Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-10-29 13:28:08 |
Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation (lien direct) |
Microsoft on Thursday published information on a vulnerability in Apple's macOS platform that could allow an attacker to bypass System Integrity Protection (SIP) and modify operating system files.
|
Vulnerability
|
|
|
|
2021-10-29 13:10:46 |
Russian Man Extradited to U.S. for Role in TrickBot Malware Development (lien direct) |
A Russian national has been extradited from South Korea to the United States to face charges for his alleged role in the cybercriminal organization behind the TrickBot malware.
|
Malware
|
|
|
|
2021-10-29 11:58:17 |
12 People Arrested Over Ransomware Attacks on Critical Infrastructure (lien direct) |
Europol and Norwegian Police on Friday announced the arrests of 12 individuals suspected of being involved in ransomware attacks launched against companies around the world, including critical infrastructure organizations.
|
Ransomware
|
|
|
|
2021-10-29 11:23:32 |
Ransomware Attack Hits PNG Finance Ministry (lien direct) |
A cyberattack on Papua New Guinea's finance ministry briefly disrupted government payments and operations, officials said late Thursday.
|
|
|
|
|
2021-10-29 10:27:07 |
Chrome 95 Update Patches Exploited Zero-Days, Flaws Disclosed at Tianfu Cup (lien direct) |
A Chrome 95 update released by Google on Thursday patches two actively exploited Chrome vulnerabilities, as well as flaws that were disclosed recently at a Chinese hacking contest.
|
|
|
|
|
2021-10-29 10:08:17 |
India\'s Top Court Orders Probe Into Pegasus Snooping (lien direct) |
India's Supreme Court on Wednesday ordered an independent investigation into the alleged government use of Pegasus spyware on journalists, opposition politicians and activists with the chief justice calling the implications "Orwellian".
|
|
|
|
|
2021-10-28 18:33:49 |
FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware (lien direct) |
The Federal Bureau of Investigation (FBI) this week released a Flash report to publicly share indicators of compromise (IOCs) for the Ranzy Locker ransomware.
|
Ransomware
|
|
|
|
2021-10-28 17:40:31 |
Free Decryption Tools Available for Babuk, AtomSilo and LockFile Ransomware (lien direct) |
Cybersecurity company Avast on Wednesday announced the availability of free decryption tools for three pieces of ransomware: Babuk, AtomSilo and LockFile.
Users and organizations that had their files encrypted by these ransomware families can use the decryptors to recover their files.
|
Ransomware
|
|
|
|
2021-10-28 15:52:44 |
Critical GoCD Authentication Flaw Exposes Software Supply Chain (lien direct) |
A highly-critical vulnerability in a popular open-source CI/CD solution can be exploited to hijack sensitive secrets for downstream supply chain attacks, according to a warning from SonarSource.
|
Vulnerability
|
|
|
|
2021-10-28 14:53:44 |
Scottish Cybersecurity Startup Unveils Versatile AI-Based Deception (lien direct) |
|
|
|
|
|
2021-10-28 14:04:36 |
Vendor-Neutral Initiative Sets Bare-Minimum Baseline for Security (lien direct) |
Google on Wednesday announced the Minimum Viable Secure Product (MVSP) initiative, partnering with some of tech's biggest names to create a vendor-neutral minimum baseline criteria for secure products.
|
|
|
|
|
2021-10-28 14:00:47 |
3 Questions for MDRs Helping to Get Your Enterprise to XDR (lien direct) |
An XDR implementation can quickly turn into a very large consulting project requiring significant time and budget
|
|
|
|
|
2021-10-28 13:55:59 |
Phishing Protection Provider SlashNext Raises $26 Million (lien direct) |
Phishing protection provider SlashNext today announced that it has raised $26 million in venture capital funding, which brings the total raised by the company to $43 million.
As part of this round, investments came from the ACTIVE Fund of the Ayala group, Telia Group, and Tom and Matt Gallo, as well as from early investors Alter Ventures, Norwest, and Wing.
|
|
|
|
|
2021-10-28 12:25:51 |
Cisco Patches High-Severity DoS Vulnerabilities in ASA, FTD Software (lien direct) |
Cisco this week announced the release of a new set of security patches to address multiple vulnerabilities affecting Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software.
|
Threat
|
|
|
|
2021-10-28 12:17:02 |
US Dismisses Assange Suicide Risk in Extradition Appeal (lien direct) |
The United States urged two senior British judges on Wednesday to clear the extradition of WikiLeaks founder Julian Assange and reject a lower court's ruling that he is a suicide risk.
|
|
|
|
|
2021-10-28 12:02:51 |
Dragos Becomes First Industrial Cybersecurity Unicorn After Raising $200 Million (lien direct) |
Dragos has become the first industrial cybersecurity unicorn - with a valuation of $1.7 billion - after raising $200 million in a Series D funding round.
|
|
|
|
|
2021-10-28 11:21:39 |
Ransomware Gang Claims to Have Stolen Data From National Rifle Association (lien direct) |
A cybercrime gang claims to have stolen data from U.S. gun rights advocacy group National Rifle Association (NRA).
|
|
|
|
|
2021-10-28 10:55:15 |
US Bans China Telecom Over National Security Concerns (lien direct) |
The United States on Tuesday banned China Telecom from operating in the country citing "significant" national security concerns, further straining already tense relations between the superpowers.
|
|
|
|
|
2021-10-27 18:02:54 |
TransUnion Acquires Identity Security Company Sontiq for $638 Million (lien direct) |
Chicago-based credit reporting agency TransUnion this week announced that it's acquiring identity security solutions provider Sontiq for $638 million.
Sontiq provides identity monitoring, restoration, and response solutions, which will help TransUnion enhance its identity protection offerings.
|
|
|
|
|
2021-10-27 16:23:38 |
Washington Secretary of State Appointed CISA\'s Senior Election Security Lead (lien direct) |
The United States Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday announced the appointment of Washington Secretary of State Kim Wyman as its Senior Election Security Lead.
|
Guideline
|
|
|
|
2021-10-27 16:06:53 |
North Korean Hackers Targeting IT Supply Chain: Kaspersky (lien direct) |
The North Korea-linked state-sponsored hacking group Lazarus has started to target the IT supply chain in recent attacks, according to cybersecurity firm Kaspersky.
|
|
APT 38
APT 28
|
|
|
2021-10-27 15:11:03 |
Fuji Electric Patches Vulnerabilities in Factory Monitoring Software (lien direct) |
Japanese electrical equipment company Fuji Electric has patched half a dozen types of vulnerabilities in its Tellus factory monitoring and operating product.
|
|
|
|
|
2021-10-27 14:45:37 |
SolarWinds Outlines \'Triple Build\' Software Development Model to Secure Supply Chain (lien direct) |
When FireEye (now Mandiant) disclosed the SolarWinds breach in December 2020, the security world was forced to accept the reality that given the motivation, time and resources, an advanced attacker can breach any organization. And if the breached organization is part of an important supply chain, the potential damage could be devastating.
|
|
|
|
|
2021-10-27 14:19:39 |
Apple Patches 22 Security Flaws Haunting iPhones (lien direct) |
Apple has released another IOS 15 update with patches for 22 serious security defects in a wide range of iPhone and iPad software components.
The vulnerabilities are serious enough to expose iPhone and iPad users to malicious hacker attacks via rigged PDF or image files.
|
|
|
|
|
2021-10-27 13:58:21 |
Yubico Launches New Security Key With USB-C and NFC (lien direct) |
Yubico on Tuesday announced the launch of Security Key C NFC, a new hardware security key that includes NFC capabilities in a USB-C form factor.
|
|
|
|
|
2021-10-27 13:36:29 |
Quantum Cybersecurity Provider QuintessenceLabs Raises $18 Million (lien direct) |
Quantum cybersecurity solutions provider QuintessenceLabs this week announced that it has raised A$25 million (roughly US$18.8 million) in a Series B funding round. To date, the company has raised A$61.4 million (US$45 million).
The new funding round was led by Main Sequence and TELUS Ventures, with contributions from InterValley Ventures and Capital Property Group.
|
|
|
|
|
2021-10-27 11:16:48 |
Many Ransomware Attacks on OT Organizations Involved Ryuk: IBM (lien direct) |
Many attacks that impacted organizations with operational technology (OT) networks in 2021 involved ransomware, and operators of the Ryuk ransomware in particular appear to gravitate towards this type of target, according to research conducted by IBM's X-Force cybersecurity unit.
|
Ransomware
|
|
|
|
2021-10-27 10:29:32 |
Iran Struggles to Relaunch Petrol Stations After Cyberattack (lien direct) |
Iran struggled Wednesday to restart its petrol distribution system after it was hit by an unprecedented cyber-attack which security officials said was launched from abroad.
|
|
|
|
|
2021-10-27 01:40:16 |
150 People Arrested in US-Europe Darknet Drug Probe (lien direct) |
Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday.
|
|
|
|
|
2021-10-26 18:06:23 |
Adobe Patches Gaping Security Flaws in 14 Software Products (lien direct) |
Adobe on Tuesday released a slew of urgent patches with fixes for more than 90 documented vulnerabilities that expose Windows, macOS and Linux users to malicious hacker attacks.
The security defects affect a wide range of popular products, including Adobe Photoshop, Adobe InDesign, Adobe Illustrator and Adobe Premiere.
|
|
|
|
|
2021-10-26 17:41:46 |
Illumio Brings Visibility, Zero Trust Principles to Hybrid Cloud (lien direct) |
A new product seeks to solve the two primary security issues that come with moving to the cloud: the danger of accidental misconfigurations and the loss of visibility.
|
|
|
|
|
2021-10-26 17:10:51 |
Iran Blames Cyberattack as Fuel Supply Hit (lien direct) |
Iranian authorities on Tuesday blamed a mysterious cyber attack for unprecedented disruption to the country's fuel distribution network.
|
|
|
|
|
2021-10-26 16:43:03 |
Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API (lien direct) |
The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.
The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.
|
|
|
|
|
2021-10-26 16:33:10 |
Researcher Explains Wi-Fi Password Cracking at Scale (lien direct) |
A security researcher at CyberArk was able to easily break more than 70 percent of Wi-Fi passwords he sniffed using relatively simple, cheap equipment.
|
|
|
|
|
2021-10-26 15:05:44 |
Targets and Prizes Announced for 2022 ICS-Themed Pwn2Own (lien direct) |
The Zero Day Initiative (ZDI) on Monday announced the targets and prizes for the next Pwn2Own Miami hacking contest, which focuses on industrial control system (ICS) products and associated protocols.
|
|
|
|
|
2021-10-26 14:17:46 |
Cloud Security Company Sonrai Raises $50 Million (lien direct) |
Public cloud security provider Sonrai Security today announced that it has raised $50 million in Series C funding, which brings the total raised by the company to $88.5 million.
The new funding round was led by ISTARI, but existing investors Menlo Ventures, New Brunswick Innovation Fund, Polaris Partners, and TenEleven Ventures also contributed.
|
|
|
|
|
2021-10-26 13:11:25 |
Enterprise Data Privacy Startup Piiano Emerges From Stealth Mode (lien direct) |
Tel Aviv, Israel-based Piiano emerged from stealth mode on Tuesday with $9 million in seed funding and a data engineering solution designed to help enterprises centralize and secure personal and other sensitive information.
|
|
|
|
|
2021-10-26 12:28:47 |
BillQuick Billing Software Exploited to Hack U.S. Engineering Company (lien direct) |
Hackers abused the BillQuick Web Suite billing software to compromise the network of an engineering company in the United States and deploy ransomware, threat detection firm Huntress reports.
|
Hack
Threat
|
|
|
|
2021-10-26 11:11:01 |
UK Spy Chiefs Seal Cloud Data Deal With Amazon: FT (lien direct) |
UK intelligence agencies have entrusted classified data to Amazon's cloud computing arm AWS in a deal designed to vastly speed up their espionage capabilities, the Financial Times reported on Tuesday.
|
|
|
|
|
2021-10-26 11:07:25 |
Logging and Security Analytics Firm Devo Raises $250 Million at $1.5 Billion Valuation (lien direct) |
Cambridge, MA-based cloud-native logging, SIEM and security analytics company Devo Technology on Tuesday announced that it has achieved unicorn status after raising $250 million.
|
|
|
|
|
2021-10-26 10:07:11 |
US State Department Sets Up Cyber Bureau, Envoy Amid Hacking Alarm (lien direct) |
US Secretary of State Antony Blinken announced Monday that the State Department will establish a new bureau and envoy to handle cyber policy, revamping amid alarm over rising hacking attacks.
In a memo to staff, Blinken said that a review showed a need for structural changes on "how the State Department should adapt to 21st-century challenges."
|
|
|
|
|
2021-10-25 18:13:38 |
Kansas Man Admits Hacking Public Water Facility (lien direct) |
Roughly seven months after being indicted for his actions, a Kansas man admitted in court to tampering with the systems at the Post Rock Rural Water District.
|
|
|
|
|
2021-10-25 17:51:31 |
CISA Raises Alarm on Critical Vulnerability in Discourse Forum Software (lien direct) |
The United States Cybersecurity and Infrastructure Security Agency (CISA) over the weekend issued an alert on a critical vulnerability in open source discussion platform Discourse.
|
Vulnerability
|
|
|
|
2021-10-25 15:03:02 |
Russia-Linked SolarWinds Hackers Continue Launching Supply Chain Attacks (lien direct) |
The Russia-linked cyberespionage group that hacked IT management solutions provider SolarWinds continues to launch supply chain attacks, Microsoft warned on Monday.
|
|
|
|
|
2021-10-25 14:54:45 |
Changing Approaches to Preventing Ransomware Attacks (lien direct) |
Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries
|
Ransomware
Threat
|
|
|
|
2021-10-25 14:21:51 |
(Déjà vu) Cybersecurity M&A Roundup for October 11-24, 2021 (lien direct) |
A total of 15 cybersecurity-related acquisitions were announced October 11-24, 2021.
|
|
|
|
|
2021-10-25 12:26:34 |
Researcher Earns $2 Million for Critical Vulnerability in Polygon (lien direct) |
Security researcher Gerhard Wagner earned a $2 million bug bounty reward for a critical vulnerability in Polygon's Plasma Bridge that could have allowed a malicious user to submit the same withdrawal transaction 224 times, with different exit IDs.
|
Vulnerability
|
|
|
|
2021-10-25 11:25:15 |
Facebook Sues Ukrainian for Scraping, Selling Data of 178 Million Users (lien direct) |
Facebook last week filed a lawsuit against a Ukrainian national who allegedly scraped the information of 178 million of its users and then sold the obtained information on hacker forums.
|
|
|
|
|
2021-10-23 16:24:37 |
\'Critical Severity\' Warning for Malware Embedded in Popular JavaScript Library (lien direct) |
Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close to 8 million downloads per week.
|
Malware
|
|
|
|
2021-10-22 18:59:43 |
REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation (lien direct) |
The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack.
|
Ransomware
Hack
Guideline
|
|
|