What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-26 19:52:04 | Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day (lien direct) | Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting a pair of security vulnerabilities. The patches -- contained in iOS 14.4 and iPadOS 14.4 -- are currently being pushed to mobile users via the automatic updating mechanism. | |||
|
2021-01-26 18:57:39 | More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack (lien direct) | Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it's unclear if it was specifically targeted. | Hack Threat | ||
|
2021-01-26 15:14:58 | NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks (lien direct) | A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis. | |||
|
2021-01-26 14:35:26 | Google Says Chrome Cookie Replacement Plan Making Progress (lien direct) | Google says it's making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials. | |||
|
2021-01-26 14:15:27 | Several DDoS Attack Records Broken in 2020 (lien direct) | Several companies that provide services for mitigating distributed denial-of-service (DDoS) attacks reported seeing records being broken in 2020. | |||
|
2021-01-26 12:51:17 | Australian Corporate Regulator Discloses Breach Involving Accellion Software (lien direct) | The Australian Securities and Investments Commission (ASIC) on Monday disclosed a security incident that involved Accellion software. | |||
|
2021-01-26 12:47:17 | CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO (lien direct) | 
|
|||
|
2021-01-26 11:39:34 | Crane Maker Palfinger Says Cyberattack Had \'Massive\' Impact on IT Infrastructure (lien direct) | Austria-based crane manufacturer Palfinger on Monday informed customers that its IT infrastructure suffered serious disruptions as a result of an “ongoing global cyber attack.” | |||
|
2021-01-26 01:44:26 | Google Warning: North Korean Gov Hackers Targeting Security Researchers (lien direct) | Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging to security researchers. | |||
|
2021-01-26 01:14:54 | South Carolina County Suffers Weekend Cyberattack (lien direct) | A coastal South Carolina county says hackers broke into its computer network over the weekend. A statement from Georgetown County's local government Monday said the county's computer network “suffered a major infrastructure breach over the weekend.” Most of the county's electronic systems, including emails, were impacted. | |||
|
2021-01-25 20:16:50 | Phishers Target C-Suite with Fake Office 365 Password Expiration Reports (lien direct) | An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro. | |||
|
2021-01-25 19:59:07 | Passwordless Authentication Provider Axiad Raises $20 Million (lien direct) | Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm from Invictus Growth Partners. | |||
|
2021-01-25 16:02:44 | Clothing Brand Bonobos Informs Users of Data Breach (lien direct) | Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised. | Data Breach | ||
|
2021-01-25 15:42:32 | Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems (lien direct) | American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems. | Ransomware | ||
|
2021-01-25 15:11:38 | CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability (lien direct) | One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface. | Vulnerability | ||
|
2021-01-25 14:24:50 | Russian Hack of US Agencies Exposed Supply Chain Weaknesses (lien direct) | The elite Russian hackers who gained access to computer systems of federal agencies last year didn't bother trying to break one by one into the networks of each department. | Hack | ||
|
2021-01-25 14:09:54 | Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product (lien direct) | Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon. | |||
|
2021-01-25 12:00:57 | Illinois Court Exposes More Than 323,000 Sensitive Records (lien direct) | Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court | |||
|
2021-01-23 20:23:10 | Chipmaker Intel Corp. Blames Internal Error on Data Leak (lien direct) | The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report early. It said its corporate network was not compromised. | |||
|
2021-01-23 12:07:19 | SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws (lien direct) | Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company's products. | Threat | ||
|
2021-01-22 17:53:59 | Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP (lien direct) | Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials. The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin. | |||
|
2021-01-22 16:03:09 | Biden Orders Intel Agencies to Provide Full Assessment of SolarWinds Hack (lien direct) | Just says into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government agencies and businesses. | Hack Guideline | ||
|
2021-01-22 16:02:33 | Intel\'s Early Earnings Release Triggered by Hack (lien direct) | U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020. | Hack | ||
|
2021-01-22 14:56:44 | Sophos: Crypto-Jacking Campaign Linked to Iranian Company (lien direct) | An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos. | |||
|
2021-01-22 13:28:38 | QNAP Warns NAS Users of \'dovecat\' Malware Attacks (lien direct) | QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.” | Malware | ||
|
2021-01-22 12:03:03 | Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks (lien direct) | Cybercriminals have been abusing unprotected servers running Microsoft's Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week. | |||
|
2021-01-21 17:45:17 | Enterprise Credentials Publicly Exposed by Cybercriminals (lien direct) | Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point. | |||
|
2021-01-21 16:13:50 | Drupal Updates Patch Another Vulnerability Related to Archive Files (lien direct) | Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library. | Vulnerability | ||
|
2021-01-21 15:39:37 | Multi-Cloud Network Security Provider Valtix Raises $12.5 Million (lien direct) | Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding. | |||
|
2021-01-21 15:25:39 | Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers (lien direct) | Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC). | Malware Threat | ||
|
2021-01-21 14:05:06 | Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products (lien direct) | Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS). | |||
|
2021-01-21 12:26:34 | Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover (lien direct) | Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user's email address. | |||
|
2021-01-21 04:52:12 | Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw (lien direct) | A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. | Vulnerability | ||
|
2021-01-20 17:18:21 | \'LuckyBoy\' Malvertising Campaign Hits iOS, Android, XBox Users (lien direct) | A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. | |||
|
2021-01-20 16:34:22 | In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track (lien direct) | Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders | Threat | ||
|
2021-01-20 16:04:58 | Snort 3 Becomes Generally Available (lien direct) | Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system (IPS/IDS). | |||
|
2021-01-20 15:42:10 | Oracle\'s January 2021 CPU Contains 329 New Security Patches (lien direct) | Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. | |||
|
2021-01-20 14:42:53 | Ransomware Took Heavy Toll on US in 2020: Researchers (lien direct) | Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report. | |||
|
2021-01-20 14:12:10 | Chrome 88 Drops Flash, Patches Critical Vulnerability (lien direct) | Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. | Vulnerability | ||
|
2021-01-20 13:12:56 | New \'FreakOut\' Malware Ensnares Linux Devices Into Botnet (lien direct) | A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service (DDoS) and crypto-mining attacks. | Malware | ||
|
2021-01-20 12:41:51 | Malwarebytes Targeted by SolarWinds Hackers (lien direct) | Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack. | |||
|
2021-01-20 11:37:44 | DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks (lien direct) | Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks. | |||
|
2021-01-19 19:04:57 | FireEye Releases New Open Source Tool in Response to SolarWinds Hack (lien direct) | FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. | Hack Tool Threat | ||
|
2021-01-19 18:25:55 | Hundreds of Networks Still Host Devices Infected With VPNFilter Malware (lien direct) | The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro. | Malware | VPNFilter VPNFilter | |
|
2021-01-19 14:12:55 | Microsoft Enables Automatic Remediation in Defender for Endpoint (lien direct) | Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews. | Threat | ||
|
2021-01-19 13:54:55 | SaaS Application Backup Firm Rewind Raises $15 Million (lien direct) | Backup-as-a-service (BaaS) provider Rewind on Tuesday announced it has raised $15 million in Series A funding. Founded in 2015, the Ottawa, Canada-based company helps customers secure business-critical software-as-a-service (SaaS) application and cloud data, and claims more than 80,000 organizations in over 100 countries rely on its solutions. | |||
|
2021-01-19 13:09:32 | SolarWinds Hackers Used \'Raindrop\' Malware for Lateral Movement (lien direct) | The threat group behind the supply chain attack that targeted Texas-based IT management company SolarWinds leveraged a piece of malware named Raindrop for lateral movement and deploying additional payloads, Broadcom-owned cybersecurity firm Symantec reported on Tuesday. | Malware Threat | Solardwinds | |
|
2021-01-19 12:33:32 | Swimlane Raises $40 Million to Expand SOAR Business (lien direct) | Swimlane, a provider of security orchestration, automation and response (SOAR) solutions, announced today that it has raised $40 million in growth funding. | |||
|
2021-01-19 12:07:05 | OpenWrt Informs Users of Forum Breach (lien direct) | The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend. | |||
|
2021-01-18 19:21:25 | FBI Warns of Employee Credential Phishing via Phone, Chat (lien direct) | The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. | Threat |
To see everything:
