What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-11 12:59:42 | Nearly 100 TCP/IP Stack Vulnerabilities Found During 18-Month Research Project (lien direct) | An 18-month research project has resulted in the discovery of nearly 100 vulnerabilities across more than a dozen TCP/IP stacks. | |||
|
2021-11-11 12:06:40 | Contrast Security Raises $150 Million at \'Unicorn\' Valuation (lien direct) | Code security company Contrast Security this week announced that it has closed $150 million Series E funding round at a billion-dollar valuation, making the company the latest cybersecurity unicorn. | |||
|
2021-11-10 21:46:50 | Remote Code Execution Flaw in Palo Alto GlobalProtect VPN (lien direct) | 
|
|||
|
2021-11-10 20:11:40 | VMware Working on Patches for Serious vCenter Server Vulnerability (lien direct) | VMware announced on Wednesday that it's working on patches for a potentially serious privilege escalation vulnerability affecting vCenter Server. The vulnerability is tracked as CVE-2021-22048 and it has been assigned an “important” severity rating, which is equivalent to “high severity” based on its CVSS score of 7.1. | Vulnerability | ||
|
2021-11-10 19:03:59 | Critical Flaw in WordPress Plugin Leads to Database Wipe (lien direct) | A major security vulnerability in the WP Reset PRO WordPress plugin could be exploited by an authenticated user to wipe the entire database of a website, according to a warning from researchers at Packstack (formerly WebARX). | Vulnerability | ||
|
2021-11-10 16:17:33 | South Korean Users Targeted with Android Spyware \'PhoneSpy\' (lien direct) | More than 1,000 mobile phone users in South Korea have been targeted with a powerful piece of Android spyware as part of an ongoing campaign, according to a new report from Zimperium zLabs. Dubbed PhoneSpy, the malware was designed with extensive spyware capabilities inside, such including data theft, audio and video capture, and location monitoring. | Malware | ★★★ | |
|
2021-11-10 16:07:38 | RPC Firewall Dubbed \'Ransomware Kill Switch\' Released to Open Source (lien direct) | Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the 'ransomware kill switch' – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. | Ransomware Tool | ||
|
2021-11-10 14:48:59 | Citrix Patches Critical Vulnerability in ADC, Gateway (lien direct) | Citrix this week released patches for a couple of vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, including a critical bug leading to denial of service (DoS). | Vulnerability Guideline | ||
|
2021-11-10 13:57:52 | ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million: Survey (lien direct) | A report published on Wednesday by the Ponemon Institute and industrial cybersecurity firm Dragos shows that the average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million, and some companies reported costs of over $100 million. | |||
|
2021-11-10 12:24:22 | Socure Raises $450 Million at $4.5 Billion Valuation (lien direct) | Digital identity verification provider Socure on Tuesday announced that it has closed a $450 million Series E funding round, at a $4.5 billion valuation. To date, the company raised close to $650 million. The new funding round was announced roughly half a year after Socure closed a $100 million Series D round, at a $1.3 billion valuation. | |||
|
2021-11-10 12:06:35 | The Rising Threat Stemming From Identity Sprawl (lien direct) | Identity sprawl in the age of remote working and business transformation is a threat to cybersecurity | Threat | ||
|
2021-11-10 11:10:48 | Taiwan Government Faces 5 Million Cyberattacks Daily: Official (lien direct) | Taiwan's government agencies face around five million cyberattacks and probes a day, an official said Wednesday, as a report warned of increasing Chinese cyber warfare targeting the self-ruled island. | ★★★★ | ||
|
2021-11-10 04:44:47 | 14 New Vulnerabilities Discovered in BusyBox (lien direct) | Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new vulnerabilities in BusyBox, and on Tuesday they detailed some of their findings. | |||
|
2021-11-10 04:20:38 | SAP Patches Critical Vulnerability in ABAP Platform Kernel (lien direct) | SAP on Tuesday announced the release of five new and two updated security notes as part of its November 2021 Security Patch Day, including one note that deals with a critical vulnerability in ABAP Platform Kernel. | Vulnerability | ||
|
2021-11-09 19:23:04 | Zero-Days Under Attack: Microsoft Plugs Exchange Server, Excel Holes (lien direct) | Microsoft on Tuesday pushed out patches for at least 55 documented security vulnerabilities in a wide range of products and called urgent attention to a pair of flaws that have already been exploited in the wild. | |||
|
2021-11-09 18:43:53 | Russian Cybercrime Group Exploits SolarWinds Serv-U Vulnerability (lien direct) | The Russia-linked 'Evil Corp' cybercrime group has been exploiting a vulnerability in SolarWinds Serv-U for initial infection, cybersecurity and risk mitigation firm NCC Group reports. | Vulnerability | ||
|
2021-11-09 15:56:41 | Adobe Patches Critical RoboHelp Server Security Flaw (lien direct) | Software maker Adobe on Tuesday released patches to cover at least four documented security defects that expose users to malicious hacker attacks. The most serious of the flaw was addressed in RoboHelp Server and is rated “critical” because it exposes corporate environments to arbitrary code execution attacks. | |||
|
2021-11-09 14:57:21 | (Déjà vu) ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws (lien direct) | Industrial giants Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products. Siemens | |||
|
2021-11-09 14:40:24 | Security is Everywhere. Can Your Services Keep Up? (lien direct) | Today's networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device | |||
|
2021-11-09 14:18:14 | Many Healthcare, OT Systems Exposed to Attacks by NUCLEUS:13 Vulnerabilities (lien direct) | A series of 13 vulnerabilities identified in the Nucleus TCP/IP stack could be exploited to execute code remotely, cause a denial of service condition, or to obtain sensitive information, enterprise device security firm Forescout warns. | |||
|
2021-11-09 14:09:04 | Breach and Attack Simulation Firm SafeBreach Doubles Funding With $53.5M Series D Round (lien direct) | Sunnyvale, CA-based breach and attack simulation firm SafeBreach has raised $53.5 million in a Series D funding round led by Sonae IM and Israel Growth Partners (IGP). Sands Capital, Leumi Partners and existing investors participated, and the funding includes strategic investment from ServiceNow. | |||
|
2021-11-09 13:07:10 | Critical Flaw in Sitecore Experience Platform Exploited in Attacks (lien direct) | Adversaries have started targeting a critical remote code execution vulnerability in Sitecore Experience Platform (Sitecore XP), the Australian Cyber Security Center (ACSC) warns. | Vulnerability | ||
|
2021-11-09 12:16:29 | OpenText Acquires Email Security Firm Zix for $860 Million (lien direct) | Enterprise information management solutions provider OpenText on Monday announced the acquisition of email security company Zix for $860 million. | |||
|
2021-11-09 11:13:05 | Mexico Arrests Suspect in Pegasus Spyware Case (lien direct) | Mexican prosecutors said Monday that they had detained a man accused of spying on a journalist using the Pegasus software at the center of a global spyware scandal. | |||
|
2021-11-08 22:05:36 | Robinhood Hacked, Millions of Names, Emails Stolen (lien direct) | 
Hacker socially engineered customer support employee to obtain millions of names and emails, demanded extortion payment
|
|||
|
2021-11-08 19:47:28 | U.S. Charges Two Suspected Major Ransomware Operators (lien direct) | Two suspected criminal hackers have been charged in the United States in connection with a wave of ransomware attacks, including one that led to the temporary shutdown of the world's largest meat processor and another that snarled businesses around the globe on the Fourth of July weekend, U.S. | Ransomware | ||
|
2021-11-08 18:41:38 | US Treasury Sanctions Crypto Exchange in Anti-Ransomware Crackdown (lien direct) | The U.S. government's aggressive anti-ransomware crackdown is showing no signs of slowing down with the Treasury Department announcing sanctions against a cryptocurrency exchange and new multi-million-dollar rewards for information on the REvil ransomware group. | Ransomware | ||
|
2021-11-08 17:53:01 | Global Companies Compromised via ADSelfService Plus Exploitation (lien direct) | At least nine global organizations have been compromised in attacks targeting a recent vulnerability in ManageEngine ADSelfService Plus, according to a warning from researchers at Palo Alto Networks. | Vulnerability | ||
|
2021-11-08 17:27:54 | US Government Contractor EWA Discloses Data-Theft Breach (lien direct) | U.S. government defense contractor Electronic Warfare Associates (EWA) has started sending out notifications to warn of a data breach that resulted in the theft of Personally Identifiable Information (PII). In early August 2021, the company said a threat actor was able to compromise the EWA email system following a successful phishing attack. | Data Breach Threat | ||
|
2021-11-08 17:21:08 | Drata Scores $100M Investment for Security and Compliance Automation (lien direct) | Valuations for early-stage cybersecurity startups are continuing to soar with news this week that Drata banked $100 million in a funding deal that values the company north of $1 billion. | |||
|
2021-11-08 16:45:37 | Europol Announces Arrests of 7 People Linked to REvil, GandCrab Ransomware (lien direct) | Europol on Monday announced that law enforcement agencies in several countries have arrested a total of seven people allegedly linked to REvil and GandCrab ransomware operations. | Ransomware | ||
|
2021-11-08 15:41:02 | SCYTHE Banks $10M Investment for Adversary Simulation (lien direct) | SCYTHE, a software company building technology for adversary simulation, on Monday announced it had secured $10 million in venture capital funding to speed up expansion plans. | |||
|
2021-11-08 15:19:40 | McAfee to be Taken Private in $14 Billion Private Equity Deal (lien direct) | Cybersecurity firm McAfee Corp. (NASDAQ:MCFE) has agreed to be acquired by a group of private equity firms in a deal valued at more than $14 billion, the company announced Monday. | |||
|
2021-11-08 14:55:22 | (Déjà vu) Cybersecurity M&A Roundup for First Week of November 2021 (lien direct) | 
A dozen cybersecurity-related acquisitions were announced in the first week of November 2021.
|
|||
|
2021-11-08 12:44:32 | Six Arrested for Roles in Clop Ransomware Operation (lien direct) | Six individuals allegedly associated with the Clop ransomware operation were arrested in a global law enforcement operation, Interpol announced. Authorities in South Korea, Ukraine, and the United States, under Interpol's coordination, were involved in the 30-month investigation dubbed Operation Cyclone. | Ransomware | ||
|
2021-11-08 12:12:37 | Report: 6 Palestinian Rights Activists Hacked by NSO Spyware (lien direct) | Security researchers disclosed Monday that spyware from the notorious Israeli hacker-for-hire company NSO Group was detected on the cellphones of six Palestinian human rights activists, half affiliated with groups that Israel's defense minister controversially claimed were involved in terrorism. | |||
|
2021-11-08 12:03:25 | Experts Analyze Proposed Bill Allowing Private Entities to \'Hack Back\' (lien direct) | If the average American has the right to defend his home by striking back, why can he or she not defend networks in a similar fashion? | |||
|
2021-11-07 10:33:10 | The AP Interview: Justice Dept. Conducting Cyber Crackdown (lien direct) | The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. 2 official told The Associated Press, as the Biden administration escalates its response to what it regards as an urgent economic and national security threat. | Ransomware | ||
|
2021-11-05 17:39:06 | Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities (lien direct) | A newly observed Babuk ransomware campaign is targeting ProxyShell vulnerabilities in Microsoft Exchange Server, according to security researchers at Cisco Talos. | Ransomware | ||
|
2021-11-05 17:24:49 | \'Critical Severity\' Warning: Malware Found in Widely Deployed npm Packages (lien direct) | Software supply chain security jitters escalated again Friday with new “critical severity” warnings about malware embedded in two npm package managers widely used by some of the biggest names in tech. | Malware | ||
|
2021-11-05 17:04:34 | Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021 (lien direct) | The Zero Day Initiative's Pwn2Own Austin 2021 hacking contest has come to an end, with participants earning a total of more than $1 million for their router, printer, NAS device, smartphone, and smart speaker zero-day exploits. | |||
|
2021-11-05 15:45:09 | FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise (lien direct) | The Federal Bureau of Investigation (FBI) this week issued an alert on fraud schemes that direct victims to use cryptocurrency ATMs and Quick Response (QR) codes to make payment transactions. | |||
|
2021-11-05 14:58:45 | Researchers Release PoC Tool Targeting BrakTooth Bluetooth Vulnerabilities (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week warned on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available. | Tool | ★★★ | |
|
2021-11-05 13:48:21 | Hungarian Official: Government Bought, Used Pegasus Spyware (lien direct) | A senior official in Hungary's governing party acknowledged for the first time on Thursday that the government purchased a powerful spyware tool, which was allegedly used to target journalists, businesspeople and an opposition politician. | |||
|
2021-11-05 13:00:03 | (Déjà vu) Industry Reactions to New \'Trojan Source\' Attack: Feedback Friday (lien direct) | Researchers from the University of Cambridge have identified a new attack method that abuses Unicode to stealthily inject vulnerabilities into code. | |||
|
2021-11-04 23:17:12 | US Offers $10 Million Bounty in Hunt for DarkSide Ransomware Operators (lien direct) | US Goverment Offering $10 Million Reward for Data on DarkSide Ransomware Operators | Ransomware | ||
|
2021-11-04 19:03:09 | Cisco Plugs Critical Holes in Catalyst PON Enterprise Switches (lien direct) | Enterprise networking giant Cisco has released patches for multiple vulnerabilities across its product portfolio, including critical security defects in Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) and Policy Suite. | |||
|
2021-11-04 16:42:31 | Linux Foundation Fixes \'Dangerous\' Code Execution Kernel Bug (lien direct) | Researchers are calling attention to a newly discovered security defect in a kernel module that ships with all major Linux distributions, warning that remote attackers can exploit the bug to take complete control of a vulnerable system. | |||
|
2021-11-04 15:41:23 | Mozilla Rolling Out \'Site Isolation\' With Release of Firefox 94 (lien direct) | Mozilla this week announced that Firefox 94 is bringing Site Isolation to all users, along with patches for over a dozen vulnerabilities, including seven that feature a high severity rating. | |||
|
2021-11-04 14:55:50 | Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks (lien direct) | Ukraine's security service, the SBU, on Thursday revealed the identities of five individuals allegedly involved in cyberattacks attributed to a Russia-linked threat group named Gamaredon. | Threat |
To see everything:
Our RSS (filtrered)
