Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-08 14:37:00 |
How China Exploits Social Media to Influence American Public (lien direct) |
The growth of Russia's attempts to manipulate American public opinion since 2015 is well known and documented. At heart, it is basic political propaganda -- which is an accepted tool of international diplomacy. Russia, however, is commonly perceived as having over-stepped the mark by actively seeking to sow discord, weaken western democracy, and influence elections.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-08 14:22:04 |
Slack, GitHub Abused by New SLUB Backdoor in Targeted Attacks (lien direct) |
Researchers from Trend Micro have come across a new piece of malware that abuses GitHub and Slack for command and control (C&C) communications.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-08 09:54:00 |
Google Discloses Actively Exploited Windows Vulnerability (lien direct) |
Google this week released information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw (CVE-2019-5786).
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-08 07:11:01 |
Zerodium Offers $500,000 for VMware ESXi, Microsoft Hyper-V Exploits (lien direct) |
Exploit acquisition firm Zerodium this week announced that it's prepared to pay up to $500,000 for VMware ESXi and Microsoft Hyper-V vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-08 05:59:01 |
Man Admits to Hacking Minnesota Databases Over Cop Acquittal (lien direct) |
A Minnesota man admitted Thursday that he hacked into state government databases in 2017 as an act of retaliation after the acquittal of an officer who fatally shot Philando Castile during a 2016 traffic stop.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 16:59:01 |
Study Finds Rampant Sale of SSL/TLS Certificates on Dark Web (lien direct) |
SSL and TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi, a company specializing in the protection of cryptographic keys and digital certificates
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 16:02:04 |
Four Steps to Begin Better Managing Your Digital Risk (lien direct) |
Four Steps Organizations Can Take to Begin Managing Their Digital Risk
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 15:50:02 |
Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte (lien direct) |
Report Shows Major Disconnect Between Cybersecurity and Cyber Everywhere in Digital Transformation
|
|
Deloitte
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 14:30:01 |
Hungarian Judge OKs Extradition of Portuguese Hacker (lien direct) |
A Portuguese man linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case will be extradited to his home country, a Hungarian court ruled Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 14:20:00 |
Cisco Patches Two Dozen Serious Flaws in Nexus Switches (lien direct) |
Cisco this week patched over two dozen serious vulnerabilities affecting its Nexus switches, including flaws that can be exploited for denial-of-service (DoS) attacks, arbitrary code execution, and privilege escalation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 09:24:01 |
(Déjà vu) Several Industrial Automation Products Affected by WibuKey DRM Flaws (lien direct) |
The products of several industrial automation companies are affected by the recently disclosed vulnerabilities found in the WibuKey digital rights management (DRM) solution from Wibu Systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 06:49:01 |
Iranian Hackers Caused Losses in Hundreds of Millions: Report (lien direct) |
Iranian hackers working to penetrate systems, businesses and governments around the world have caused hundreds of millions of dollars in damages, a report said Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 05:41:02 |
China\'s Huawei Sues US Over Federal Ban on Its Products (lien direct) |
Tech giant Huawei on Thursday opened a legal front in its counter-offensive against US warnings that it could aid Chinese intelligence services, filing suit to overturn a US law that bars federal agencies from buying its products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-07 00:10:01 |
Cybersecurity Startup PolySwarm Launches Malware Detection Marketplace (lien direct) |
Cybersecurity startup firm PolySwarm has officially launched at this year's RSAC. It describes itself as a 'VirusTotal replacement', and is an innovative malware detection marketplace based on blockchain contracts and virtual currency payments.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 23:56:03 |
Virsec Launches Application Memory Firewall (lien direct) |
Fileless attacks are increasing and are more likely to succeed than traditional file-based malware. Most defenses seek to detect them by recognizing anomalous behavior on the network -- but this is basically an after-the-event approach.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 19:01:04 |
Fortanix Releases Open Source SDK for Intel SGX Enclaves (lien direct) |
Runtime encryption company Fortanix has launched a free and open source software development kit (SDK) for building Intel Software Guard Extensions (SGX) applications.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 18:27:00 |
New CyberArk Solution Secures AWS Accounts (lien direct) |
Boston-based privileged access security provider CyberArk this week announced it can now automate detection, alerting and response for unmanaged and potentially risky Amazon Web Services (AWS) accounts.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 18:09:02 |
Google Patches Actively Exploited Chrome Vulnerability (lien direct) |
A vulnerability Google patched last week in the Chrome browser had been already exploited in the wild.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 16:58:03 |
Massive Singapore Healthcare Breach Linked to \'Whitefly\' Cyberspy Group (lien direct) |
A threat group that has been targeting organizations in Singapore since at least 2017 is likely behind the massive data breach suffered by SingHealth last year, Symantec reported on Wednesday.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 14:30:04 |
Secureworks Launches Orchestration and Automation Solution (lien direct) |
Cyber-security provider Secureworks this week announced it can now help organizations better protect their environments with its new Orchestration and Automation solution.
Announced at the RSA Conference 2019 in San Francisco, the new solution can reduce cyber-security workload and help organizations contain and eradicate threats.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 13:43:00 |
NTT Acquires WhiteHat Security (lien direct) |
NTT Security, the cybersecurity company of Japanese telecommunications giant NTT Group (Nippon Telegraph and Telephone Corporation) on Tuesday announced that it has entered a definitive agreement to acquire application security firm WhiteHat Security.
WhiteHat Security will become a wholly-owned subsidiary of NTT Security and will continue to operate independently.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 12:12:03 |
NSA Makes Reverse Engineering Tool Freely Available (lien direct) |
The United States National Security Agency (NSA) this week released its in-house reverse engineering tool Ghidra to the public, for free.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-06 07:18:00 |
Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software (lien direct) |
Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 19:08:00 |
BlackBerry Cylance Unveils Behavioral Analytics Solution (lien direct) |
BlackBerry Cylance, the company that resulted from BlackBerry's acquisition of Cylance, on Tuesday introduced CylancePERSONA, a proactive endpoint behavioral analytics solution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 18:34:05 |
Rush Health System Reports Data Breach Affecting 45,000 (lien direct) |
Rush System for Health says personal information from about 45,000 patients may have been compromised in a data breach.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 18:33:05 |
Armor Scientific Emerges From Stealth With Wearable Authentication Solution (lien direct) |
California-based Armor Scientific this week announced that it has emerged from stealth mode with an identity and authentication platform that combines wearable hardware and patent-pending middleware components.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 18:12:02 |
Huawei Opens Brussels Security Lab in Bid to Reassure EU (lien direct) |
Chinese tech company Huawei on Tuesday opened a cybersecurity lab in Brussels, the heart of the European Union, as it tries to win over government leaders and fight back U.S. allegations that its equipment poses a national security risk.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 15:30:05 |
Iran-Linked Hackers Use Python-Based Backdoor in Recent Attacks (lien direct) |
The Iran-linked Chafer threat group has used a new Python-based backdoor in November 2018 attacks targeting a Turkish government entity, Palo Alto Networks reveals.
|
Threat
Prediction
|
APT 39
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 14:06:05 |
Secure Data Storage Provider RackTop Systems Raises $15 Million (lien direct) |
Fulton, MD-based secure storage solutions provider RackTop Systems on Tuesday announced that it secured $15 million in a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 14:04:00 |
Comcast Acquires AI Cybersecurity Firm BluVector (lien direct) |
Media and telecommunications giant Comcast said it has acquired BluVector, a company that uses artificial intelligence (AI) and machine learning (ML) technology to help detect cyber threats.
The terms of the acquisition were not disclosed.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 13:28:00 |
New VMware Firewall Focuses on Known Good Behavior (lien direct) |
VMware on Tuesday announced the launch of a new internal firewall solution designed to reduce an organization's attack surface by focusing on known good behavior rather than attempting to chase potential threats.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 13:19:03 |
State-Sponsored Hackers Supporting China\'s Naval Modernization Efforts: Report (lien direct) |
APT40 Hackers Appear to be Supporting China's Belt and Road Initiative
|
Industrial
|
APT 40
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 11:41:03 |
Security Shifts Left to be Part of Software Development Best Practice: Report (lien direct) |
5,558 IT professionals from more than 150 countries involved in DevOps self-identified their level of maturity. What emerged from a subsequent survey was a close correlation between elite DevOps and DevSecOps -- there is a marked shift left for security in elite DevOps teams.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-05 06:44:05 |
Alphabet\'s Chronicle Launches Security Telemetry Platform (lien direct) |
Chronicle on Monday announced the launch of Backstory, a security telemetry platform that allows organizations to store and quickly analyze large amounts of data.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 22:02:04 |
CrowdStrike Launches EDR Solution for Mobile Devices (lien direct) |
Endpoint security firm CrowdStrike on Monday announced CrowdStrike Falcon for Mobile, an enterprise endpoint detection and response (EDR) solution for mobile devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 18:37:03 |
Microsoft Rolls Out Spectre Variant 2 Mitigations for Windows 10 (lien direct) |
Over the weekend, Microsoft started rolling out a new software update for Windows 10 devices to enable the Retpoline mitigations against Spectre attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 17:06:04 |
Tripwire Launches Industrial Cybersecurity Assessment Service (lien direct) |
Belden-owned Tripwire on Monday announced the availability of two new assessment services designed to help enterprises and industrial organizations find potentially dangerous vulnerabilities in their systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 16:10:04 |
KnowBe4 Announces New Funding Round at $800 Million Valuation (lien direct) |
Security awareness training firm KnowBe4 last week announced a Series C funding round that valued the company at more than $800 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 14:33:00 |
Eyeing Russia, EU Girds for Cyberthreats to Parliament Vote (lien direct) |
With campaigning for May's European Parliament elections shifting into high gear, security officials are preparing for potential attempts by Russia-linked hackers to sway the vote -- and potentially deepen divisions in the bloc.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 13:57:04 |
Better Security Not Sole Factor for Improved Breach Detection Times: FireEye (lien direct) |
Organizations are getting better at detecting breaches, but the positive trend observed last year has been attributed by experts not only to improved cybersecurity capabilities, but also an increase in the number of attacks that are quickly detected by victims.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 13:09:00 |
Cisco Publishes Annual CISO Benchmark Study (lien direct) |
A new survey of senior security leader attitudes and practices concentrates on 'anticipating the unknowns'. It's a clever choice of words. 'Anticipating' implies getting ahead of and being prepared for the unknowns -- which is different and more accurate than the more usual use of the word as simply 'expecting' the unknowns. This is the task of the security leader: to be prepared for the unknown rather than to wait for and respond to the unknown.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-04 06:52:03 |
Data Breach Cost Marriott $28 Million So Far (lien direct) |
The massive data breach disclosed by Marriott last year has cost the company $28 million to date, most of which has been covered by insurance, the hotel giant revealed last week in its earnings report for the last quarter of 2018.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-02 13:37:03 |
DDoS-for-Hire Service Admin Pleads Guilty (lien direct) |
An Illinois man pleaded guilty earlier this week for owning, administrating, and supporting an illegal booting service that launched millions of distributed denial of service attacks, the U.S. Department of Justice announced.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 19:46:03 |
Adobe Patches ColdFusion Vulnerability Exploited in the Wild (lien direct) |
Adobe has released out-of-band updates for its ColdFusion web application development platform to address a critical vulnerability that has been exploited in the wild.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 16:17:01 |
Two White Hats Earn Over $1 Million via Bug Bounty Programs (lien direct) |
Bug bounty platform HackerOne says two of its members have each earned more than $1 million by helping organizations find and fix vulnerabilities in their systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 14:05:00 |
Cobalt Strike Bug Exposes Attacker Servers (lien direct) |
A recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers, Fox-IT security researchers reveal.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 13:48:02 |
Cisco Patches Critical Vulnerability in Wireless Routers (lien direct) |
Cisco released security patches this week to address a Critical vulnerability in several wireless routers that allows an attacker to remotely execute code on the impacted devices.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 13:43:02 |
Wireshark 3.0.0 Released (lien direct) |
The Wireshark Foundation on Thursday announced the general availability of Wireshark 3.0.0, the newest release of the popular open-source packet analyzer.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 13:42:01 |
PoS Clients Targeted with Cobalt Strike, Card Scraping Malware (lien direct) |
Recent attacks against point-of-sale (PoS) thin clients around the world have been using card data scraping malware and the Cobalt Strike beacon, security firm Morphisec reveals.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-03-01 13:29:01 |
Magecart Hackers Change Tactics Following Public Exposure (lien direct) |
One of the multiple hacking groups operating under the "Magecart" umbrella has changed its tactics following a November 2018 report exposing their activity.
|
|
|
|