Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-08-31 13:05:44 |
Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems (lien direct) |
Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.
|
|
|
|
|
2021-08-31 11:24:37 |
\'ProxyToken\' Exchange Server Vulnerability Leads to Email Compromise (lien direct) |
A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails.
|
Vulnerability
|
|
|
|
2021-08-31 10:44:26 |
Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities (lien direct) |
|
|
|
|
|
2021-08-31 10:32:07 |
A Case for Recruiting and Retaining "Franchise Players" in Security Software Development (lien direct) |
Critical elements required to attract and retain A-players for cybersecurity software teams
|
|
|
|
|
2021-08-31 10:04:36 |
CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path (lien direct) |
|
|
|
|
|
2021-08-31 08:37:07 |
Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers (lien direct) |
A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable.
|
|
|
|
|
2021-08-30 19:29:15 |
Check Point Buys Cloud Email Security Provider Avanan (lien direct) |
Israeli security giant Check Point Software Technologies has joined the cybersecurity shopping spree with Monday's announcement of a deal to purchase Avanan, a startup that sells tech to secure cloud email infrastructure.
|
|
|
|
|
2021-08-30 12:37:41 |
U.S. Justice Department Introduces Cyber Fellowship Program (lien direct) |
The United States Department of Justice on Friday officially announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity-related cases.
|
|
|
|
|
2021-08-30 11:58:30 |
Exploitation of Flaws in Delta Energy Management System Could Have \'Dire Consequences\' (lien direct) |
An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws.
|
|
|
|
|
2021-08-30 10:55:03 |
T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks (lien direct) |
American Living in Turkey Takes Credit for T-Mobile Hack
|
Hack
|
|
|
|
2021-08-30 09:35:20 |
CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure Cosmos DB as soon as possible.
|
Vulnerability
|
|
|
|
2021-08-30 00:39:08 |
Experts Warn of Dangers From Breach of Voter System Software (lien direct) |
Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections.
|
|
|
|
|
2021-08-30 00:33:18 |
Boston Public Library Hit With Cyberattack (lien direct) |
The Boston Public Library was hit with a cyberattack earlier this week that crippled its computer network, the library said in a statement Friday.
There is no evidence that sensitive employee or patron data has been compromised, the library posted in a statement on its website.
|
|
|
|
|
2021-08-27 14:20:06 |
FBI Shares IOCs for \'Hive\' Ransomware Attacks (lien direct) |
The Federal Bureau of Investigation this week published an alert to provide technical details and indicators of compromise (IOCs) for attacks employing the Hive ransomware.
|
Ransomware
|
|
★★★
|
|
2021-08-27 13:56:41 |
Vulnerability Allows Remote Hacking of Annke Video Surveillance Product (lien direct) |
Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke, a Hong Kong-based global provider of home and business security solutions.
|
Hack
Vulnerability
|
|
|
|
2021-08-27 11:56:31 |
Enterprise Technology Management Provider Oomnitza Raises $20 Million (lien direct) |
SaaS-based enterprise technology management (ETM) solutions provider Oomnitza this week announced that it has raised $20 million in growth funding. To date, the company has raised $35 million.
|
|
|
|
|
2021-08-27 11:16:56 |
Amazon to Offer Free Cybersecurity Training Materials, MFA Devices (lien direct) |
Amazon announced this week that it will soon offer cybersecurity training materials and multi-factor authentication (MFA) devices for free.
|
|
|
|
|
2021-08-27 11:16:09 |
In a Hybrid Workplace, Men Are More Likely to Engage in Risky Behavior Than Women: Study (lien direct) |
The likelihood of a complete return to the office post-pandemic is low; the probability of an ongoing hybrid home/office work environment is much higher. Security teams will need to continue and possibly expand their plans to secure remote personal devices operating in a hostile environment perhaps indefinitely.
|
|
|
|
|
2021-08-27 08:48:32 |
Critical Vulnerability Exposed Azure Cosmos DBs for Months (lien direct) |
Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos DB instances.
|
Vulnerability
|
|
|
|
2021-08-26 18:13:01 |
FIN8 Hackers Add \'Sardonic\' Backdoor to Malware Arsenal (lien direct) |
The financially-motivated threat actor tracked as FIN8 has added a potent new backdoor to its arsenal and is already using it in attacks in-the-wild, according to researchers at endpoint security firm Bitdefender.
|
Malware
Threat
|
|
|
|
2021-08-26 15:39:41 |
Engineering Workstations Are Concerning Initial Access Vector in OT Attacks (lien direct) |
Organizations that use industrial control systems (ICS) and other operational technology (OT) are increasingly concerned about cyber threats, and while they have taken steps to address risks, many don't know if they have suffered a breach, according to a survey conducted by the SANS Institute on behalf of industrial cybersecurity firm Nozomi Networks.
|
|
|
|
|
2021-08-26 14:59:02 |
Cisco Patches Serious Vulnerabilities in Data Center Products (lien direct) |
Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products.
|
Vulnerability
|
|
|
|
2021-08-26 12:43:57 |
Atlassian Patches Critical Code Execution Vulnerability in Confluence (lien direct) |
Atlassian this week informed customers about the availability of patches for a critical vulnerability affecting the company's Confluence enterprise collaboration product.
|
Vulnerability
|
|
|
|
2021-08-26 11:30:00 |
How Threat Detection is Evolving (lien direct) |
As adversaries have shifted the focus of attacks to achieve their goals, defenders must evolve their approach to threat detection
|
Threat
|
|
|
|
2021-08-26 11:11:15 |
Microsoft Issues Guidance on ProxyShell Vulnerabilities (lien direct) |
Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed.
|
|
|
|
|
2021-08-26 10:46:42 |
Vulnerabilities Allow Hackers to Tamper With Doses Delivered by Medical Infusion Pumps (lien direct) |
McAfee security researchers, in partnership with Culinda, identified a series of severe vulnerabilities in B. Braun's Infusomat Space large volume infusion pump and SpaceStation system that they claim could potentially lead to dispensing potentially lethal doses of medication.
|
Guideline
|
|
|
|
2021-08-26 09:03:59 |
(Déjà vu) CISA Details Additional Malware Targeting Pulse Secure Appliances (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released five new analysis reports detailing malware discovered on compromised Pulse Secure devices.
|
Malware
|
|
|
|
2021-08-26 00:55:28 |
Hack Exposes Personal Data of Entire Swiss Town: Report (lien direct) |
A small Swiss town acknowledged late Wednesday that it had underestimated the severity of a cyberattack, following reports the personal data of the entire population was exposed online.
|
|
|
|
|
2021-08-26 00:42:32 |
Tech Companies Pledge Billions in Cybersecurity Investments (lien direct) |
Some of the country's leading technology companies have committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers, the White House announced Wednesday following President Joe Biden's private meeting with top executives.
|
Guideline
|
|
|
|
2021-08-25 14:37:32 |
Vade Secure Ordered to Pay $14 Million to Proofpoint in IP Theft Lawsuit (lien direct) |
France-based email security company Vade Secure has been ordered to pay Proofpoint nearly $14 million as a result of a trade secret misappropriation and copyright infringement lawsuit filed in July 2019.
|
|
|
|
|
2021-08-25 13:33:08 |
VMware Patches High-Severity Vulnerabilities in vRealize Operations (lien direct) |
VMware this week announced patches for a series of vulnerabilities in vRealize Operations, including four considered high severity.
|
|
|
|
|
2021-08-25 12:48:57 |
Survey: 1 in 4 Facility Managers Experienced OT System Breaches (lien direct) |
A survey commissioned by industrial giant Honeywell showed that roughly a quarter of facility managers have admitted suffering a breach of operational technology (OT) systems in the past year.
|
|
|
|
|
2021-08-25 12:13:21 |
Leaked Footage Shows Grim Conditions in Iran\'s Evin Prison (lien direct) |
The guard in a control room at Iran's notorious Evin prison springs to attention as one by one, monitors in front of him suddenly blink off and display something very different from the surveillance footage he had been watching.
|
|
|
|
|
2021-08-25 11:35:28 |
Incident Response Firm BreachQuest Launches With $4.4 Million in Seed Funding (lien direct) |
Incident response company BreachQuest emerged from stealth mode on Wednesday with $4.4 million in seed funding from Slow Ventures, Tinder founders Sean Rad and Justin Mateen, and Lookout founder Kevin Mahaffey.
|
|
|
|
|
2021-08-25 11:04:48 |
The VC View: Digital Transformation (lien direct) |
After every company goes through digital transformation, their threat model will change in response
|
Threat
|
|
|
|
2021-08-25 10:44:52 |
Biden, Tech Leaders Eye \'Concrete Steps\' to Boost Cybersecurity (lien direct) |
A White House cybersecurity gathering including Big Tech executives was set Wednesday to unveil steps aimed at improving cybersecurity following high-profile attacks which raised questions about the vulnerability of so-called critical infrastructure.
|
Vulnerability
|
|
|
|
2021-08-25 10:01:43 |
Misconfigured Microsoft Power Apps Portals Exposed Millions of Records (lien direct) |
UpGuard security researchers have identified tens of Microsoft Power Apps portals that exposed millions of records due to being misconfigured.
|
|
|
|
|
2021-08-24 18:47:41 |
Nokia-Owned SAC Wireless Discloses Data Breach (lien direct) |
United States-based Nokia-owned SAC Wireless has started sending notification letters to its current and former employees to inform them of a data breach that might have impacted them.
|
Data Breach
|
|
|
|
2021-08-24 15:44:05 |
OpenSSL Vulnerability Can Be Exploited to Change Application Data (lien direct) |
The OpenSSL Project on Tuesday announced the availability of OpenSSL 1.1.1l, which patches a high-severity vulnerability that could allow an attacker to change an application's behavior or cause the app to crash.
|
Vulnerability
|
|
|
|
2021-08-24 15:42:13 |
New iOS Zero-Click Exploit Defeats Apple \'BlastDoor\' Sandbox (lien direct) |
Security researchers at Citizen Lab are documenting a new Apple iOS zero-click exploit being used to hijack data from fully patched iPhones in Bahrain.
Citizen Lab said it found technical evidence connecting the new exploit to the Pegasus high-end spyware tool sold by controversial Israeli software vendor NSO Group.
|
Tool
|
|
|
|
2021-08-24 14:24:05 |
Hackers Claim to Have Data of 70 Million AT&T Customers (lien direct) |
A hacking group claims to be in the possession of a database containing private information on roughly 70 million AT&T customers, but the telecoms company says its systems have not been breached.
|
|
|
|
|
2021-08-24 13:45:24 |
FBI Shares Details on "OnePercent Group" Ransomware Operators (lien direct) |
The FBI on Monday published details on the activities of a cybercrime group that uses ransomware and other malware to encrypt and exfiltrate data and extort victims.
|
Ransomware
Malware
|
|
|
|
2021-08-24 13:21:22 |
XDR Firm Hunters Raises $30 Million in Series B Funding (lien direct) |
Extended detection and response (XDR) company Hunters on Tuesday announced raising $30 million in a Series B funding round, which brings the total raised by the Israel-based firm to $50.4 million.
|
|
|
|
|
2021-08-24 12:05:57 |
Details Disclosed for Zoom Exploit That Earned Researchers $200,000 (lien direct) |
Researchers have disclosed the details of a Zoom exploit that could have allowed malicious actors to achieve remote code execution without user interaction.
|
|
|
|
|
2021-08-24 11:08:36 |
T-Mobile Sued Over Data Breach Affecting Millions of Customers (lien direct) |
Class action lawsuits have been filed against T-Mobile over the recently disclosed data breach that has been confirmed to impact more than 50 million of the company's customers.
|
Data Breach
|
|
★★★★★
|
|
2021-08-24 10:00:19 |
Researchers Show How Censorship Systems Can Be Abused for DDoS Amplification (lien direct) |
A group of security researchers has identified a new distributed denial-of-service (DDoS) attack vector over TCP, which allows for reflected amplification at previously unseen levels, with amplification ratios of up to 700,000:1.
|
|
|
|
|
2021-08-23 16:20:29 |
Elastic to Acquire build.security for Cloud Security Expansion (lien direct) |
Search software giant Elastic NV is continuing its march into the cybersecurity business with Monday's announcement of plans to acquire build.security, a red-hot Israeli startup that helps businesses enforce cloud security authorization policies.
Financial terms of the acquisition were not disclosed.
|
|
|
|
|
2021-08-23 15:07:14 |
Realtek SDK Vulnerabilities Exploited in Attacks Days After Disclosure (lien direct) |
Researchers noticed that threat actors started exploiting Realtek SDK vulnerabilities shortly after their details were made public.
|
Threat
|
|
|
|
2021-08-23 14:12:41 |
Cloudflare Mitigated Record-Setting 17.2 Million RPS DDoS Attack (lien direct) |
Security and web performance services provider Cloudflare says it identified and mitigated what appears to be the largest volumetric distributed denial-of-service (DDoS) attack to date, which peaked at 17.2 million requests-per-second (RPS).
|
|
|
|
|
2021-08-23 13:35:19 |
Cyber Warfare May be Losing Its Advantage of Deniability (lien direct) |
Only time will tell if countries eventually establish proper cyber rules of engagement and punish those who break them
|
|
|
|