Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-09-08 14:39:26 |
Google Android Security Update Patches 40 Vulnerabilities (lien direct) |
Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.
|
|
|
|
|
2021-09-08 14:30:32 |
CISA Reminds of Risks Connected to Managed Service Providers (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).
|
|
|
|
|
2021-09-08 10:29:04 |
The Impact of the Pandemic on Today\'s Approach to Cybersecurity (lien direct) |
Security practitioners must figure out how to enable a secure and resilient anywhere workforce to reduce risk
|
|
|
|
|
2021-09-08 01:42:01 |
US-built Databases a Potential Tool of Taliban Repression (lien direct) |
Over two decades, the United States and its allies spent hundreds of millions of dollars building databases for the Afghan people. The nobly stated goal: Promote law and order and government accountability and modernize a war-ravaged land.
|
Tool
|
|
|
|
2021-09-07 21:31:45 |
Critical Flaw in Pac-Resolver NPM Package Affects 290,000 Repositories (lien direct) |
A high severity vulnerability recently addressed in popular NPC package Pac-Resolver could be exploited to execute arbitrary code remotely.
|
Vulnerability
|
|
|
|
2021-09-07 21:24:39 |
Jenkins Says Confluence Service Compromised Using Recent Exploit (lien direct) |
Jenkins over the weekend announced that hackers managed to gain access to one of its servers after exploiting a critical vulnerability affecting Atlassian Confluence Server and Data Center.
|
Vulnerability
|
|
|
|
2021-09-07 20:58:16 |
NETGEAR Patches Severe Vulnerabilities in Business Switches (lien direct) |
NETGEAR has released patches to address severe vulnerabilities in its business-grade smart switches that could lead to complete device takeover.
|
Guideline
|
|
|
|
2021-09-07 20:00:26 |
Microsoft Office Zero-Day Hit in Targeted Attacks (lien direct) |
Microsoft's embattled security response unit is scrambling to deal with another zero-day attack hitting users of its flagship Microsoft Office software suite.
|
|
|
|
|
2021-09-07 18:41:49 |
Germany Admits Police Used Controversial Pegasus Spyware (lien direct) |
The German government admitted Tuesday that its federal police service used controversial Israeli spyware known as Pegasus, parliamentary sources told AFP, drawing immediate criticism from rights groups.
|
|
|
|
|
2021-09-07 15:40:49 |
CISO Conversations: The Difference Between Securing Cities and Businesses (lien direct) |
|
|
|
|
|
2021-09-07 14:26:03 |
Measuring Cybersecurity Training Effectiveness (lien direct) |
As your organization reviews the training program, you could start to identify processes that are broken
|
|
|
|
|
2021-09-07 11:37:18 |
Germany Protests to Russia Over Pre-Election Cyberattacks (lien direct) |
Germany has protested to Russia over attempts to steal data from lawmakers in what it suspects may have been preparation to spread disinformation before the upcoming German election, the Foreign Ministry in Berlin said Monday.
|
|
|
|
|
2021-09-07 10:29:16 |
Ad Fraud Protection Firm Pixalate Raises $18.1 Million (lien direct) |
Pixalate, a firm that provides fraud protection for mobile app and connected TV (CTV) advertising, has raised $18.1 million in growth capital, bringing the total amount raised by the company to $22.7 million.
|
|
|
|
|
2021-09-06 12:04:29 |
FBI Warns Ransomware Attack Could Disrupt Food Supply Chain (lien direct) |
Ransomware attack on U.S. farm incurred $9 million in losses
|
Ransomware
|
|
|
|
2021-09-05 10:35:43 |
Breach Exposed Dallas Student, Parent, Teacher Personal Data (lien direct) |
A data breach at the Dallas public school system earlier this month exposed the personal information of students, parents, teachers and staff dating to 2010, system officials revealed Thursday.
|
Data Breach
|
|
|
|
2021-09-03 17:23:53 |
USCYBERCOM Warns of Mass Exploitation of Atlassian Vulnerability Ahead of Holiday Weekend (lien direct) |
USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are sounding the alarm just before the Labor Day weekend in the U.S., urging organizations to patch a critical vulnerability (CVE-2021-26084) affecting Atlassian Confluence Server and Data Center.
|
Vulnerability
|
|
|
|
2021-09-03 14:05:52 |
Apple Announces Delay of Child Protection Measures (lien direct) |
Apple announced Friday that it will delay the rollout of its controversial new child pornography protection tools, accused by some of undermining the privacy of its devices and services.
|
|
|
|
|
2021-09-02 21:01:17 |
Facebook Pays Out $40,000 for Account Takeover Exploit Chain (lien direct) |
Social media giant Facebook on Thursday announced a new payout guideline to help vulnerability hunters better understand its bounty decisions related to given bugs.
|
Vulnerability
|
|
|
|
2021-09-02 19:01:26 |
Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft (lien direct) |
Software vendor SolarWinds failed to enable an anti-exploit mitigation available since the launch of Windows Vista 15 years ago, an oversight that made it easy for attackers to launch targeted malware attacks in July this year.
|
Malware
|
|
|
|
2021-09-02 17:25:00 |
SOAR Company D3 Security Raises $10 Million (lien direct) |
Security orchestration, automation and response (SOAR) provider D3 Security this week announced raising $10 million in growth equity investment from Vistara Growth.
D3 Security also said it obtained an additional $5 million in debt financing from a major financial institution.
|
|
|
|
|
2021-09-02 14:59:09 |
Corelight Banks $75M for Network Monitoring Expansion Plans (lien direct) |
Network detection and response play Corelight has raised a fresh $75 million funding round to speed up its global expansion ambitions.
The San Francisco-based Corelight said the Series D investment was led by Energy Impact Partners and brings the total raised to $160 million.
|
|
|
|
|
2021-09-02 14:24:47 |
Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions (lien direct) |
Railway Communication Devices Made by Moxa Affected by 60 Vulnerabilities
Railway and other types of wireless communication devices made by Taiwan-based industrial networking and automation firm Moxa are affected by nearly 60 vulnerabilities.
|
|
|
|
|
2021-09-02 13:32:01 |
Israeli Foreign Minister Promises Closer Look at NSO (lien direct) |
Israel's foreign minister on Wednesday played down criticism of the country's regulation of the cyberespionage firm NSO Group but vowed to step up efforts to ensure the company's controversial spyware doesn't fall into the wrong hands.
|
|
|
|
|
2021-09-02 13:06:21 |
BrakTooth: New Bluetooth Vulnerabilities Could Affect Millions of Devices (lien direct) |
A group of researchers with the Singapore University of Technology and Design have disclosed a family of 16 new vulnerabilities that affect commercial Bluetooth Classic (BT) stacks.
|
|
|
|
|
2021-09-02 12:31:12 |
Recruiting Firm Apparently Pays Ransom After Being Targeted by Hackers (lien direct) |
Administrative staffing agency Career Group, Inc. this week started sending notification letters to customers who were affected by a data breach that occurred in late June.
|
Data Breach
|
|
|
|
2021-09-02 11:47:54 |
FTC Bans SpyFone From Surveillance Business for Selling Stalkerware (lien direct) |
The U.S. Federal Trade Commission (FTC) this week announced that it has banned stalkerware app maker SpyFone and its CEO, Scott Zuckerman, from the surveillance business.
|
|
|
|
|
2021-09-02 11:21:26 |
Ireland Fines WhatsApp 225M Euros for Breaching EU Privacy Laws (lien direct) |
Ireland on Thursday imposed a 225-million-euro fine on Facebook-owned messaging service WhatsApp for breaching EU data privacy laws after European regulators demanded the penalty be increased.
|
|
|
|
|
2021-09-02 10:47:16 |
Recently Patched Confluence Vulnerability Exploited in the Wild (lien direct) |
Hackers started exploiting a vulnerability in Atlassian's Confluence enterprise collaboration product just one week after the availability of a patch was announced.
|
Vulnerability
|
|
|
|
2021-09-02 10:11:38 |
Security for a Hybrid Workforce (lien direct) |
The move to hybrid working is a perfect time to update and run cyber-hygiene awareness for employees
|
|
|
|
|
2021-09-01 17:49:54 |
CISA, FBI Warn of Increase in Ransomware Attacks on Holidays (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends.
|
Ransomware
|
|
|
|
2021-09-01 17:26:01 |
Singapore\'s GovTech Announces New Vulnerability Rewards Programme (lien direct) |
The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000.
|
Vulnerability
|
|
|
|
2021-09-01 16:15:14 |
Mozilla Publishes Results of VPN Security Audit (lien direct) |
Mozilla announced on Tuesday that it has made public a report detailing the results of a security audit targeting its Mozilla VPN product.
|
|
|
|
|
2021-09-01 13:39:57 |
Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93 (lien direct) |
Google this week announced the release of Chrome 93 with a total of 27 security patches inside, including 19 for vulnerabilities that were reported by external researchers.
|
|
|
|
|
2021-09-01 12:33:28 |
SEC Sanctions Several Companies Over Email Account Hacking (lien direct) |
The U.S. Securities and Exchange Commission (SEC) this week announced sanctions against several companies over cybersecurity failures that resulted in email accounts getting hacked and the exposure of customer information.
|
|
|
|
|
2021-09-01 11:54:45 |
(Déjà vu) Cybersecurity M&A Roundup: 42 Deals Announced in August 2021 (lien direct) |
|
|
|
|
|
2021-09-01 10:58:27 |
Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack (lien direct) |
A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday.
|
Vulnerability
|
|
|
|
2021-09-01 10:48:19 |
Top Five Pitfalls When Considering Client Side Security (lien direct) |
When looking to secure online applications and protect them from fraud, enterprises have traditionally turned to preventative and detective controls on the server side. In other words, policies, alongside data, logs, and transaction information have long been a go to mechanism for mitigating risk from security breaches and fraud events.
|
|
|
|
|
2021-09-01 10:12:09 |
Tackling the Threat Intelligence Problem with Multiple Sources and Robust RFI Services (lien direct) |
A prevention-only strategy to combat threats is not sufficient; enterprises must incorporate intelligence from all relevant intelligence domains
|
Threat
|
|
|
|
2021-09-01 09:53:39 |
Proxyware Platforms Increasingly Targeted by Cybercriminals (lien direct) |
Proxyware platforms are increasingly targeted in cybercrime operations aimed at distributing malware or at monetizing the internet bandwidth of victims, according to Cisco's Talos research and intelligence unit.
|
Malware
|
|
★★
|
|
2021-08-31 15:07:23 |
New Edition of Pipeline Cybersecurity Standard Covers All Control Systems (lien direct) |
The American Petroleum Institute (API) this month published the third edition of its pipeline cybersecurity standard, which focuses on managing cyber risks associated with industrial automation and control environments.
|
|
|
|
|
2021-08-31 13:38:44 |
(Déjà vu) CISA Expands \'Bad Practices\' List With Single-Factor Authentication (lien direct) |
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication to its list of bad practices.
|
|
|
|
|
2021-08-31 13:05:44 |
Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems (lien direct) |
Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.
|
|
|
|
|
2021-08-31 11:24:37 |
\'ProxyToken\' Exchange Server Vulnerability Leads to Email Compromise (lien direct) |
A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails.
|
Vulnerability
|
|
|
|
2021-08-31 10:44:26 |
Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities (lien direct) |
|
|
|
|
|
2021-08-31 10:32:07 |
A Case for Recruiting and Retaining "Franchise Players" in Security Software Development (lien direct) |
Critical elements required to attract and retain A-players for cybersecurity software teams
|
|
|
|
|
2021-08-31 10:04:36 |
CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path (lien direct) |
|
|
|
|
|
2021-08-31 08:37:07 |
Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers (lien direct) |
A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable.
|
|
|
|
|
2021-08-30 19:29:15 |
Check Point Buys Cloud Email Security Provider Avanan (lien direct) |
Israeli security giant Check Point Software Technologies has joined the cybersecurity shopping spree with Monday's announcement of a deal to purchase Avanan, a startup that sells tech to secure cloud email infrastructure.
|
|
|
|
|
2021-08-30 12:37:41 |
U.S. Justice Department Introduces Cyber Fellowship Program (lien direct) |
The United States Department of Justice on Friday officially announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity-related cases.
|
|
|
|
|
2021-08-30 11:58:30 |
Exploitation of Flaws in Delta Energy Management System Could Have \'Dire Consequences\' (lien direct) |
An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws.
|
|
|
|