What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-01 13:42:46 | FBI Warns of Ransomware Attacks Targeting Local Governments (lien direct) | The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses. | Ransomware | ||
|
2022-04-01 11:27:31 | New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs (lien direct) | Researchers at industrial cybersecurity firm Claroty have identified two serious vulnerabilities that could allow malicious actors to launch Stuxnet-style attacks against programmable logic controllers (PLCs) made by Rockwell Automation. | |||
|
2022-04-01 10:33:30 | Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks (lien direct) | Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks. | Vulnerability | ||
|
2022-04-01 10:11:54 | Spring4Shell Exploitation Attempts Confirmed as Patches Are Released (lien direct) | 
The Spring zero-day vulnerability named Spring4Shell (SpringShell) has been patched, just as several cybersecurity firms have confirmed seeing exploitation attempts.
|
Vulnerability | ||
|
2022-04-01 09:48:32 | Antimatter Emerges From Stealth Mode With $12M to Secure Customer Data (lien direct) | Antimatter, a startup that focuses on data security for SaaS applications, this week emerged from stealth mode with $12 million in Series A funding from NEA, with additional investment from General Catalyst, UNION Labs, and several angel investors. | |||
|
2022-04-01 08:35:43 | UK Spy Chief Warns Russia Looking for Cyber Targets (lien direct) | A U.K. intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine. | |||
|
2022-03-31 20:07:22 | Apple Ships Emergency Patches for \'Actively Exploited\' macOS, iOS Flaws (lien direct) | Apple's security response team on Thursday released emergency patches to cover a pair of "actively exploited" vulnerabilities affecting macOS, iOS and iPadOS devices. | |||
|
2022-03-31 17:27:39 | SentinelLabs: New Modem Wiper Malware May be Connected to Viasat Hack (lien direct) | A pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany. | Malware Hack | ||
|
2022-03-31 16:13:40 | Skiff Banks $10.5M for E2E Encrypted Workplace Collaboration (lien direct) | Sequoia Capital has doubled down on its early-stage investment in Skiff, a startup building a security-themed, end-to-end encrypted workspace collaboration platform. | |||
|
2022-03-31 14:58:15 | WATCH: Fireside Chat With McDonald\'s CISO Shaun Marion (lien direct) | In this security leadership fireside chat, McDonald's CISO Shaun Marion joins SecurityWeek's Ryan Naraine to discuss the role of the modern CISO, the challenges of building a ma | Guideline | ||
|
2022-03-31 14:40:32 | Cybersecurity Vendors Assessing Impact of Recent OpenSSL Vulnerability (lien direct) | 
|
Vulnerability | ||
|
2022-03-31 13:02:18 | FBI: 65 People Arrested Worldwide in BEC Bust (lien direct) | The Federal Bureau of Investigation (FBI) this week announced the arrests of 65 individuals as part of an international effort to combat business email compromise (BEC) fraud. BEC scammers typically target employees in charge of making or authorizing wire transfers, from either a compromised or a spoofed email account. | |||
|
2022-03-31 12:32:26 | IT Giant Globant Confirms Source Code Repository Breach (lien direct) | IT giant Globant has confirmed suffering a data breach after the notorious hacker group Lapsus$ leaked tens of gigabytes of data allegedly stolen from the company. | Data Breach | ||
|
2022-03-31 12:31:50 | The Importance of Open Source to an XDR Architecture (lien direct) | No longer satisfied with infecting files or systems, adversaries are now intent on crippling entire enterprises. Damaging supply chain, ransomware and wiper attacks are making headline news, impacting not only the organization but their stakeholders too. As threat actors' approaches and targets change, our approach to detection and response is changing as well. | Ransomware Threat | ||
|
2022-03-31 11:41:55 | SaaS Security Startup Wing Emerges From Stealth With $26 Million in Funding (lien direct) | Wing Security, a Tel Aviv, Israel-based SaaS security startup, this week emerged from stealth mode with $26 million in seed and Series A funding. GGV Capital, Harmony Partners, S-Capital, Silicon Valley CISO Investments Group, and various security leaders have invested in the company. | Guideline | ||
|
2022-03-31 11:29:07 | FBI Warns of Phishing Attacks Targeting US Election Officials (lien direct) | The Federal Bureau of Investigation (FBI) this week warned US election officials of potential invoice-themed phishing attacks meant to steal their login credentials. Such attacks have already hit US election officials in at least nine states, and the FBI expects the phishing attempts to continue and even ramp up. | |||
|
2022-03-31 10:38:54 | Spring4Shell: Spring Flaws Lead to Confusion, Concerns of New Log4Shell-Like Threat (lien direct) | 
The disclosure of several vulnerabilities affecting the widely used Spring Java framework has led to confusion and concerns that organizations may need to deal with a flaw similar to the notorious Log4Shell.
|
Threat | ||
|
2022-03-31 10:12:12 | Hackers Got User Data From Meta With Forged Request (lien direct) | Facebook owner Meta gave user information to hackers who pretended to be law enforcement officials last year, a company source said Wednesday, highlighting the risks of a measure used in urgent cases. | |||
|
2022-03-31 09:18:02 | Satellite Modems Nexus of Worst Cyberattack of Ukraine War (lien direct) | A malicious software command that immediately crippled tens of thousands of modems across Europe anchored the cyberattack on a satellite network used by Ukraine's government and military just as Russia invaded, the satellite owner disclosed Wednesday. | |||
|
2022-03-30 16:54:43 | Cyera Emerges From Stealth Mode With $60M to Protect Cloud Data (lien direct) | Cloud data security startup Cyera emerged from stealth mode this week with $60 million in funding, as the Israeli cybersecurity firm embarks on a mission to help companies find and protect data stored in various cloud environments. | |||
|
2022-03-30 15:41:05 | Investors Bet on Cyberpion in Attack Surface Management Space (lien direct) | Attack surface management specialists Cyberpion has secured $27 million in early-stage funding to build technology that helps organizations manage exposure to risk. | |||
|
2022-03-30 15:10:57 | Chrome Browser Gets Major Security Update (lien direct) | Google this week released a security-themed Chrome browser makeover with patches 28 documented vulnerabilities, some serious enough to lead to code execution attacks. The new browser refresh is now rolling out to Windows, Mac and Linux users as Chrome 100.0.4896.60. | Guideline | ||
|
2022-03-30 14:57:56 | Remote \'Brokenwire\' Hack Prevents Charging of Electric Vehicles (lien direct) | Researchers from the University of Oxford in the UK and Switzerland's Armasuisse federal agency have identified a new attack method that can be used to remotely interrupt the charging of electric vehicles. | Hack | ||
|
2022-03-30 13:51:16 | The Need for Resilient Zero Trust (lien direct) | 
It is essential to ensure that any Zero Trust technology used is resilient to external factors
|
|||
|
2022-03-30 13:24:25 | Researchers Find Python-Based Ransomware Targeting Jupyter Notebook Web Apps (lien direct) | Researchers warn of likely future ransomware attacks against web applications used by data scientists Researchers have found what they believe to be the first Python-based ransomware sample specifically targeting Jupyter Notebooks. | Ransomware | ||
|
2022-03-30 12:44:53 | Shutterfly Employee Data Compromised in Ransomware Attack (lien direct) | Photography and personalized products platform Shutterfly is notifying employees that some of their personal information was compromised in a ransomware attack in December 2021. | Ransomware | ||
|
2022-03-30 12:32:14 | Lapsus$ Claims Hack of IT Giant Globant After Arrests of Alleged Members (lien direct) | The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant. The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back. | Hack | ||
|
2022-03-30 12:02:46 | (Déjà vu) US Government Warns of Attacks Targeting UPS Devices (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy this week issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. | |||
|
2022-03-30 10:59:04 | Risks of Using Russian Tech Analyzed by UK Cybersecurity Agency (lien direct) | 
|
|||
|
2022-03-30 10:46:46 | Federal Agencies Instructed to Patch New Chrome Zero-Day (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about an actively exploited zero-day vulnerability in Google's Chrome browser. | Vulnerability | ||
|
2022-03-30 10:44:50 | Finland\'s Spy Service Warns of Russian Interference, Attacks (lien direct) | Finland must brace for Russian interference and hybrid attacks as it weighs whether to join the NATO military alliance, the security services warned on Tuesday. The Nordic nation shares a 1,340-kilometre (830-mile) border with Russia and has remained militarily non-aligned since the end of World War II to avoid provoking its eastern neighbour. | |||
|
2022-03-30 10:37:48 | Six Ways to Expand Your Fraud Program (lien direct) | While attackers and fraudsters are continually adapting and evolving, there are some measures that businesses can take to improve their fraud programs | |||
|
2022-03-29 21:03:09 | Hackers Steal Over $600M in Major Crypto Heist (lien direct) | Hackers stole cryptocurrency worth over $600 million from a digital ledger used by players of the popular online game Axie Infinity, in a major digital cash heist revealed Tuesday. Interest in cyptocurrency has boomed, along with its values, but the money has also become an attractive target for tech savvy thieves. | |||
|
2022-03-29 18:19:05 | With War Next Door, EU is Warned on Cybersecurity Gaps (lien direct) | As Russia's invasion of Ukraine accelerates European Union defense cooperation, a watchdog said Tuesday that EU institutions face vulnerabilities on another front: cybersecurity. | |||
|
2022-03-29 18:07:58 | Cloaked Snags $25M Funding to Tackle Data-Sharing Privacy (lien direct) | A Boston startup has raised $25 million in early-stage funding to tackle the erosion of privacy in today's data sharing ecosystems. The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace. | |||
|
2022-03-29 17:52:34 | VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations (lien direct) | VMware on Tuesday announced the availability of patches for a vCenter Server vulnerability that could facilitate attacks against many organizations. | Vulnerability | ||
|
2022-03-29 17:34:53 | Ex-Trump Treasury Secretary\'s PE Firm Buys Mobile Security Company Zimperium for $525M (lien direct) | Steven Mnuchin's Liberty Strategic Capital acquires majority stake in Dallas, Texas-based Zimperium | |||
|
2022-03-29 15:15:52 | Why Bullying Employees Into Compliance Won\'t Work (lien direct) | Security leaders need to understand that people working from home require more than technological support to improve security | Guideline | ★★ | |
|
2022-03-29 14:13:48 | Critical Vulnerabilities Found in Microsoft Defender for IoT (lien direct) | Researchers at endpoint security firm SentinelOne on Monday published detailed information on a couple of critical remote code execution vulnerabilities discovered in Microsoft Defender for IoT. | |||
|
2022-03-29 12:04:13 | Sophos Warns of Attacks Exploiting Recent Firewall Vulnerability (lien direct) | Sophos on Monday raised the alarm about a recently patched Sophos Firewall vulnerability being exploited in attacks. Impacting the User Portal and Webadmin of Sophos Firewall, the bug is described as an authentication bypass that could lead to remote code execution. | Vulnerability Guideline | ||
|
2022-03-29 11:35:53 | White House Proposes $10.9 Billion Budget for Cybersecurity (lien direct) | 
|
|||
|
2022-03-29 10:36:10 | SonicWall Patches Critical Vulnerability in Firewall Appliances (lien direct) | SonicWall has released patches for a critical-severity vulnerability in the web management interface of multiple firewall appliances. Tracked as CVE-2022-22274 (CVSS score of 9.4), the security flaw is described as a stack-based buffer overflow bug that impacts SonicOS. | Vulnerability | ||
|
2022-03-29 09:40:40 | US Brands Russian Cybersecurity Firm Kaspersky \'Security Threat\' (lien direct) | US regulators have deemed antivirus software maker Kaspersky a "threat to national security," a designation that will restrict its dealings in the United States. | |||
|
2022-03-28 19:28:47 | Researchers Hack Remote Keyless System of Honda Vehicles (lien direct) | A researcher has published proof-of-concept (PoC) videos to demonstrate how an attacker can remotely unlock the doors of a Honda vehicle, or even start its engine. | Hack | ||
|
2022-03-28 16:52:22 | Checkmarx Finds Threat Actor \'Fully Automating\' NPM Supply Chain Attacks (lien direct) | Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem. | Threat | ||
|
2022-03-28 16:01:29 | Estonian Ransomware Operator Sentenced to Prison in US (lien direct) | An Estonian man was sentenced to 66 months in prison in the United States for his role in ransomware attacks that caused more than $53 million in losses. The cybercriminal, Maksim Berezan, who was arrested in Latvia and later extradited to the United States, pleaded guilty in April 2021 to conspiracy to commit wire fraud and device fraud. | Ransomware Guideline | ||
|
2022-03-28 13:42:05 | German Authorities Seize Spyware Firm FinFisher\'s Accounts (lien direct) | German authorities have seized accounts belonging to the spyware company FinFisher amid an investigation into whether it broke export laws by selling its products to authoritarian governments. | ★★ | ||
|
2022-03-28 13:36:26 | Critical Remote Code Execution Vulnerability in Sophos Firewall (lien direct) | Sophos on Friday announced the rollout of urgent patches for a critical authentication bypass vulnerability in the web portal of its Sophos Firewall product. Reported by an external researcher via the Sophos bug bounty program, the vulnerability is tracked as CVE-2022-1040 and impacts Sophos Firewall v18.5 MR3 (18.5.3) and older releases. | Vulnerability | ||
|
2022-03-28 10:47:38 | (Déjà vu) CISA Adds 66 Vulnerabilities to \'Must Patch\' List (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has added 66 vulnerabilities to its list of known exploited security holes. | |||
|
2022-03-27 11:58:30 | Google Issues Emergency Fix for Chrome Zero-Day (lien direct) | Google has issued an emergency security update for Chrome 99 to resolve a vulnerability for which a public exploit already exists. | Vulnerability |
To see everything:
Our RSS (filtrered)
