What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-06 19:48:51 | Streaming Site Twitch Confirms Hack (lien direct) | Amazon's popular live video streaming platform Twitch said Wednesday hackers had broken into its network after reports of exposed confidential company data surfaced online. The service, where users often stream live video game play, confirmed the break-in on Twitter. | Hack | ||
|
2021-10-06 19:20:32 | DevOps Security Startup Mondoo Scores $15M Investment (lien direct) | Mondoo, a startup that provides security tools for DevOps teams, has raised $15 million in funding ($12 million in a new Series A round, and $3 million from a previously undisclosed seed round). The Series A funding round was Led by Atomico with participation from a range of high-profile private investors. | |||
|
2021-10-06 19:15:08 | US Poised to Go After Contractors Who Don\'t Report Breaches (lien direct) | The Justice Department is poised to sue government contractors and other companies who receive U.S. government grants if they fail to report breaches of their cyber systems, the department's No. 2 official said Wednesday. | ★★★★ | ||
|
2021-10-06 18:13:04 | Ransomware Risk Assessment Service Aims to Deflect Attacks (lien direct) | The function of cybersecurity is not to eliminate all attacks and compromises – that's impossible – but to make the attack so expensive and time-consuming on the attacker that he simply moves on to an easier target. That is the purpose of a new product/service designed to make commodity ransomware attacks less easy for the attacker. | Ransomware | ||
|
2021-10-06 18:04:21 | ESET Discovers UEFI Bootkit in Cyber Espionage Campaign (lien direct) | Threat hunters at ESET are training the spotlight on a previously undocumented UEFI bootkit capable of hijacking the EFI System Partition (ESP) to maintain persistence on infected Windows machines. | |||
|
2021-10-06 14:14:31 | Yubico Enables Biometric Logins With New YubiKey Bio Series (lien direct) | Yubico this week announced the general availability of YubiKey Bio Series, its first security key to support biometric authentication on desktop computers. | |||
|
2021-10-06 13:10:54 | Microsec.ai Exits Stealth With Cloud Application Runtime Protection Platform (lien direct) | Microsec.ai on Tuesday emerged from stealth mode to deliver a Cloud Native Application Protection Platform (CNAPP) solution designed to protect cloud-native applications at runtime. The company's agentless CNAPP solution aims to secure multi-cloud IaaS and PaaS environments, as well as containers and data, through a single, unified interface. | |||
|
2021-10-06 12:42:03 | Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS (lien direct) | A distributed control system (DCS) product offered by Honeywell is affected by vulnerabilities that could allow malicious actors to disrupt industrial processes. | |||
|
2021-10-06 12:14:46 | The New Paradigm for Work from Anywhere: Zero Trust Network Access (ZTNA) (lien direct) | It is important to listen to early adopters of ZTNA, as they can provide insights into key factors to success and help avoid pitfalls | |||
|
2021-10-06 12:01:12 | Gravwell Emerges From Stealth With Data Fusion Platform for Security Teams (lien direct) | Enterprise data fusion and analytics company Gravwell on Wednesday emerged from stealth mode with $3 million in seed funding from Next Frontier Capital, Gula Tech Adventures, Kickstart Fund, and Revolution's Rise of the Rest. | |||
|
2021-10-06 11:34:29 | Firefox 93 Improves Protection Against Tracking, Insecure Downloads (lien direct) | Mozilla this week released Firefox 93 to the stable channel with several security improvements, including better privacy protections, patches, and anti-tracking capabilities. Starting with Firefox 93, the browser blocks insecure HTTP downloads on encrypted (HTTPS) pages, to keep users safe from potentially unwanted or even malicious downloads. | ★★ | ||
|
2021-10-06 11:06:32 | (Déjà vu) Over 100,000 Apache HTTP Servers Affected by Actively Exploited Zero-Day Flaw (lien direct) | Users are urged to immediately patch an Apache HTTP Server zero-day vulnerability that has been exploited in the wild. More than 100,000 servers appear to be exposed to attacks. | Vulnerability | ||
|
2021-10-06 11:04:46 | What\'s in a Threat Group Name? An Inside Look at the Intricacies of Nation-State Attribution (lien direct) | Understanding the naming conventions of various threat groups can help us better understand the overall threat landscape | Threat | ||
|
2021-10-06 10:47:00 | Audit: Cybersecurity Weak for Many Kansas School Districts (lien direct) | Many Kansas school districts aren't taking basic steps to protect their computer systems and the privacy of sensitive information collected about students, according to a legislative audit release Tuesday. | |||
|
2021-10-06 10:24:11 | Superhero Passwords Pose Serious Risk to Personal, Enterprise Accounts (lien direct) | Superheroes may be able to save everyone in a fantasy world, but they can't keep online accounts secure in the digital era, Mozilla warns. With hundreds of thousands of occurrences in breach datasets, superhero passwords aren't a strong account protection method, even when the real identities of superheroes are used instead. | |||
|
2021-10-06 08:22:11 | Misconfigured Apache Airflow Instances Expose Sensitive Information (lien direct) | Security researchers with Intezer have discovered several misconfigured Apache Airflow instances that exposed sensitive information to anyone on the Internet. Improperly secured, the Airflow instances were found to expose credentials of cloud services providers, social media platforms, and payment processing services, including AWS, Slack, PayPal, and others. | |||
|
2021-10-05 18:13:43 | Chase Bank Heavily Targeted Via XBALTI Phishing Kit (lien direct) | During the three months from mid-May to mid-August 2021, researchers detected a 300% increase in phishing URLs within their own telemetry targeting Chase Bank. Chase was the sixth most targeted brand, behind obvious companies as PayPal, Apple, and Facebook. | |||
|
2021-10-05 16:53:44 | Adaptive Shield Raises $30M for SaaS Security Posture Management (lien direct) | Adaptive Shield, an Israeli cybersecurity startup that specializes in software-as-a-service (SaaS) application security, on Tuesday announced the closing of a $30 million Series B funding round to expand operations around the world. | |||
|
2021-10-05 14:32:28 | Cloud Security Company Orca Raises $550 Million in Extended Series C Round (lien direct) | Cloud security company Orca Security on Tuesday announced that it has raised $550 million in an extended Series C funding round, at a valuation of $1.8 billion. | |||
|
2021-10-05 13:57:05 | Arizona Launches Command Center to Combat Cyberattacks (lien direct) | Arizona Gov. Doug Ducey has launched a Cyber Command Center that will deal with threats to government computers. At a ceremony Monday at the Department of Public Safety's Arizona Counter Terrorism Information Center in Phoenix, Ducey said the command center will be critical in ensuring the state's cyber infrastructure remains safe and secure. | |||
|
2021-10-05 13:30:42 | Secure Data Collaboration Firm Duality Technologies Raises $30 Million (lien direct) | Privacy-focused data collaboration solutions provider Duality Technologies today announced that it has raised $30 million in Series B funding. To date, the company has received a total of $49 million. | ★★ | ||
|
2021-10-05 12:45:49 | Cloud Services Providers Introduce Trusted Cloud Principles (lien direct) | Major cloud services providers last week formally introduced the Trusted Cloud Principles, an initiative aimed at bringing standardization and consistencies across platforms. | |||
|
2021-10-05 12:19:08 | Telecoms Giant Syniverse Discloses Years-Long Data Breach (lien direct) | Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years. | Data Breach | ||
|
2021-10-05 11:44:09 | Google Patches Over 50 Serious Vulnerabilities in Android (lien direct) | Google on Monday announced the availability of new security patches for Android, aimed at addressing more than 50 vulnerabilities in the mobile operating system. The most severe of the security flaws described in the October 2021 Security Bulletin is an issue in the Android System component that could be exploited to achieve remote code execution. | ★★★★ | ||
|
2021-10-05 10:31:17 | ICS Security Experts Share Tales From the Trenches - Part 2 (lien direct) | 
|
|||
|
2021-10-05 10:00:07 | NSA\'s Rob Joyce Explains \'Sand and Friction\' Security Strategy (lien direct) | News Analysis: The newly minted director of cybersecurity at NSA offers a candid assessment of the nation-state threat landscape and argues that adding “sand and friction” to adversary operations is a winning strategy. | Threat | ||
|
2021-10-04 15:02:17 | Two \'Prolific\' Ransomware Operators Arrested in Ukraine (lien direct) | Two individuals who were allegedly part of a “prolific” ransomware group have been arrested in Ukraine, Europol and Ukraine's Cyber Police announced on Monday. | Ransomware | ||
|
2021-10-04 13:25:57 | Hackers Stole Cryptocurrency From Thousands of Coinbase Accounts (lien direct) | Coinbase last week sent out notification letters to thousands of users to inform them that funds were stolen from their accounts during an attack earlier this year. | ★★★ | ||
|
2021-10-04 12:52:27 | Expired Let\'s Encrypt Root Certificate Causes Problems for Many Companies (lien direct) | A root certificate used by Let's Encrypt expired on September 30 and, despite being notified a long time in advance, many companies experienced problems. | |||
|
2021-10-04 11:37:56 | Pottawatomie County Fixing Systems After Ransomware Attack (lien direct) | Computer systems are being restored in Pottawatomie County are after hackers launched a ransomware attack on Sept. 17, county officials said Friday. The county resolved the attack by paying less than 10% of the hackers' original demands, County Administrator Chad Kinsley said in a statement. | Ransomware | ||
|
2021-10-04 11:02:00 | (Déjà vu) Cybersecurity M&A Roundup: 43 Deals Announced in September 2021 (lien direct) | 
The number of cybersecurity-related mergers and acquisitions announced in the past months has remained constant, with roughly 40 deals announced in September 2021 as well.
|
|||
|
2021-10-04 10:33:28 | PoC Exploit Released for macOS Gatekeeper Bypass (lien direct) | Rasmus Sten, a software engineer with F-Secure, has released proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass that Apple patched in April this year. | |||
|
2021-10-04 08:38:08 | Google Pledges $1 Million to Secure Open Source Program (lien direct) | Google last week pledged $1 million in financial support to the Secure Open Source (SOS) rewards program run by the Linux Foundation. The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. | Vulnerability | ||
|
2021-10-02 10:02:18 | Suit Blames Baby\'s Death on Cyberattack at Alabama Hospital (lien direct) | An Alabama woman whose 9-month-old daughter died has filed suit against the hospital where she was born claiming it did not disclose that its computer systems had been crippled by a cyberattack, which resulted in diminished care that resulted in the baby's death. | |||
|
2021-10-01 13:16:42 | Third-Party Identity Risk Provider SecZetta Raises $20.5 Million (lien direct) | Third-party identity risk solutions provider SecZetta this week announced that it has raised $20.5 million in Series B funding, which brings the total raised by the company to $30.5 million. The new investment round was led by SYN Ventures and new investor MassMutual Ventures. Existing investors ClearSky and Rally Ventures also contributed. | |||
|
2021-10-01 12:26:35 | Proposed Bill Would Require Organizations to Report Ransomware Payments (lien direct) | U.S. senators this week introduced a bill that would require critical infrastructure organizations to inform the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a cyberattack, and it would also require most private companies to notify the government if they have made a payment in response to a ransomware attack. | Ransomware | ||
|
2021-10-01 11:38:30 | Neiman Marcus Confirms Payment Cards Compromised in Data Breach (lien direct) | Luxury retail company Neiman Marcus Group on Thursday confirmed that customer information was indeed stolen in a data breach. During the incident, which occurred in May 2020, hackers were able to exfiltrate information associated with online customer accounts, including payment card data, the company says. | Data Breach | ||
|
2021-10-01 10:58:28 | Google Patches Two More Exploited Zero-Day Vulnerabilities in Chrome (lien direct) | Google on Thursday announced the rollout of a Chrome update to address four security vulnerabilities, including two that are already being exploited in the wild. | |||
|
2021-10-01 10:11:11 | Google Patches Vulnerability in Cloud Endpoints Proxy (lien direct) | A researcher has disclosed the details of a privilege escalation vulnerability he discovered in a Google Cloud component. The flaw was patched by Google in late August, but some users will need to manually update their systems to prevent potential exploitation. | Vulnerability | ||
|
2021-09-30 17:39:23 | Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites (lien direct) | Apple's AirTag product is affected by a vulnerability that could be exploited by hackers to lure unsuspecting users to phishing or other types of malicious websites. | Vulnerability | ||
|
2021-09-30 15:40:59 | Xage Lands DOE Contract to Bring Zero Trust Principles to Emergency Responders (lien direct) | Natural disasters such as extreme weather conditions can have a major disruptive effect on electricity supply. Power utilities are forced into emergency response status, which normally requires every available engineer from both in-house and third parties being called upon to find and fix the problems. | |||
|
2021-09-30 14:11:13 | Telemetry Report Shows Patch Status of High-Profile Vulnerabilities (lien direct) | 
|
Patching | ||
|
2021-09-30 13:58:05 | GriftHorse Android Trojan Infects Over 10 Million Devices Worldwide (lien direct) | A recently discovered cybercrime campaign leveraging mobile premium services has made over 10 million victims worldwide, potentially causing hundreds of millions in losses, according to mobile security firm Zimperium. | |||
|
2021-09-30 13:25:16 | New CISA Tool Helps Organizations Assess Insider Threat Risks (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture. | Tool Threat | ||
|
2021-09-30 12:02:50 | Contactless Payment Card Hack Affects Apple Pay, Visa (lien direct) | A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned. | Hack | ||
|
2021-09-30 11:20:19 | Turkish National Charged for DDoS Attack on U.S. Company (lien direct) | A Turkish national has been indicted in the Northern District of Illinois for launching a distributed denial-of-service (DDoS) attack against a hospitality company headquartered in the United States. | |||
|
2021-09-30 10:40:22 | Optimizing Monitoring Services For Intelligence Teams (lien direct) | How do you make sure you are choosing the right solutions for your organization? | |||
|
2021-09-29 19:32:34 | Facebook Open-Sources \'Mariana Trench\' Code Analysis Tool (lien direct) | Facebook's security team on Wednesday pulled the curtain on Mariana Trench, an open-source tool that it has been using internally to identify vulnerabilities in Android and Java applications. | Tool | ||
|
2021-09-29 18:00:44 | Behavioral Analytics Provider ForMotiv Raises $6 Million (lien direct) | Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round. The company has raised a total of $7.5 million to date. ForMotiv's new funding round was led by Vestigo Ventures. DreamIt Ventures and Plug & Play Ventures also participated. | |||
|
2021-09-29 17:03:38 | Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal (lien direct) | Edge security and content delivery giant Akamai Technologies on Wednesday announced plans to spend $600 million to acquire Guardicore, an Israeli micro-segmentation technology startup. Akamai said the deal would add new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise. | Ransomware Malware |
To see everything:
Our RSS (filtrered)
