What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-19 08:48:50 | PlexTrac Raises $10 Million for Its Purple Teaming Platform (lien direct) | PlexTrac, a company that provides information security management solutions for security teams, last week announced closing a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group, with participation from StageDotO Ventures. | |||
|
2021-04-16 17:29:57 | Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks (lien direct) | Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer. | |||
|
2021-04-16 14:39:13 | How the Kremlin Provides a Safe Harbor for Ransomware (lien direct) | A global epidemic of digital extortion known as ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcement has been largely powerless to stop it. | Ransomware | ||
|
2021-04-16 14:04:26 | Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices (lien direct) | A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices. | Vulnerability | ||
|
2021-04-16 13:31:56 | Industry Reactions to FBI Cleaning Up Hacked Exchange Servers: Feedback Friday (lien direct) | U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States. | |||
|
2021-04-16 12:22:52 | More Countries Officially Blame Russia for SolarWinds Attack (lien direct) | The United Kingdom, Canada, the European Union and NATO have expressed support for the United States in blaming Russia for the cyberattack on IT management company SolarWinds, which impacted organizations worldwide. | |||
|
2021-04-16 11:57:45 | Sanctioned Russian IT Firm Was Partner With Microsoft, IBM (lien direct) | The Treasury Department on Thursday slapped six Russian technology companies with sanctions for supporting Kremlin intelligence agencies engaged in “dangerous and disruptive cyber attacks.” | |||
|
2021-04-16 10:47:41 | Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy (lien direct) | Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw. | Vulnerability | ||
|
2021-04-16 08:28:22 | Google Broke Australian Law Over Location Data Collection: Court (lien direct) | Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant. | Guideline | ||
|
2021-04-16 02:47:55 | Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack (lien direct) | Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. | Hack Tool | ||
|
2021-04-16 02:01:40 | Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding (lien direct) | Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million. | |||
|
2021-04-15 17:57:30 | Domain Name Security Neglected by U.S. Energy Companies: Report (lien direct) | A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets. | |||
|
2021-04-15 17:29:21 | IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain (lien direct) | More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures. | |||
|
2021-04-15 14:30:54 | Reddit Launches Public Bug Bounty Program (lien direct) | Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne. Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope. | Vulnerability | ||
|
2021-04-15 14:15:13 | NSA: Russian Hackers Exploiting VPN Vulnerabilities - Patch Immediately (lien direct) | The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately. | |||
|
2021-04-15 12:56:09 | US Expels Russian Diplomats, Imposes New Round of Sanctions (lien direct) | The Biden administration on Thursday announced the expulsion of 10 Russian diplomats and sanctions against nearly three dozen people and companies as it moved to hold the Kremlin accountable for interference in last year's presidential election and the hacking of federal agencies. | |||
|
2021-04-15 12:05:26 | (Déjà vu) Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched (lien direct) | A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week. | Vulnerability | ||
|
2021-04-15 10:09:23 | Months After Hack, US Poised to Announce Sanctions on Russia (lien direct) | The Biden administration is preparing to announce sanctions in response to a massive Russian hacking campaign that breached vital federal agencies, as well as for election interference, a senior administration official said. | |||
|
2021-04-15 08:35:56 | NVIDIA Unveils \'Morpheus\' Cybersecurity Framework (lien direct) | NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance. | |||
|
2021-04-15 02:15:41 | Irish Watchdog Opens Another Facebook Probe, Over Data Dump (lien direct) | Ireland's privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules. | |||
|
2021-04-14 14:09:35 | Capcom Says Older VPN Device at Heart of Ransomware Attack (lien direct) | Japanese video game giant Capcom revealed on Tuesday that, as part of the November 2020 ransomware attack, adversaries targeted an older backup VPN device for initial access. | Ransomware | ||
|
2021-04-14 13:16:01 | Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested (lien direct) | Despite the coronavirus pandemic, 2020 was a record year in terms of venture capital funding for cybersecurity companies, with more than $7.8 billion invested, according to a new report from business information platform Crunchbase. | |||
|
2021-04-14 11:50:58 | Another Critical Vulnerability Patched in SAP Commerce (lien direct) | On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce. | Vulnerability | ||
|
2021-04-14 10:28:27 | Siemens Releases Several Advisories for \'NAME:WRECK\' Vulnerabilities (lien direct) | Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day. | |||
|
2021-04-14 04:03:00 | FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers (lien direct) | FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday. | |||
|
2021-04-14 03:40:51 | At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks (lien direct) | Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout reveal. | |||
|
2021-04-13 22:46:20 | Google Patches More Under-Attack Chome Zero-days (lien direct) | Google's problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month. | |||
|
2021-04-13 19:34:41 | Swedish Sports Body Hacked by Russians, Officials Say (lien direct) | The organization that oversees Sweden's national sports federations was hacked by Russian military intelligence in 2017-18, officials said Tuesday, in a data-breaching campaign that also affected some of the world's leading sporting bodies, including FIFA and the World Anti-Doping Agency. | Guideline | ||
|
2021-04-13 19:08:51 | Breaches Detected Faster, But Ransomware Surge a Major Factor: FireEye (lien direct) | Data from FireEye's Mandiant incident response division shows that the time it takes organizations to detect a malicious hacker attack continues to drop, but it's not only due to better threat detection capabilities. | Ransomware Threat | ||
|
2021-04-13 18:26:50 | MS Patch Tuesday: NSA Reports New Critical Exchange Flaws (lien direct) | Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks. | ★★★★★ | ||
|
2021-04-13 17:51:47 | Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge (lien direct) | Adobe on Tuesday announced patches for vulnerabilities in four of its products, including critical code execution flaws affecting Photoshop and Bridge. | |||
|
2021-04-13 13:50:20 | Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices (lien direct) | An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system. | Vulnerability | ||
|
2021-04-13 13:08:52 | CISA Details Malware Found on Hacked Exchange Servers (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware. | Malware | ||
|
2021-04-13 12:32:24 | (Déjà vu) PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers (lien direct) | A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers. | Vulnerability | ||
|
2021-04-13 12:01:45 | Small Kansas Water Utility System Hacking Highlights Risks (lien direct) | A former Kansas utility worker has been charged with remotely tampering with a public water system's cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers. | |||
|
2021-04-13 03:36:08 | Grambling Grad Getting Louisiana\'s 1st Cybersecurity Degree (lien direct) | A Grambling State University student is about to get Louisiana's first bachelor's degree in cybersecurity at a time when data breaches are making headlines. Alexis White of Arcadia already has a degree in biology. She earned it in 2018 - the year Grambling won approval for the state's only bachelor's degree program in cybersecurity. | |||
|
2021-04-12 22:18:25 | Joker Android Trojan Lands in Huawei AppGallery App Store (lien direct) | Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web. | |||
|
2021-04-12 17:51:12 | DoControl Emerges From Stealth With SaaS Security Platform (lien direct) | DoControl emerged from stealth mode on Monday with an automated data access controls platform for SaaS applications, and more than $13 million in funding. | ★★★★ | ||
|
2021-04-12 17:33:53 | Iran Used Fake Instagram Accounts to Try to Nab Israelis: Spy Agencies (lien direct) | Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "to harm or abduct them". | ★★ | ||
|
2021-04-12 17:33:53 | IcedID Trojan Operators Experimenting With New Delivery Methods (lien direct) | The threat actors behind the IcedID Trojan are experimenting with various delivery methods to increase efficiency, including sending malicious messages from web-based contact forms. | Threat | ||
|
2021-04-12 16:48:40 | Unearthing the \'Attackability\' of Vulnerabilities that Attract Hackers (lien direct) | Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. | Patching | ||
|
2021-04-12 16:44:05 | ID Verification Firm Veriff Lands $69 Million in Series B Funding (lien direct) | Veriff, a provider of automated identity verification technology, today announced that it has secured $69 million in Series B financing, bringing the total amount raised by the company to $92.8 million. | ★★★ | ||
|
2021-04-12 16:02:24 | The VC View: Data Security - Deciphering a Misunderstood Category (lien direct) | I'm both excited and concerned to write about data security as one of the hot trends to monitor in 2021. Data security is a tough topic to summarize and I'd argue it may be the most misunderstood category in security right now. We're a raw industry that has been shaken up multiple times for years. | ★★★★★ | ||
|
2021-04-12 15:43:22 | Biden Names 2 Ex-NSA Officials for Senior Cyber Positions (lien direct) | President Joe Biden has selected two former senior National Security Agency officials for key cyber roles in his administration, the White House said Monday. | |||
|
2021-04-12 13:20:11 | Iran Blames Israel for Sabotage at Natanz Nuclear Site (lien direct) | Iran blamed Israel on Monday for a sabotage attack on its underground Natanz nuclear facility that damaged its centrifuges, an assault that imperils ongoing talks over Tehran's tattered nuclear deal and brings a shadow war between the two countries into the light. | |||
|
2021-04-12 12:58:08 | Cybersecurity M&A Roundup for April 1-11, 2021 (lien direct) | 
Eleven cybersecurity-related acquisitions and mergers were announced in the first part of April 2021.
|
|||
|
2021-04-12 11:35:59 | Fed Chair Says Cyberattacks Main Risk to US Economy (lien direct) | Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008. The risks of a 2008-like crisis with a need for government bailouts of banks were "very, very low," the head of the US central bank said during an interview aired Sunday on CBS's "60 minutes." | |||
|
2021-04-12 11:03:24 | Zerodium Offering $300,000 for WordPress Exploits (lien direct) | Exploit acquisition company Zerodium announced last week that it's temporarily offering $300,000 for high-impact WordPress exploits. | |||
|
2021-04-11 19:07:27 | Iran Calls Natanz Atomic Site Blackout \'Nuclear Terrorism\' (lien direct) | Iran on Sunday described a blackout at its underground Natanz atomic facility an act of “nuclear terrorism,” raising regional tensions as world powers and Tehran continue to negotiate over its tattered nuclear deal. | |||
|
2021-04-09 18:16:50 | Microsoft Open-Sources \'CyberBattleSim\' Enterprise Environment Simulator (lien direct) | Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. |
To see everything:
Our RSS (filtrered)
