What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-02 20:03:13 | Purple Teaming Security Management Firm PlexTrac Raises $70 Million (lien direct) | Boise, Idaho-based PlexTrac has raised $70 million in a Series B funding round led by Insight Partners with participation from existing investors Madrona Venture Group, Noro-Moseley Partners and StageDotO Ventures. | |||
|
2022-02-02 16:09:01 | Trend Micro Patches Vulnerabilities in Hybrid Cloud Security Products (lien direct) | Trend Micro recently patched two high-severity vulnerabilities affecting some of its hybrid cloud security products. Details and proof-of-concept (PoC) exploits have been released by the researchers who found the flaws. | ★★ | ||
|
2022-02-02 15:45:48 | 1,300 Malicious Packages Found in Popular npm JavaScript Package Manager (lien direct) | Malicious actors are using the npm registry as the start point for open source software (OSS) supply chain attacks. Open source software offers huge potential for criminals and nation states to deliver widespread supply chain attacks. OSS registries provide a major feeding ground with easy access. | |||
|
2022-02-02 15:00:03 | Tennessee Community College Suffers Ransomware Attack (lien direct) | A Tennessee community college suffered a data security attack that may have resulted in unauthorized access to personal information of former and current students, faculty and staff, officials said. | Ransomware | ||
|
2022-02-02 14:33:19 | Walmart Dissects New \'Sugar\' Ransomware (lien direct) | The cyber threat team at retail giant Walmart has dissected a new ransomware family dubbed Sugar, which is available to cybercriminals as a ransomware-as-a-service (RaaS). | Ransomware Threat | ||
|
2022-02-02 12:57:58 | Passage Emerges From Stealth With Biometric User Authentication Platform (lien direct) | Austin, Texas-based Passage this week announced that it has emerged from stealth mode with $4 million in funding and a public beta version of its biometric user authentication platform for developers. | |||
|
2022-02-02 12:06:33 | (Déjà vu) Cloudflare Launches Public Bug Bounty Program (lien direct) | Web performance and security services provider Cloudflare this week announced that its bug bounty program is now open to all vulnerability hunters on HackerOne. | Vulnerability | ★★★★ | |
|
2022-02-02 11:51:03 | FBI Warns of Potential Cyberattacks Targeting 2022 Winter Olympics (lien direct) | The Federal Bureau of Investigation (FBI) on Tuesday announced the release of a Private Industry Notification (PIN) to warn entities associated with the 2022 Winter Olympics and Paralympic games of potential cyberattacks targeting them. | |||
|
2022-02-02 11:39:18 | Samba Patches Critical Flaws That Earned Researchers Big Rewards (lien direct) | The latest updates for Samba, the widely used interoperability suite that provides file and print sharing capabilities between Windows and Unix computers, patch critical vulnerabilities that earned researchers tens of thousands of dollars at a recent hacking contest. | |||
|
2022-02-02 11:03:14 | ESET Patches High-Severity Vulnerability in Windows Applications (lien direct) | Antivirus firm ESET on Monday announced patches for a local privilege escalation vulnerability impacting its Windows clients. Tracked as CVE-2021-37852 and reported to ESET by the Zero Day Initiative (ZDI), the vulnerability is considered “high severity,” as it could allow an attacker to misuse the AMSI scanning feature. | Vulnerability | ||
|
2022-02-02 09:50:47 | (Déjà vu) Google Patches 27 Vulnerabilities With Release of Chrome 98 (lien direct) | Google on Tuesday announced the release of Chrome 98 in the stable channel with a total of 27 security fixes inside, including 19 for vulnerabilities reported by external researchers. The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system. | |||
|
2022-02-02 03:45:55 | Forescout Acquires Healthcare Cybersecurity Firm CyberMDX (lien direct) | Device security firm Forescout Technologies announced on Tuesday that is has acquired healthcare cybersecurity firm CyberMDX, which provides solutions to protect medical devices and clinical networks. | |||
|
2022-02-02 02:29:50 | RIPTA Data Breach Affected About 22,000 People (lien direct) | A data breach at the state agency that operates Rhode Island's public bus service compromised the personal information of about 22,000 people, agency officials said at a legislative hearing. | Data Breach | ||
|
2022-02-01 21:26:53 | Newly Detected "StrifeWater" RAT Linked to Iranian APT (lien direct) | The Iranian threat group known as Moses Staff was first spotted in October 2021. It claims its purpose is to harm Israeli companies by leaking sensitive stolen data, but it has also been seen targeting a variety of industries in countries such as Italy, India, Germany, Chile, Turkey, UAE and the U.S. | Threat | ||
|
2022-02-01 19:46:41 | Think Big, Start Small, Move Fast: Applying Lessons From The Mayo Clinic to Cybersecurity (lien direct) | I have previously written about how much the Mayo Clinic impacted my life through my experience and time there. In that article I discussed their approach to multi-disciplinary patient triaging and how looking at patients as a whole, rather than a system of discrete systems, helps them to make the right decisions. | |||
|
2022-02-01 19:04:31 | Israeli Police: Possible Improper Surveillance by Our Own (lien direct) | Israel's national police force on Tuesday said it had found evidence pointing to improper use of sophisticated spyware by its own investigators to snoop on Israeli citizens' phones. | |||
|
2022-02-01 18:29:29 | OpenSSF Alpha-Omega Project Tackles Supply Chain Security (lien direct) | Microsoft and Google are throwing their weight behind a new Linux Foundation OpenSSF initiative to address major security gaps in the open-source software ecosystem. | |||
|
2022-02-01 18:18:38 | Two Dozen UEFI Vulnerabilities Impact Millions of Devices From Major Vendors (lien direct) | Researchers at firmware security company Binarly have identified nearly two dozen vulnerabilities in UEFI firmware code used by the world's largest device makers. | |||
|
2022-02-01 17:53:29 | British Council Student Data Found in Unprotected Database (lien direct) | The information of many British Council students was recently exposed online in an unprotected repository. A world leading education institution, British Council operates in over 100 countries worldwide. In 2019 and 2020, it connected directly with roughly 80 million people, and with over 790 million overall. | Guideline | ||
|
2022-02-01 16:36:19 | Germany: 2 Oil Storage and Supply Firms Hit by Cyberattack (lien direct) | Two companies involved in storing and supplying oil and other materials said Tuesday they have been hit by a cyberattack that has impacted operations in Germany. | |||
|
2022-02-01 16:24:06 | Iranian Hackers Using New PowerShell Backdoor Linked to Memento Ransomware (lien direct) | Attacks from the Iranian Phosphorus APT (aka Charming Kitten, APT35) are well documented. Now a new set of tools incorporated into the group's arsenal, and a connection with the Memento ransomware, have been discovered. | Ransomware Conference | APT 35 APT 35 | |
|
2022-02-01 13:46:18 | Critical Flaw Impacts WordPress Plugin With 1 Million Installations (lien direct) | Over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin. Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts. | Vulnerability | ||
|
2022-02-01 12:38:22 | Cybersecurity M&A Roundup: 31 Deals Announced in January 2022 (lien direct) | 
More than 30 cybersecurity-related mergers and acquisitions were announced in January 2022.
|
|||
|
2022-02-01 11:12:48 | CISA Adds Recent iOS, SonicWall Vulnerabilities to \'Must Patch\' List (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of eight more vulnerabilities to the list of security flaws known to be exploited in malicious attacks. | |||
|
2022-02-01 09:39:31 | \'White Tur\' Hacking Group Borrows Techniques From Multiple APTs (lien direct) | A newly detailed threat actor has been observed employing various techniques borrowed from multiple advanced persistent threat (APT) actors, PwC's cyber threat intelligence team reports. | Threat | ||
|
2022-01-31 18:37:10 | Cyber Insights 2022: Improving Criminal Sophistication (lien direct) | 
|
Threat | ||
|
2022-01-31 18:14:31 | OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks (lien direct) | Many of the ransomware attacks on industrial and critical infrastructure organizations result in the exposure of operational technology (OT) data that could be useful to threat actors, including to conduct cyber-physical attacks, according to Mandiant. | Ransomware Threat | ||
|
2022-01-31 17:20:26 | Cyberattacks Increasingly Hobble Pandemic-Weary US Schools (lien direct) | For teachers at a middle school in New Mexico's largest city, the first inkling of a widespread tech problem came during an early morning staff call. | |||
|
2022-01-31 15:41:44 | North Korean Hackers Abuse Windows Update Client in Attacks on Defense Industry (lien direct) | The North Korean threat group Lazarus was observed abusing the Windows Update client for the execution of malicious code during a campaign this month, Malwarebytes reports. | Threat | APT 38 APT 28 | |
|
2022-01-31 14:28:23 | More Russian Attacks Against Ukraine Come to Light (lien direct) | The WhisperGate attack is not the only operation believed to have been conducted by Russia-linked threat actors against Ukraine in recent months. Symantec on Monday disclosed the details of an espionage operation that it has tied to a known group. | Threat | ||
|
2022-01-31 13:03:41 | The Third Building Block for the SOC of the Future: Balanced Automation (lien direct) | When automation is balanced between humans and machines, we can ensure teams always have the best tool for the job | Tool | ||
|
2022-01-31 12:58:59 | SureMDM Vulnerabilities Exposed Companies to Supply Chain Attacks (lien direct) | A series of vulnerabilities in 42Gears' SureMDM device management products could have resulted in a supply chain compromise against any organization using the platform. | |||
|
2022-01-31 11:52:52 | CISA\'s \'Must Patch\' List Puts Spotlight on Vulnerability Management Processes (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency's catalog of known exploited vulnerabilities can be useful not only for helping organizations patch high-risk vulnerabilities in their systems, but also to help them build or improve vulnerability management processes. | Vulnerability | ||
|
2022-01-31 05:50:47 | Israeli Lawyer, Hungarian Rights Group Target Pegasus Spyware (lien direct) | An Israeli lawyer said Saturday he was working with a rights group in Hungary to pursue authorities and Israeli firm NSO Group on behalf of Hungarian journalists allegedly targeted with Pegasus spyware. | |||
|
2022-01-30 11:54:07 | Finnish Diplomats Targeted by Pegasus Spyware: Ministry (lien direct) | Mobile phones belonging to Finnish diplomats were spied on using the cyber espionage software Pegasus, the country's foreign ministry said on Friday. | |||
|
2022-01-28 16:15:38 | Network Security Firm Portnox Raises $22 Million in Series A Funding (lien direct) | Cloud-native network and endpoint security solutions provider Portnox on Thursday announced raising $22 million in a Series A funding round. | |||
|
2022-01-28 13:59:59 | Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits (lien direct) | The exploit acquisition firm Zerodium this week showed increased interest in buying zero-day exploits targeting the popular email clients Microsoft Outlook and Mozilla Thunderbird. | |||
|
2022-01-28 12:52:26 | In the Hacker\'s Crosshairs: K-12 Schools (lien direct) | In education, cybersecurity is rarely top-of-mind - until a major incident occurs. Yet, according to the Federal Bureau of Investigation (FBI), schools are top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning. | Ransomware | ★★★★★ | |
|
2022-01-28 12:07:58 | HackerOne Bags $49 Million in Series E Funding (lien direct) | Hacker-powered bug bounty platform HackerOne on Thursday announced that it has received $49 million in Series E investment, which brings the total raised by the company to $160 million. The funding round was led by GP Bullhound and received participation from Benchmark, Dragoneer Investment Group, NEA, and Valor Equity Partners. | |||
|
2022-01-28 11:58:35 | FBI Warns of Hacker Attacks Conducted by Iranian Cyber Firm (lien direct) | The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad. The agency has described their tactics, techniques and procedures (TTPs) and it has shared several recommendations for preventing and detecting attacks. | |||
|
2022-01-28 11:41:48 | Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers (lien direct) | Xerox patched a device-bricking vulnerability in certain printer models more than a year and a half ago, but said nothing until this week, when information on the bug became public. | Vulnerability | ||
|
2022-01-28 11:07:39 | Web-Tracking \'Cookies\' Meant to Protect Privacy: Inventor (lien direct) | The data-tracking "cookies" at the heart of concerns over online privacy were meant to shield people, rather than serve as cyber snoops, their inventor told AFP. California-based engineer and entrepreneur Lou Montulli said the original "cookie" he created decades ago was intended to make life online easier by letting websites remember visitors. | |||
|
2022-01-28 09:40:15 | Identity Verification Firm Veriff Raises $100 Million (lien direct) | Veriff, a provider of automated identity verification technology, announced this week that it has raised $100 million in a Series C funding round, bringing the total amount raised by the company to $200 million. | |||
|
2022-01-28 09:32:27 | Over 100 Million Android Users Installed \'Dark Herring\' Scamware (lien direct) | More than 105 million Android users downloaded and installed scamware from Google Play and third-party app stores, according to mobile security firm Zimperium. | |||
|
2022-01-27 21:09:04 | Outlook Security Feature Bypass Allowed Sending Malicious Links (lien direct) | A Trustwave researcher has discovered a new technique to completely bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. The new technique, Trustwave SpiderLabs lead threat architect Reegun Richard Jayapaul explains, is a variation of a vulnerability that was initially addressed in February 2020. | Vulnerability Threat Guideline | ||
|
2022-01-27 19:16:51 | Attack Surface Management Play Censys Scores $35M Investment (lien direct) | The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion. | |||
|
2022-01-27 16:12:35 | French Ministry of Justice Targeted in Ransomware Attack (lien direct) | Cybercriminals claim to have breached systems belonging to France's Ministry of Justice and they are threatening to make public the files stolen from the government organization. | Ransomware | ||
|
2022-01-27 15:00:03 | Microsoft Saw Record-Breaking DDoS Attacks Exceeding 3 Tbps (lien direct) | Microsoft this week reported mitigating several massive distributed denial-of-service (DDoS) attacks aimed at its customers last year. | |||
|
2022-01-27 14:53:59 | US Says National Water Supply \'Absolutely\' Vulnerable to Hackers (lien direct) | 
|
|||
|
2022-01-27 13:17:18 | REvil Ransomware Operations Apparently Unaffected by Recent Arrests (lien direct) | The REvil (Sodinokibi) ransomware cooperative's activity has not slowed down following Russia's recent move to arrest several alleged members of the group, according to threat intelligence company ReversingLabs. | Ransomware Threat |
To see everything:
Our RSS (filtrered)
