What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-21 13:04:31 | Dark Web Chatter: What Other Russian Hackers Are Saying About the REvil Arrests (lien direct) | The takedown of the REvil ransomware gang by the Russian FSB on January 14, 2022, took the world by surprise. Before this, the unwritten rule was that hackers would be safe in Russia provided they did not attack Russia. | Ransomware | ||
|
2022-01-21 12:24:41 | FBI Warns Organizations of Diavol Ransomware Attacks (lien direct) | The Federal Bureau of Investigation (FBI) this week shared a series of indicators of compromise (IoCs) associated with the Diavol ransomware family. | Ransomware | ||
|
2022-01-21 12:05:57 | Insurance and Fintech Firm Acrisure Launches Cyber Services Division (lien direct) | 
|
|||
|
2022-01-21 09:34:39 | Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group (lien direct) | Nigerian authorities have arrested 11 individuals believed to be members of the business email compromise (BEC) crime ring tracked as SilverTerrier. The 11 suspects were arrested as part of a 10-day operation (December 13-22, 2021) in which the Nigerian Police collaborated with Interpol and private security firms Palo Alto Networks and Group-IB. | |||
|
2022-01-20 20:02:27 | Security Scanners Across Europe Tied to China Govt, Military (lien direct) | At some of the world's most sensitive spots, authorities have installed security screening devices made by a single Chinese company with deep ties to China's military and the highest levels of the ruling Communist Party. | |||
|
2022-01-20 19:32:15 | Prolific Chinese APT Caught Using \'MoonBounce\' UEFI Firmware Implant (lien direct) | Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements. | |||
|
2022-01-20 18:47:33 | Cyber Insights 2022: Nation-States (lien direct) | 
|
Threat | ||
|
2022-01-20 18:44:20 | Cisco Patches Critical Vulnerability in RCM for StarOS (lien direct) | Cisco on Tuesday announced patches for a critical vulnerability in the Redundancy Configuration Manager (RCM) for the StarOS software running on its ASR 5000 networking devices. A Cisco proprietary node/network function, RCM delivers redundancy of StarOS-based user plane functions. | Vulnerability | ||
|
2022-01-20 18:24:07 | Seven Ways to Ensure Successful Cross-Team Security Initiatives (lien direct) | Many organizations have one or more strategic initiatives that involve a large amount of coordination and cooperation across functions and teams. In my experience, these cross-team initiatives are often the most challenging ones, while simultaneously being the most rewarding. There are a number of reasons why this is the case, though I'd like to take a look at a different angle in this piece. | |||
|
2022-01-20 15:40:18 | Resurrected jQuery UI Library Haunts Websites, Enterprise Products (lien direct) | Drupal developers this week informed users about several vulnerabilities discovered in a third-party library that was recently resurrected after it had apparently been discontinued. | |||
|
2022-01-20 14:26:12 | Software Supply Chain Attacks Tripled in 2021: Study (lien direct) | 2021 can be described as the year of the software supply chain attack – the year in which SolarWinds opened the world's eyes, and the extent of the threat became apparent. | Threat | ||
|
2022-01-20 13:42:59 | SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks (lien direct) | SolarWinds this week released patches for a Serv-U vulnerability that Microsoft says has been abused for the propagation of Log4j attacks. | Vulnerability | ||
|
2022-01-20 13:03:39 | Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom (lien direct) | OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation. | Hack | ||
|
2022-01-20 12:26:32 | Red Cross Appeals to Hackers After Major Cyberattack (lien direct) | The International Committee of the Red Cross on Thursday made an appeal to hackers who seized a trove of private data, saying they were willing to speak "directly and confidentially" to those behind the cyberattack. | |||
|
2022-01-20 11:57:02 | NSA Authorized to Issue Binding Operational Directives to Boost NSS Cybersecurity (lien direct) | 
|
|||
|
2022-01-20 11:04:19 | Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update (lien direct) | Google on Tuesday announced the release of 26 security patches as part of its latest Chrome update, including one for a critical-severity bug. A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues. | |||
|
2022-01-20 11:02:43 | Living Off the "Edge" of the Land (lien direct) | Edge-Access Trojans (EATs) allow attackers to collect data and even disrupt crucial decisions as the edge of the network | |||
|
2022-01-20 09:41:31 | Kaspersky Launches New Service for Removing Malicious Domains (lien direct) | Cybersecurity solutions provider Kaspersky this week announced the launch of a new service to help organizations take action against malicious websites. With the new Takedown Service, organizations essentially delegate Kaspersky to manage the process of eliminating phishing and other malicious domains that may target their brands. | |||
|
2022-01-19 21:43:47 | Red Cross Falls Victim to Massive Cyberattack (lien direct) | The International Committee of the Red Cross was the victim of a massive cyberattack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts, it said on Wednesday. | |||
|
2022-01-19 20:05:49 | Microsoft Edge Adds Security Mode to Thwart Malware Attacks (lien direct) | A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks. | Malware | ||
|
2022-01-19 19:56:02 | Project Zero: Zoom Platform Missed ASLR Exploit Mitigation (lien direct) | A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks. | |||
|
2022-01-19 19:38:07 | FBI, US Agencies Look Beyond Indictments in Cybercrime Fight (lien direct) | The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau's cyber division said in an interview with The Associated Press. | |||
|
2022-01-19 18:44:07 | Thousands of Industrial Firms Targeted in Attacks Leveraging Short-Lived Malware (lien direct) | Thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit, according to Kaspersky. | Malware Threat | ||
|
2022-01-19 17:30:54 | U.S. Olympians Told to Use \'Burner Phones\' in China (lien direct) | 
Olympic athletes heading to China for the upcoming Winter Games should use burner phones and rental computers, and understand clearly that there's “no expectation of data security or privacy while operating in China.”
|
|||
|
2022-01-19 16:15:29 | Cloud Security Firm Polar Security Emerges From Stealth With $8.5 Million Seed Funding (lien direct) | Tel Aviv, Israel-based cloud security firm Polar Security has emerged from stealth with $8.5 million seed funding in a round led by Glilot Capital Partners with participation from IBI Tech Fund. | |||
|
2022-01-19 15:24:37 | Oracle\'s First Security Updates for 2022 Include 497 Patches (lien direct) | Oracle on Tuesday announced its first set of quarterly security updates for 2022, which include a total of 497 new patches. More than half of the addressed vulnerabilities can be exploited remotely without authentication. | |||
|
2022-01-19 14:27:42 | BlackBerry Researchers Dive Into Prometheus TDS Operations (lien direct) | BlackBerry's security researchers have closely analyzed the Prometheus TDS (Traffic Direction System) and discovered a correlation with a leaked Cobalt Strike SSL key pair, as well as with various malware families. | Malware | ||
|
2022-01-19 13:59:33 | 1Password Raises Mammoth $620 Million Funding Round (lien direct) | Investors continue to pour cash into Canadian password management software vendor 1Password, pushing the company's valuation to $6.8 billion. | |||
|
2022-01-19 13:31:16 | XDR Firm Trellix Launches Following Merger of McAfee Enterprise and FireEye (lien direct) | Private equity giant Symphony Technology Group (STG) on Wednesday announced the launch of Trellix, an extended detection and response (XDR) solutions provider created following the merger of McAfee Enterprise and FireEye. | |||
|
2022-01-19 12:37:35 | Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities (lien direct) | 
CISA Warns Organizations of 'Critical Threats' Following Ukraine Attacks
|
|||
|
2022-01-19 12:10:17 | Zero Trust Network Access Provider Banyan Security Raises $30 Million (lien direct) | Zero trust network access (ZTNA) solutions provider Banyan Security on Tuesday announced that it has raised $30 million in Series B funding, which brings the total raised by the company to $47 million. The funding round was led by Third Point Ventures, with participation from Alter Venture Partners, SIG, Shasta Ventures, and Unusual Ventures. | |||
|
2022-01-19 10:52:32 | Mandatory Chinese Olympics App Has \'Devastating\' Encryption Flaw: Analyst (lien direct) | An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday. | |||
|
2022-01-18 19:41:55 | Multi-Factor Authentication Bypass Led to Box Account Takeover (lien direct) | A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over victim's accounts without having access to the victim's phone, according to new research from Varonis. | Vulnerability | ||
|
2022-01-18 19:41:26 | Cyber Insights 2022: Supply Chain (lien direct) | 
|
|||
|
2022-01-18 16:48:49 | Cloud Detection and Response Firm Permiso Emerges From Stealth With $10M in Funding (lien direct) | Cloud infrastructure identity detection and response firm Permiso has emerged from stealth with $10 million seed funding. The company identifies and tracks human, machine, vendor and service provider identities in IaaS and PaaS infrastructures. | |||
|
2022-01-18 16:39:54 | VirusTotal Hacking Offers a Supercharged Version of Google Hacking (lien direct) | Chronicle's VirusTotal (VT) is a boon to security researchers and a gift to potential criminals. Apart from virus samples it contains likely millions of user credentials readily available to anyone who knows where and how to look. | |||
|
2022-01-18 15:13:59 | Israel Lawmakers Outraged Over Claim Police Used NSO Spyware (lien direct) | Israeli lawmakers on Tuesday called for a parliamentary inquiry into the police's alleged use of sophisticated spyware on Israeli citizens, including protesters opposed to former Prime Minister Benjamin Netanyahu, following a newspaper report on the surveillance. | |||
|
2022-01-18 14:43:36 | Zoho Patches Critical Vulnerability in Endpoint Management Solutions (lien direct) | Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine. | Vulnerability | ||
|
2022-01-18 14:26:22 | Five Key Signals From Russia\'s REvil Ransomware Bust (lien direct) | The sudden move by Russia's top law enforcement agency to conduct a very public takedown of the REvil ransomware operation has set tongues wagging about how diplomacy may hold the key to slowing big-game ransomware attacks. | Ransomware | ||
|
2022-01-18 14:12:40 | VPNLab Goes Down After Servers Seized in Law Enforcement Operation (lien direct) | Europol on Tuesday announced the shutdown of VPNLab, a VPN service that had often been used by cybercriminals. VPNLab has been shut down after law enforcement authorities seized 15 servers across 10 countries. Police in Germany, the Czech Republic, France, Latvia, Hungary, Ukraine, the UK, the US, and Canada took part in the operation. | |||
|
2022-01-18 13:35:58 | Accellion Reaches $8.1 Million Settlement Over FTA Data Breach (lien direct) | Enterprise content firewall provider Accellion has reached an $8.1 million settlement to end a lawsuit over a data breach involving its legacy file sharing service FTA, Reuters reports. | Data Breach | ||
|
2022-01-18 12:39:33 | ICS Vendors Targeted in Espionage Campaign Focusing on Renewable Energy (lien direct) | Major industrial control system (ICS) vendors and other types of organizations have been targeted in a cyberespionage campaign that appears to focus on renewable energy. | |||
|
2022-01-18 11:49:28 | How to Attract Hard-to-Find Cybersecurity Talent (lien direct) | It's tempting to view cybersecurity through the lens that new and better technology will knock down threats and deliver all the protection an organization needs. While the right tools, applications and systems are essential, the problem for most organizations is managing a security framework. | |||
|
2022-01-18 11:00:59 | World Economic Forum Highlights Continued Gap Between Security and Business Leaders (lien direct) | Despite the current 'buzz' cliché phrase that 'security is top of mind' with business leadership, a new report from the World Economic Forum (WEF) highlights the continuing gap between business and security leaders. | Guideline | ||
|
2022-01-18 09:35:35 | NATO, Ukraine Sign Deal to \'Deepen\' Cyber Cooperation (lien direct) | NATO on Monday inked a deal to bolster its cyber support for Ukraine, after a sweeping hacking attack against Kyiv heightened tensions amid fears that Russia could be plotting an invasion. | |||
|
2022-01-18 04:14:09 | Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack (lien direct) | Healthcare providers Caring Communities and Entira Family Clinics are warning patients that their personal information may have been exposed in a data breach that hit tech vendor Netgain Technology more than a year ago. | Ransomware Data Breach | ||
|
2022-01-17 16:06:30 | Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors (lien direct) | A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles. Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device. | Vulnerability | ||
|
2022-01-17 15:03:47 | Oracle to Release Nearly 500 New Security Patches (lien direct) | Oracle is preparing the release of nearly 500 new security patches with its Critical Patch Update (CPU) for January 2022. | |||
|
2022-01-17 14:14:23 | Safari 15 Vulnerability Allows Cross-Site Tracking of Users (lien direct) | A vulnerability in Apple's implementation of the IndexedDB API in Safari 15 allows websites to track users' activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains. | Vulnerability | ||
|
2022-01-17 13:13:42 | Critical SAP Vulnerability Allows Supply Chain Attacks (lien direct) | A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns. | Vulnerability |
To see everything:
Our RSS (filtrered)
