Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-12-17 14:14:50 |
VMware Patches Critical Flaw in Workspace ONE UEM Console (lien direct) |
VMware on Thursday announced the release of patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console.
|
Vulnerability
|
|
|
|
2021-12-17 12:47:04 |
Virginia Museum Shuts Down Website Amid IT Breach (lien direct) |
An information technology system security breach detected late last month prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation, the museum announced this week.
|
|
|
★★★★
|
|
2021-12-17 11:50:44 |
Sophisticated Noberus Ransomware First to Be Coded in Rust (lien direct) |
Symantec researchers have analyzed what appears to be the first ransomware family written in the Rust programming language.
|
Ransomware
|
|
|
|
2021-12-17 11:17:39 |
Spyware Find Highlights Depth of Hacker-for-Hire Industry (lien direct) |
Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry.
|
Guideline
|
|
|
|
2021-12-16 20:26:34 |
Meta Targets \'Cyber Mercenaries\' Using Facebook to Spy (lien direct) |
Facebook parent Meta announced Thursday the shutdown of some 1,500 accounts tied to "cyber mercenary" companies accused of spying on activists, dissidents and journalists worldwide on behalf of paying clients.
|
|
|
|
|
2021-12-16 18:39:40 |
Google Says NSO Pegasus Zero-Click \'Most Technically Sophisticated Exploit Ever Seen\' (lien direct) |
Security researchers at Google's Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations.
|
|
|
|
|
2021-12-16 16:59:13 |
Corellium Lands $25 Million Investment for Virtualization Tech (lien direct) |
Fresh off a high-profile legal triumph over Apple, virtualization technology startup Corellium is now enjoying the attention of investors with Paladin Capital Group leading a $25 million funding round.
|
Guideline
|
|
|
|
2021-12-16 16:18:47 |
Thousands of Industrial Systems Targeted With New \'PseudoManuscrypt\' Spyware (lien direct) |
Tens of thousands of devices around the world, including many industrial control systems (ICS) and government computers, have been targeted in what appears to be an espionage campaign that involves a new piece of malware dubbed PseudoManuscrypt, Kaspersky revealed on Thursday.
|
Malware
|
|
|
|
2021-12-16 15:13:42 |
Upskilling Cyber Defenders Requires a Readiness Environment (lien direct) |
The cybersecurity threat landscape never stands still. New threats and threat actors appear all the time. They are highly trained, well-funded, and leverage the newest tools to pursue some form of cybercrime - extortion, terrorism, data theft, the list goes on.
|
Threat
|
|
★★★★
|
|
2021-12-16 15:03:18 |
Iran-Linked APT Abuses Slack in Attacks on Asian Airline (lien direct) |
The Iran-linked advanced persistent threat (APT) actor MuddyWater was observed deploying a backdoor that abuses Slack on the network of an Asian airline, IBM Security X-Force reports.
|
Threat
|
|
★★★★★
|
|
2021-12-16 14:41:29 |
SecurityWeek Announces Virtual Cybersecurity Event Schedule for 2022 (lien direct) |
SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, today announced its official lineup of virtual cybersecurity events for 2022.
|
Guideline
|
|
|
|
2021-12-16 13:31:05 |
CISA Calls for Improved Critical Infrastructure Security (lien direct) |
The United States Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday called on critical infrastructure owners and operators to improve their security stance against malicious cyberattacks.
|
|
|
|
|
2021-12-16 13:08:18 |
North American Propane Distributor \'Superior Plus\' Discloses Ransomware Attack (lien direct) |
North American propane distributor Superior Plus this week announced that it had to shut down certain computer systems after falling victim to a ransomware attack.
The company says it discovered the breach on Sunday, December 12, and that, as a response, it took steps to mitigate impact on corporate data and operations.
|
Ransomware
|
|
|
|
2021-12-16 12:10:50 |
Threat Groups Reportedly Working on Log4Shell Worm (lien direct) |
Experts Comment on Concerns Related to Log4Shell Worm
|
|
|
|
|
2021-12-16 11:39:58 |
Iran-Linked Hackers Attack Israeli Targets: Company (lien direct) |
An Iran-linked hacking group attacked seven Israeli targets over a 24-hour period this week, an Israeli cybersecurity firm said, in the latest episode of cyberwarfare between the rival states.
|
|
|
|
|
2021-12-16 11:12:40 |
Noname Security Raises $135 Million at \'Unicorn\' Valuation (lien direct) |
API security platform Noname Security on Wednesday announced that it has become a cybersecurity unicorn after closing a $135 million Series C funding round.
|
|
|
|
|
2021-12-15 21:31:01 |
Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw (lien direct) |
If defenders needed any more urgency to patch and mitigate the explosive Log4j zero-day, along comes word that APT actors linked to China, Iran, North Korea and Turkey have already pounced and are actively exploiting the CVSS 10.0 vulnerability.
|
|
|
|
|
2021-12-15 20:57:52 |
Investors Bet Big on Cloud Security Startups Ermetic, Dazz (lien direct) |
Venture capital investors are continuing to bet big on cloud security technologies with two early-stage startups announcing a combined $130 million in funding for products to help businesses secure cloud deployments.
|
|
|
|
|
2021-12-15 20:33:05 |
US, Australia Agree to Share Phone, Text Records in Criminal Probes (lien direct) |
The United States and Australia signed an agreement Wednesday to ease access by their justice departments to digital phone and email records needed in criminal investigations.
|
|
|
|
|
2021-12-15 18:50:30 |
API Security Firm Cequence Raises $60 Million (lien direct) |
The rapid adoption of APIs to facilitate both digital transformation and the pandemic-related growth in online commerce has caused a rush to market. But as with all code produced and released in haste, there are frequent problems. Cyberattacks against APIs have become a growth area for cybercriminals.
|
|
|
|
|
2021-12-15 14:51:31 |
U.S. Government Launches \'Hack DHS\' Bug Bounty Program (lien direct) |
The United States Department of Homeland Security (DHS) this week announced the launch of a bug bounty program focused on identifying vulnerabilities in its systems.
|
|
|
|
|
2021-12-15 14:26:00 |
Industry Reactions to Log4Shell Vulnerability (lien direct) |
The widely used Log4j logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including profit-driven cybercriminals and state-sponsored groups.
|
Tool
Vulnerability
|
|
|
|
2021-12-15 14:04:56 |
Facebook Will Reward Researchers for Reporting Scraping Bugs (lien direct) |
Facebook Paid Out $2.3 Million in Bug Bounties in 2021
Social media giant Facebook today announced that it is expanding its bug bounty and data bounty programs to reward security researchers for reporting scraping vulnerabilities and databases.
|
|
|
|
|
2021-12-15 14:00:20 |
Railway Cybersecurity Firm Cylus Raises $30 Million (lien direct) |
Tel Aviv, Israel-based railway cybersecurity firm Cylus has raised $30 million in a Series B funding round led by U.S. firm Ibex Investors and joined by Vertex Growth Fund, Strides International Business, Magma Venture Partners, Vertex Ventures Israel, Zohar Zisapel, and Glenrock Israel.
|
|
|
|
|
2021-12-15 12:58:51 |
SAP Patches Log4Shell Vulnerability in 20 Applications (lien direct) |
German software maker SAP is scrambling to patch the Log4Shell vulnerability in its applications and has rolled out fixes for tens of other severe flaws in its products.
|
Vulnerability
|
|
|
|
2021-12-15 12:42:48 |
Recent Ransomware Trends Reinforce the Need for Cyber Hygiene, Collaboration (lien direct) |
It's no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ones we hear about. For every attack that makes the headlines, there are many more that don't.
|
Ransomware
|
|
|
|
2021-12-15 12:33:33 |
Sysdig Raises $350 Million at $2.5 Billion Valuation (lien direct) |
Container and cloud security company Sysdig on Wednesday announced raising $350 million in a Series G funding round, at a valuation of $2.5 billion.
|
|
|
|
|
2021-12-15 11:49:57 |
Log4Shell Tools and Resources for Defenders (lien direct) |
Type:
Story
Image:
Link:
Log4Shell Tools and Resources for Defenders - Continuously Updated
Log4Shell Tools and Resources for Defenders - Continuously Updated
|
|
|
|
|
2021-12-15 11:47:36 |
Problematic Log4j Functionality Disabled as More Security Issues Come to Light (lien direct) |
Developers of the widely used Apache Log4j Java-based logging tool have disabled problematic functionality as more security issues have come to light.
|
Tool
|
|
|
|
2021-12-15 09:40:31 |
Web Browsing Security Firm Guardio Raises $47 Million (lien direct) |
Web browsing protection tool Guardio on Tuesday announced that it came out of bootstrap mode with $47 million in funding.
Guardio's first ever investment round was led by Tiger Global. Cerca Partners, Emerge, Samsung Next, Union, and Vintage also participated.
|
Tool
|
|
|
|
2021-12-15 04:54:29 |
HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack (lien direct) |
HR management platform Ultimate Kronos Group (UKG) on Monday started notifying customers that it fell victim to a ransomware attack that took down multiple applications over the weekend.
|
Ransomware
|
|
|
|
2021-12-15 03:11:17 |
EXPLAINER: The Security Flaw That\'s Freaked Out the Internet (lien direct) |
Security pros say it's one of the worst computer vulnerabilities they've ever seen.
|
|
|
|
|
2021-12-15 02:13:24 |
Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (lien direct) |
Chinese and Iranian state actors are exploiting the recently disclosed “Log4Shell” vulnerability that has sparked chaos across the tech world, cybersecurity firm Mandiant warned late Tuesday.
|
Vulnerability
|
|
|
|
2021-12-14 21:30:34 |
Dan Kaminsky Inducted into Internet Hall of Fame (lien direct) |
Famed hacker Dan Kaminsky has been inducted in the Internet Society's Hall of Fame for his groundbreaking contributions to DNS (domain name system) security.
|
|
|
|
|
2021-12-14 19:17:57 |
Microsoft Patches 67 Security Flaws, Including Zero-Day Exploited by Emotet (lien direct) |
Microsoft's security response engine revved into overdrive this month with the release of patches for 67 documented Windows software vulnerabilities, including a zero-day bug that's already been exploited by one of the most professional and long lasting cybercrime gangs.
|
|
|
|
|
2021-12-14 18:32:27 |
Adobe Joins Security Patch Tuesday Frenzy (lien direct) |
Software maker Adobe has issued critical warnings for security vulnerabilities in multiple products running on Windows and macOS machines.
|
|
|
|
|
2021-12-14 16:00:24 |
Apple Patches Vulnerabilities That Earned Hackers $500,000 at Chinese Contest (lien direct) |
The iOS and macOS security updates released on Monday by Apple patch vulnerabilities that earned researchers more than $500,000 at a Chinese hacking contest earlier this year.
|
|
|
|
|
2021-12-14 14:11:35 |
Log4Shell Tools and Resources for Defenders - Continuously Updated (lien direct) |
The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.
|
Tool
Vulnerability
|
|
|
|
2021-12-14 13:30:39 |
Iranian APT Targets Middle East Telecoms Operators in Espionage Campaign (lien direct) |
A cyberespionage campaign targeting telecoms operators, IT services organizations, and a utility company in the Middle East and other parts of Asia has been linked to the Iran-nexus advanced persistent threat (APT) actor tracked as MuddyWater, Symantec reports.
|
Threat
|
|
|
|
2021-12-14 13:00:40 |
Officials: Virginia IT Agency Hit With Ransomware Attack (lien direct) |
The information technology agency that serves Virginia's legislature has been hit by a ransomware attack that has substantially affected its operations, state officials said Monday.
|
Ransomware
|
|
|
|
2021-12-14 12:16:40 |
Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (lien direct) |
Several types of malware are being delivered in attacks exploiting the recently disclosed Log4j vulnerability named Log4Shell and LogJam.
|
Malware
Vulnerability
|
|
|
|
2021-12-14 11:57:17 |
Chrome 96 Update Patches Exploited Zero-Day Vulnerability (lien direct) |
Google on Monday announced a Chrome 96 update that patches five vulnerabilities, including a zero-day that has been exploited in attacks.
The most severe of these vulnerabilities can be exploited to execute arbitrary code in the context of the browser.
|
Vulnerability
|
|
|
|
2021-12-14 11:20:49 |
Connect: The Fourth Pillar of Industrial Cybersecurity (lien direct) |
Recent attacks on U.S. critical infrastructure and actions by the U.S. government, including the July 28, 2021 National Security Memorandum, have added urgency to the need to modernize industrial control systems' cybersecurity capabilities.
|
|
|
|
|
2021-12-14 11:07:53 |
Cybersecurity is Under Assault, And It\'s Growing Worse (lien direct) |
You don't have to look very far for evidence of just how widespread cybercrime has become. Unfortunately, many of us don't even have to look beyond our own inboxes. And sadly, the situation is getting worse. It is now bad enough that in April, the U.S. proposed a bipartisan lawmaker group form a “Civilian Cybersecurity Reserve,” to create a surge capacity of cyber expertise, patterned after the National Guard, that would respond to incidents affecting government networks.
|
|
|
|
|
2021-12-14 09:34:08 |
Industrial Organizations Targeted in Log4Shell Attacks (lien direct) |
Industrial organizations are exposed to attacks leveraging a recently disclosed - and already exploited - vulnerability affecting the widely used Log4j logging utility.
|
Vulnerability
|
|
|
|
2021-12-13 20:08:46 |
Apple Patches 42 Security Flaws in Latest iOS Refresh (lien direct) |
Apple has released a major point-update to its flagship iOS mobile operating system, beefing up app privacy protections and patching at least 42 security defects that expose users to malicious hacker attacks.
|
Patching
|
|
|
|
2021-12-13 16:08:01 |
Ransomware Affiliate Arrested in Romania (lien direct) |
Europol and the Romanian National Police on Monday announced the arrest of an individual allegedly involved in a ransomware operation targeting multiple high-profile organizations.
The suspect, a 41-year-old from Craiova, Romania, was arrested in the early hours of the morning at his house.
|
Ransomware
|
|
|
|
2021-12-13 14:48:10 |
Logistics Firm Hellmann Scrambling to Recover From Cyberattack (lien direct) |
International logistics company Hellmann Worldwide Logistics is scrambling to restore operations after a cyberattack forced it to isolate its central data center from the rest of its environment.
|
|
|
|
|
2021-12-13 13:45:28 |
(Déjà vu) Cybersecurity M&A Roundup for December 1-12, 2021 (lien direct) |
Eighteen cybersecurity-related acquisitions were announced December 1-12, 2021.
|
|
|
|
|
2021-12-13 13:40:52 |
Germany Jails Operators of \'Cyberbunker\' Darknet Hub (lien direct) |
Eight people were handed jail sentences in Germany on Monday for operating a web-hosting service in a former NATO bunker that enabled illegal trade in drugs, stolen data and child pornography.
|
|
|
|