What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-05 19:37:22 | Germany Shuts Down Darknet Platform Specializing in Drugs (lien direct) | German investigators on Tuesday shut down a Russian-language darknet marketplace that they say specialized in drug dealing, seizing bitcoin worth 23 million euros ($25.3 million). | |||
|
2022-04-05 16:08:17 | Symantec: Chinese APT Group Targeting Global MSPs (lien direct) | Malware hunters at Broadcom's Symantec division have spotted signs that a long-running cyberespionage campaign linked to Chinese nation-state hackers is now going after managed service providers (MSPs) with a more global footprint. | |||
|
2022-04-05 14:59:38 | 44 Vulnerabilities Patched in Android With April 2022 Security Updates (lien direct) | The Android updates released by Google for April 2022 include patches for 44 vulnerabilities, including several rated “critical severity.” As usual, the update was split into two parts, with the first of them arriving on devices as the “2022-04-01 security patch level” and addressing 14 security holes. | |||
|
2022-04-05 14:57:04 | CashApp Says Ex-Employee Stole Customer Stock Trading Data (lien direct) | Financial services and stock trading platform CashApp on Tuesday fessed up to a data breach being blamed on a former employee who stole brokerage data, including portfolio values, from an unknown number of U.S. accounts. | Data Breach | ||
|
2022-04-05 14:47:51 | Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin (lien direct) | A notorious cybercrime group has leaked several gigabytes of files allegedly stolen from US industrial components giant Parker Hannifin. Parker Hannifin specializes in motion and control technologies, and it provides precision engineered solutions for organizations in the aerospace, mobile, and industrial sectors. | |||
|
2022-04-05 13:58:29 | API IAM Security Provider Corsha Raises $12 Million (lien direct) | Washington, DC-based API security firm Corsha has raised $12 million in a Series A funding round led by Ten Eleven Ventures and Razor's Edge Ventures, with participation from 1843 Capital. | |||
|
2022-04-05 13:11:40 | US State Department Launches Cyberspace and Digital Diplomacy Bureau (lien direct) | The US Department of State on Monday announced the creation of the Bureau of Cyberspace and Digital Policy (CDP). The new entity was created to deal with national security challenges, but also with the implications of cyberspace and digital technologies and policies on US values. | |||
|
2022-04-05 12:47:54 | Defenders Provided Tools and Information for Dealing With Spring4Shell (lien direct) | US Government Agencies Instructed to Patch Spring4Shell Vulnerability Enterprise defenders have been provided information and tools to help them deal with Spring4Shell and potential attacks exploiting the vulnerability. | |||
|
2022-04-05 11:50:16 | Airgap Networks Raises $13 Million for Ransomware Kill Switch (lien direct) | Airgap Networks on Tuesday announced raising $13.4 million in a Series A funding round that brings the total raised by the company to $18.6 million. The funding round was led by Storm Ventures, with participation from Cervin Ventures, Engineering Capital, Sorenson Ventures, and various angel investors. | Ransomware | ||
|
2022-04-05 11:34:27 | Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes (lien direct) | Japanese automation giant Yokogawa recently patched a series of vulnerabilities in control system products that, according to researchers, can be exploited for the disruption or manipulation of physical processes. | |||
|
2022-04-05 11:30:00 | Why Some CISOs Fail (lien direct) | 
|
|||
|
2022-04-05 10:41:48 | Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack (lien direct) | Nordex Group, one of the world's largest manufacturers of wind turbines, fell victim to a cyberattack that forced it to take down multiple systems. The Hamburg, Germany-based company announced over the weekend that it detected the intrusion on Thursday, March 31, and that it immediately deployed measures “in line with crisis management protocols.” | |||
|
2022-04-05 10:22:14 | Academics Devise Side-Channel Attack Targeting Multi-GPU Systems (lien direct) | A group of academic researchers has devised a side-channel attack targeting architectures that rely on multiple graphics processing units (GPUs) for resource-intensive computational operations. | |||
|
2022-04-05 10:13:14 | Palestinian Lawyer Sues Pegasus Spyware Maker in France (lien direct) | Palestinian lawyer Salah Hamouri, who is in Israeli detention, filed a complaint in France Tuesday against surveillance firm NSO Group for having "illegally infiltrated" his mobile phone with the spyware Pegasus. | ★★★ | ||
|
2022-04-04 18:49:25 | TOTOLINK Routers, Other Device Exploits Added to Beastmode Botnet (lien direct) | The Mirai-based DDoS botnet known as Beastmode continues to expand its arsenal with at least five new exploits added over the last two months. | |||
|
2022-04-04 13:42:44 | New Android Spyware Uses Turla-Linked Infrastructure (lien direct) | Lab52 security researchers have dissected a new piece of Android malware that they discovered while analyzing infrastructure associated with Russian cyberespionage group Turla. | Malware | ||
|
2022-04-04 12:45:18 | (Déjà vu) Cybersecurity M&A Roundup: 39 Deals Announced in March 2022 (lien direct) | 
Nearly 40 cybersecurity-related merger and acquisition (M&A) deals were announced in March 2022.
|
|||
|
2022-04-04 12:18:50 | Harnessing Neurodiversity Within Cybersecurity Teams (lien direct) | 
Neurodivergence, by its name, implies a different way of thinking. The question we wish to examine is whether the inclusion of this neurodiversity can bring something positive beyond the simple expansion of general diversity to and within the cybersecurity teams.
|
|||
|
2022-04-04 10:54:01 | GitLab Patches Critical Account Takeover Vulnerability (lien direct) | DevOps platform GitLab has reset the passwords of some user accounts, after addressing a critical account takeover vulnerability. According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. | Vulnerability | ||
|
2022-04-04 10:41:53 | Vendors Assessing Impact of Spring4Shell Vulnerability (lien direct) | Companies are assessing the impact of the Spring vulnerability dubbed Spring4Shell on their products, and while some vendors have started releasing patches, many have determined that their products do not appear to be affected. | Vulnerability | ||
|
2022-04-04 08:52:31 | UK Charges Alleged Lapsus$ Gang Members With Hacking (lien direct) | The City of London Police on Friday announced that two teenagers were officially charged for their alleged roles in a hacking group that is believed to be the infamous Lapsus$ gang. The youngsters, aged 16 and 17, were arrested roughly a week ago, along with five other teens supposedly involved in the Lapsus$ attacks. | |||
|
2022-04-01 16:30:12 | Experts Warn Defenders: Don\'t Relax on Log4j (lien direct) | It's been four months since the Log4j issue exploded onto the internet. All the major software vendors affected by it have by now released patches – but even where companies have patched, it would be wrong to relax. | ★★ | ||
|
2022-04-01 13:42:46 | FBI Warns of Ransomware Attacks Targeting Local Governments (lien direct) | The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses. | Ransomware | ||
|
2022-04-01 11:27:31 | New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs (lien direct) | Researchers at industrial cybersecurity firm Claroty have identified two serious vulnerabilities that could allow malicious actors to launch Stuxnet-style attacks against programmable logic controllers (PLCs) made by Rockwell Automation. | |||
|
2022-04-01 10:33:30 | Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks (lien direct) | Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks. | Vulnerability | ||
|
2022-04-01 10:11:54 | Spring4Shell Exploitation Attempts Confirmed as Patches Are Released (lien direct) | 
The Spring zero-day vulnerability named Spring4Shell (SpringShell) has been patched, just as several cybersecurity firms have confirmed seeing exploitation attempts.
|
Vulnerability | ||
|
2022-04-01 09:48:32 | Antimatter Emerges From Stealth Mode With $12M to Secure Customer Data (lien direct) | Antimatter, a startup that focuses on data security for SaaS applications, this week emerged from stealth mode with $12 million in Series A funding from NEA, with additional investment from General Catalyst, UNION Labs, and several angel investors. | |||
|
2022-04-01 08:35:43 | UK Spy Chief Warns Russia Looking for Cyber Targets (lien direct) | A U.K. intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine. | |||
|
2022-03-31 20:07:22 | Apple Ships Emergency Patches for \'Actively Exploited\' macOS, iOS Flaws (lien direct) | Apple's security response team on Thursday released emergency patches to cover a pair of "actively exploited" vulnerabilities affecting macOS, iOS and iPadOS devices. | |||
|
2022-03-31 17:27:39 | SentinelLabs: New Modem Wiper Malware May be Connected to Viasat Hack (lien direct) | A pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany. | Malware Hack | ||
|
2022-03-31 16:13:40 | Skiff Banks $10.5M for E2E Encrypted Workplace Collaboration (lien direct) | Sequoia Capital has doubled down on its early-stage investment in Skiff, a startup building a security-themed, end-to-end encrypted workspace collaboration platform. | |||
|
2022-03-31 14:58:15 | WATCH: Fireside Chat With McDonald\'s CISO Shaun Marion (lien direct) | In this security leadership fireside chat, McDonald's CISO Shaun Marion joins SecurityWeek's Ryan Naraine to discuss the role of the modern CISO, the challenges of building a ma | Guideline | ||
|
2022-03-31 14:40:32 | Cybersecurity Vendors Assessing Impact of Recent OpenSSL Vulnerability (lien direct) | 
|
Vulnerability | ||
|
2022-03-31 13:02:18 | FBI: 65 People Arrested Worldwide in BEC Bust (lien direct) | The Federal Bureau of Investigation (FBI) this week announced the arrests of 65 individuals as part of an international effort to combat business email compromise (BEC) fraud. BEC scammers typically target employees in charge of making or authorizing wire transfers, from either a compromised or a spoofed email account. | |||
|
2022-03-31 12:32:26 | IT Giant Globant Confirms Source Code Repository Breach (lien direct) | IT giant Globant has confirmed suffering a data breach after the notorious hacker group Lapsus$ leaked tens of gigabytes of data allegedly stolen from the company. | Data Breach | ||
|
2022-03-31 12:31:50 | The Importance of Open Source to an XDR Architecture (lien direct) | No longer satisfied with infecting files or systems, adversaries are now intent on crippling entire enterprises. Damaging supply chain, ransomware and wiper attacks are making headline news, impacting not only the organization but their stakeholders too. As threat actors' approaches and targets change, our approach to detection and response is changing as well. | Ransomware Threat | ||
|
2022-03-31 11:41:55 | SaaS Security Startup Wing Emerges From Stealth With $26 Million in Funding (lien direct) | Wing Security, a Tel Aviv, Israel-based SaaS security startup, this week emerged from stealth mode with $26 million in seed and Series A funding. GGV Capital, Harmony Partners, S-Capital, Silicon Valley CISO Investments Group, and various security leaders have invested in the company. | Guideline | ||
|
2022-03-31 11:29:07 | FBI Warns of Phishing Attacks Targeting US Election Officials (lien direct) | The Federal Bureau of Investigation (FBI) this week warned US election officials of potential invoice-themed phishing attacks meant to steal their login credentials. Such attacks have already hit US election officials in at least nine states, and the FBI expects the phishing attempts to continue and even ramp up. | |||
|
2022-03-31 10:38:54 | Spring4Shell: Spring Flaws Lead to Confusion, Concerns of New Log4Shell-Like Threat (lien direct) | 
The disclosure of several vulnerabilities affecting the widely used Spring Java framework has led to confusion and concerns that organizations may need to deal with a flaw similar to the notorious Log4Shell.
|
Threat | ||
|
2022-03-31 10:12:12 | Hackers Got User Data From Meta With Forged Request (lien direct) | Facebook owner Meta gave user information to hackers who pretended to be law enforcement officials last year, a company source said Wednesday, highlighting the risks of a measure used in urgent cases. | |||
|
2022-03-31 09:18:02 | Satellite Modems Nexus of Worst Cyberattack of Ukraine War (lien direct) | A malicious software command that immediately crippled tens of thousands of modems across Europe anchored the cyberattack on a satellite network used by Ukraine's government and military just as Russia invaded, the satellite owner disclosed Wednesday. | |||
|
2022-03-30 16:54:43 | Cyera Emerges From Stealth Mode With $60M to Protect Cloud Data (lien direct) | Cloud data security startup Cyera emerged from stealth mode this week with $60 million in funding, as the Israeli cybersecurity firm embarks on a mission to help companies find and protect data stored in various cloud environments. | |||
|
2022-03-30 15:41:05 | Investors Bet on Cyberpion in Attack Surface Management Space (lien direct) | Attack surface management specialists Cyberpion has secured $27 million in early-stage funding to build technology that helps organizations manage exposure to risk. | |||
|
2022-03-30 15:10:57 | Chrome Browser Gets Major Security Update (lien direct) | Google this week released a security-themed Chrome browser makeover with patches 28 documented vulnerabilities, some serious enough to lead to code execution attacks. The new browser refresh is now rolling out to Windows, Mac and Linux users as Chrome 100.0.4896.60. | Guideline | ||
|
2022-03-30 14:57:56 | Remote \'Brokenwire\' Hack Prevents Charging of Electric Vehicles (lien direct) | Researchers from the University of Oxford in the UK and Switzerland's Armasuisse federal agency have identified a new attack method that can be used to remotely interrupt the charging of electric vehicles. | Hack | ||
|
2022-03-30 13:51:16 | The Need for Resilient Zero Trust (lien direct) | 
It is essential to ensure that any Zero Trust technology used is resilient to external factors
|
|||
|
2022-03-30 13:24:25 | Researchers Find Python-Based Ransomware Targeting Jupyter Notebook Web Apps (lien direct) | Researchers warn of likely future ransomware attacks against web applications used by data scientists Researchers have found what they believe to be the first Python-based ransomware sample specifically targeting Jupyter Notebooks. | Ransomware | ||
|
2022-03-30 12:44:53 | Shutterfly Employee Data Compromised in Ransomware Attack (lien direct) | Photography and personalized products platform Shutterfly is notifying employees that some of their personal information was compromised in a ransomware attack in December 2021. | Ransomware | ||
|
2022-03-30 12:32:14 | Lapsus$ Claims Hack of IT Giant Globant After Arrests of Alleged Members (lien direct) | The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant. The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back. | Hack | ||
|
2022-03-30 12:02:46 | (Déjà vu) US Government Warns of Attacks Targeting UPS Devices (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy this week issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. |
To see everything:
Our RSS (filtrered)
