What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-16 20:09:11 | Google Helps OSTIF Boost Security of Open Source Projects (lien direct) | Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects. | |||
|
2021-09-16 18:34:17 | Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021 (lien direct) | Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021. | |||
|
2021-09-16 14:16:20 | UN Urges Moratorium on AI Tech That Threatens Rights (lien direct) | 
|
|||
|
2021-09-16 13:41:14 | Researchers Create Toolkit for Hardware Security Tests on Apple\'s Mobile Processors (lien direct) | A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple's mobile processors and used the findings to devise a cache timing attack. | |||
|
2021-09-16 13:01:07 | (Déjà vu) How Threat Response is Evolving (lien direct) | As adversaries changed their view of an attack to include vectors across an organization, defenders have had to evolve their approach as well. This is best captured by Mark Harris from Gartner who observed that adversaries have shifted their focus of attacks from infecting files to infecting systems and now to infecting the entire enterprise. Previously, I talked about how this has impacted our approach to threat detection. | Threat | ||
|
2021-09-16 12:05:57 | Several Access Bypass, CSRF Vulnerabilities Patched in Drupal (lien direct) | Drupal developers on Wednesday informed users that updates released for Drupal 8.9, 9.1 and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass. | |||
|
2021-09-16 11:45:31 | Mass Personal Data Theft From Paris Covid Tests: Hospitals (lien direct) | Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday. | |||
|
2021-09-16 11:13:01 | Neosec Emerges From Stealth With $20.7 Million in Funding (lien direct) | Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round. | |||
|
2021-09-16 10:51:24 | Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations (lien direct) | Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators. | Ransomware Vulnerability Threat | ||
|
2021-09-15 15:01:52 | Regular Users Can Now Remove Password From Their Microsoft Account (lien direct) | Microsoft on Wednesday informed owners of consumer accounts that they can now go completely passwordless and rely on other, more secure authentication methods. | |||
|
2021-09-15 14:09:56 | Cloud Backup Company Rewind Raises $65 Million (lien direct) | Cloud backup company Rewind has announced raising $65 million in a Series B funding round, which brings the total amount invested in the firm to more than $80 million. | |||
|
2021-09-15 13:16:58 | Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks (lien direct) | Four of the fixes that Microsoft released as part of its September 2021 Patch Tuesday updates deal with vulnerabilities in the Open Management Infrastructure (OMI) software agent embedded in Azure services. | |||
|
2021-09-15 12:58:05 | 3 Former US Officials Charged in UAE Hacking Scheme (lien direct) | Three former U.S. intelligence and military officials have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Department described Tuesday as the first of its kind. | |||
|
2021-09-15 12:02:49 | SAP Patches Critical Vulnerabilities With September 2021 Security Updates (lien direct) | German software maker SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products. | |||
|
2021-09-15 11:37:33 | (Déjà vu) ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities (lien direct) | Siemens and Schneider Electric on Tuesday published a total of 25 advisories to address more than 40 vulnerabilities affecting their industrial control system (ICS) products. Siemens | |||
|
2021-09-15 11:00:17 | Zoom Introduces End-to-End Encrypted Phone Calls (lien direct) | Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone. | |||
|
2021-09-15 10:53:19 | The Ongoing Reciprocal Relationship Between APTs and Cybercriminals (lien direct) | The two main villains of the cyber security world are the nation state-backed Advance Persistent Threats (APTs) and cybercriminals, with their comprehensive infrastructure and circles known as the dark web. Both threat actors are independent, each with its own goals, actors and methods. However, over the years there has been quite a lot of cross-pollination between the two. | Threat | ||
|
2021-09-15 08:43:45 | Cobalt Strike Beacon Reimplementation \'Vermilion Strike\' Targets Windows, Linux (lien direct) | Security researchers with Intezer have identified a reimplementation of the infamous Cobalt Strike Beacon payload, which features completely new code. | |||
|
2021-09-14 19:33:24 | General Promises US \'Surge\' Against Foreign Cyberattacks (lien direct) | The general who leads U.S. efforts to thwart foreign-based cyberattacks, and punish those responsible, says he's mounting a “surge” to fight incursions that have debilitated government agencies and companies responsible for critical infrastructure. | Guideline | ||
|
2021-09-14 18:32:41 | Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole (lien direct) | Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine. | |||
|
2021-09-14 18:28:31 | Apple Security Flaw: How do \'Zero-Click\' Attacks Work? (lien direct) | Apple has spent the past week rushing to develop a fix for a major security flaw which allows spyware to be downloaded on an iPhone or iPad without the owner even clicking a button. But how do such "zero-click" attacks work, and can they be stopped? | |||
|
2021-09-14 15:39:12 | Now LIVE: SecurityWeek\'s 2021 CISO Forum, Presented by Cisco (Virtual Event) (lien direct) | 
|
|||
|
2021-09-14 15:32:33 | The Implications of China\'s New Personal Information Protection Law (lien direct) | The cornerstone of Chinese national and international policy is a fundamental principle: China First. So, while its new data privacy law, the Personal Information Protection Law (PIPL), will provide solid protection for its people's personal information nationally, internationally the law can be used as a weapon. | |||
|
2021-09-14 15:01:27 | CISA Appoints Kiersten Todt as New Chief of Staff (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday announced that it has appointed Kiersten Todt as its new chief of staff. | |||
|
2021-09-14 14:07:11 | Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System (lien direct) | Switzerland's national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (roughly $271,000) for critical vulnerabilities identified in a future digital voting system. | |||
|
2021-09-14 13:34:50 | Nearly Half of On-Premises Databases Vulnerable to Attacks: Study (lien direct) | A five-year study conducted by cybersecurity firm Imperva showed that nearly half of on-premises databases globally have at least one vulnerability that could expose them to attacks. | Vulnerability | ||
|
2021-09-14 12:56:06 | BitSight Raises $250 Million at $2.4 Billion Valuation (lien direct) | Cybersecurity ratings company BitSight on Monday announced receiving a $250 million investment from credit ratings giant Moody's in a deal valuing BitSight at $2.4 billion. BitSight said it will use the money to further enhance its offerings and capabilities. The company has raised more than $400 million across six funding rounds. | |||
|
2021-09-14 11:45:38 | Belarus, Ukraine Saw Largest Increase in ICS Attacks During H1 2021: Kaspersky (lien direct) | Some form of malicious activity was detected on roughly one-third of the industrial control system (ICS) computers monitored by Kaspersky in the first half of 2021. | |||
|
2021-09-14 11:01:26 | JumpCloud Raises $159 Million at $2.56 Billion Valuation (lien direct) | User and device management provider JumpCloud on Monday announced that it has raised $159 million in Series F funding at a $2.56 billion valuation. To date, the company has raised $350 million in funding. | |||
|
2021-09-14 10:13:31 | MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago (lien direct) | The recently detailed Mēris botnet is targeting devices that were originally compromised three years ago, Latvian network equipment maker MikroTik says. | |||
|
2021-09-13 21:51:32 | Google Warns of Exploited Zero-Days in Chrome Browser (lien direct) | Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild. | |||
|
2021-09-13 18:24:57 | Apple Ships Urgent Patch for FORCEDENTRY Zero-Days (lien direct) | Apple on Monday rolled out fixes for a pair of iOS and macOS security defects alongside a warning that these issues belong in the “actively exploited” zero-day category. | |||
|
2021-09-13 17:40:35 | SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs (lien direct) | A team of researchers has identified what appears to be a new method that malicious actors could use to trick users into connecting to their wireless access points (APs). | |||
|
2021-09-13 16:53:46 | Tens of Thousands of Unpatched Fortinet VPNs Hacked via Old Security Flaw (lien direct) | A threat actor has leaked online access credentials for 87,000 Fortinet VPN devices that were apparently compromised using a vulnerability identified and patched two years ago. | Vulnerability Threat | ||
|
2021-09-13 16:18:05 | Tenable to Acquire Accurics in $160M Deal (lien direct) | Attack surface management pioneer Tenable on Monday announced plans to spend $160 million in cash to snap up Accurics, an early-stage startup selling cloud-native security for DevOps and security teams. | |||
|
2021-09-13 15:55:50 | CISOs Faced With Friction, Resistance From Remote Workers Over Security Controls (lien direct) | The sudden and forced migration of staff from office working to home working caused by the COVID pandemic is often touted as a success. This is true. It was a logistical success. But the cybersecurity ramifications are only just unfolding; and they need to be tackled. | |||
|
2021-09-13 13:38:22 | Facebook Announces Encrypted WhatsApp Backups (lien direct) | Facebook has announced plans to further improve WhatsApp privacy and security by allowing users to encrypt their message history backups in the cloud. | |||
|
2021-09-13 12:55:56 | WordPress 5.8.1 Patches Several Vulnerabilities (lien direct) | WordPress 5.8.1, a security and maintenance release announced last week, fixes 60 bugs and several vulnerabilities. | |||
|
2021-09-13 12:33:12 | Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise (lien direct) | Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host. | |||
|
2021-09-13 11:04:13 | OpenSSL 3.0 Released After 3 Years of Development (lien direct) | 
The OpenSSL Project last week announced the official release of OpenSSL 3.0, a version that has been under development for the past 3 years.
|
|||
|
2021-09-10 18:07:38 | Cybersecurity Seen as Rising Risk for Airlines After 9/11 (lien direct) | 
After remaking their security procedures following the 9/11 attacks to stop airline hijackings, carriers are now faced with rising threats targeting computers and electronic equipment critical to their operations and safety.
|
|||
|
2021-09-10 16:41:13 | Mēris Botnet Flexes Muscles With 22 Million RPS DDoS Attack (lien direct) | A series of record-breaking RPS-based distributed denial of service (DDoS) attacks observed over the past month are the result of a new, powerful botnet flexing its muscles to prove its capabilities. | |||
|
2021-09-10 16:32:04 | Google Introduces Private Compute Services for Android (lien direct) | Google this week introduced a new suite of services designed to improve privacy in the Android operating system. | |||
|
2021-09-10 14:39:27 | ProtonMail (Wrongly?) Criticized for Disclosing User IP to Authorities (lien direct) | Blaming ProtonMail misses important lessons of the case, as request from authorities ticked the necessary requirements under Swiss law | |||
|
2021-09-10 14:33:38 | Cisco Patches High-Severity Security Flaws in IOS XR (lien direct) | Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot devices, elevate privileges, or overwrite and read arbitrary files. | |||
|
2021-09-10 13:38:38 | HAProxy Vulnerability Leads to HTTP Request Smuggling (lien direct) | A critical security vulnerability in HAProxy could allow attackers to bypass security controls and access sensitive data without authorization, according to a warning from security research outfit JFrog. | Vulnerability | ||
|
2021-09-10 13:31:48 | GitHub Patches Security Flaws in Core Node.js Dependencies (lien direct) | GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks. | |||
|
2021-09-10 11:13:12 | Understanding the Cryptocurrency-Ransomware Connection (lien direct) | Unfortunately for the law-abiding of the world, ransomware is an idea that caught on immediately and never lost steam. In fact, it's grown to the point that it now contributes to a thriving cybercrime business, often targeting large sectors, including education, finance, healthcare, the legal sector, and manufacturing. According to Fortinet research, by the end of 2020, there were as many as 17,200 devices reporting ransomware each day. | Ransomware | ||
|
2021-09-09 17:59:20 | Mastercard to Acquire Blockchain Analytics Firm CipherTrace (lien direct) | 
|
|||
|
2021-09-09 17:29:37 | Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent (lien direct) | Finding the right fit for your security team remains a daunting and somewhat challenging task in today's world. There's a well-documented shortage of talent across the cybersecurity industry dating back several years. The COVID-19 pandemic and the challenges it brought have made matters worse. Recent reports and surveys don't paint a pretty picture. |
To see everything:
Our RSS (filtrered)
