What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-02 10:47:16 | Recently Patched Confluence Vulnerability Exploited in the Wild (lien direct) | Hackers started exploiting a vulnerability in Atlassian's Confluence enterprise collaboration product just one week after the availability of a patch was announced. | Vulnerability | ||
|
2021-09-02 10:11:38 | Security for a Hybrid Workforce (lien direct) | The move to hybrid working is a perfect time to update and run cyber-hygiene awareness for employees | |||
|
2021-09-01 17:49:54 | CISA, FBI Warn of Increase in Ransomware Attacks on Holidays (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends. | Ransomware | ||
|
2021-09-01 17:26:01 | Singapore\'s GovTech Announces New Vulnerability Rewards Programme (lien direct) | The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000. | Vulnerability | ||
|
2021-09-01 16:15:14 | Mozilla Publishes Results of VPN Security Audit (lien direct) | Mozilla announced on Tuesday that it has made public a report detailing the results of a security audit targeting its Mozilla VPN product. | |||
|
2021-09-01 13:39:57 | Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93 (lien direct) | Google this week announced the release of Chrome 93 with a total of 27 security patches inside, including 19 for vulnerabilities that were reported by external researchers. | |||
|
2021-09-01 12:33:28 | SEC Sanctions Several Companies Over Email Account Hacking (lien direct) | The U.S. Securities and Exchange Commission (SEC) this week announced sanctions against several companies over cybersecurity failures that resulted in email accounts getting hacked and the exposure of customer information. | |||
|
2021-09-01 11:54:45 | (Déjà vu) Cybersecurity M&A Roundup: 42 Deals Announced in August 2021 (lien direct) | 
|
|||
|
2021-09-01 10:58:27 | Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack (lien direct) | A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. | Vulnerability | ||
|
2021-09-01 10:48:19 | Top Five Pitfalls When Considering Client Side Security (lien direct) | When looking to secure online applications and protect them from fraud, enterprises have traditionally turned to preventative and detective controls on the server side. In other words, policies, alongside data, logs, and transaction information have long been a go to mechanism for mitigating risk from security breaches and fraud events. | |||
|
2021-09-01 10:12:09 | Tackling the Threat Intelligence Problem with Multiple Sources and Robust RFI Services (lien direct) | A prevention-only strategy to combat threats is not sufficient; enterprises must incorporate intelligence from all relevant intelligence domains | Threat | ||
|
2021-09-01 09:53:39 | Proxyware Platforms Increasingly Targeted by Cybercriminals (lien direct) | Proxyware platforms are increasingly targeted in cybercrime operations aimed at distributing malware or at monetizing the internet bandwidth of victims, according to Cisco's Talos research and intelligence unit. | Malware | ★★ | |
|
2021-08-31 15:07:23 | New Edition of Pipeline Cybersecurity Standard Covers All Control Systems (lien direct) | The American Petroleum Institute (API) this month published the third edition of its pipeline cybersecurity standard, which focuses on managing cyber risks associated with industrial automation and control environments. | |||
|
2021-08-31 13:38:44 | (Déjà vu) CISA Expands \'Bad Practices\' List With Single-Factor Authentication (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication to its list of bad practices. | |||
|
2021-08-31 13:05:44 | Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems (lien direct) | Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store. | |||
|
2021-08-31 11:24:37 | \'ProxyToken\' Exchange Server Vulnerability Leads to Email Compromise (lien direct) | A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails. | Vulnerability | ||
|
2021-08-31 10:44:26 | Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities (lien direct) | 
|
|||
|
2021-08-31 10:32:07 | A Case for Recruiting and Retaining "Franchise Players" in Security Software Development (lien direct) | Critical elements required to attract and retain A-players for cybersecurity software teams | |||
|
2021-08-31 10:04:36 | CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path (lien direct) | 
|
|||
|
2021-08-31 08:37:07 | Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers (lien direct) | A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable. | |||
|
2021-08-30 19:29:15 | Check Point Buys Cloud Email Security Provider Avanan (lien direct) | Israeli security giant Check Point Software Technologies has joined the cybersecurity shopping spree with Monday's announcement of a deal to purchase Avanan, a startup that sells tech to secure cloud email infrastructure. | |||
|
2021-08-30 12:37:41 | U.S. Justice Department Introduces Cyber Fellowship Program (lien direct) | The United States Department of Justice on Friday officially announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity-related cases. | |||
|
2021-08-30 11:58:30 | Exploitation of Flaws in Delta Energy Management System Could Have \'Dire Consequences\' (lien direct) | An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. | |||
|
2021-08-30 10:55:03 | T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks (lien direct) | American Living in Turkey Takes Credit for T-Mobile Hack | Hack | ||
|
2021-08-30 09:35:20 | CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure Cosmos DB as soon as possible. | Vulnerability | ||
|
2021-08-30 00:39:08 | Experts Warn of Dangers From Breach of Voter System Software (lien direct) | Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections. | |||
|
2021-08-30 00:33:18 | Boston Public Library Hit With Cyberattack (lien direct) | The Boston Public Library was hit with a cyberattack earlier this week that crippled its computer network, the library said in a statement Friday. There is no evidence that sensitive employee or patron data has been compromised, the library posted in a statement on its website. | |||
|
2021-08-27 14:20:06 | FBI Shares IOCs for \'Hive\' Ransomware Attacks (lien direct) | The Federal Bureau of Investigation this week published an alert to provide technical details and indicators of compromise (IOCs) for attacks employing the Hive ransomware. | Ransomware | ★★★ | |
|
2021-08-27 13:56:41 | Vulnerability Allows Remote Hacking of Annke Video Surveillance Product (lien direct) | Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke, a Hong Kong-based global provider of home and business security solutions. | Hack Vulnerability | ||
|
2021-08-27 11:56:31 | Enterprise Technology Management Provider Oomnitza Raises $20 Million (lien direct) | SaaS-based enterprise technology management (ETM) solutions provider Oomnitza this week announced that it has raised $20 million in growth funding. To date, the company has raised $35 million. | |||
|
2021-08-27 11:16:56 | Amazon to Offer Free Cybersecurity Training Materials, MFA Devices (lien direct) | Amazon announced this week that it will soon offer cybersecurity training materials and multi-factor authentication (MFA) devices for free. | |||
|
2021-08-27 11:16:09 | In a Hybrid Workplace, Men Are More Likely to Engage in Risky Behavior Than Women: Study (lien direct) | The likelihood of a complete return to the office post-pandemic is low; the probability of an ongoing hybrid home/office work environment is much higher. Security teams will need to continue and possibly expand their plans to secure remote personal devices operating in a hostile environment perhaps indefinitely. | |||
|
2021-08-27 08:48:32 | Critical Vulnerability Exposed Azure Cosmos DBs for Months (lien direct) | Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos DB instances. | Vulnerability | ||
|
2021-08-26 18:13:01 | FIN8 Hackers Add \'Sardonic\' Backdoor to Malware Arsenal (lien direct) | The financially-motivated threat actor tracked as FIN8 has added a potent new backdoor to its arsenal and is already using it in attacks in-the-wild, according to researchers at endpoint security firm Bitdefender. | Malware Threat | ||
|
2021-08-26 15:39:41 | Engineering Workstations Are Concerning Initial Access Vector in OT Attacks (lien direct) | Organizations that use industrial control systems (ICS) and other operational technology (OT) are increasingly concerned about cyber threats, and while they have taken steps to address risks, many don't know if they have suffered a breach, according to a survey conducted by the SANS Institute on behalf of industrial cybersecurity firm Nozomi Networks. | |||
|
2021-08-26 14:59:02 | Cisco Patches Serious Vulnerabilities in Data Center Products (lien direct) | Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products. | Vulnerability | ||
|
2021-08-26 12:43:57 | Atlassian Patches Critical Code Execution Vulnerability in Confluence (lien direct) | Atlassian this week informed customers about the availability of patches for a critical vulnerability affecting the company's Confluence enterprise collaboration product. | Vulnerability | ||
|
2021-08-26 11:30:00 | How Threat Detection is Evolving (lien direct) | As adversaries have shifted the focus of attacks to achieve their goals, defenders must evolve their approach to threat detection | Threat | ||
|
2021-08-26 11:11:15 | Microsoft Issues Guidance on ProxyShell Vulnerabilities (lien direct) | Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed. | |||
|
2021-08-26 10:46:42 | Vulnerabilities Allow Hackers to Tamper With Doses Delivered by Medical Infusion Pumps (lien direct) | McAfee security researchers, in partnership with Culinda, identified a series of severe vulnerabilities in B. Braun's Infusomat Space large volume infusion pump and SpaceStation system that they claim could potentially lead to dispensing potentially lethal doses of medication. | Guideline | ||
|
2021-08-26 09:03:59 | (Déjà vu) CISA Details Additional Malware Targeting Pulse Secure Appliances (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released five new analysis reports detailing malware discovered on compromised Pulse Secure devices. | Malware | ||
|
2021-08-26 00:55:28 | Hack Exposes Personal Data of Entire Swiss Town: Report (lien direct) | A small Swiss town acknowledged late Wednesday that it had underestimated the severity of a cyberattack, following reports the personal data of the entire population was exposed online. | |||
|
2021-08-26 00:42:32 | Tech Companies Pledge Billions in Cybersecurity Investments (lien direct) | Some of the country's leading technology companies have committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers, the White House announced Wednesday following President Joe Biden's private meeting with top executives. | Guideline | ||
|
2021-08-25 14:37:32 | Vade Secure Ordered to Pay $14 Million to Proofpoint in IP Theft Lawsuit (lien direct) | France-based email security company Vade Secure has been ordered to pay Proofpoint nearly $14 million as a result of a trade secret misappropriation and copyright infringement lawsuit filed in July 2019. | |||
|
2021-08-25 13:33:08 | VMware Patches High-Severity Vulnerabilities in vRealize Operations (lien direct) | VMware this week announced patches for a series of vulnerabilities in vRealize Operations, including four considered high severity. | |||
|
2021-08-25 12:48:57 | Survey: 1 in 4 Facility Managers Experienced OT System Breaches (lien direct) | A survey commissioned by industrial giant Honeywell showed that roughly a quarter of facility managers have admitted suffering a breach of operational technology (OT) systems in the past year. | |||
|
2021-08-25 12:13:21 | Leaked Footage Shows Grim Conditions in Iran\'s Evin Prison (lien direct) | The guard in a control room at Iran's notorious Evin prison springs to attention as one by one, monitors in front of him suddenly blink off and display something very different from the surveillance footage he had been watching. | |||
|
2021-08-25 11:35:28 | Incident Response Firm BreachQuest Launches With $4.4 Million in Seed Funding (lien direct) | Incident response company BreachQuest emerged from stealth mode on Wednesday with $4.4 million in seed funding from Slow Ventures, Tinder founders Sean Rad and Justin Mateen, and Lookout founder Kevin Mahaffey. | |||
|
2021-08-25 11:04:48 | The VC View: Digital Transformation (lien direct) | After every company goes through digital transformation, their threat model will change in response | Threat | ||
|
2021-08-25 10:44:52 | Biden, Tech Leaders Eye \'Concrete Steps\' to Boost Cybersecurity (lien direct) | A White House cybersecurity gathering including Big Tech executives was set Wednesday to unveil steps aimed at improving cybersecurity following high-profile attacks which raised questions about the vulnerability of so-called critical infrastructure. | Vulnerability |
To see everything:
Our RSS (filtrered)
