What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-11 18:45:38 | Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known (lien direct) | Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks. | |||
|
2021-05-11 18:12:13 | DevOps Security Startup Cycode Raises $20 Million (lien direct) | Cycode, an Israeli startup focused on securing DevOps tools, today announced that it has raised $20 million in Series A funding, which brings the total capital raised by the company up to $25 million. | |||
|
2021-05-11 15:53:11 | Adobe: Windows Users Hit by PDF Reader Zero-Day (lien direct) | Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in “limited attacks targeting Adobe Reader users on Windows.” | |||
|
2021-05-11 14:48:04 | Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components (lien direct) | Siemens' May 2021 Patch Tuesday advisories address roughly 60 vulnerabilities introduced by the use of third-party components. | |||
|
2021-05-11 13:24:37 | University of California Confirms Personal Information Stolen in Cyberattack (lien direct) | The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. | |||
|
2021-05-11 11:53:30 | Google Patches 19 Vulnerabilities With Chrome 90 Update (lien direct) | Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser. The latest Chrome iteration - 90.0.4430.212 – is available for Windows, Mac, and Linux users. The Android and iOS variants of the browser were updated as well. | |||
|
2021-05-11 11:28:55 | XcodeGhost Malware Discovered in 2015 Impacted 128 Million iOS Users (lien direct) | Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users. | Malware | ||
|
2021-05-11 10:04:28 | Pentagon Reconsidering Huge JEDI Cloud-computing Contract (lien direct) | The Pentagon is reconsidering how to make a massive shift to cloud computing, officials said Monday, suggesting it could scrap the so-called JEDI contract potentially worth $10 billion that was awarded to Microsoft Corp. but is mired in legal challenges. | |||
|
2021-05-10 17:14:57 | Google Releases Open Source Tool for Verifying Containers (lien direct) | Google has released a new open-source tool called cosign to make it easier to manage the process of signing and verifying container images. | Tool | ||
|
2021-05-10 17:08:34 | Colonial Pipeline Targets Recovery From Ransomware Attack by End of Week (lien direct) | After a ransomware attack forced Colonial Pipeline Company to proactively shut down operations of the largest refined products pipeline in the United States, the company is scrambling to get systems back to normal operating capacity. | Ransomware | ||
|
2021-05-10 15:56:45 | Ransomware Gangs Get More Aggressive Against Law Enforcement (lien direct) | Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime. Hackers had taken advantage of a weak password to break in and encrypt the files of the department in Roxana, a small town in Illinois near St. Louis, and were demanding $6,000 of bitcoin. | ★★★★ | ||
|
2021-05-10 15:42:46 | Diplomatic Entities Targeted with New \'Moriya\' Windows Rootkit (lien direct) | Researchers at anti-malware vendor Kaspersky are documenting a new, previously unknown Windows rootkit being used in the toolkit of an APT actor currently targetings diplomatic entities in Asia and Africa. | ★★★ | ||
|
2021-05-10 14:57:26 | Four Eastern Europeans Admit in U.S. Court to Providing Bulletproof Hosting (lien direct) | Four individuals from Eastern Europe have pleaded guilty in a United States court to their roles in a RICO conspiracy. Between 2008 and 2015, the four individuals provided “bulletproof hosting” services that threat actors employed for cyberattacks on entities in the United States. | Threat Guideline | ||
|
2021-05-10 14:19:32 | (Déjà vu) Cybersecurity M&A Roundup: 16 Deals Announced May 1-9, 2021 (lien direct) | 
A total of 16 cybersecurity-related acquisitions were announced in the first part of May 2021 (May 1-9).
|
|||
|
2021-05-10 14:07:28 | The Benefits of Cloud Services Far Outweigh On-Premises in 2021 (lien direct) | The pandemic, among other variables, has greatly accelerated cloud adoption for many organizations in 2021. | |||
|
2021-05-10 14:07:12 | Twilio, HashiCorp Among Codecov Supply Chain Hack Victims (lien direct) | The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets. | Hack | ||
|
2021-05-10 11:51:52 | WhatsApp Delays Enforcing New Privacy Terms (lien direct) | Facebook-owned messaging colossus WhatsApp on Friday retreated again from its plan to force users to accept new terms which critics said could expand data collection from its two billion users around the world. | |||
|
2021-05-10 11:06:17 | City of Chicago Hit by Data Breach at Law Firm Jones Day (lien direct) | The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion's FTA file sharing service. | Data Breach | ||
|
2021-05-10 10:39:38 | SolarWinds Shares More Information on Cyberattack Impact, Initial Access Vector (lien direct) | Texas-based IT management company SolarWinds on Friday shared more information on the impact of the significant breach disclosed late last year, and claimed that less than 100 of its customers were actually hacked. | ★★★★★ | ||
|
2021-05-10 10:08:41 | Cyberattack on US Pipeline is Linked to Criminal Gang (lien direct) | The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said Sunday. | ★★★★★ | ||
|
2021-05-10 01:06:22 | Colonial Pipeline Struggles to Restart After Ransomware Attack (lien direct) | Operators of the Colonial Pipeline are struggling to get fuel flowing at normal capacity after a cyberattack forced a shutdown of distribution system, the largest refined products pipeline in the United States. | Ransomware | ||
|
2021-05-08 14:11:36 | Cyberattack Forces Shutdown of Major U.S. Pipeline (lien direct) | Colonial Pipeline halts all fuel pipeline operations in response to a cyberattack | |||
|
2021-05-07 16:32:02 | US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal (lien direct) | Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The report reveals that the hackers started using the open-source adversary simulation framework Sliver after some of their operations were exposed. | Tool | ★★★★ | |
|
2021-05-07 14:28:01 | Under the Microscope: ISACA Survey on Cybersecurity Workforce, Resources and Budgets (lien direct) | A major survey that like all surveys needs to be examined carefully rather than accepted blindly. | |||
|
2021-05-07 14:03:21 | CISA Analyzes FiveHands Ransomware (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware, roughly one week after FireEye's Mandiant security researchers reported seeing the malware in recent attacks. | Ransomware Malware | ||
|
2021-05-07 13:04:41 | Android App Developers Required by Google to Share More Info on Data Handling (lien direct) | Google this week announced that it is introducing a new policy for the Google Play app store, requiring all developers to provide information on their data collection practices. | |||
|
2021-05-07 12:36:26 | TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers (lien direct) | Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week. | Vulnerability | ||
|
2021-05-07 10:50:57 | VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm (lien direct) | VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. | Vulnerability | ||
|
2021-05-06 23:53:07 | Insurer AXA Halts Ransomware Crime Reimbursement in France (lien direct) | In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. | Ransomware | ||
|
2021-05-06 16:59:25 | Qualcomm Modem Chip Flaw Exploitable From Android: Researchers (lien direct) | Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem (MSM) chip A vulnerability in Qualcomm's Mobile Station Modem (MSM) chip– installed in around 30% of the world's mobile devices – can be exploited from within Android. | Vulnerability | ||
|
2021-05-06 15:29:34 | Russian \'Evil Corp\' Cybercriminals Possibly Evolved Into Cyberspies (lien direct) | The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. | |||
|
2021-05-06 14:24:28 | Google to Automatically Enable Two-Step Verification for Some Accounts (lien direct) | Google is marking World Password Day with a blog post summarizing the password management features it offers, and the company announced that it will automatically enroll some accounts in two-step verification (2SV). | |||
|
2021-05-06 13:05:54 | MDR Firm Huntress Raises $40 Million in Series B Funding Round (lien direct) | Managed detection and response (MDR) solutions provider Huntress on Thursday announced raising $40 million in a Series B funding round, which brings the total raised by the company to $60 million. | |||
|
2021-05-06 12:28:47 | Cisco Patches Critical Flaws in SD-WAN, HyperFlex HX Products (lien direct) | Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform. | |||
|
2021-05-06 11:30:27 | Cybersecurity Experts Share Thoughts for World Password Day (lien direct) | 
World Password Day was created by Intel in 2013 to raise awareness of the need for strong passwords, but many experts now use the occasion to urge organizations to replace passwords with other, more secure authentication methods.
|
|||
|
2021-05-06 11:05:59 | Microsoft Pledges to Store European Cloud Data in EU (lien direct) | US tech giant Microsoft pledged Thursday to process and store all European cloud-based client data in the European Union amid unease in the region over the reach of US legislation on personal data collection. | |||
|
2021-05-06 10:56:36 | Attackers Use Obscurity, Enterprises Should Too (lien direct) | As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform basic reconnaissance. | Threat | ||
|
2021-05-06 02:07:57 | States Push Back Against Use of Facial Recognition by Police (lien direct) | Law enforcement agencies across the U.S. have used facial recognition technology to solve homicides and bust human traffickers, but concern about its accuracy and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button. | Guideline | ||
|
2021-05-05 19:09:32 | DOD Expands Vulnerability Disclosure Program to Web-Facing Targets (lien direct) | The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. | Vulnerability | ||
|
2021-05-05 14:39:09 | 3 Steps to Disrupt Threat Actors Selling Access to Your Environment (lien direct) | Unmasking a threat actor at an individual level could help you to gain more context, determine why the attack occurred, and quantify future risk | Threat | ||
|
2021-05-05 13:41:32 | Red Hat Open-Sourcing StackRox Security Technology (lien direct) | Red Hat this week announced that it's taking the first steps towards open-sourcing the StackRox container security product for Kubernetes. | Uber | ||
|
2021-05-05 13:35:53 | Cymulate Raises $45 Million to Grow Its Attack Simulation Platform (lien direct) | Israeli cybersecurity testing firm Cymulate announced today that it has raised $45 million through a Series C funding round. | |||
|
2021-05-05 13:19:04 | Chrome for Windows Gets Hardware-enforced Exploitation Protection (lien direct) | Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. | Vulnerability | ||
|
2021-05-05 12:34:14 | U.S. Organizations Targeted by New Cybercrime Group With Sophisticated Malware (lien direct) | A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday. | Malware Threat | ||
|
2021-05-05 10:41:13 | Cyber Asset Management Startup JupiterOne Raises $30 Million (lien direct) | Cyber asset management and governance solutions provider JupiterOne on Tuesday announced that it raised $30 million in Series B funding, which brings the total raised by the company to more than $49 million. The funding round was led by Sapphire Ventures, with participation from previous investor Bain Capital Ventures. | |||
|
2021-05-05 10:02:31 | The VC View: Cloud Security and Compliance (lien direct) | I'm glad this column is coming out now instead of earlier this year. Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! | |||
|
2021-05-05 04:00:39 | Android Updates for May 2021 Patch Over 40 Vulnerabilities (lien direct) | The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity. | |||
|
2021-05-05 02:16:15 | Belgian Government, Parliament, Colleges Hit by Cyberattack (lien direct) | The company providing internet services for Belgium's parliament, government agencies, universities and scientific institutions said Tuesday that its network was under cyberattack, with connections to several customers disrupted. | |||
|
2021-05-05 01:09:37 | ID Verification Platform Provider Persona Raises $50 Million (lien direct) | Armed with $68 million in funding to date, the company plans to double its team and scale up its business | |||
|
2021-05-04 19:31:55 | Qualys Flags Gaping Security Holes in Exim Mail Server (lien direct) | Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws |
To see everything:
Our RSS (filtrered)
