Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-06 13:05:54 |
MDR Firm Huntress Raises $40 Million in Series B Funding Round (lien direct) |
Managed detection and response (MDR) solutions provider Huntress on Thursday announced raising $40 million in a Series B funding round, which brings the total raised by the company to $60 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-06 12:28:47 |
Cisco Patches Critical Flaws in SD-WAN, HyperFlex HX Products (lien direct) |
Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-06 11:30:27 |
Cybersecurity Experts Share Thoughts for World Password Day (lien direct) |
World Password Day was created by Intel in 2013 to raise awareness of the need for strong passwords, but many experts now use the occasion to urge organizations to replace passwords with other, more secure authentication methods.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-06 11:05:59 |
Microsoft Pledges to Store European Cloud Data in EU (lien direct) |
US tech giant Microsoft pledged Thursday to process and store all European cloud-based client data in the European Union amid unease in the region over the reach of US legislation on personal data collection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-06 10:56:36 |
Attackers Use Obscurity, Enterprises Should Too (lien direct) |
As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform basic reconnaissance.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-06 02:07:57 |
States Push Back Against Use of Facial Recognition by Police (lien direct) |
Law enforcement agencies across the U.S. have used facial recognition technology to solve homicides and bust human traffickers, but concern about its accuracy and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 19:09:32 |
DOD Expands Vulnerability Disclosure Program to Web-Facing Targets (lien direct) |
The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 14:39:09 |
3 Steps to Disrupt Threat Actors Selling Access to Your Environment (lien direct) |
Unmasking a threat actor at an individual level could help you to gain more context, determine why the attack occurred, and quantify future risk
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 13:41:32 |
Red Hat Open-Sourcing StackRox Security Technology (lien direct) |
Red Hat this week announced that it's taking the first steps towards open-sourcing the StackRox container security product for Kubernetes.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 13:35:53 |
Cymulate Raises $45 Million to Grow Its Attack Simulation Platform (lien direct) |
Israeli cybersecurity testing firm Cymulate announced today that it has raised $45 million through a Series C funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 13:19:04 |
Chrome for Windows Gets Hardware-enforced Exploitation Protection (lien direct) |
Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology
Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 12:34:14 |
U.S. Organizations Targeted by New Cybercrime Group With Sophisticated Malware (lien direct) |
A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday.
|
Malware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 10:41:13 |
Cyber Asset Management Startup JupiterOne Raises $30 Million (lien direct) |
Cyber asset management and governance solutions provider JupiterOne on Tuesday announced that it raised $30 million in Series B funding, which brings the total raised by the company to more than $49 million.
The funding round was led by Sapphire Ventures, with participation from previous investor Bain Capital Ventures.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 10:02:31 |
The VC View: Cloud Security and Compliance (lien direct) |
I'm glad this column is coming out now instead of earlier this year. Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups!
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 04:00:39 |
Android Updates for May 2021 Patch Over 40 Vulnerabilities (lien direct) |
The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 02:16:15 |
Belgian Government, Parliament, Colleges Hit by Cyberattack (lien direct) |
The company providing internet services for Belgium's parliament, government agencies, universities and scientific institutions said Tuesday that its network was under cyberattack, with connections to several customers disrupted.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-05 01:09:37 |
ID Verification Platform Provider Persona Raises $50 Million (lien direct) |
Armed with $68 million in funding to date, the company plans to double its team and scale up its business
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 19:31:55 |
Qualys Flags Gaping Security Holes in Exim Mail Server (lien direct) |
Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 15:10:25 |
High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices (lien direct) |
Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 15:07:25 |
New Variant of Buer Malware Loader Written in Rust to Evade Detection (lien direct) |
A new variant of the Buer malware loader has been detected, written in Rust. The original version is written in C. Rust is efficient, easy-to-use, and an increasingly popular programming language – Microsoft uses it, and joined the Rust Foundation in February 2021.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 13:26:45 |
Trend Micro Unveils New OT Endpoint Security Solution Made by TXOne (lien direct) |
Cybersecurity firm Trend Micro on Monday announced a new endpoint security solution developed by TXOne Networks for devices in operational technology (OT) environments.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 12:09:11 |
Acronis Raises $250 Million at $2.5 Billion Valuation (lien direct) |
Cyber protection solutions provider Acronis on Tuesday announced that it has raised $250 million at a valuation of $2.5 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 08:39:43 |
ATT&CK v9 Introduces Containers, Google Workspace (lien direct) |
MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-04 02:32:03 |
Apple Warns of New Zero-Day Attacks on iOS, MacOS (lien direct) |
Apple's problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and MacOS devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 19:07:18 |
Alaska Court System Briefly Forced Offline Amid Cyber Threat (lien direct) |
The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 16:26:25 |
Pulse Secure Ships Belated Fix for VPN Zero-Day (lien direct) |
Embattled VPN technology vendor Pulse Secure on Monday updated an “out-of-cycle” advisory with patches for four major security vulnerabilities, including belated cover for an issue that's already been exploited by advanced threat actors.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 13:22:12 |
(Déjà vu) Cybersecurity M&A Roundup: 30 Deals Announced in April 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 12:29:06 |
Tesla Car Hacked Remotely From Drone via Zero-Click Exploit (lien direct) |
Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. They carried out the attack from a drone.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 11:25:18 |
NSA Issues Guidance on Securing IT-OT Connectivity (lien direct) |
The U.S. National Security Agency (NSA) last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 11:06:19 |
The Anti-Fraud Lifecycle (lien direct) |
It is a known fact that cybercriminals choose the path of least resistance. Naturally, easy cashout methods with good returns are much more favorable than methods that are high risk, complicated or yield small profits. While this is not the only factor in determining how much fraud is committed through a certain vector (for example, it takes time for cashout methods to become public knowledge in cybercriminal circles and thus become widely adopted), it is a major aspect.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-05-03 00:59:25 |
Effort to Protect Consumer Data Privacy Stalls in Florida (lien direct) |
A campaign by Gov. Ron DeSantis to help Floridians regain ownership of the troves of data that companies collect came to a halt Friday, when state lawmakers could not agree on how tightly to limit how Big Data harvests and uses people's information.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 17:43:33 |
Unknown Chinese APT Targets Russian Defense Sector (lien direct) |
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 17:27:45 |
Task Force Calls for Aggressive US \'Anti-Ransomware\' Campaign (lien direct) |
A task force attached to the Institute for Security and Technology (IST) has released set of recommendations to combat the ransomware scourge currently hitting organizations around the world.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 14:57:36 |
Contract Tracing Breach Impacts Private Info of 72K People (lien direct) |
Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation, the state Health Department said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 14:38:22 |
Security Operations and Management Startup StrikeReady Emerges From Stealth (lien direct) |
Cloud-based security operations and management startup StrikeReady this week emerged from stealth mode after raising $3.6 million in seed funding.
Led by 11.2 Capital, the funding round also saw participation from Outlier Venture Capital and from various Silicon Valley angel investors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 14:03:48 |
SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched (lien direct) |
A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday.
|
Ransomware
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 11:10:55 |
Cybersecurity Community Unhappy With GitHub\'s Proposed Policy Updates (lien direct) |
GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 09:59:26 |
Dutch Government Pauses Coronavirus App Over Data Leak Fears (lien direct) |
The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 08:53:27 |
BIND Vulnerabilities Expose DNS Servers to Remote Attacks (lien direct) |
The Internet Systems Consortium (ISC) has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service (DoS) attacks and one possibly even for remote code execution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-30 00:54:59 |
Stealthy RotaJakiro Backdoor Targeting Linux Systems (lien direct) |
Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems. It has been undetected for at least three years, and operates as a backdoor.
Four samples have now been discovered, all using the same C2s. The earliest was discovered in 2018. None of the samples were labeled malware by VirusTotal.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 20:43:33 |
BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices (lien direct) |
Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 15:04:59 |
Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks (lien direct) |
F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM), but fixes are not available for all impacted versions.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 14:35:46 |
DigitalOcean Discloses Breach Involving Billing Information (lien direct) |
Cloud solutions provider DigitalOcean has started informing some customers that their billing information may have been compromised after someone exploited a vulnerability in the company's systems.
|
Vulnerability
|
APT 32
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 13:07:08 |
Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation (lien direct) |
Threat detection and response solutions provider Vectra AI on Thursday announced that it has raised $130 million at a valuation of $1.2 billion, which makes the company the latest cybersecurity unicorn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 12:40:30 |
Effective Security Needs to See and Interrupt Every Step in an Attack Chain (lien direct) |
The best defense in depth strategy should not include loading up your network with a plethora of point solutions
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 11:59:49 |
Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip (lien direct) |
Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 11:27:22 |
FluBot Android Malware Expected to Start Targeting U.S. (lien direct) |
The FluBot Android malware is spreading fast across Europe using an SMS package delivery scheme and it's soon expected to arrive in the United States as well, cybersecurity company Proofpoint warned this week.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 10:27:10 |
Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks (lien direct) |
Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 04:01:01 |
Chinese Cyberspies Target Military Organizations in Asia With New Malware (lien direct) |
A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-04-29 01:39:41 |
US Government Taking Creative Steps to Counter Cyberthreats (lien direct) |
An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it
|
Hack
Tool
|
|
|