What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-08 14:11:36 | Cyberattack Forces Shutdown of Major U.S. Pipeline (lien direct) | Colonial Pipeline halts all fuel pipeline operations in response to a cyberattack | |||
|
2021-05-07 16:32:02 | US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal (lien direct) | Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The report reveals that the hackers started using the open-source adversary simulation framework Sliver after some of their operations were exposed. | Tool | ★★★★ | |
|
2021-05-07 14:28:01 | Under the Microscope: ISACA Survey on Cybersecurity Workforce, Resources and Budgets (lien direct) | A major survey that like all surveys needs to be examined carefully rather than accepted blindly. | |||
|
2021-05-07 14:03:21 | CISA Analyzes FiveHands Ransomware (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware, roughly one week after FireEye's Mandiant security researchers reported seeing the malware in recent attacks. | Ransomware Malware | ||
|
2021-05-07 13:04:41 | Android App Developers Required by Google to Share More Info on Data Handling (lien direct) | Google this week announced that it is introducing a new policy for the Google Play app store, requiring all developers to provide information on their data collection practices. | |||
|
2021-05-07 12:36:26 | TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers (lien direct) | Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week. | Vulnerability | ||
|
2021-05-07 10:50:57 | VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm (lien direct) | VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. | Vulnerability | ||
|
2021-05-06 23:53:07 | Insurer AXA Halts Ransomware Crime Reimbursement in France (lien direct) | In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. | Ransomware | ||
|
2021-05-06 16:59:25 | Qualcomm Modem Chip Flaw Exploitable From Android: Researchers (lien direct) | Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem (MSM) chip A vulnerability in Qualcomm's Mobile Station Modem (MSM) chip– installed in around 30% of the world's mobile devices – can be exploited from within Android. | Vulnerability | ||
|
2021-05-06 15:29:34 | Russian \'Evil Corp\' Cybercriminals Possibly Evolved Into Cyberspies (lien direct) | The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. | |||
|
2021-05-06 14:24:28 | Google to Automatically Enable Two-Step Verification for Some Accounts (lien direct) | Google is marking World Password Day with a blog post summarizing the password management features it offers, and the company announced that it will automatically enroll some accounts in two-step verification (2SV). | |||
|
2021-05-06 13:05:54 | MDR Firm Huntress Raises $40 Million in Series B Funding Round (lien direct) | Managed detection and response (MDR) solutions provider Huntress on Thursday announced raising $40 million in a Series B funding round, which brings the total raised by the company to $60 million. | |||
|
2021-05-06 12:28:47 | Cisco Patches Critical Flaws in SD-WAN, HyperFlex HX Products (lien direct) | Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform. | |||
|
2021-05-06 11:30:27 | Cybersecurity Experts Share Thoughts for World Password Day (lien direct) | 
World Password Day was created by Intel in 2013 to raise awareness of the need for strong passwords, but many experts now use the occasion to urge organizations to replace passwords with other, more secure authentication methods.
|
|||
|
2021-05-06 11:05:59 | Microsoft Pledges to Store European Cloud Data in EU (lien direct) | US tech giant Microsoft pledged Thursday to process and store all European cloud-based client data in the European Union amid unease in the region over the reach of US legislation on personal data collection. | |||
|
2021-05-06 10:56:36 | Attackers Use Obscurity, Enterprises Should Too (lien direct) | As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform basic reconnaissance. | Threat | ||
|
2021-05-06 02:07:57 | States Push Back Against Use of Facial Recognition by Police (lien direct) | Law enforcement agencies across the U.S. have used facial recognition technology to solve homicides and bust human traffickers, but concern about its accuracy and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button. | Guideline | ||
|
2021-05-05 19:09:32 | DOD Expands Vulnerability Disclosure Program to Web-Facing Targets (lien direct) | The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. | Vulnerability | ||
|
2021-05-05 14:39:09 | 3 Steps to Disrupt Threat Actors Selling Access to Your Environment (lien direct) | Unmasking a threat actor at an individual level could help you to gain more context, determine why the attack occurred, and quantify future risk | Threat | ||
|
2021-05-05 13:41:32 | Red Hat Open-Sourcing StackRox Security Technology (lien direct) | Red Hat this week announced that it's taking the first steps towards open-sourcing the StackRox container security product for Kubernetes. | Uber | ||
|
2021-05-05 13:35:53 | Cymulate Raises $45 Million to Grow Its Attack Simulation Platform (lien direct) | Israeli cybersecurity testing firm Cymulate announced today that it has raised $45 million through a Series C funding round. | |||
|
2021-05-05 13:19:04 | Chrome for Windows Gets Hardware-enforced Exploitation Protection (lien direct) | Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. | Vulnerability | ||
|
2021-05-05 12:34:14 | U.S. Organizations Targeted by New Cybercrime Group With Sophisticated Malware (lien direct) | A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday. | Malware Threat | ||
|
2021-05-05 10:41:13 | Cyber Asset Management Startup JupiterOne Raises $30 Million (lien direct) | Cyber asset management and governance solutions provider JupiterOne on Tuesday announced that it raised $30 million in Series B funding, which brings the total raised by the company to more than $49 million. The funding round was led by Sapphire Ventures, with participation from previous investor Bain Capital Ventures. | |||
|
2021-05-05 10:02:31 | The VC View: Cloud Security and Compliance (lien direct) | I'm glad this column is coming out now instead of earlier this year. Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! | |||
|
2021-05-05 04:00:39 | Android Updates for May 2021 Patch Over 40 Vulnerabilities (lien direct) | The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity. | |||
|
2021-05-05 02:16:15 | Belgian Government, Parliament, Colleges Hit by Cyberattack (lien direct) | The company providing internet services for Belgium's parliament, government agencies, universities and scientific institutions said Tuesday that its network was under cyberattack, with connections to several customers disrupted. | |||
|
2021-05-05 01:09:37 | ID Verification Platform Provider Persona Raises $50 Million (lien direct) | Armed with $68 million in funding to date, the company plans to double its team and scale up its business | |||
|
2021-05-04 19:31:55 | Qualys Flags Gaping Security Holes in Exim Mail Server (lien direct) | Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws | |||
|
2021-05-04 15:10:25 | High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices (lien direct) | Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities. | |||
|
2021-05-04 15:07:25 | New Variant of Buer Malware Loader Written in Rust to Evade Detection (lien direct) | A new variant of the Buer malware loader has been detected, written in Rust. The original version is written in C. Rust is efficient, easy-to-use, and an increasingly popular programming language – Microsoft uses it, and joined the Rust Foundation in February 2021. | Malware | ||
|
2021-05-04 13:26:45 | Trend Micro Unveils New OT Endpoint Security Solution Made by TXOne (lien direct) | Cybersecurity firm Trend Micro on Monday announced a new endpoint security solution developed by TXOne Networks for devices in operational technology (OT) environments. | |||
|
2021-05-04 12:09:11 | Acronis Raises $250 Million at $2.5 Billion Valuation (lien direct) | Cyber protection solutions provider Acronis on Tuesday announced that it has raised $250 million at a valuation of $2.5 billion. | |||
|
2021-05-04 08:39:43 | ATT&CK v9 Introduces Containers, Google Workspace (lien direct) | MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform. | |||
|
2021-05-04 02:32:03 | Apple Warns of New Zero-Day Attacks on iOS, MacOS (lien direct) | Apple's problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and MacOS devices. | |||
|
2021-05-03 19:07:18 | Alaska Court System Briefly Forced Offline Amid Cyber Threat (lien direct) | The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records. | Threat | ||
|
2021-05-03 16:26:25 | Pulse Secure Ships Belated Fix for VPN Zero-Day (lien direct) | Embattled VPN technology vendor Pulse Secure on Monday updated an “out-of-cycle” advisory with patches for four major security vulnerabilities, including belated cover for an issue that's already been exploited by advanced threat actors. | Threat | ||
|
2021-05-03 13:22:12 | (Déjà vu) Cybersecurity M&A Roundup: 30 Deals Announced in April 2021 (lien direct) | 
|
|||
|
2021-05-03 12:29:06 | Tesla Car Hacked Remotely From Drone via Zero-Click Exploit (lien direct) | 
Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. They carried out the attack from a drone.
|
|||
|
2021-05-03 11:25:18 | NSA Issues Guidance on Securing IT-OT Connectivity (lien direct) | The U.S. National Security Agency (NSA) last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems. | |||
|
2021-05-03 11:06:19 | The Anti-Fraud Lifecycle (lien direct) | It is a known fact that cybercriminals choose the path of least resistance. Naturally, easy cashout methods with good returns are much more favorable than methods that are high risk, complicated or yield small profits. While this is not the only factor in determining how much fraud is committed through a certain vector (for example, it takes time for cashout methods to become public knowledge in cybercriminal circles and thus become widely adopted), it is a major aspect. | |||
|
2021-05-03 00:59:25 | Effort to Protect Consumer Data Privacy Stalls in Florida (lien direct) | A campaign by Gov. Ron DeSantis to help Floridians regain ownership of the troves of data that companies collect came to a halt Friday, when state lawmakers could not agree on how tightly to limit how Big Data harvests and uses people's information. | |||
|
2021-04-30 17:43:33 | Unknown Chinese APT Targets Russian Defense Sector (lien direct) | Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored. | Malware | ||
|
2021-04-30 17:27:45 | Task Force Calls for Aggressive US \'Anti-Ransomware\' Campaign (lien direct) | A task force attached to the Institute for Security and Technology (IST) has released set of recommendations to combat the ransomware scourge currently hitting organizations around the world. | Ransomware | ||
|
2021-04-30 14:57:36 | Contract Tracing Breach Impacts Private Info of 72K People (lien direct) | Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation, the state Health Department said Thursday. | |||
|
2021-04-30 14:38:22 | Security Operations and Management Startup StrikeReady Emerges From Stealth (lien direct) | Cloud-based security operations and management startup StrikeReady this week emerged from stealth mode after raising $3.6 million in seed funding. Led by 11.2 Capital, the funding round also saw participation from Outlier Venture Capital and from various Silicon Valley angel investors. | |||
|
2021-04-30 14:03:48 | SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched (lien direct) | A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday. | Ransomware Vulnerability | ||
|
2021-04-30 11:10:55 | Cybersecurity Community Unhappy With GitHub\'s Proposed Policy Updates (lien direct) | GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes. | |||
|
2021-04-30 09:59:26 | Dutch Government Pauses Coronavirus App Over Data Leak Fears (lien direct) | The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. | |||
|
2021-04-30 08:53:27 | BIND Vulnerabilities Expose DNS Servers to Remote Attacks (lien direct) | The Internet Systems Consortium (ISC) has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service (DoS) attacks and one possibly even for remote code execution. |
To see everything:
Our RSS (filtrered)
