Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-29 16:39:05 |
Trinity Cyber Secures $23 Million in Funding (lien direct) |
Cybersecurity services and solutions startup Trinity Cyber announced on Monday that it has raised $23 million through a funding round led by Intel Capital.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-29 15:00:05 |
Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System (lien direct) |
Eleven vulnerabilities have been found in the Wind River VxWorks real time operating system (RTOS). Six of these security flaws are classed as critical. The vulnerabilities allow complete remote takeover without any user action, and affect critical devices in critical industries.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-29 14:24:00 |
Encrypted Threats, IoT Malware Surge Past 2018 Levels: Report (lien direct) |
The first half of 2019 was dominated by an increase in malware using encryption, and in malware targeting Internet of Things (IoT) devices, a recent SonicWall report reveals.
|
Malware
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-29 13:54:05 |
Authenticated XSS Found in WordPress Plugin Facebook Widget (lien direct) |
The WordPress plugin Facebook Widget (Widget for Facebook Page Feeds), which was recently closed on the WordPress plugin directory, is affected by an authenticated persistent Cross-Site Scripting (XSS), Plugin Vulnerabilities reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 17:14:03 |
Ireland-Based Admin of Silk Road Marketplace Sentenced to Prison (lien direct) |
An Irish man was sentenced to prison this week for his role in running the online black market Silk Road, the U.S. Department of Justice announced.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 16:06:01 |
Android Enterprise Receives ISO 27001 Stamp (lien direct) |
Google this week has revealed that Android Enterprise has received ISO 27001 security certification.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 15:49:00 |
Railway Cybersecurity Firm Cervello Raises $4.5 Million (lien direct) |
Israel-based Cervello, a company focused on cybersecurity solutions for rail and Metro signaling systems, announced this week that it has raised $4.5 million in a seed funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 15:25:01 |
British Cyber Expert to be Sentenced for Creating Malware (lien direct) |
Just as Marcus Hutchins was hailed as a hero for helping stop a worldwide computer virus in May 2017, his criminal past as a malware developer was about to catch up to him.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 15:18:05 |
NY to Require Greater Public Notification of Data Breaches (lien direct) |
Stop Hacks and Improve Electronic Data Security - or SHIELD - Act (S.5575B/A.5635
New York state is strengthening a law requiring companies that handle consumers' personal data to notify them about any data breaches.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 15:00:03 |
Researchers Discover Android Surveillance Malware Built by Sanctioned Russian Firm (lien direct) |
Mobile security firm Lookout has discovered a new set of sophisticated custom Android surveillanceware tools developed and distributed by a Russian-based company.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-26 10:59:04 |
Mirai-Based Botnet Launches Massive DDoS Attack on Streaming Service (lien direct) |
A Mirai-based botnet has recently launched a massive, 13-day long distributed denial of service (DDoS) attack on a single online service, Imperva reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 19:02:02 |
Ransomware Causes Disruptions at Johannesburg Power Company (lien direct) |
City Power, the power company in the South African city of Johannesburg, has suffered serious disruptions after its systems became infected with a piece of ransomware.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 15:54:03 |
Enterprise VPN Vulnerabilities Expose Organizations to Hacking, Espionage (lien direct) |
Critical vulnerabilities in enterprise virtual private network (VPN) solutions from Palo Alto Networks, Fortinet and Pulse Secure allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications, researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 15:35:01 |
Crypto-Mining Botnet Implements BlueKeep Scanner (lien direct) |
A cryptocurrency-mining botnet has recently added a scanner for the BlueKeep RDP protocol vulnerability, Intezer's security researchers have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 14:48:02 |
Fact vs Fiction: The Truth About Breach and Attack Simulation Tools (lien direct) |
In 2017, a category called Breach and Attack Simulation (BAS) tools made its first appearance on the Gartner Hype Cycle for Threat-Facing Technologies, positioned as a technology on the rise.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 14:18:01 |
Guildma Malware Expands Targets Beyond Brazil (lien direct) |
Researchers at Avast have published a detailed analysis of a banking trojan they call Guildma. This is almost certainly the same malware as that described by Cybereason as Astaroth, but analyzed here in greater detail.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 11:02:05 |
Using Threat Trends to Protect Network Resources (lien direct) |
The Threat Landscape is Evolving Faster Than the Usual Rate of Security Review
Leveraging threat intelligence to improve an organization's security posture should be an essential component of any security strategy. So as I spend time with organizations from around the world to discuss their security challenges, I am surprised to learn how few do this.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 10:40:01 |
Decision Fatigue is Real - In Life and In Security (lien direct) |
“The world is your oyster!” “The sky's the limit!” Those may sound like encouraging words, but according to 'millennial therapist' Tess Brighman the biggest complaint among millennials is having so many choices that they struggle to make decisions. Why is this such a problem for this group? Information overload.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 05:51:02 |
Stock Trading Firm Robinhood Stored User Passwords in Plaintext (lien direct) |
Robinhood, a California-based financial services company that provides a popular commission-free stock trading app, informed some users that their passwords were stored in plaintext.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 05:16:04 |
Louisiana School Systems Cyber Attacked; Emergency Declared (lien direct) |
Louisiana Gov. John Bel Edwards has issued an emergency declaration after malware attacks against three school systems in the state have been detected.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 19:59:05 |
U.S. Warns of 5G Wireless Network Security Risks (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an infographic underlining some of the risk factors associated with 5G wireless networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 19:44:00 |
Netography Launches Open Beta of Distributed IPS Service (lien direct) |
Network security company Netography on Tuesday announced the launch of its first service, advertised as a new type of intrusion prevention system (IPS).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 15:16:00 |
Vulnerabilities Found in Mitsubishi Inverter Engineering Software (lien direct) |
Mitsubishi Electric's FR Configurator2 inverter engineering software is affected by several vulnerabilities that can be exploited for information disclosure, arbitrary code execution, privilege escalation, and denial-of-service (DoS) attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 14:45:04 |
How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure (lien direct) |
For manufacturers, improving security often means building better defenses against malware, botnets and other external threats. What may be further from their minds, however, are the threats that come from within the organization.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 14:17:04 |
FTC Fines Facebook $5B, Adds Limited Oversight on Privacy (lien direct) |
Federal regulators have fined Facebook $5 billion for privacy violations and are instituting new oversight and restrictions on its business. But they are only holding CEO Mark Zuckerberg personally responsible in a limited fashion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 13:57:04 |
3 Romanian Men Sentenced for Hacking US Servers (lien direct) |
Three men who hacked U.S. computers from Romania have been sentenced to prison for a fraud scheme totaling more than $21 million, federal prosecutors in Georgia said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 12:30:03 |
NSA Forms Cybersecurity Directorate to Redefine Cybersecurity Mission (lien direct) |
The U.S. National Security Agency (NSA) is creating a new Cybersecurity Directorate to reinvigorate the cybersecurity element of its work.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 05:57:04 |
Citrix Completes Investigation into Data Breach (lien direct) |
Software giant Citrix on Tuesday announced that it has completed its investigation into the data breach detected earlier this year.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 05:04:00 |
Indiana County Targeted in Malware Assault on Computers (lien direct) |
Officials of an Indiana county say they are trying to determine the extent of a malware attack on the county's computers.
Vigo County Commissioner Judith Anderson says commissioners were informed of a “ransomware” attack early Tuesday.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 23:12:04 |
Four Arrested Over Hacking of Brazil Justice Minister\'s Phone (lien direct) |
Brazilian federal police arrested four people Tuesday over the hacking of cell phones belonging to Justice Minister Sergio Moro and prosecutors involved in a massive corruption probe.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 20:33:02 |
Hackers Compromise 62 Colleges via Campus ERP Platform (lien direct) |
Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 17:09:05 |
(Déjà vu) Apple Patches 22 Vulnerabilities in WebKit (lien direct) |
Apple this week released a new set of patches to address various security flaws across its product portfolio, including 22 bugs impacting WebKit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 17:01:02 |
Attackers Turn Elasticsearch Databases Into DDoS Bots (lien direct) |
A recently detected attack campaign is attempting to ensnare Elasticsearch clusters into a distributed denial of service (DDoS) botnet, Trend Micro reports.
The multi-stage attacks leverage scripts to ultimately deliver backdoors to the targeted servers and turn them into DDoS bots.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 15:49:00 |
Huawei Unit Cuts More Than 600 Jobs Following U.S. Sanctions (lien direct) |
Chinese telecom giant Huawei said on Tuesday that more than 600 jobs would be lost at a US unit as a result of "curtailment of business operations" caused by Washington's sanctions on the firm and 68 of its subsidiaries.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 15:31:01 |
US Attorney General Says Encryption Creates Security Risk (lien direct) |
U.S. Attorney General Bill Barr said Tuesday that increased encryption of data on phones and computers and encrypted messaging apps are putting American security at risk.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 15:29:01 |
Report Finds New Deficiencies in IRS Data Security Security Controls (lien direct) |
The Internal Revenue Service's (IRS) information system security controls require further improvements, a new report from the United States Government Accountability Office (GAO) claims.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 14:31:00 |
China-Linked Threat Actor Using New Backdoor (lien direct) |
The China-linked threat actor known as APT15 has been using a previously undocumented backdoor for more than two years, ESET's security researchers have discovered.
|
Threat
|
APT 15
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 14:27:00 |
Recently Disclosed WordPress Plugin Flaws Exploited in Malvertising Operation (lien direct) |
Researchers at Defiant, the company behind the Wordfence security plugin for WordPress websites, have come across a malvertising campaign that leverages recently disclosed plugin vulnerabilities to inject malicious code into websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 11:21:04 |
ProFTPD Vulnerability Can Expose Servers to Attacks (lien direct) |
A security hole affecting the free and open source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and possibly execute arbitrary code.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 06:07:05 |
Several Vulnerabilities Found in Comodo Antivirus (lien direct) |
Several vulnerabilities have been discovered in Comodo Antivirus, including one that allows an attacker to escape the sandbox and escalate privileges, and the vendor does not appear to have released any patches.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 00:35:04 |
U.S. Tech CEOs Support Trump on Huawei Restrictions: White House (lien direct) |
Chief executives from several US tech companies met with President Donald Trump on Monday and expressed "strong support" for policies restricting the use of products from Chinese telecom giant Huawei.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 16:19:03 |
AMCA Breach: Many More Impacted Healthcare Firms Come Forward (lien direct) |
Many more healthcare companies in the United States published press releases last week to inform customers that they had been impacted by the data breach suffered by the American Medical Collection Agency (AMCA).
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 15:01:00 |
Huawei\'s Czech Unit Secretly Collected Data: Report (lien direct) |
The Czech unit of telecoms giant Huawei secretly collected personal data of customers, officials and business partners, Czech public radio reported Monday, fanning concerns about security risks linked to the Chinese group.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 14:55:01 |
Browser Extensions Massively Collecting User Data (lien direct) |
Security researchers have discovered eight Chrome and Firefox extensions that leak user data, including personally identifiable information (PII) and corporate information (CI).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 14:39:02 |
FSB Contractor Hacked, Secret Russian Projects Exposed (lien direct) |
A group of hackers has leaked online information on secret projects allegedly stolen from the servers of Russian Federal Security Service (FSB) contractor Sytech.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 14:39:01 |
Critical RCE Vulnerability Found in Palo Alto Networks VPN Product (lien direct) |
A critical remote code execution vulnerability has been found and patched in Palo Alto Networks' GlobalProtect product.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 13:38:05 |
Questions to Ask Before Choosing a Threat Intelligence RFI Service (lien direct) |
Much like deep & dark web (DDW) coverage and anti-fraud solutions, request for intelligence (RFI) services have quickly become both ubiquitous and prone to misleading claims in the threat intelligence market.
|
Threat
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 13:16:00 |
Equifax to Pay up to $700 Million to Consumers, Authorities Over 2017 Breach (lien direct) |
Equifax and U.S. government agencies announced on Monday that the credit reporting agency is prepared to pay up to $700 million to settle charges related to the massive 2017 data breach that impacted roughly 147 million people.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 13:11:05 |
Digital Transformation Makes the Case for Log Retention in Cloud SIEMs (lien direct) |
As organizations pursue their digital transformation dreams, they'll migrate from on-premises SIEM to cloud-based SIEM. In the process of doing so, CISOs are taking a closer look at their previous security incident and event log retention policies, and revisiting past assumptions and processes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-20 14:19:05 |
Scotland Yard Twitter and Emails Hacked (lien direct) |
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
|
|
|
|