What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-05 19:07:54 | Tech Titans Join US Cyber Team to Fight Ransomware (lien direct) | US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers. | Ransomware | ||
|
2021-08-05 17:57:20 | U.S. Infrastructure Bill Allocates $2 Billion to Cybersecurity (lien direct) | 
|
|||
|
2021-08-05 16:39:36 | Microsoft Launches JIT-Free \'Super Duper Secure Mode\' Edge Browser Experiment (lien direct) | Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance. | |||
|
2021-08-05 15:48:35 | Iran-Linked Hackers Expand Arsenal With New Android Backdoor (lien direct) | The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM's X-Force threat intelligence team. | Threat Conference | APT 35 APT 35 | |
|
2021-08-05 13:40:20 | Cisco Patches Critical Vulnerability in Small Business VPN Routers (lien direct) | Cisco on Wednesday announced the release of patches for a critical vulnerability in small business VPN routers that could allow unauthenticated attackers to execute arbitrary code on affected devices. | Vulnerability | ||
|
2021-08-05 13:24:37 | China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems (lien direct) | A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems (ICS). | |||
|
2021-08-05 12:30:00 | Security is a Big Data Problem, and It\'s Getting Bigger (lien direct) | Solving security's big data problem is about prioritized data flow, continuously processing data for analysis and translating and exporting it to create a single security infrastructure | |||
|
2021-08-05 10:59:01 | Researchers Analyze Chinese Malware Used Against Russian Government (lien direct) | At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal. | Malware Threat | ||
|
2021-08-05 02:10:42 | Oregon Examines Spyware Investment Amid Controversy (lien direct) | The future ownership of an Israeli spyware company whose product has been used to hack into the cellphones of journalists, human rights workers and possibly even heads of state is up in the air. | Hack | ||
|
2021-08-04 20:12:34 | Black Hat Keynote: Mobile Platforms \'Actively Obstructing\' Zero-Day Malware Hunters (lien direct) | Prominent security practitioner Matt Tait kicked off the annual Black Hat security conference Wednesday with a call for platform vendors to make major technology changes to help cope with the surge in major software supply chain attacks. | Malware | ||
|
2021-08-04 17:01:30 | Senate Report: Federal Agencies Still Have Poor Cybersecurity Practices (lien direct) | A bipartisan report released this week by the United States Senate's Homeland Security and Governmental Affairs Committee shows that key government agencies have made little progress in terms of cybersecurity over the past two years. | |||
|
2021-08-04 13:56:11 | New CISA and NSA Guidance Details Steps to Harden Kubernetes Systems (lien direct) | New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. | Uber | ||
|
2021-08-04 13:31:53 | ICS Vendors Address Vulnerabilities Affecting Widely Used Licensing Product (lien direct) | Industrial control systems (ICS) vendors and other organizations have published advisories to address a couple of serious denial of service (DoS) vulnerabilities affecting a widely used licensing and DRM solution made by Germany-based Wibu-Systems. | |||
|
2021-08-04 12:03:07 | Chinese Cyberspy Group APT31 Starts Targeting Russia (lien direct) | China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and - for the first time - Russia, according to enterprise cybersecurity firm Positive Technologies. | Malware | APT 31 | |
|
2021-08-04 11:08:07 | Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions (lien direct) | A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties. | |||
|
2021-08-04 10:18:03 | Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors (lien direct) | Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology (OT) vendors. The vulnerabilities are collectively tracked as INFRA:HALT. | |||
|
2021-08-03 16:15:35 | Google Patches High-Risk Android Security Flaws (lien direct) | Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. | |||
|
2021-08-03 16:09:53 | Mismanagement Driving Cybersecurity Skills Gap: Research (lien direct) | “To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” | |||
|
2021-08-03 15:15:21 | SAP Customer Survey Reveals False Sense of Security (lien direct) | Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP customers in the United States, Europe and Asia. | |||
|
2021-08-03 13:46:00 | Finite State Raises $30 Million in Series B Funding (lien direct) | Connected device security provider Finite State on Monday announced that it has raised $30 million in Series B funding. To date, the company has raised $49.5 million. The funding round was led by Energize Ventures. Merlin Ventures and Schneider Electric Ventures also participated. | |||
|
2021-08-03 12:42:59 | Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software (lien direct) | Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices. FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics capabilities. | Vulnerability | ||
|
2021-08-03 04:00:51 | DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos (lien direct) | Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27). | Threat | APT 30 APT 27 | |
|
2021-08-02 16:53:54 | Potential RCE Flaw Patched in PyPI\'s GitHub Repository (lien direct) | A vulnerability in the GitHub Actions workflow for PyPI's source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher. | Vulnerability | ||
|
2021-08-02 16:03:11 | OT Security Firm Nozomi Networks Raises $100 Million (lien direct) | Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in Series D pre-IPO-funding round. | |||
|
2021-08-02 15:20:49 | Chipotle\'s Email Marketing Account Hacked to Spread Malware (lien direct) | Nobelium-style Phishing Tactics Used to Spread Malware | Malware | ||
|
2021-08-02 14:51:35 | (Déjà vu) Cybersecurity M&A Roundup: 38 Deals Announced in July 2021 (lien direct) | 
Nearly 40 cybersecurity-related mergers and acquisitions were announced in July 2021.
|
|||
|
2021-08-02 13:07:17 | Cisco, Sonatype and Others Join Open Source Security Foundation (lien direct) | The Open Source Security Foundation (OpenSSF), the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift. | |||
|
2021-08-02 12:45:35 | Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy (lien direct) | Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU's data protection rules, the online retail giant said Friday. | |||
|
2021-08-02 11:30:54 | NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public (lien direct) | The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings. | ★★★★ | ||
|
2021-08-02 10:01:17 | Zoom to Settle US Privacy Lawsuit for $85 Mn (lien direct) | Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions. | |||
|
2021-08-01 14:21:58 | Justice Department Says Russians Hacked Federal Prosecutors (lien direct) | The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors' offices around the country last year, the Justice Department said. | |||
|
2021-07-30 15:29:39 | Android Banking Trojan \'Vultur\' Abusing Accessibility Services (lien direct) | A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric. | |||
|
2021-07-30 15:25:25 | Russia\'s APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying (lien direct) | The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments. | Malware | APT 29 APT 29 | |
|
2021-07-30 14:07:11 | New Chinese Threat Group \'GhostEmperor\' Targets Governments, Telecom Firms (lien direct) | A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals. Tracked as GhostEmperor, the long-running operation focuses on targets in Southeast Asia and uses a formerly unknown Windows kernel-mode rootkit. | Threat | ||
|
2021-07-30 13:57:52 | Window of Exposure is Expanding and Hackers Know Exactly Where to Strike (lien direct) | For the last 15 years, researchers have produced an annual State of Application Security report. But in the last 18 pandemic driven months, they told SecurityWeek, “the world has turned on its head.” Both application development and use, and subsequent software compromises have grown dramatically. | |||
|
2021-07-30 12:40:57 | Remote Code Execution Flaws Patched in WordPress Download Manager Plugin (lien direct) | A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns. | Vulnerability | ||
|
2021-07-30 11:57:59 | Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks (lien direct) | Microsoft has shared more information on how organizations can protect Windows domain controllers and other Windows servers against potential PetitPotam attacks. | |||
|
2021-07-30 11:07:46 | 21-Year-Old Woman Pleads Guilty to Sending Phishing Emails to Political Candidates (lien direct) | A 21-year-old Rhode Island woman has pleaded guilty to targeting candidates for political office and their campaign staff with phishing emails. The woman, Diana Lebeau, of Cranston, R.I., admitted in court to sending phishing emails to roughly 22 members of the campaign staff of a political candidate, posing as the campaign's managers or co-chairs. | Guideline | ||
|
2021-07-30 10:42:20 | S.Africa\'s Port Terminals Restored Following Cyber-Attack (lien direct) | Operating systems have been restored at South Africa's state-owned logistics firm, the company said Thursday following a cyber-attack last week that hit the country's key port terminals. | |||
|
2021-07-30 09:20:47 | Belarusian Nationals Arrested for Hacking ATMs Across Europe (lien direct) | Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks. The two are believed to have committed dozens of ATM jackpotting attacks (also known as Black Box attacks) in several European countries, stealing an estimated €230,000 (approximately $273,000) in cash. | |||
|
2021-07-29 17:02:39 | Researchers Publish Details on Recent Critical Hyper-V Vulnerability (lien direct) | Security researchers at Guardicore Labs are sharing details of a critical vulnerability in Hyper-V that Microsoft patched in May 2021. | Vulnerability | ||
|
2021-07-29 15:37:25 | How Low-level Hackers Access High-end Malware (lien direct) | Hacking tool downloads from underground forums are increasing, and the tools are becoming more sophisticated; low-level hackers are gaining access to hacked versions of sophisticated tools; access broking is growing; and existing tools are repurposed for more aggressive attacks. | Malware Tool | ||
|
2021-07-29 15:19:19 | BlackCloak Raises $11 Million for Its Executive Protection Platform (lien direct) | BlackCloak, a company that provides cyber protection services for corporate executives and high-profile individuals, on Thursday announced that it has raised $11 million in a Series A funding round. | |||
|
2021-07-29 14:30:47 | Leaked Files From Offensive Cyber Unit Show Iran\'s Interest in Targeting ICS (lien direct) | 
|
|||
|
2021-07-29 14:14:40 | Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers (lien direct) | Regularly rebooting smartphones can make even the most sophisticated hackers work harder to maintain access and steal data from a phone | |||
|
2021-07-29 13:56:04 | MSSP SolCyber Emerges From Stealth With $20 Million Series A Funding (lien direct) | SolCyber has emerged from stealth with $20 million in Series A funding from ForgePoint Capital, claiming to be the first modern MSSP for the mid-market. Venture funding for an MSSP is not unknown, but not common. It indicates that VC has confidence that the MSSP can grow into a sizeable firm. | |||
|
2021-07-29 13:30:28 | Protect: The Second Pillar in Your Journey to Improve Industrial Cybersecurity Posture (lien direct) | In the last year, the National Security Agency (NSA) had ramped up its warnings on the risks of connecting industrial networks to IT networks issuing two cybersecurity advisories, the most recent just 10 days prior to the Colonial Pipeline disruption. Now, with the stakes raised and proof that our critical infrastructure is an easy target, the U.S. government is taking immediate action. | |||
|
2021-07-29 13:01:21 | Researchers Link Mysterious \'MeteorExpress\' Wiper to Iranian Train Cyberattack (lien direct) | Security researchers at SentinelOne have stumbled upon a hitherto unknown data-wiping malware that was part of a disruptive cyberattack against Iran's train system earlier this month. | Malware | ||
|
2021-07-29 12:42:15 | LogicGate Raises $113 Million in Series C Funding (lien direct) | Risk and compliance solutions provider LogicGate this week announced that it has raised $113 million in a Series C funding round, bringing the total raised by the company to $156 million. The funding round was led by growth equity firm PSG, with participation from existing investor Greenspring Associates. | ★★★ | ||
|
2021-07-29 11:11:51 | Google Details New Privacy and Security Policies for Android Apps (lien direct) | Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization. |
To see everything:
Our RSS (filtrered)
