What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-05 12:45:49 | Cloud Services Providers Introduce Trusted Cloud Principles (lien direct) | Major cloud services providers last week formally introduced the Trusted Cloud Principles, an initiative aimed at bringing standardization and consistencies across platforms. | |||
|
2021-10-05 12:19:08 | Telecoms Giant Syniverse Discloses Years-Long Data Breach (lien direct) | Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years. | Data Breach | ||
|
2021-10-05 11:44:09 | Google Patches Over 50 Serious Vulnerabilities in Android (lien direct) | Google on Monday announced the availability of new security patches for Android, aimed at addressing more than 50 vulnerabilities in the mobile operating system. The most severe of the security flaws described in the October 2021 Security Bulletin is an issue in the Android System component that could be exploited to achieve remote code execution. | ★★★★ | ||
|
2021-10-05 10:31:17 | ICS Security Experts Share Tales From the Trenches - Part 2 (lien direct) | 
|
|||
|
2021-10-05 10:00:07 | NSA\'s Rob Joyce Explains \'Sand and Friction\' Security Strategy (lien direct) | News Analysis: The newly minted director of cybersecurity at NSA offers a candid assessment of the nation-state threat landscape and argues that adding “sand and friction” to adversary operations is a winning strategy. | Threat | ||
|
2021-10-04 15:02:17 | Two \'Prolific\' Ransomware Operators Arrested in Ukraine (lien direct) | Two individuals who were allegedly part of a “prolific” ransomware group have been arrested in Ukraine, Europol and Ukraine's Cyber Police announced on Monday. | Ransomware | ||
|
2021-10-04 13:25:57 | Hackers Stole Cryptocurrency From Thousands of Coinbase Accounts (lien direct) | Coinbase last week sent out notification letters to thousands of users to inform them that funds were stolen from their accounts during an attack earlier this year. | ★★★ | ||
|
2021-10-04 12:52:27 | Expired Let\'s Encrypt Root Certificate Causes Problems for Many Companies (lien direct) | A root certificate used by Let's Encrypt expired on September 30 and, despite being notified a long time in advance, many companies experienced problems. | |||
|
2021-10-04 11:37:56 | Pottawatomie County Fixing Systems After Ransomware Attack (lien direct) | Computer systems are being restored in Pottawatomie County are after hackers launched a ransomware attack on Sept. 17, county officials said Friday. The county resolved the attack by paying less than 10% of the hackers' original demands, County Administrator Chad Kinsley said in a statement. | Ransomware | ||
|
2021-10-04 11:02:00 | (Déjà vu) Cybersecurity M&A Roundup: 43 Deals Announced in September 2021 (lien direct) | 
The number of cybersecurity-related mergers and acquisitions announced in the past months has remained constant, with roughly 40 deals announced in September 2021 as well.
|
|||
|
2021-10-04 10:33:28 | PoC Exploit Released for macOS Gatekeeper Bypass (lien direct) | Rasmus Sten, a software engineer with F-Secure, has released proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass that Apple patched in April this year. | |||
|
2021-10-04 08:38:08 | Google Pledges $1 Million to Secure Open Source Program (lien direct) | Google last week pledged $1 million in financial support to the Secure Open Source (SOS) rewards program run by the Linux Foundation. The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. | Vulnerability | ||
|
2021-10-02 10:02:18 | Suit Blames Baby\'s Death on Cyberattack at Alabama Hospital (lien direct) | An Alabama woman whose 9-month-old daughter died has filed suit against the hospital where she was born claiming it did not disclose that its computer systems had been crippled by a cyberattack, which resulted in diminished care that resulted in the baby's death. | |||
|
2021-10-01 13:16:42 | Third-Party Identity Risk Provider SecZetta Raises $20.5 Million (lien direct) | Third-party identity risk solutions provider SecZetta this week announced that it has raised $20.5 million in Series B funding, which brings the total raised by the company to $30.5 million. The new investment round was led by SYN Ventures and new investor MassMutual Ventures. Existing investors ClearSky and Rally Ventures also contributed. | |||
|
2021-10-01 12:26:35 | Proposed Bill Would Require Organizations to Report Ransomware Payments (lien direct) | U.S. senators this week introduced a bill that would require critical infrastructure organizations to inform the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a cyberattack, and it would also require most private companies to notify the government if they have made a payment in response to a ransomware attack. | Ransomware | ||
|
2021-10-01 11:38:30 | Neiman Marcus Confirms Payment Cards Compromised in Data Breach (lien direct) | Luxury retail company Neiman Marcus Group on Thursday confirmed that customer information was indeed stolen in a data breach. During the incident, which occurred in May 2020, hackers were able to exfiltrate information associated with online customer accounts, including payment card data, the company says. | Data Breach | ||
|
2021-10-01 10:58:28 | Google Patches Two More Exploited Zero-Day Vulnerabilities in Chrome (lien direct) | Google on Thursday announced the rollout of a Chrome update to address four security vulnerabilities, including two that are already being exploited in the wild. | |||
|
2021-10-01 10:11:11 | Google Patches Vulnerability in Cloud Endpoints Proxy (lien direct) | A researcher has disclosed the details of a privilege escalation vulnerability he discovered in a Google Cloud component. The flaw was patched by Google in late August, but some users will need to manually update their systems to prevent potential exploitation. | Vulnerability | ||
|
2021-09-30 17:39:23 | Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites (lien direct) | Apple's AirTag product is affected by a vulnerability that could be exploited by hackers to lure unsuspecting users to phishing or other types of malicious websites. | Vulnerability | ||
|
2021-09-30 15:40:59 | Xage Lands DOE Contract to Bring Zero Trust Principles to Emergency Responders (lien direct) | Natural disasters such as extreme weather conditions can have a major disruptive effect on electricity supply. Power utilities are forced into emergency response status, which normally requires every available engineer from both in-house and third parties being called upon to find and fix the problems. | |||
|
2021-09-30 14:11:13 | Telemetry Report Shows Patch Status of High-Profile Vulnerabilities (lien direct) | 
|
Patching | ||
|
2021-09-30 13:58:05 | GriftHorse Android Trojan Infects Over 10 Million Devices Worldwide (lien direct) | A recently discovered cybercrime campaign leveraging mobile premium services has made over 10 million victims worldwide, potentially causing hundreds of millions in losses, according to mobile security firm Zimperium. | |||
|
2021-09-30 13:25:16 | New CISA Tool Helps Organizations Assess Insider Threat Risks (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture. | Tool Threat | ||
|
2021-09-30 12:02:50 | Contactless Payment Card Hack Affects Apple Pay, Visa (lien direct) | A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned. | Hack | ||
|
2021-09-30 11:20:19 | Turkish National Charged for DDoS Attack on U.S. Company (lien direct) | A Turkish national has been indicted in the Northern District of Illinois for launching a distributed denial-of-service (DDoS) attack against a hospitality company headquartered in the United States. | |||
|
2021-09-30 10:40:22 | Optimizing Monitoring Services For Intelligence Teams (lien direct) | How do you make sure you are choosing the right solutions for your organization? | |||
|
2021-09-29 19:32:34 | Facebook Open-Sources \'Mariana Trench\' Code Analysis Tool (lien direct) | Facebook's security team on Wednesday pulled the curtain on Mariana Trench, an open-source tool that it has been using internally to identify vulnerabilities in Android and Java applications. | Tool | ||
|
2021-09-29 18:00:44 | Behavioral Analytics Provider ForMotiv Raises $6 Million (lien direct) | Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round. The company has raised a total of $7.5 million to date. ForMotiv's new funding round was led by Vestigo Ventures. DreamIt Ventures and Plug & Play Ventures also participated. | |||
|
2021-09-29 17:03:38 | Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal (lien direct) | Edge security and content delivery giant Akamai Technologies on Wednesday announced plans to spend $600 million to acquire Guardicore, an Israeli micro-segmentation technology startup. Akamai said the deal would add new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise. | Ransomware Malware | ||
|
2021-09-29 16:29:56 | Cyberespionage Implant Delivered via Targeted Government DNS Hijacking (lien direct) | Threat hunters at Kaspersky have intercepted a new cyberespionage implant being delivered via targeted DNS hijacking of government zones in Eastern Europe and published a new report Wednesday with clues linking the malware to the SolarWinds attackers. | Malware | ||
|
2021-09-29 15:29:03 | How to Spot an Ineffective Security Practitioner (lien direct) | Root out ineffective security practitioners to keep your security teams protected and engaged in a productive manner | |||
|
2021-09-29 14:56:32 | China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal (lien direct) | Several China-linked cyberespionage groups were observed intensifying attacks on a major telecom firm in Afghanistan just as the United States was finalizing its withdrawal from the country. | |||
|
2021-09-29 13:39:51 | COVID-19\'s Healthcare Feeding Frenzy for Cybercriminals (lien direct) | The COVID-19 pandemic has enlarged the threat landscape for all industry sectors; but none more so than healthcare. The primary areas of concern include insecure working from home, and stress related lax behavior at the office. | Threat | ||
|
2021-09-29 13:36:03 | NSA, CISA Issue Guidance on Selecting and Securing VPNs (lien direct) | The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) this week published a new document to help government organizations select and secure virtual private network (VPN) solutions. | |||
|
2021-09-29 11:42:13 | Google Announces Rewards for Tsunami Security Scanner Plugins (lien direct) | Google this week announced that it is offering monetary payouts to individuals who help expand the detection capabilities of the Tsunami security scanner. Two types of contributions are currently accepted in the experimental reward program, namely vulnerability detection plugins and web application fingerprints. | Vulnerability | ||
|
2021-09-29 11:08:37 | CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday informed organizations that some cameras made by Chinese video surveillance vendor Hikvision are affected by a critical vulnerability. | |||
|
2021-09-29 10:40:14 | Russia Detains Head of Cybersecurity Group on Treason Charges (lien direct) | A Moscow court on Wednesday ordered the co-founder of one of Russia's leading cybersecurity firms, Group-IB, to be detained on charges of treason. Founded in 2003, Group-IB specializes in the detection and prevention of cyberattacks and works with Interpol and several other global institutions. | Guideline | ||
|
2021-09-28 17:28:54 | Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers (lien direct) | Microsoft on Monday published a blog post detailing a piece of malware used by the threat actor behind the SolarWinds attack to exfiltrate data from compromised servers. | Malware Threat | ||
|
2021-09-28 17:15:09 | Colossus Ransomware Hits Automotive Company in the U.S. (lien direct) | A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox. Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data. | Ransomware | ||
|
2021-09-28 16:39:40 | FinSpy Surveillance Spyware Fitted With UEFI Bootkit (lien direct) | Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform stealthy infections on target machines. | |||
|
2021-09-28 13:57:04 | Tokenization vs. Encryption for Data Protection Compliance (lien direct) | 
|
|||
|
2021-09-28 13:56:05 | QNAP Patches Critical Vulnerabilities in QVR Software (lien direct) | QNAP, the Taiwan-based maker of network-attached storage (NAS) appliances, this week announced the availability of patches for a couple of critical vulnerabilities in its QVR video management solution. Tracked as CVE-2021-34348 and CVE-2021-34351 and featuring a CVSS score of 9.8, the vulnerabilities could be abused remotely to run arbitrary commands on affected systems. | |||
|
2021-09-28 13:19:47 | Enterprises Warned About Zix-Themed Credential Phishing Attacks (lien direct) | Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be related to services offered by security company Zix. | |||
|
2021-09-28 12:20:39 | Trend Micro Patches Critical Vulnerability in Server Protection Solution (lien direct) | Trend Micro has released patches for a critical authentication bypass vulnerability in Trend Micro ServerProtect. Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. | Vulnerability | ||
|
2021-09-28 11:45:18 | Cyber Insurance Firm Coalition Raises $205 Million at $3.5 Billion Valuation (lien direct) | San Francisco-based cyber insurance company Coalition has raised $205 million in a Series E funding round, at a valuation of over $3.5 billion. The firm has raised more than $500 million to date. | |||
|
2021-09-28 11:19:08 | ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage (lien direct) | Switzerland-based web and application security company ImmuniWeb on Tuesday announced the launch of a free online tool designed to help organizations identify unprotected cloud storage. | Tool | ★★★ | |
|
2021-09-28 10:30:10 | US Cryptocurrency Promoter Pleads Guilty to Advising NKorea (lien direct) | A prominent American cryptocurrency promoter and former hacker has pleaded guilty to advising North Korea on using virtual money to avoid international controls, a New York court said Monday. | Guideline | ||
|
2021-09-28 09:57:25 | OWASP Top 10 Updated With Three New Categories (lien direct) | On its 20th anniversary, the Open Web Application Security Project (OWASP) released the final version of their revised Top 10 list of the most critical risks to web applications, which includes three new categories, as well as position shifts compared to the previous report, released in 2017. | |||
|
2021-09-28 03:55:19 | Quad Nations Commit to Fostering a Secure Technology Ecosystem (lien direct) | The Quad countries (Australia, India, Japan, and the United States) on Friday announced a partnership to foster the development of secure technology. | |||
|
2021-09-27 17:27:50 | Cloudflare Introduces Email Security Tools (lien direct) | Internet security and performance company Cloudflare is celebrating its 11th anniversary this week and on Monday it introduced several email security tools. Cloudflare is entering the email security market with some free tools that its customers can use to create custom email addresses, manage email routing, and prevent email phishing and spoofing. |
To see everything:
Our RSS (filtrered)
