Industrial WLAN Devices (lien direct) |
Germany-based industrial solutions provider Weidmueller on Wednesday informed customers that it has patched a dozen vulnerabilities affecting some of its industrial WLAN devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 11:50:35 |
Tulsa Says Ransomware Attackers Shared Personal Information (lien direct) |
Those responsible for a ransomware attack on the city of Tulsa last month are sharing personal information of some residents online, city officials said Wednesday.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 11:05:17 |
VMware Patches Critical Vulnerability in Carbon Black App Control (lien direct) |
VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines.
Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-24 10:27:13 |
Illumio Raises $225 Million at $2.75 Billion Valuation (lien direct) |
Zero trust segmentation solutions provider Illumio on Thursday announced that it has raised $225 million in a Series F funding round, which brings the total raised by the company to more than $550 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 20:12:44 |
Antivirus Pioneer John McAfee Found Dead in Spanish Prison (lien direct) |
John McAfee, the creator of McAfee antivirus software, was found dead in his jail cell near Barcelona in an apparent suicide Wednesday, hours after a Spanish court approved his extradition to the United States to face tax charges punishable by decades in prison, authorities said.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 20:12:44 |
McAfee Antivirus Software Creator Dead in Spanish Prison (lien direct) |
John McAfee, the creator of the McAfee antivirus software, has been found dead in his cell in a jail near Barcelona, a government official told The Associated Press on Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 18:16:42 |
Cloud Application Security Firm Anjuna Raises $30 Million (lien direct) |
Anjuna, a provider of cloud application security, today announced that it has raised $30 million in Series B funding, which brings the total raised by the company to date to $42 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 16:07:48 |
Games, Gaming and Gamers Are a Rapidly Growing Target for Hackers (lien direct) |
New report from Akamai provides insight into the recent surge of game-related hacking
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 14:39:53 |
Iowa Eye Clinic: 500,000 Patient Files May Have Been Stolen (lien direct) |
The records of roughly 500,000 patients of an eye clinic with locations throughout Iowa may have been stolen as part of a ransomware attack on the business earlier this year.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 14:00:31 |
New REvil-Based Ransomware Emerges (lien direct) |
A threat actor appears to have repurposed the REvil ransomware to create their own ransomware family and possibly launch a ransomware-as-a-service (RaaS) offering.
|
Ransomware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 13:14:44 |
Data Security Company Symmetry Systems Raises $15 Million (lien direct) |
California-based data security company Symmetry Systems on Wednesday announced raising $15 million in a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 12:15:39 |
Self-Healing Cybersecurity Systems: A Pipe Dream or Reality? (lien direct) |
Cybersecurity has been a priority for organizations for many years. According to Gartner, organizations are expected to spend $150.4 million on IT security and risk management technologies in 2021, which would reflect a 12.4 percent increase compared to 2020. Yet, despite these investments in security controls, cyber-attacks keep coming.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 11:30:00 |
Security Lessons Learned From Adopting a Pound Dog (lien direct) |
About a year ago, we adopted a pound dog named Nala. She was about three months old when we got her. When we first met her, we immediately picked up on her sweet personality and her eagerness to please. With some training and a lot of love, those traits have remained, and she has grown into a beautiful, well-behaved dog.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 11:18:05 |
VMware Patches Privilege Escalation Vulnerability in Tools for Windows (lien direct) |
A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 10:33:48 |
Garland: More "Depth" Needed to Protect Against Cyberattacks (lien direct) |
Attorney General Merrick Garland said Tuesday that private industry needs better safeguards to avoid calamitous consequences in the event of cyberattacks like the ones that have targeted American infrastructure and corporations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 10:02:54 |
Splunk Gets $1 Billion Investment From Silver Lake (lien direct) |
Data analytics company Splunk (NASDAQ: SPLK) on Tuesday announced receiving a $1 billion investment from technology-focused private equity firm Silver Lake.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 08:45:53 |
Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR (lien direct) |
A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-23 01:59:05 |
US Takes Down Iran-linked News Sites, Alleges Disinformation (lien direct) |
American authorities seized a range of Iran's state-linked news website domains they accused of spreading disinformation, the U.S. Justice Department said Tuesday, a move that appeared to be a far-reaching crackdown on Iranian media amid heightened tensions between the two countries.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 19:26:09 |
Tor Browser Patches Application Probing Vulnerability (lien direct) |
A new version of the open-source Tor Browser was released this week with patches for multiple vulnerabilities, including one that could allow malicious websites to track users across browsers by identifying applications running on their devices.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 17:50:42 |
Mitre Adds D3FEND Countermeasures to ATT&CK Framework (lien direct) |
The U.S. government's National Security Agency (NSA) on Tuesday announced plans to fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious hackers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 17:00:50 |
Vulnerabilities in Zephyr\'s Bluetooth LE Stack May Lead to DoS Attacks (lien direct) |
Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys Cybersecurity Research Center (CyRC) reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 16:18:41 |
Much of Malware Found by Industrial Firms on USB Drives in 2020 Targeted OT (lien direct) |
|
Malware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 15:59:21 |
French Prosecutors Charge 4 Executives Over Libya, Egypt Cyber-Spying (lien direct) |
Prosecutors have charged four executives at two French companies accused of aiding Libya's former strongman Moamer Kadhafi and Egyptian authorities to spy on opposition figures who were later detained and tortured, a rights group said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 14:28:47 |
SASE Firm Cato Networks Revamps Managed Detection and Response Solution (lien direct) |
Updated MDR solution continuously analyzes customer traffic for attributes that might disclose a threat
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 13:30:58 |
Most Developers Never Update Third-Party Libraries in Their Software: Report (lien direct) |
Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 12:26:57 |
Passwordless Authentication Firm Transmit Security Raises $543 Million (lien direct) |
Identity solutions provider Transmit Security on Tuesday announced raising $543 million in a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 11:23:14 |
EU Data Watchdogs Want Ban on AI Facial Recognition (lien direct) |
The EU's data protection agencies on Monday called for an outright ban on using artificial intelligence to identify people in public places, pointing to the "extremely high" risks to privacy.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 10:46:16 |
SentinelOne Seeks to Raise Up to $928 Million in IPO (lien direct) |
Endpoint security company SentinelOne on Monday set the terms of its initial public offering (IPO).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 10:10:19 |
Research Shows Many Security Products Fail to Detect Android Malware Variants (lien direct) |
A group of academic researchers has created a tool that can be used to clone Android malware and test the resilience of these new variants against anti-malware detection.
|
Malware
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-22 04:10:56 |
Researcher Claims Apple Downplayed Severity of iCloud Account Takeover Vulnerability (lien direct) |
A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-21 20:27:00 |
Ransomware Gangs Get Paid Off as Officials Struggle for Fix (lien direct) |
If your business falls victim to ransomware and you want simple advice on whether to pay the criminals, don't expect much help from the U.S. government. The answer is apt to be: It depends.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-21 20:05:07 |
Attacks Against Container Infrastructures Increasing, Including Supply Chain Attacks (lien direct) |
Research finds that adversaries could detect a new misconfigured container within an average of five hours
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-21 12:51:52 |
(Déjà vu) Cybersecurity M&A Roundup for June 14-20, 2021 (lien direct) |
Several cybersecurity-related acquisitions were announced between June 14 and June 20, 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-21 12:33:21 |
Vermont Hospital Still Calculating Cost of Ransomware Attack (lien direct) |
Officials at Vermont's largest hospital are still trying to determine the full financial impact of the cyberattack last October that knocked out computers affecting three hospitals in Vermont and three in New York.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-21 11:54:15 |
South Korean Atomic Energy Research Institute Confirms Cyberattack (lien direct) |
The South Korean Atomic Energy Research Institute (KAERI) has confirmed that an unknown third-party gained unauthorized access to its systems.
|
|
|
|