Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-01-16 21:06:57 |
Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks (lien direct) |
Newly detected WhisperGate malware being used by previously unknown threat group in cyberattacks against Ukraine
|
Malware
Threat
|
|
|
|
2022-01-16 17:23:36 |
Russian Court Remands Hackers in Custody (lien direct) |
A Moscow court on Saturday remanded eight hackers in custody for two months as Russia cracks down on the REvil cybercrime group at Washington's request.
|
|
|
|
|
2022-01-16 14:19:42 |
Ukraine Says Has \'Evidence\' Russia Behind Cyberattack (lien direct) |
Ukraine said Sunday it had evidence that Russia was behind a massive cyberattack that knocked out key government websites this past week, as Microsoft warned the hack could be far worse than first thought.
|
Hack
|
|
|
|
2022-01-15 20:27:33 |
Ukraine Hacks Add to Worries of Cyber Conflict With Russia (lien direct) |
Hackers on Friday temporarily shut down dozens of Ukrainian government websites, causing no major damage but adding to simmering tensions while Russia amasses troops on the Ukrainian border. Separately, in a rare gesture to the U.S. at a time of chilly relations, Russia said it had arrested members of a major ransomware gang that targeted U.S. entities.
|
Ransomware
|
|
|
|
2022-01-14 18:55:01 |
Details Published on AWS Flaws Leading to Data Leaks (lien direct) |
Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers' data.
|
|
|
|
|
2022-01-14 16:21:56 |
Austrian Regulator Says Google Analytics Contravenes GDPR (lien direct) |
A new ruling from the Austrian Data Protection Authority (DPA) traps EU/U.S. data transfers between a rock and hard place. The rock is GDPR. The hard place is FISA. And the two are fundamentally incompatible.
|
|
|
|
|
2022-01-14 15:29:16 |
North Korean Hackers Stole $400 Million Worth of Cryptocurrency in 2021 (lien direct) |
North Korea-linked hacking group Lazarus stole close to $400 million worth of crypto-assets last year, Chainalysis reports.
|
|
APT 38
APT 28
|
|
|
2022-01-14 15:04:04 |
Cyber Attack in Albuquerque Latest to Target Public Schools (lien direct) |
When the superintendent of Albuquerque Public Schools announced earlier this week a cyber attack would lead to the cancellation of classes for around 75,000 students, he noted that the district's technology department had been fending off attacks “for the last few weeks.”
|
Guideline
|
|
|
|
2022-01-14 14:29:33 |
Russia Lays the Smackdown on REvil Ransomware Gang (lien direct) |
Russia on Friday said it has cracked down on the infamous REvil hacking group, known for its high profile supply chain attack against software maker Kaseya, and a ransomware attack against JBS USA that forced the shutdown of a portion of the world's largest meat processing company.
|
Ransomware
|
|
|
|
2022-01-14 13:07:51 |
Recent GootLoader Campaign Targets Law, Accounting Firms (lien direct) |
A recently observed GootLoader campaign has been focusing on infecting the devices of legal and accounting company employees with malware, eSentire reports.
|
|
|
|
|
2022-01-14 12:16:10 |
Salvadoran Government Denies Using Spyware on Journalists (lien direct) |
The government of El Salvador has denied using the Israeli Pegasus software to spy on journalists and activists.
|
|
|
|
|
2022-01-14 11:45:39 |
U.S. Government, Tech Giants Discuss Open Source Software Security (lien direct) |
|
|
|
|
|
2022-01-14 09:41:32 |
Ukraine Reports Massive Cyber Attack on Government Websites (lien direct) |
Kyiv on Friday reported a massive cyber attack on key government websites as tensions between Russia and the West over Ukraine escalate following several rounds of unsuccessful talks.
The education ministry said on Facebook that its website was down due to a "global (cyber) attack" that had taken place overnight.
|
|
|
|
|
2022-01-14 00:51:00 |
Maryland Lawmaker: Officials Misled on Ransomware Attack (lien direct) |
A leading Maryland lawmaker said Thursday that top legislators were misled about the seriousness of a cyberattack on the state health department.
|
Ransomware
Guideline
|
|
|
|
2022-01-13 19:52:59 |
Meshed Cybersecurity Platforms Enable Complex Business Environments (lien direct) |
Cybercriminals are exploiting the confusion that results from organizations simply throwing money at their cybersecurity challenges
|
|
|
|
|
2022-01-13 17:36:10 |
FCC Chair Proposes New Policies for Carrier Data Breach Reporting (lien direct) |
Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers' reporting of data breaches.
|
Data Breach
|
|
|
|
2022-01-13 15:00:09 |
Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine (lien direct) |
Ukrainian authorities on Thursday announced arresting several individuals who are allegedly members of a major cybercrime group.
According to the Security Service of Ukraine and the country's Cyber Police, the arrests are the result of an operation conducted in cooperation with law enforcement agencies in the United Kingdom and the United States.
|
|
|
|
|
2022-01-13 13:51:11 |
Maryland Confirms Ransomware Attack at Health Agency (lien direct) |
The disruption of Maryland's reporting of COVID-19 data last month was caused by a ransomware attack, state officials said Wednesday.
Chip Stewart, the state's chief information security officer, said the state has not paid extortion demands for the attack, which began on Dec. 4.
|
Ransomware
|
|
|
|
2022-01-13 13:32:55 |
Cisco Patches Critical Vulnerability in Contact Center Products (lien direct) |
Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator.
|
Vulnerability
|
|
|
|
2022-01-13 12:34:48 |
ZDI Announces Rules and Prizes for Pwn2Own 2022 (lien direct) |
Trend Micro's Zero Day Initiative (ZDI) on Wednesday announced the targets, prizes and rules for Pwn2Own Vancouver 2022, scheduled to take place May 18-20 alongside the CanSecWest conference.
|
|
|
|
|
2022-01-13 11:55:25 |
U.S. Cyber Command Officially Links MuddyWater Group to Iranian Intelligence (lien direct) |
The U.S. Cyber Command (CYBERCOM) on Wednesday officially tied the advanced persistent threat (APT) actor known as MuddyWater to Iranian intelligence.
|
Threat
|
|
|
|
2022-01-13 09:34:25 |
Report: Dozens of El Salvador Journalists, Activists Hacked (lien direct) |
Dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with sophisticated spyware over the past year and a half, an internet watchdog said Wednesday.
|
|
|
|
|
2022-01-13 00:45:45 |
Ransomware Attack Locks Down US Prison (lien direct) |
A ransomware attack locked down a US jail, knocking out security cameras and leaving inmates confined to their cells, court documents show.
|
Ransomware
|
|
|
|
2022-01-12 21:37:41 |
Apple Patches iOS HomeKit Flaw After Researcher Warning (lien direct) |
Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.
|
|
|
|
|
2022-01-12 17:58:09 |
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws (lien direct) |
Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are rated high-severity while six carry a "medium-severity" rating.
|
|
|
|
|
2022-01-12 15:54:57 |
Eureka Emerges From Stealth With Cloud Data Security Platform (lien direct) |
Israel-based startup Eureka on Wednesday announced emerging from stealth mode with a cloud data security posture management platform and $8 million in seed funding.
|
|
|
|
|
2022-01-12 14:54:12 |
Security Validation Firm Pentera Raises $150 Million at $1 Billion Valuation (lien direct) |
Automated security validation firm has now raised nearly $190 million in funding
Boston, USA and Tel Aviv, Israel-based automated security validation (ASV) firm Pentera has raised $150 million in a Series C funding round led by K1 Investment Management, with participation from Evolution Equity Partners and Insight Partners.
|
|
|
|
|
2022-01-12 14:53:40 |
Microsoft Introduces New Security Update Notifications (lien direct) |
Microsoft this week announced updated notifications for the Security Update Guide, the page where the tech company informs users of vulnerabilities that affect Microsoft products.
|
|
|
|
|
2022-01-12 13:50:18 |
(Déjà vu) ICS Patch Tuesday: Siemens, Schneider Electric Address 40 Vulnerabilities (lien direct) |
The first round of security advisories released by Siemens and Schneider Electric in 2022 address a total of 40 vulnerabilities.
Siemens
|
|
|
|
|
2022-01-12 13:29:35 |
New Cross-Platform Backdoor \'SysJoker\' Used in Targeted Attacks (lien direct) |
A backdoor likely used by an advanced persistent threat (APT) actor in targeted attacks was built to target Windows, macOS, and Linux systems, Intezer reports.
|
Threat
|
|
|
|
2022-01-12 12:14:51 |
CISA Adds 15 Recent and Older Vulnerabilities to \'Must-Patch\' List (lien direct) |
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added 15 more vulnerabilities to its list of security bugs known to be exploited in malicious attacks.
|
|
|
|
|
2022-01-12 11:43:32 |
U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount (lien direct) |
Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.
|
|
|
★★★★★
|
|
2022-01-12 09:24:50 |
SAP Patches Log4Shell Vulnerability in More Applications (lien direct) |
German software maker SAP this week announced its first set of security updates for 2022, including patches for more applications affected by the Log4Shell vulnerability.
|
Vulnerability
|
|
|
|
2022-01-12 02:14:12 |
Albania Hires US Company to Boost Cybersecurity After Leak (lien direct) |
The Albanian government said Tuesday that it would hire a U.S. company to bolster its cybersecurity following a large leak last month.
|
|
|
|
|
2022-01-11 19:19:53 |
Patch Tuesday: Microsoft Calls Attention to \'Wormable\' Windows Flaw (lien direct) |
Microsoft's first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
|
|
|
|
|
2022-01-11 19:04:23 |
Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest (lien direct) |
Adobe on Tuesday announced security updates for several products, including for Acrobat and Reader, in which the software giant patched a total of 26 vulnerabilities.
|
|
|
|
|
2022-01-11 18:24:26 |
Details Disclosed for Recent Vulnerabilities in SonicWall Remote Access Appliances (lien direct) |
Rapid7 today shared details on a series of vulnerabilities that SonicWall patched in the Secure Mobile Access (SMA) 100 series secure access gateway products last month.
|
|
|
|
|
2022-01-11 16:23:12 |
With the \'Great Resignation\' Comes the \'Great Exfiltration\' (lien direct) |
Research shows the “Great Resignation” phenomenon is accompanied by a “Great Exfiltration” as people leave their jobs and take company data with them
|
|
|
|
|
2022-01-11 15:42:08 |
Millions of Routers Impacted by NetUSB Kernel Vulnerability (lien direct) |
A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns.
|
Vulnerability
|
|
|
|
2022-01-11 15:06:36 |
Moxie Marlinspike Steps Down as Signal CEO (lien direct) |
Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.
|
|
|
|
|
2022-01-11 15:00:53 |
CISA Steps up Public and Private Sector Collaboration in 2021 (lien direct) |
We just concluded a very eventful year for the cybersecurity industry. Starting with an unprecedented wave of ransomware attacks on critical infrastructure targets, 2021 finished with the infamous Log4j vulnerabilities, which present a severe and ongoing threat to organizations and governments around the world.
|
Ransomware
Threat
|
|
|
|
2022-01-11 14:32:26 |
Honeywell Launches New OT Cybersecurity Solution for Commercial Buildings (lien direct) |
Honeywell on Tuesday announced the launch of a new cybersecurity solution for operational technology (OT) in commercial buildings.
|
|
|
|
|
2022-01-11 13:11:49 |
CISA Unaware of Any Significant Log4j Breaches in U.S. (lien direct) |
CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it's currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.
|
|
|
|
|
2022-01-11 12:50:36 |
Microsoft Details \'powerdir\' macOS Vulnerability Leading to Data Leaks (lien direct) |
A vulnerability addressed recently in Apple's macOS platform could be exploited to gain unauthorized access to a user's personal data, Microsoft explains.
|
Vulnerability
|
|
|
|
2022-01-11 12:27:51 |
Industrial Firms Advised Not to Ignore Security Risks Posed by URL Parsing Confusion (lien direct) |
Researchers from industrial cybersecurity firm Claroty and developer security company Snyk have analyzed more than a dozen URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. Industrial organizations have been advised not to ignore these findings.
|
Guideline
|
|
|
|
2022-01-11 12:02:10 |
Is the \'Great Resignation\' Impacting Cybersecurity? (lien direct) |
The so-called 'great resignation' currently upending the U.S. labor market is starting to affect cybersecurity programs with a growing number of senior leaders opting for early retirement and mid-level managers leaving in droves for less stressful, fully remote work opportunities.
|
Guideline
|
|
|
|
2022-01-11 11:24:57 |
MRIoA Discloses Data Breach Affecting 134,000 People (lien direct) |
Medical Review Institute of America (MRIoA) on Friday started notifying some individuals that their personal information was compromised in a cyberattack.
|
Data Breach
|
|
|
|
2022-01-11 01:35:09 |
Europol Ordered to Delete Data Not Linked With Crime (lien direct) |
The European Union crime agency has been ordered by the 27-nation bloc's data protection watchdog to erase information related to individuals with no proven link to crime.
The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019.
|
|
|
|
|
2022-01-10 19:16:52 |
Apache Foundation Calls Out Open-Source Leechers (lien direct) |
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
|
|
|
|
|
2022-01-10 15:50:13 |
U.S. Government Issues Warning Over Commercial Surveillance Tools (lien direct) |
The U.S. State Department and the National Counterintelligence and Security Center (NCSC) on Friday issued a warning over the use of commercial surveillance tools.
|
|
|
|