What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-06 18:47:37 | Hamas-Linked Hackers Using Sexy Facebook \'Catfish\' Lures, New Malware (lien direct) | Hamas-linked APT Group targeting high-ranking Israelis with new new malware | Malware | ||
|
2022-04-06 18:20:58 | FBI Disables "Cyclops Blink" Botnet Controlled by Russian Intelligence Agency (lien direct) | The U.S. government on Wednesday announced that it had neutralized a massive botnet of hardware devices controlled by Russia's main intelligence agency (GRU). | |||
|
2022-04-06 17:58:00 | US Charges Russian Oligarch, Dismantles Cybercrime Operation (lien direct) | The Biden administration charged a Russian oligarch linked to the Kremlin with violating U.S. government sanctions and disrupted a cybercrime operation launched by a Russian military intelligence agency, officials said Wednesday. | |||
|
2022-04-06 17:10:17 | Apple Leaves Big Sur, Catalina Exposed to Critical Flaws: Intego (lien direct) | Apple is being called to task for neglecting to patch two "actively exploited" zero-day vulnerabilities on older versions of its flagship macOS platform. | |||
|
2022-04-06 15:04:59 | Denonia: First Malware Targeting AWS Lambda (lien direct) | Researchers have come across what appears to be the first piece of malware designed to specifically target AWS Lambda environments. | Malware | ||
|
2022-04-06 14:39:25 | Tufin Agrees to $570 Million Acquisition With 30-Day \'Go Shop\' Option (lien direct) | Security policy management firm Tufin (NYSE: TUFN) has agreed to be acquired by investment firm Turn/River Capital for approximately $570 million in cash. | |||
|
2022-04-06 13:49:47 | Google Doubles Rewards for Nest and Fitbit Vulnerabilities (lien direct) | Google on Tuesday announced that security researchers submitting eligible Google Nest and Fitbit vulnerability reports through its bug bounty program can now receive double the usual bounty payouts. | Vulnerability | ||
|
2022-04-06 13:34:19 | Texas Department of Insurance Exposed Data of 1.8 Million People (lien direct) | The Texas Department of Insurance recently disclosed a “data security event” that appears to have affected roughly 1.8 million people. | |||
|
2022-04-06 12:43:18 | Coro Raises $80 Million for Cybersecurity Platform for Mid-Market Organizations (lien direct) | Coro this week announced that it has raised $60 million in a Series C funding round that brings the total raised over the past six months to $80 million. The latest funding round was led by Balderton Capital, with participation from Jerusalem Venture Partners (JVP). | |||
|
2022-04-06 11:30:52 | FIN7 Cybercrime Operation Continues to Evolve Despite Arrests (lien direct) | Despite recent arrests and convictions, the FIN7 cybercrime operation has continued to evolve, with hackers updating their tools and techniques and changing monetization strategies, according to cybersecurity firm Mandiant. | |||
|
2022-04-06 10:57:37 | Europe Warned About Cyber Threat to Industrial Infrastructure (lien direct) | Malicious cyber actors pose a serious threat to Europe's industrial infrastructure, with at least ten hacker groups known to target European organizations, according to a new report from industrial cybersecurity firm Dragos. | Threat | ★★★ | |
|
2022-04-05 19:37:22 | Germany Shuts Down Darknet Platform Specializing in Drugs (lien direct) | German investigators on Tuesday shut down a Russian-language darknet marketplace that they say specialized in drug dealing, seizing bitcoin worth 23 million euros ($25.3 million). | |||
|
2022-04-05 16:08:17 | Symantec: Chinese APT Group Targeting Global MSPs (lien direct) | Malware hunters at Broadcom's Symantec division have spotted signs that a long-running cyberespionage campaign linked to Chinese nation-state hackers is now going after managed service providers (MSPs) with a more global footprint. | |||
|
2022-04-05 14:59:38 | 44 Vulnerabilities Patched in Android With April 2022 Security Updates (lien direct) | The Android updates released by Google for April 2022 include patches for 44 vulnerabilities, including several rated “critical severity.” As usual, the update was split into two parts, with the first of them arriving on devices as the “2022-04-01 security patch level” and addressing 14 security holes. | |||
|
2022-04-05 14:57:04 | CashApp Says Ex-Employee Stole Customer Stock Trading Data (lien direct) | Financial services and stock trading platform CashApp on Tuesday fessed up to a data breach being blamed on a former employee who stole brokerage data, including portfolio values, from an unknown number of U.S. accounts. | Data Breach | ||
|
2022-04-05 14:47:51 | Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin (lien direct) | A notorious cybercrime group has leaked several gigabytes of files allegedly stolen from US industrial components giant Parker Hannifin. Parker Hannifin specializes in motion and control technologies, and it provides precision engineered solutions for organizations in the aerospace, mobile, and industrial sectors. | |||
|
2022-04-05 13:58:29 | API IAM Security Provider Corsha Raises $12 Million (lien direct) | Washington, DC-based API security firm Corsha has raised $12 million in a Series A funding round led by Ten Eleven Ventures and Razor's Edge Ventures, with participation from 1843 Capital. | |||
|
2022-04-05 13:11:40 | US State Department Launches Cyberspace and Digital Diplomacy Bureau (lien direct) | The US Department of State on Monday announced the creation of the Bureau of Cyberspace and Digital Policy (CDP). The new entity was created to deal with national security challenges, but also with the implications of cyberspace and digital technologies and policies on US values. | |||
|
2022-04-05 12:47:54 | Defenders Provided Tools and Information for Dealing With Spring4Shell (lien direct) | US Government Agencies Instructed to Patch Spring4Shell Vulnerability Enterprise defenders have been provided information and tools to help them deal with Spring4Shell and potential attacks exploiting the vulnerability. | |||
|
2022-04-05 11:50:16 | Airgap Networks Raises $13 Million for Ransomware Kill Switch (lien direct) | Airgap Networks on Tuesday announced raising $13.4 million in a Series A funding round that brings the total raised by the company to $18.6 million. The funding round was led by Storm Ventures, with participation from Cervin Ventures, Engineering Capital, Sorenson Ventures, and various angel investors. | Ransomware | ||
|
2022-04-05 11:34:27 | Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes (lien direct) | Japanese automation giant Yokogawa recently patched a series of vulnerabilities in control system products that, according to researchers, can be exploited for the disruption or manipulation of physical processes. | |||
|
2022-04-05 11:30:00 | Why Some CISOs Fail (lien direct) | 
|
|||
|
2022-04-05 10:41:48 | Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack (lien direct) | Nordex Group, one of the world's largest manufacturers of wind turbines, fell victim to a cyberattack that forced it to take down multiple systems. The Hamburg, Germany-based company announced over the weekend that it detected the intrusion on Thursday, March 31, and that it immediately deployed measures “in line with crisis management protocols.” | |||
|
2022-04-05 10:22:14 | Academics Devise Side-Channel Attack Targeting Multi-GPU Systems (lien direct) | A group of academic researchers has devised a side-channel attack targeting architectures that rely on multiple graphics processing units (GPUs) for resource-intensive computational operations. | |||
|
2022-04-05 10:13:14 | Palestinian Lawyer Sues Pegasus Spyware Maker in France (lien direct) | Palestinian lawyer Salah Hamouri, who is in Israeli detention, filed a complaint in France Tuesday against surveillance firm NSO Group for having "illegally infiltrated" his mobile phone with the spyware Pegasus. | ★★★ | ||
|
2022-04-04 18:49:25 | TOTOLINK Routers, Other Device Exploits Added to Beastmode Botnet (lien direct) | The Mirai-based DDoS botnet known as Beastmode continues to expand its arsenal with at least five new exploits added over the last two months. | |||
|
2022-04-04 13:42:44 | New Android Spyware Uses Turla-Linked Infrastructure (lien direct) | Lab52 security researchers have dissected a new piece of Android malware that they discovered while analyzing infrastructure associated with Russian cyberespionage group Turla. | Malware | ||
|
2022-04-04 12:45:18 | (Déjà vu) Cybersecurity M&A Roundup: 39 Deals Announced in March 2022 (lien direct) | 
Nearly 40 cybersecurity-related merger and acquisition (M&A) deals were announced in March 2022.
|
|||
|
2022-04-04 12:18:50 | Harnessing Neurodiversity Within Cybersecurity Teams (lien direct) | 
Neurodivergence, by its name, implies a different way of thinking. The question we wish to examine is whether the inclusion of this neurodiversity can bring something positive beyond the simple expansion of general diversity to and within the cybersecurity teams.
|
|||
|
2022-04-04 10:54:01 | GitLab Patches Critical Account Takeover Vulnerability (lien direct) | DevOps platform GitLab has reset the passwords of some user accounts, after addressing a critical account takeover vulnerability. According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. | Vulnerability | ||
|
2022-04-04 10:41:53 | Vendors Assessing Impact of Spring4Shell Vulnerability (lien direct) | Companies are assessing the impact of the Spring vulnerability dubbed Spring4Shell on their products, and while some vendors have started releasing patches, many have determined that their products do not appear to be affected. | Vulnerability | ||
|
2022-04-04 08:52:31 | UK Charges Alleged Lapsus$ Gang Members With Hacking (lien direct) | The City of London Police on Friday announced that two teenagers were officially charged for their alleged roles in a hacking group that is believed to be the infamous Lapsus$ gang. The youngsters, aged 16 and 17, were arrested roughly a week ago, along with five other teens supposedly involved in the Lapsus$ attacks. | |||
|
2022-04-01 16:30:12 | Experts Warn Defenders: Don\'t Relax on Log4j (lien direct) | It's been four months since the Log4j issue exploded onto the internet. All the major software vendors affected by it have by now released patches – but even where companies have patched, it would be wrong to relax. | ★★ | ||
|
2022-04-01 13:42:46 | FBI Warns of Ransomware Attacks Targeting Local Governments (lien direct) | The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses. | Ransomware | ||
|
2022-04-01 11:27:31 | New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs (lien direct) | Researchers at industrial cybersecurity firm Claroty have identified two serious vulnerabilities that could allow malicious actors to launch Stuxnet-style attacks against programmable logic controllers (PLCs) made by Rockwell Automation. | |||
|
2022-04-01 10:33:30 | Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks (lien direct) | Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks. | Vulnerability | ||
|
2022-04-01 10:11:54 | Spring4Shell Exploitation Attempts Confirmed as Patches Are Released (lien direct) | 
The Spring zero-day vulnerability named Spring4Shell (SpringShell) has been patched, just as several cybersecurity firms have confirmed seeing exploitation attempts.
|
Vulnerability | ||
|
2022-04-01 09:48:32 | Antimatter Emerges From Stealth Mode With $12M to Secure Customer Data (lien direct) | Antimatter, a startup that focuses on data security for SaaS applications, this week emerged from stealth mode with $12 million in Series A funding from NEA, with additional investment from General Catalyst, UNION Labs, and several angel investors. | |||
|
2022-04-01 08:35:43 | UK Spy Chief Warns Russia Looking for Cyber Targets (lien direct) | A U.K. intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine. | |||
|
2022-03-31 20:07:22 | Apple Ships Emergency Patches for \'Actively Exploited\' macOS, iOS Flaws (lien direct) | Apple's security response team on Thursday released emergency patches to cover a pair of "actively exploited" vulnerabilities affecting macOS, iOS and iPadOS devices. | |||
|
2022-03-31 17:27:39 | SentinelLabs: New Modem Wiper Malware May be Connected to Viasat Hack (lien direct) | A pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany. | Malware Hack | ||
|
2022-03-31 16:13:40 | Skiff Banks $10.5M for E2E Encrypted Workplace Collaboration (lien direct) | Sequoia Capital has doubled down on its early-stage investment in Skiff, a startup building a security-themed, end-to-end encrypted workspace collaboration platform. | |||
|
2022-03-31 14:58:15 | WATCH: Fireside Chat With McDonald\'s CISO Shaun Marion (lien direct) | In this security leadership fireside chat, McDonald's CISO Shaun Marion joins SecurityWeek's Ryan Naraine to discuss the role of the modern CISO, the challenges of building a ma | Guideline | ||
|
2022-03-31 14:40:32 | Cybersecurity Vendors Assessing Impact of Recent OpenSSL Vulnerability (lien direct) | 
|
Vulnerability | ||
|
2022-03-31 13:02:18 | FBI: 65 People Arrested Worldwide in BEC Bust (lien direct) | The Federal Bureau of Investigation (FBI) this week announced the arrests of 65 individuals as part of an international effort to combat business email compromise (BEC) fraud. BEC scammers typically target employees in charge of making or authorizing wire transfers, from either a compromised or a spoofed email account. | |||
|
2022-03-31 12:32:26 | IT Giant Globant Confirms Source Code Repository Breach (lien direct) | IT giant Globant has confirmed suffering a data breach after the notorious hacker group Lapsus$ leaked tens of gigabytes of data allegedly stolen from the company. | Data Breach | ||
|
2022-03-31 12:31:50 | The Importance of Open Source to an XDR Architecture (lien direct) | No longer satisfied with infecting files or systems, adversaries are now intent on crippling entire enterprises. Damaging supply chain, ransomware and wiper attacks are making headline news, impacting not only the organization but their stakeholders too. As threat actors' approaches and targets change, our approach to detection and response is changing as well. | Ransomware Threat | ||
|
2022-03-31 11:41:55 | SaaS Security Startup Wing Emerges From Stealth With $26 Million in Funding (lien direct) | Wing Security, a Tel Aviv, Israel-based SaaS security startup, this week emerged from stealth mode with $26 million in seed and Series A funding. GGV Capital, Harmony Partners, S-Capital, Silicon Valley CISO Investments Group, and various security leaders have invested in the company. | Guideline | ||
|
2022-03-31 11:29:07 | FBI Warns of Phishing Attacks Targeting US Election Officials (lien direct) | The Federal Bureau of Investigation (FBI) this week warned US election officials of potential invoice-themed phishing attacks meant to steal their login credentials. Such attacks have already hit US election officials in at least nine states, and the FBI expects the phishing attempts to continue and even ramp up. | |||
|
2022-03-31 10:38:54 | Spring4Shell: Spring Flaws Lead to Confusion, Concerns of New Log4Shell-Like Threat (lien direct) | 
The disclosure of several vulnerabilities affecting the widely used Spring Java framework has led to confusion and concerns that organizations may need to deal with a flaw similar to the notorious Log4Shell.
|
Threat |
To see everything:
Our RSS (filtrered)
