Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 16:08:38 |
As You Modernize Your SOC, Remember the Human Element (lien direct) |
As Security Operations Centers (SOCs) mature, they need to tackle some tough challenges with respect to data, systems and people
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 15:59:46 |
AV Under Attack: Trend Micro Confirms Apex One Exploitation (lien direct) |
Anti-malware vendor Trend Micro is warning that attackers are attempting to exploit a previously patched vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 14:24:24 |
Webinar Today: DDoS Attack Trends and Mitigation Strategies (lien direct) |
Live Webinar: April 22nd at 2PM ET - Register to Join
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 14:12:13 |
The Logistics Supply Chain is Being Targeted by Both Cybercriminals and Nation States (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 13:18:30 |
Targeting Remote Learning: Defending Against Cyberattacks in our Schools (lien direct) |
A return to normal does not mean that IT administrators can take their eye off the ball regarding cybersecurity
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 13:10:09 |
Signal Says Cellebrite Mobile Device Analysis Products Can Be Hacked (lien direct) |
Cellebrite's forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to privacy-focused messaging service Signal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 10:53:57 |
Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software (lien direct) |
Industrial automation giant Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco's IOS XE software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-22 00:16:35 |
Massive Android Botnet Hits Smart TV Ad Ecosystem (lien direct) |
Security researchers at Human Security (formerly White Ops) have discovered a massive botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 18:57:08 |
Facebook Says Palestinian Intelligence Used Platform to Spy on Citizens (lien direct) |
Facebook said Wednesday it had disabled accounts used by the Palestinian Authority's internal intelligence organisation to spy on journalists, human rights activists and political opponents.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 18:55:00 |
US Takes New Aim at Ransomware After Most Costly Year (lien direct) |
The Justice Department is taking new aim at ransomware after a year that officials say was the most costly on record for the crippling cyberattacks.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 16:59:40 |
How Not to Micromanage Talented Employees (lien direct) |
While it can be a difficult, it is worth taking the time to avoid slipping into micromanagement
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 14:25:25 |
(Déjà vu) SaaS Application Security Firm AppOmni Raises $40 Million (lien direct) |
SaaS security management company AppOmni on Wednesday announced that it has raised $40 million in a Series B funding round, which brings its total funding to more than $53 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 13:46:02 |
Vulnerability in CocoaPod Dependency Manager Exposed Millions of Apps (lien direct) |
A remote code execution vulnerability identified on the central CocoaPods server could have allowed an attacker to poison any package download, security researcher Max Justicz reveals.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 12:26:53 |
Over 580 WordPress Vulnerabilities Disclosed in 2020: Report (lien direct) |
Over 96% of WordPress Vulnerabilities Disclosed in 2020 Affected Third-Party Code
More than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of them impact third-party plugins and themes rather than the WordPress core, according to a new report from website security company Patchstack (formerly WebARX).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 12:02:07 |
Oracle Delivers 390 Security Fixes With April 2021 CPU (lien direct) |
Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update (CPU), including patches for more than 200 bugs that could be exploited remotely without authentication.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 11:58:21 |
EU Unveils AI Rules to Tackle Big Brother Fears (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-21 08:54:03 |
Three Zero-Day Flaws in SonicWall Email Security Product Exploited in Attacks (lien direct) |
SonicWall's Email Security product is affected by three vulnerabilities that have been exploited in attacks. It took the vendor roughly two weeks to start releasing patches, but a public warning about active exploitation came only 25 days after it learned about the attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 22:09:25 |
Google Chrome Hit in Another Mysterious Zero-Day Attack (lien direct) |
Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 21:23:18 |
Pulse Secure Zero-Day Flaw Actively Exploited in Attacks (lien direct) |
Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 19:48:53 |
Passwordless Authentication Firm HYPR Raises $35 Million (lien direct) |
HYPR, a company that provides a cloud-based passwordless authentication platform, has raised $35 million in a Series C financing, doubling the company's total funding to more than $70 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 17:15:13 |
Japan Says Chinese Military Likely Behind Cyberattacks (lien direct) |
Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country's space agency, by a hacking group believed to be linked to the Chinese military, the government said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 15:09:05 |
Firefox 88 Combats Cross-Site Tracking to Improve User Privacy (lien direct) |
Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window.name property to the website that created it.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 14:23:22 |
US Takes Steps to Protect Electric System From Cyberattacks (lien direct) |
The Biden administration is taking steps to protect the country's electric system from cyberattacks through a new 100-day initiative combining federal government agencies and private industry.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 13:48:54 |
Druva Raises $147 Million at $2 Billion Valuation (lien direct) |
California-based cloud data protection and management firm Druva on Monday announced raising another $147 million, which brings the company's valuation to more than $2 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 13:06:43 |
SaaS Security Company Grip Security Emerges From Stealth (lien direct) |
SaaS security company Grip Security on Tuesday emerged from stealth mode and announced raising $6 million in seed funding.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 12:27:09 |
Auto Insurance Giant GEICO Discloses Data Breach (lien direct) |
American auto insurance provider GEICO has disclosed a cyber-incident that resulted in driver's license numbers being compromised.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 11:28:37 |
Mastercard Acquires Digital Identity Verification Firm Ekata for $850 Million (lien direct) |
Mastercard on Monday announced that it's acquiring digital identity verification company Ekata for $850 million.
The acquisition of Seattle-based Ekata is part of Mastercard's plan to boost its identity verification capabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-20 01:25:36 |
Supreme Court Asked to Give Access to Secretive Court\'s Work (lien direct) |
Civil liberties groups are asking the Supreme Court to give the public access to opinions of the secretive court that reviews bulk email collection, warrantless internet searches and other government surveillance programs.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 20:10:13 |
Russian Security Vendor Positive Technologies Dropped From MAPP Member List (lien direct) |
Following sanctions announced by the U.S. Department of the Treasury last week, Russian cyber-security firm Positive Technologies says the accusations are groundless.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 20:03:23 |
WordPress 5.7.1 Patches XXE Flaw in PHP 8 (lien direct) |
WordPress has released version 5.7.1 of its popular content management system (CMS), which brings more than 25 bug fixes, including patches for two security vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 11:39:45 |
Member of FIN7 Hacking Group Sentenced to US Prison (lien direct) |
A Ukrainian national arrested for his role in a hacking group that compromised millions of financial accounts was sentenced to a decade in prison, US prosecutors said Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 11:03:50 |
(Déjà vu) Cybersecurity M&A Roundup for April 12-18, 2021 (lien direct) |
Several cybersecurity-related acquisitions and mergers were announced in the week of April 12-18, 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 11:00:54 |
FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities (lien direct) |
Former Chairman of the Federal Communications Commission (FCC), Ajit Pai, resigned on the day of President Biden's inauguration. He was replaced by Acting Chairwoman Jessica Rosenworcel, who last month delivered her first major action by fining Texas based telemarketers a record $225 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 10:29:21 |
SolarWinds Hacking Campaign Puts Microsoft in the Hot Seat (lien direct) |
The sprawling hacking campaign deemed a grave threat to U.S.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 09:53:41 |
Europol Report Highlights Pandemic\'s Effect on Cybercrime (lien direct) |
Europol's Serious Organized Crime Threat Assessment report 2021 summarizes the criminal threat of the last four years and provides insights into what to expect over the next four years. While focused on Europe, it will not be substantively different to other areas of the globe.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-19 08:48:50 |
PlexTrac Raises $10 Million for Its Purple Teaming Platform (lien direct) |
PlexTrac, a company that provides information security management solutions for security teams, last week announced closing a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group, with participation from StageDotO Ventures.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 17:29:57 |
Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks (lien direct) |
Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 14:39:13 |
How the Kremlin Provides a Safe Harbor for Ransomware (lien direct) |
A global epidemic of digital extortion known as ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcement has been largely powerless to stop it.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 14:04:26 |
Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices (lien direct) |
A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 13:31:56 |
Industry Reactions to FBI Cleaning Up Hacked Exchange Servers: Feedback Friday (lien direct) |
U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 12:22:52 |
More Countries Officially Blame Russia for SolarWinds Attack (lien direct) |
The United Kingdom, Canada, the European Union and NATO have expressed support for the United States in blaming Russia for the cyberattack on IT management company SolarWinds, which impacted organizations worldwide.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 11:57:45 |
Sanctioned Russian IT Firm Was Partner With Microsoft, IBM (lien direct) |
The Treasury Department on Thursday slapped six Russian technology companies with sanctions for supporting Kremlin intelligence agencies engaged in “dangerous and disruptive cyber attacks.”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 10:47:41 |
Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy (lien direct) |
Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 08:28:22 |
Google Broke Australian Law Over Location Data Collection: Court (lien direct) |
Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 02:47:55 |
Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack (lien direct) |
Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world.
|
Hack
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-16 02:01:40 |
Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding (lien direct) |
Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-15 17:57:30 |
Domain Name Security Neglected by U.S. Energy Companies: Report (lien direct) |
A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-15 17:29:21 |
IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain (lien direct) |
More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-15 14:30:54 |
Reddit Launches Public Bug Bounty Program (lien direct) |
Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne.
Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-15 14:15:13 |
NSA: Russian Hackers Exploiting VPN Vulnerabilities - Patch Immediately (lien direct) |
The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.
|
|
|
|