What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
SecurityWeek.webp 2021-12-28 19:23:29 Researchers Dive Into Equation Group Tool \'DoubleFeature\' (lien direct) Security researchers at Check Point are publicly documenting the Equation Group APT's DoubleFeature, a component of DanderSpritz post-exploitation framework. Tool
SecurityWeek.webp 2021-12-28 16:20:13 The Human Connection: A Mindset for the Coming Year (lien direct) I've written about people and the contributions they make on protecting our email and IT systems, but I'd like to shift focus this last article for 2021 towards a deeper but related topic: human connections.  
SecurityWeek.webp 2021-12-28 14:24:16 Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution (lien direct) Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines.
SecurityWeek.webp 2021-12-28 13:26:44 State Workers to Be Paid on Time Despite Ransomware Attack (lien direct) State workers in West Virginia will be paid on time this week despite a ransomware attack that affected a software provider that helps manage the state's payroll system. Ransomware
SecurityWeek.webp 2021-12-28 11:51:50 Shutterfly Says Ransomware Attack Impacted Manufacturing (lien direct) Shutterfly, an online platform for photography and personalized products, has confirmed that some of its services have been affected by a ransomware attack. Ransomware
SecurityWeek.webp 2021-12-27 17:14:25 DuckDuckGo Signals Entry into Desktop Browser Market (lien direct) Gabriel Weinberg's DuckDuckGo is taking aim at the desktop browser market, betting that default privacy-centric settings will provide safer alternatives to Google's Chrome and Microsoft's Chromium-based Edge browsers.
SecurityWeek.webp 2021-12-27 15:04:25 High-Risk Flaw Haunts Apache Server (lien direct) The Apache Software Foundation has released a new version of its flagship web server to patch a pair of security defects, one series enough to lead to remote code execution attacks. Guideline
SecurityWeek.webp 2021-12-27 14:37:09 IT Services Firm Inetum Discloses Ransomware Attack (lien direct) French IT services company Inetum Group revealed just before Christmas that it had fallen victim to a ransomware attack, but claimed that impact on its operations was limited. Ransomware
SecurityWeek.webp 2021-12-27 13:43:31 Jackson Public Schools Ups Cybersecurity After Hacker Attack (lien direct) The public school district in Mississippi's capital city is implementing new cybersecurity measures after hackers attacked its server last year. Jackson Public Schools officials say attackers sought to encrypt files and have the district pay a ransom to return the files, WJTV reports.
SecurityWeek.webp 2021-12-27 12:34:05 Organizations Targeted With Babuk-Based Rook Ransomware (lien direct) A piece of ransomware that emerged in late November has already made three victims, with the first of them hit less than a week after the malware was initially spotted. Ransomware Malware
SecurityWeek.webp 2021-12-27 11:33:20 New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking (lien direct) Schneider Electric has patched several new vulnerabilities that expose its EVlink electric vehicle charging stations to remote hacker attacks. ★★
SecurityWeek.webp 2021-12-27 09:50:13 Albanian Prime Minister Apologizes Over Database Leak (lien direct) Albania's prime minister on Thursday apologized for a big leak of personal records from a government database of state and private employees, which he said seems more like an inside job than a cyber attack.
SecurityWeek.webp 2021-12-23 13:44:28 NVIDIA, HPE Products Affected by Log4j Vulnerabilities (lien direct) NVIDIA and Hewlett Packard Enterprise (HPE) have confirmed that some of their products are affected by the recently disclosed vulnerabilities in the Apache Log4j logging utility.
SecurityWeek.webp 2021-12-23 13:16:57 Several Critical Vulnerabilities Found in myPRO HMI/SCADA Product (lien direct) A researcher has found a dozen vulnerabilities in the myPRO product of Czech industrial automation company mySCADA, including several flaws that have been assigned a critical severity rating.
SecurityWeek.webp 2021-12-23 12:22:23 Microsoft Office Patch Bypassed for Malware Distribution in Apparent \'Dry Run\' (lien direct) Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability and leveraged it to briefly distribute Formbook malware, Sophos reports. Malware Vulnerability
SecurityWeek.webp 2021-12-23 11:50:05 Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities (lien direct) Government agencies in the United States, Canada, the United Kingdom, Australia and New Zealand on Wednesday announced the release of a joint cybersecurity advisory to provide guidance on addressing the recently disclosed vulnerabilities affecting the widely used Log4j logging utility.
SecurityWeek.webp 2021-12-23 11:16:52 400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company (lien direct) Monongalia Health System (Mon Health) this week disclosed a business email compromise (BEC) incident that was the result of unauthorized access to its email system.
SecurityWeek.webp 2021-12-22 22:53:41 Research: Simulated Phishing Tests Make Organizations Less Secure (lien direct) A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse. ★★★
SecurityWeek.webp 2021-12-22 18:53:34 Microsoft Confirms \'NotLegit\' Azure Flaw Exposed Source Code Repositories (lien direct) Microsoft has quietly started notifying some Azure customers that a serious security vulnerability in the Azure App Service has caused the exposure of hundreds of source code repositories. Vulnerability
SecurityWeek.webp 2021-12-22 16:38:54 Ubisoft Confirms Unauthorized Access to \'Just Dance\' User Data (lien direct) French video game company Ubisoft this week confirmed that 'Just Dance' user data was compromised in a recent cybersecurity incident. The data breach was the result of a misconfiguration that has since been corrected, but not before player data was accessed and potentially copied by a third party. Data Breach
SecurityWeek.webp 2021-12-22 15:53:07 CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date (lien direct) US government agencies not hit by Log4Shell
SecurityWeek.webp 2021-12-22 15:27:14 Virginia Still Working to Fix Issues After Ransomware Attack (lien direct) The information technology agency that serves Virginia's legislature is still working to fix problems caused by a ransomware attack earlier this month, a state official said Tuesday. Ransomware
SecurityWeek.webp 2021-12-22 14:07:56 Targeted Links Used to Steal Tens of Millions in Global Scam Campaign (lien direct) By impersonating 121 brands, scammers managed to defraud users in over 90 countries of an estimated $80 million per month, Singapore-based threat hunting and intelligence firm Group-IB reveals. Threat
SecurityWeek.webp 2021-12-22 12:18:15 Poland Rejects Accusations of \'Political\' Spyware Use (lien direct) Poland on Tuesday rejected accusations that it had used Pegasus spying software for political ends after a top lawyer opposed to the current government said he had been targeted.
SecurityWeek.webp 2021-12-22 11:47:11 Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw: Report (lien direct) China's Ministry of Industry and Information Technology (MIIT) said it will temporarily suspend its collaboration with Alibaba Cloud as a cyber threat intelligence partner due to the fact that the company did not inform the government first about the discovery of the Log4Shell vulnerability, according to local media reports. Threat
SecurityWeek.webp 2021-12-22 11:18:12 The Need for Survivable, Trustworthy Secure Systems (lien direct) Cybersecurity and cyber resilience measures are most effective when applied in concert
SecurityWeek.webp 2021-12-22 11:02:49 PYSA Dominated the Ransomware Landscape in November: Report (lien direct) PYSA and Lockbit were the dominating threats in the ransomware landscape in November 2021, UK-based risk mitigation company NCC Group reports. Ransomware
SecurityWeek.webp 2021-12-22 09:47:29 Belgian Military in Five-Day Battle Against Cyberattack (lien direct) The Belgian military said on Tuesday it had been hit with a cyberattack five days ago and was still battling to restore affected parts of its system. Military spokesman Olivier Severin told AFP that elements hit by last Thursday's attack, which contaminated services connected to the internet, were still being analysed and restored.
SecurityWeek.webp 2021-12-21 14:10:55 Authorization and IAM Company PlainID Raises $75 Million in Series C Funding (lien direct) PlainID, a provider of authorization and identity and access management (IAM) solutions, today announced that it has raised $75 million in Series C funding, which brings the total raised to $96 million.
SecurityWeek.webp 2021-12-21 13:32:42 Microsoft Urges Customers to Patch Recent Active Directory Vulnerabilities (lien direct) Microsoft on Monday released an alert on two Active Directory vulnerabilities addressed with the November 2021 Patch Tuesday updates, urging customers to install the available patches as soon as possible, to prevent potential compromise.
SecurityWeek.webp 2021-12-21 13:17:58 No-Code Security Automation Company ContraForce Emerges From Stealth (lien direct) McKinney, Texas-based security automation and compliance solutions provider ContraForce on Tuesday announced emerging from stealth mode with $2 million in seed funding from cyber foundry DataTribe.
SecurityWeek.webp 2021-12-21 12:36:55 Russian Hacker Extradited to US for Trading on Stolen Information (lien direct) A Russian national was extradited to the United States from Switzerland over the weekend, to face charges for his alleged role in a scheme whose participants traded on information stolen from hacked U.S. companies.
SecurityWeek.webp 2021-12-21 12:19:11 Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors (lien direct) Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration. Hack
SecurityWeek.webp 2021-12-21 12:07:19 AP Exclusive: Polish Opposition Duo Hacked With NSO Spyware (lien direct) The aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.
SecurityWeek.webp 2021-12-21 11:14:12 FBI Sees APTs Exploiting Recent ManageEngine Desktop Central Vulnerability (lien direct) The Federal Bureau of Investigation (FBI) has released an alert regarding the exploitation of a recent vulnerability in Zoho's ManageEngine Desktop Central product. Vulnerability
SecurityWeek.webp 2021-12-21 10:46:37 5 Ways to Reduce the Risk of Ransomware to Your OT Network (lien direct) In the last year and half, we've seen an unprecedented increase in ransomware attacks on Operational Technology (OT) networks. While this surge is generating a lot of press coverage, it was something that experts within our industry have been anticipating for a while. Ransomware
SecurityWeek.webp 2021-12-21 09:40:10 Facebook Patches Vulnerability Exposing Page Admin Identity (lien direct) Facebook paid a teenage researcher from Nepal a $4,750 bug bounty reward for a vulnerability that could have been exploited to uncover the identity of a page's administrator. Vulnerability
SecurityWeek.webp 2021-12-20 19:29:59 Google Finds 35,863 Java Packages Using Defective Log4j (lien direct) The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts. Patching
SecurityWeek.webp 2021-12-20 17:19:34 Planning for the Future: What\'s Ahead in 2022 (lien direct) Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks
SecurityWeek.webp 2021-12-20 14:39:59 ZeroFox to Go Public in $1.4 Billion SPAC Deal (lien direct) Social media threat protection firm ZeroFox, announced on Monday that it would acquire incident response services firm IDX and become a publicly traded company via Merger with L&F Acquisition Corp. Threat
SecurityWeek.webp 2021-12-20 14:13:06 (Déjà vu) Cybersecurity M&A Roundup for December 13-19, 2021 (lien direct) Cybersecurity M&A Roundup for December 13-19 2021 Eight cybersecurity-related mergers and acquisitions were announced December 13-19, 2021.
SecurityWeek.webp 2021-12-20 14:06:28 VMware Patches Vulnerabilities in Workspace ONE Access (lien direct) Patches released by VMware to address a couple of vulnerabilities in the Workspace ONE Access authentication solution also resolve the recent Log4Shell security flaw.
SecurityWeek.webp 2021-12-20 12:03:05 Ransomware Operators Leak Data Stolen From Logistics Giant Hellmann (lien direct) Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.
SecurityWeek.webp 2021-12-20 11:47:42 Log4j Update Patches New Vulnerability That Allows DoS Attacks (lien direct) CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to mitigate the Log4j vulnerabilities. The announcement came just before the disclosure of a new flaw affecting the popular logging utility. Vulnerability
SecurityWeek.webp 2021-12-19 20:19:04 Ransomware Persists Even as High-Profile Attacks Have Slowed (lien direct) In the months since President Joe Biden warned Russia's Vladimir Putin that he needed to crack down on ransomware gangs in his country, there hasn't been a massive attack like the one last May that resulted in gasoline shortages. But that's small comfort to Ken Trzaska. Ransomware
SecurityWeek.webp 2021-12-17 19:43:13 Trend Micro Spots Chinese Hackers Targeting Transportation Sector (lien direct) Since the middle of 2020, a Chinese state-sponsored threat actor called 'Tropic Trooper' has been targeting transportation organizations and government entities related to transportation sector, Trend Micro reports. Threat APT 23
SecurityWeek.webp 2021-12-17 19:32:03 Citizen Lab Exposes Cytrox as Vendor Behind \'Predator\' iPhone Spyware (lien direct) The University of Toronto's Citizen Lab has discovered another player in the private sector mobile spyware business, fingering a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants.
SecurityWeek.webp 2021-12-17 18:36:52 Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability (lien direct) Severity of Second Log4j Vulnerability Increased to Critical  Russia has been added to the list of nation states targeting the recently disclosed Log4Shell vulnerability, with exploitation attempts linked to several of the country's cyberespionage groups. Vulnerability
SecurityWeek.webp 2021-12-17 15:29:14 Phorpiex Botnet Hijacked 3,000 Cryptocurrency Transactions (lien direct) Over the past five years, the Phorpiex botnet has managed to hijack approximately 3,000 cryptocurrency transactions, stealing at least hundreds of thousands of dollars, Check Point says.
SecurityWeek.webp 2021-12-17 14:14:50 VMware Patches Critical Flaw in Workspace ONE UEM Console (lien direct) VMware on Thursday announced the release of patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. Vulnerability
Last update at: 2024-07-15 20:08:45
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter