Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 12:56:04 |
Honeywell Launches OT Cybersecurity Monitoring and Response Service (lien direct) |
American industrial giant Honeywell this week announced a new cybersecurity monitoring and incident response service for industrial organizations.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 12:04:34 |
US Drops Trump Order Targeting TikTok, Plans Its Own Review (lien direct) |
The White House dropped Trump-era executive orders intended to ban the popular apps TikTok and WeChat and will conduct its own review aimed at identifying national security risks with software applications tied to China, officials said Wednesday.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 11:39:40 |
Webinar Today: CISO Guide to Preventing Vendor Email Compromise (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 11:26:55 |
ALPACA: New TLS Attack Allows User Data Extraction, Code Execution (lien direct) |
Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle (MitM) attacker to extract user data or execute arbitrary code.
The new attack, dubbed ALPACA, has been described as an “application layer protocol content confusion attack.”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 11:07:17 |
Google Patches Chrome Zero-Day Used by Commercial Exploit Company (lien direct) |
Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild.
Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-10 01:01:59 |
Meat Company JBS Confirms it Paid $11M Ransom in Cyberattack (lien direct) |
The world's largest meat processing company says it paid the equivalent of $11 million to hackers who broken into its computer system late last month.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 18:20:36 |
Tough Fight Looms Against Ransomware \'Epidemic\' (lien direct) |
The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 17:49:56 |
Kubeflow Deployments Targeted in New Crypto-mining Campaign (lien direct) |
A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 16:55:54 |
Amazon Sidewalk Mesh Network Raises Security, Privacy Concerns (lien direct) |
Amazon this week activated its proprietary mesh network known as Sidewalk, linking tens of millions of Amazon smart devices, each sharing a tiny sliver of their bandwidth to provide a wide network of connectivity even when and where WiFi service is poor or unavailable.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 15:09:13 |
Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning (lien direct) |
Cisco's Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 14:02:08 |
Intel Releases 29 Advisories to Describe 73 Vulnerabilities Affecting Its Products (lien direct) |
Intel this week announced the availability of patches for 73 vulnerabilities identified across multiple products, including several high-severity flaws that can be exploited to escalate privileges.
According to Intel, more than half of the bugs were discovered internally and 40% were reported through its bug bounty program.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 13:27:49 |
Cyber Risk Management Firm Brinqa Raises $110 Million (lien direct) |
Cyber risk management solutions provider Brinqa this week announced that it received $110 million in growth capital from private equity firm Insight Partners.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 11:58:20 |
Pipeline CEO Defends Paying Ransom Amid Cyberattack (lien direct) |
A pipeline company CEO on Tuesday defended his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in U.S. history.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 11:27:08 |
Siemens, Schneider Electric Inform Customers About Tens of Vulnerabilities (lien direct) |
Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The companies have provided patches and recommendations for reducing the risk of exploitation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 10:28:49 |
\'What\'s the Price Today?\': FBI Phone App Reaped Secrets of Global Drug Networks (lien direct) |
One drug trafficker texted another that he had a "job" and a proven way to get it done: two kilograms of cocaine from Bogota using the French embassy's protected diplomatic pouch.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-09 08:47:22 |
Endpoint Management Startup Aiden Technologies Closes $2.9 Million Seed Round (lien direct) |
Automated endpoint management startup Aiden Technologies on Tuesday announced that it closed a $2.9 million seed funding round led by Right Side Capital Management.
Congress Avenue Ventures, the Gaingels, and SAJE Investments also participated in the round, along with various advisors and strategic individual investors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 21:43:19 |
SAP Patches Critical Vulnerabilities in NetWeaver (lien direct) |
German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 20:04:59 |
NYC\'s 1,000-Lawyer Law Department Targeted by Cyberattack (lien direct) |
New York City's law department was been hit with a cyberattack that forced officials to take the 1,000-lawyer agency offline, but Mayor Bill de Blasio said he believes no data was compromised in the hack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 18:27:58 |
Microsoft Raises Alarm for New Windows Zero-Day Attacks (lien direct) |
Microsoft's Patch Tuesday will take on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 17:28:43 |
Adobe Patches Major Security Flaws in PDF Reader, Photoshop (lien direct) |
Adobe's product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 15:02:41 |
Organizations Warned About DoS Flaws in Popular Open Source Message Brokers (lien direct) |
Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 13:52:16 |
CISA Announces Vulnerability Disclosure Policy Platform (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 13:02:30 |
Critical Vulnerabilities Patched in Android With June 2021 Security Updates (lien direct) |
Google this week announced the availability of the latest monthly security patches for the Android operating system, which address more than 50 vulnerabilities, including several rated critical severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 12:29:05 |
WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes (lien direct) |
A couple of vulnerabilities discovered in industrial controllers made by WAGO, a German company specializing in electrical connection and automation solutions, can be exploited to disrupt technological processes, which in some cases could lead to industrial accidents, according to Russian cybersecurity firm Positive Technologies.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 11:04:24 |
Apple Unveils VPN-Like Service and New Privacy Features at WWDC 2021 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-08 10:31:10 |
Hundreds Arrested in \'Staggering\' FBI Encrypted Phone Sting (lien direct) |
Police arrested more than 800 people worldwide in a huge global sting involving encrypted phones that were secretly planted by the FBI, law enforcement agencies said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 17:06:15 |
\'Siloscape\' Malware Targets Windows Server Containers (lien direct) |
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.
|
Malware
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 14:33:10 |
(Déjà vu) Cybersecurity M&A Roundup for June 1-6, 2021 (lien direct) |
Several cybersecurity-related acquisitions were announced between June 1 and June 6, 2021.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 13:11:53 |
Energy Chief Cites Risk of Cyberattacks Crippling Power Grid (lien direct) |
Energy Secretary Jennifer Granholm on Sunday called for more public-private cooperation on cyber defenses and said U.S. adversaries already are capable of using cyber intrusions to shut down the U.S. power grid.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 12:55:35 |
GitHub Updates Policies on Vulnerability Research, Exploits (lien direct) |
Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 12:06:12 |
New Google Tool Helps Developers Visualize Dependencies of Open Source Projects (lien direct) |
Google has launched a new experimental tool designed to help application developers visualize the dependencies of open source projects.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:55:52 |
Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching (lien direct) |
A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches.
|
Vulnerability
Patching
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:36:39 |
Russian Hackers Use New \'SkinnyBoy\' Malware in Attacks on Military, Government Orgs (lien direct) |
The Russia-linked threat group known as APT28 has been observed using a new backdoor in a series of attacks targeting military and government institutions, researchers with threat intelligence company Cluster25 reveal.
|
Malware
Threat
|
APT 28
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-07 10:07:46 |
Latvian Woman Charged in US With Role in Cybercrime Group (lien direct) |
A Latvian woman has been charged with developing malicious software used by a cybercrime organization that infected computers worldwide and looted bank accounts of millions of dollars, the Justice Department said Friday.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 15:00:03 |
Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks (lien direct) |
Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service (DDoS) attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 14:15:36 |
EU, Mideast Nations Look to Train at Cyprus Security Center (lien direct) |
Three European Union member nations and three Middle Eastern countries are looking to train personnel in border, customs, maritime and cybersecurity techniques at a cutting-edge U.S.-funded facility in Cyprus that is expected to be ready early next year, the Cypriot foreign minister said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 13:47:45 |
Serious Vulnerabilities Found in CODESYS Software Used by Many ICS Products (lien direct) |
Researchers have discovered 10 vulnerabilities - a majority rated critical or high severity - in CODESYS industrial automation software that is used in many industrial control system (ICS) products.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 13:11:32 |
Building End-to-End Security for 5G Networks (lien direct) |
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 12:53:27 |
XDR Platform Provider SentinelOne Files for IPO (lien direct) |
Endpoint security firm SentinelOne has publicly filed its S-1 registration statement with the SEC for an initial public offering (IPO) of its stock.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 12:08:17 |
White House Urges Private Companies to Help in Fight Against Ransomware (lien direct) |
In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.
|
Ransomware
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 11:41:10 |
Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report (lien direct) |
A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology (OT) systems have experienced some sort of cyber incident in the past year.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 11:04:11 |
Supreme Court Limits Prosecutors\' Use of Anti-Hacking Law (lien direct) |
The Supreme Court on Thursday limited prosecutors' ability to use an anti-hacking law to charge people with computer crimes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-04 03:55:47 |
Nigerian Arrested in US for Hacking Payroll Services Company (lien direct) |
A Nigerian national was arrested recently in the United States on charges related to hacking into user accounts at a payroll processing company, to steal payroll deposits.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 17:14:28 |
Two Carbanak Gang Members Sentenced to 8 Years in Prison (lien direct) |
Two members of the notorious Carbanak cybergang were sentenced to 8 years in prison, Kazakhstani authorities announced this week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 17:05:39 |
Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN (lien direct) |
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 14:44:13 |
CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 13:49:50 |
Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS (lien direct) |
Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:49:22 |
At Odds: The Promise vs. Operational Reality of Security Solutions (lien direct) |
There's a gap between the promise of a security technology and operational reality
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:39:34 |
Chinese Hackers Using Previously Unknown Backdoor (lien direct) |
Newly discovered cyber weapon uses elaborate multi-stage infection-chain to make detection and analysis difficult
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2021-06-03 12:22:44 |
Enterprise Mobile Security Startup Hypori Raises $20 Million (lien direct) |
Enterprise mobile security company Hypori this week announced it raised $20 million in a Series A funding round led by GreatPoint Ventures (GPV). To date, the company raised $33.9 million.
|
|
|
|