Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-01-03 12:42:56 |
Israeli Media Outlets Hacked on Soleimani Killing Anniversary (lien direct) |
Two major Israeli media outlets were hacked early Monday with a threatening message that appeared linked to the killing of a top Iranian general two years ago.
|
|
|
|
|
2022-01-03 12:16:05 |
ACLU Demands Answers About Transit Agency Data Breach (lien direct) |
The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state's public bus service, including why the personal information of state employees who don't even work for the agency was compromised.
|
Data Breach
|
|
|
|
2022-01-03 11:01:52 |
(Déjà vu) Cybersecurity M&A Roundup: 35 Deals Announced in December 2021 (lien direct) |
|
|
|
|
|
2021-12-31 12:38:28 |
A New Year Will Bring New Targets: What to Look for in 2022 (lien direct) |
There's no way to put it nicely: cybercrime just continues to get worse as we become increasingly connected. 2020 was a banner year for ransomware – and by all accounts, it's almost certain that 2021 will top it. And as we move into 2022, not only do defenders need to put more scrutiny on the attack vectors they're already focused on, but now they will need to expand that view to new targets.
|
Ransomware
|
|
|
|
2021-12-30 14:27:22 |
What to Expect in 2022: Microservices Will Bring Macro Threats (lien direct) |
If not addressed in design and deployment, the risks with microservices can multiply since any application could be composed of hundreds of microservices
|
|
|
|
|
2021-12-29 17:44:14 |
LastPass Automated Warnings Linked to \'Credential Stuffing\' Attack (lien direct) |
Users of the popular LastPass password manager are being targeted in so-called “credential stuffing” attacks that use email addresses and passwords obtained from third-party breaches.
|
|
LastPass
|
★★★
|
|
2021-12-29 17:21:27 |
Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (lien direct) |
China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike's Falcon OverWatch team reports.
|
Hack
Vulnerability
|
|
|
|
2021-12-29 15:27:57 |
The Right to Work and Non-Competes in the Security Industry (lien direct) |
Those who actively threaten or work against the right to work act against the interests of the security community as a whole
|
|
|
|
|
2021-12-29 15:22:46 |
Storage Devices of Major Vendors Impacted by Encryption Software Flaws (lien direct) |
Storage devices from several major vendors are affected by vulnerabilities discovered by a researcher in third-party encryption software they all use.
|
|
|
|
|
2021-12-29 12:35:10 |
Another Remote Code Execution Vulnerability Patched in Log4j (lien direct) |
The developers of Log4j have patched another remote code execution vulnerability affecting the widely used logging utility.
|
Vulnerability
|
|
|
|
2021-12-29 11:38:59 |
Norwegian Media Firm Amedia Suffers Disruption Due to Cyberattack (lien direct) |
Norwegian media company Amedia on Tuesday announced that it fell victim to a cyberattack that forced it to shut down multiple systems.
The second largest media company in Norway, Amedia owns 50 local and regional online and printed newspapers, as well as the Avisenes Nyhetsbyrå news agency.
|
|
|
|
|
2021-12-29 11:13:27 |
Poland\'s Tusk Calls Spyware Use \'Crisis for Democracy\' (lien direct) |
Polish opposition leader Donald Tusk on Tuesday said reports the government spied on its opponents represented the country's biggest "crisis for democracy" since the end of communism.
|
Guideline
|
|
|
|
2021-12-28 19:23:29 |
Researchers Dive Into Equation Group Tool \'DoubleFeature\' (lien direct) |
Security researchers at Check Point are publicly documenting the Equation Group APT's DoubleFeature, a component of DanderSpritz post-exploitation framework.
|
Tool
|
|
|
|
2021-12-28 16:20:13 |
The Human Connection: A Mindset for the Coming Year (lien direct) |
I've written about people and the contributions they make on protecting our email and IT systems, but I'd like to shift focus this last article for 2021 towards a deeper but related topic: human connections.
|
|
|
|
|
2021-12-28 14:24:16 |
Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution (lien direct) |
Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines.
|
|
|
|
|
2021-12-28 13:26:44 |
State Workers to Be Paid on Time Despite Ransomware Attack (lien direct) |
State workers in West Virginia will be paid on time this week despite a ransomware attack that affected a software provider that helps manage the state's payroll system.
|
Ransomware
|
|
|
|
2021-12-28 11:51:50 |
Shutterfly Says Ransomware Attack Impacted Manufacturing (lien direct) |
Shutterfly, an online platform for photography and personalized products, has confirmed that some of its services have been affected by a ransomware attack.
|
Ransomware
|
|
|
|
2021-12-27 17:14:25 |
DuckDuckGo Signals Entry into Desktop Browser Market (lien direct) |
Gabriel Weinberg's DuckDuckGo is taking aim at the desktop browser market, betting that default privacy-centric settings will provide safer alternatives to Google's Chrome and Microsoft's Chromium-based Edge browsers.
|
|
|
|
|
2021-12-27 15:04:25 |
High-Risk Flaw Haunts Apache Server (lien direct) |
The Apache Software Foundation has released a new version of its flagship web server to patch a pair of security defects, one series enough to lead to remote code execution attacks.
|
Guideline
|
|
|
|
2021-12-27 14:37:09 |
IT Services Firm Inetum Discloses Ransomware Attack (lien direct) |
French IT services company Inetum Group revealed just before Christmas that it had fallen victim to a ransomware attack, but claimed that impact on its operations was limited.
|
Ransomware
|
|
|
|
2021-12-27 13:43:31 |
Jackson Public Schools Ups Cybersecurity After Hacker Attack (lien direct) |
The public school district in Mississippi's capital city is implementing new cybersecurity measures after hackers attacked its server last year.
Jackson Public Schools officials say attackers sought to encrypt files and have the district pay a ransom to return the files, WJTV reports.
|
|
|
|
|
2021-12-27 12:34:05 |
Organizations Targeted With Babuk-Based Rook Ransomware (lien direct) |
A piece of ransomware that emerged in late November has already made three victims, with the first of them hit less than a week after the malware was initially spotted.
|
Ransomware
Malware
|
|
|
|
2021-12-27 11:33:20 |
New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking (lien direct) |
Schneider Electric has patched several new vulnerabilities that expose its EVlink electric vehicle charging stations to remote hacker attacks.
|
|
|
★★
|
|
2021-12-27 09:50:13 |
Albanian Prime Minister Apologizes Over Database Leak (lien direct) |
Albania's prime minister on Thursday apologized for a big leak of personal records from a government database of state and private employees, which he said seems more like an inside job than a cyber attack.
|
|
|
|
|
2021-12-23 13:44:28 |
NVIDIA, HPE Products Affected by Log4j Vulnerabilities (lien direct) |
NVIDIA and Hewlett Packard Enterprise (HPE) have confirmed that some of their products are affected by the recently disclosed vulnerabilities in the Apache Log4j logging utility.
|
|
|
|
|
2021-12-23 13:16:57 |
Several Critical Vulnerabilities Found in myPRO HMI/SCADA Product (lien direct) |
A researcher has found a dozen vulnerabilities in the myPRO product of Czech industrial automation company mySCADA, including several flaws that have been assigned a critical severity rating.
|
|
|
|
|
2021-12-23 12:22:23 |
Microsoft Office Patch Bypassed for Malware Distribution in Apparent \'Dry Run\' (lien direct) |
Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability and leveraged it to briefly distribute Formbook malware, Sophos reports.
|
Malware
Vulnerability
|
|
|
|
2021-12-23 11:50:05 |
Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities (lien direct) |
Government agencies in the United States, Canada, the United Kingdom, Australia and New Zealand on Wednesday announced the release of a joint cybersecurity advisory to provide guidance on addressing the recently disclosed vulnerabilities affecting the widely used Log4j logging utility.
|
|
|
|
|
2021-12-23 11:16:52 |
400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company (lien direct) |
Monongalia Health System (Mon Health) this week disclosed a business email compromise (BEC) incident that was the result of unauthorized access to its email system.
|
|
|
|
|
2021-12-22 22:53:41 |
Research: Simulated Phishing Tests Make Organizations Less Secure (lien direct) |
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
|
|
|
★★★
|
|
2021-12-22 18:53:34 |
Microsoft Confirms \'NotLegit\' Azure Flaw Exposed Source Code Repositories (lien direct) |
Microsoft has quietly started notifying some Azure customers that a serious security vulnerability in the Azure App Service has caused the exposure of hundreds of source code repositories.
|
Vulnerability
|
|
|
|
2021-12-22 16:38:54 |
Ubisoft Confirms Unauthorized Access to \'Just Dance\' User Data (lien direct) |
French video game company Ubisoft this week confirmed that 'Just Dance' user data was compromised in a recent cybersecurity incident.
The data breach was the result of a misconfiguration that has since been corrected, but not before player data was accessed and potentially copied by a third party.
|
Data Breach
|
|
|
|
2021-12-22 15:53:07 |
CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date (lien direct) |
|
|
|
|
|
2021-12-22 15:27:14 |
Virginia Still Working to Fix Issues After Ransomware Attack (lien direct) |
The information technology agency that serves Virginia's legislature is still working to fix problems caused by a ransomware attack earlier this month, a state official said Tuesday.
|
Ransomware
|
|
|
|
2021-12-22 14:07:56 |
Targeted Links Used to Steal Tens of Millions in Global Scam Campaign (lien direct) |
By impersonating 121 brands, scammers managed to defraud users in over 90 countries of an estimated $80 million per month, Singapore-based threat hunting and intelligence firm Group-IB reveals.
|
Threat
|
|
|
|
2021-12-22 12:18:15 |
Poland Rejects Accusations of \'Political\' Spyware Use (lien direct) |
Poland on Tuesday rejected accusations that it had used Pegasus spying software for political ends after a top lawyer opposed to the current government said he had been targeted.
|
|
|
|
|
2021-12-22 11:47:11 |
Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw: Report (lien direct) |
China's Ministry of Industry and Information Technology (MIIT) said it will temporarily suspend its collaboration with Alibaba Cloud as a cyber threat intelligence partner due to the fact that the company did not inform the government first about the discovery of the Log4Shell vulnerability, according to local media reports.
|
Threat
|
|
|
|
2021-12-22 11:18:12 |
The Need for Survivable, Trustworthy Secure Systems (lien direct) |
Cybersecurity and cyber resilience measures are most effective when applied in concert
|
|
|
|
|
2021-12-22 11:02:49 |
PYSA Dominated the Ransomware Landscape in November: Report (lien direct) |
PYSA and Lockbit were the dominating threats in the ransomware landscape in November 2021, UK-based risk mitigation company NCC Group reports.
|
Ransomware
|
|
|
|
2021-12-22 09:47:29 |
Belgian Military in Five-Day Battle Against Cyberattack (lien direct) |
The Belgian military said on Tuesday it had been hit with a cyberattack five days ago and was still battling to restore affected parts of its system.
Military spokesman Olivier Severin told AFP that elements hit by last Thursday's attack, which contaminated services connected to the internet, were still being analysed and restored.
|
|
|
|
|
2021-12-21 14:10:55 |
Authorization and IAM Company PlainID Raises $75 Million in Series C Funding (lien direct) |
PlainID, a provider of authorization and identity and access management (IAM) solutions, today announced that it has raised $75 million in Series C funding, which brings the total raised to $96 million.
|
|
|
|
|
2021-12-21 13:32:42 |
Microsoft Urges Customers to Patch Recent Active Directory Vulnerabilities (lien direct) |
Microsoft on Monday released an alert on two Active Directory vulnerabilities addressed with the November 2021 Patch Tuesday updates, urging customers to install the available patches as soon as possible, to prevent potential compromise.
|
|
|
|
|
2021-12-21 13:17:58 |
No-Code Security Automation Company ContraForce Emerges From Stealth (lien direct) |
McKinney, Texas-based security automation and compliance solutions provider ContraForce on Tuesday announced emerging from stealth mode with $2 million in seed funding from cyber foundry DataTribe.
|
|
|
|
|
2021-12-21 12:36:55 |
Russian Hacker Extradited to US for Trading on Stolen Information (lien direct) |
A Russian national was extradited to the United States from Switzerland over the weekend, to face charges for his alleged role in a scheme whose participants traded on information stolen from hacked U.S. companies.
|
|
|
|
|
2021-12-21 12:19:11 |
Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors (lien direct) |
Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration.
|
Hack
|
|
|
|
2021-12-21 12:07:19 |
AP Exclusive: Polish Opposition Duo Hacked With NSO Spyware (lien direct) |
The aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.
|
|
|
|
|
2021-12-21 11:14:12 |
FBI Sees APTs Exploiting Recent ManageEngine Desktop Central Vulnerability (lien direct) |
The Federal Bureau of Investigation (FBI) has released an alert regarding the exploitation of a recent vulnerability in Zoho's ManageEngine Desktop Central product.
|
Vulnerability
|
|
|
|
2021-12-21 10:46:37 |
5 Ways to Reduce the Risk of Ransomware to Your OT Network (lien direct) |
In the last year and half, we've seen an unprecedented increase in ransomware attacks on Operational Technology (OT) networks. While this surge is generating a lot of press coverage, it was something that experts within our industry have been anticipating for a while.
|
Ransomware
|
|
|
|
2021-12-21 09:40:10 |
Facebook Patches Vulnerability Exposing Page Admin Identity (lien direct) |
Facebook paid a teenage researcher from Nepal a $4,750 bug bounty reward for a vulnerability that could have been exploited to uncover the identity of a page's administrator.
|
Vulnerability
|
|
|
|
2021-12-20 19:29:59 |
Google Finds 35,863 Java Packages Using Defective Log4j (lien direct) |
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
|
Patching
|
|
|