What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-12 11:02:28 | Mandiant relie également l'attaque de la chaîne d'approvisionnement 3CX à des pirates nord-coréens Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers (lien direct) |
> 3CX a confirmé les rapports précédents selon lesquels l'attaque de chaîne d'approvisionnement récemment divulguée a probablement été menée par des pirates nord-coréens.
>3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers. |
General Information Guideline | ★★ | |
|
2023-03-10 17:02:50 | Blackbaud Fined $3M For \'Misleading Disclosures\' About 2020 Ransomware Attack (lien direct) | >Blackbaud has been slapped with a $3 million civil penalty by the SEC for "making misleading disclosures" about a 2020 ransomware attack that impacted more than 13,000 customers. | Ransomware Guideline | ★★ | |
|
2023-01-27 14:06:35 | BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws (lien direct) | >The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). | Guideline | ★★★ | |
|
2022-12-05 17:45:25 | SIM Swapper Who Stole $20 Million Sentenced to Prison (lien direct) | Nicholas Truglia, of Florida, was sentenced to 18 months in prison last week for stealing more than $20 million in a SIM swapping scheme. According to the indictment, in January 2018, Truglia, now aged 25, participated in a scheme to hack into online accounts in an effort to steal cryptocurrency. He pleaded guilty in late 2021. | Hack Guideline | ★★ | |
|
2022-11-11 12:18:29 | Google Pays $70k for Android Lock Screen Bypass (lien direct) | Google recently handed out a $70,000 bug bounty reward for an Android vulnerability leading to lock screen bypass, security researcher David Schutz says. | Vulnerability Guideline | ||
|
2022-08-22 12:18:15 | Lloyd\'s of London Introduces New War Exclusion Insurance Clauses (lien direct) | Lloyds of London, which describes itself as 'the world's leading insurance and reinsurance marketplace', has clarified its position on war exclusions and cyberattack cover. It will require its underwriters to include such an exclusion based on its definition of cyberwar in future cyber insurance policies. | Guideline | ||
|
2022-07-13 19:05:27 | Retbleed: New Speculative Execution Attack Targets Intel, AMD Processors (lien direct) | Researchers at Swiss university ETH Zurich have devised a new speculative execution attack that can lead to information leaks and works against both Intel and AMD processors. | Guideline | ||
|
2022-06-30 10:20:36 | Canadian NetWalker Ransomware Affiliate Pleads Guilty in US (lien direct) | A Canadian national has pleaded guilty in a United States court to charges related to his role in a cybercrime operation involving the NetWalker ransomware. Sebastien Vachon-Desjardins, 34, is a former Canadian government employee. He was previously sentenced to seven years in prison in Canada for ransomware attacks. | Ransomware Guideline | ★★★★ | |
|
2022-06-23 14:26:01 | Top Cryptographers Flag \'Devastating\' Flaws in MEGA Cloud Storage (lien direct) | Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data in the MEGA cloud.” | Guideline | ||
|
2022-06-20 10:10:17 | Breach at Eye Care Software Vendor Hits Millions of Patients (lien direct) | The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders, a firm that provides electronic health record and practice management solutions. | Data Breach Threat Guideline | ||
|
2022-06-15 13:52:14 | Critical Code Execution Vulnerability Patched in Splunk Enterprise (lien direct) | Splunk this week announced the release of out-of-band patches that address multiple vulnerabilities across Splunk Enterprise, including a critical issue that could lead to arbitrary code execution. | Vulnerability Guideline | ★★★ | |
|
2022-06-06 14:52:15 | Critical Account Takeover Vulnerability Patched in GitLab Enterprise Edition (lien direct) | DevOps platform GitLab has announced security updates that resolve multiple vulnerabilities, including a critical-severity bug leading to account takeover. | Vulnerability Guideline | ||
|
2022-06-06 09:15:39 | Activists Say Cyber Agency Weakens Voting Tech Advisory (lien direct) | The nation's leading cybersecurity agency released a final version Friday of an advisory it previously sent state officials on voting machine vulnerabilities in Georgia and other states that voting integrity activists say weakens a security recommendation on using barcodes to tally votes. | Guideline | ||
|
2022-06-03 14:41:58 | Chainguard Bags Massive $50M Series A for Supply Chain Security (lien direct) | Venture capital powerhouse Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to "make software supply chain secure by default." | Guideline | ||
|
2022-06-01 01:31:43 | Cyber Agency: Voting Software Vulnerable in Some States (lien direct) | Electronic voting machines from a leading vendor used in at least 16 states have software vulnerabilities that leave them susceptible to hacking if unaddressed, the nation's leading cybersecurity agency says in an advisory sent to state election officials. | Guideline | ||
|
2022-05-25 15:02:53 | Alleged Cybercrime Ringleader Arrested in Nigeria (lien direct) | An unnamed Nigerian man has been arrested over his alleged role leading a cybercrime group that specialized in phishing and business email compromise (BEC). The arrest, announced on Wednesday by Interpol, is the result of an international operation involving law enforcement and several cybersecurity companies. | Guideline | ||
|
2022-05-16 12:05:07 | SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances (lien direct) | SonicWall has released patches for multiple vulnerabilities in its Secure Mobile Access (SMA) series appliances, including a high-severity issue that could lead to unauthorized access. | Vulnerability Guideline | ★★★★ | |
|
2022-05-11 15:37:18 | (Déjà vu) Chrome 101 Update Patches High-Severity Vulnerabilities (lien direct) | Google this week announced the release of a Chrome browser update that resolves a total of 13 vulnerabilities, including nine that were reported by external researchers. Of the externally reported security holes, seven are use-after-free bugs – these types of vulnerabilities could lead to arbitrary code execution. | Guideline | ★★★ | |
|
2022-05-09 17:19:16 | U.S. Offers $15 Million Bounty for Leaders of Conti Ransomware Gang (lien direct) | Eager to hunt down key leaders of the Conti ransomware gang, the United States Government is willing to pay up to $10 million for information leading to the identification and/or location of anyone holding a key leadership role in the group. | Ransomware Guideline | ★★★ | |
|
2022-05-05 16:58:51 | Catalan: Spain Spy Chief Admits Legally Hacking Some Phones (lien direct) | A leading Catalan separatist politician said Thursday that Spain's top intelligence official acknowledged that her agency had hacked into the cellphones of “some” of the dozens of politicians reported to be targeted by spyware but she said it had proper judicial authorization. | Guideline | ||
|
2022-04-21 12:43:17 | Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal (lien direct) | Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite. | Guideline | ||
|
2022-04-14 14:04:44 | Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites (lien direct) | A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution. Elementor is a drag-and-drop website builder for WordPress that has more than 5 million installations. | Vulnerability Guideline | ||
|
2022-04-12 14:10:19 | Amazon RDS Vulnerability Led to Exposure of Credentials (lien direct) | Amazon Web Services (AWS) on Monday announced that it recently addressed a vulnerability in Amazon Relational Database Service (RDS) that could lead to the exposure of internal credentials. | Vulnerability Guideline | ||
|
2022-03-31 14:58:15 | WATCH: Fireside Chat With McDonald\'s CISO Shaun Marion (lien direct) | In this security leadership fireside chat, McDonald's CISO Shaun Marion joins SecurityWeek's Ryan Naraine to discuss the role of the modern CISO, the challenges of building a ma | Guideline | ||
|
2022-03-31 11:41:55 | SaaS Security Startup Wing Emerges From Stealth With $26 Million in Funding (lien direct) | Wing Security, a Tel Aviv, Israel-based SaaS security startup, this week emerged from stealth mode with $26 million in seed and Series A funding. GGV Capital, Harmony Partners, S-Capital, Silicon Valley CISO Investments Group, and various security leaders have invested in the company. | Guideline | ||
|
2022-03-30 15:10:57 | Chrome Browser Gets Major Security Update (lien direct) | Google this week released a security-themed Chrome browser makeover with patches 28 documented vulnerabilities, some serious enough to lead to code execution attacks. The new browser refresh is now rolling out to Windows, Mac and Linux users as Chrome 100.0.4896.60. | Guideline | ||
|
2022-03-29 15:15:52 | Why Bullying Employees Into Compliance Won\'t Work (lien direct) | Security leaders need to understand that people working from home require more than technological support to improve security | Guideline | ★★ | |
|
2022-03-29 12:04:13 | Sophos Warns of Attacks Exploiting Recent Firewall Vulnerability (lien direct) | Sophos on Monday raised the alarm about a recently patched Sophos Firewall vulnerability being exploited in attacks. Impacting the User Portal and Webadmin of Sophos Firewall, the bug is described as an authentication bypass that could lead to remote code execution. | Vulnerability Guideline | ||
|
2022-03-28 16:01:29 | Estonian Ransomware Operator Sentenced to Prison in US (lien direct) | An Estonian man was sentenced to 66 months in prison in the United States for his role in ransomware attacks that caused more than $53 million in losses. The cybercriminal, Maksim Berezan, who was arrested in Latvia and later extradited to the United States, pleaded guilty in April 2021 to conspiracy to commit wire fraud and device fraud. | Ransomware Guideline | ||
|
2022-03-08 20:03:57 | Patch Tuesday: Microsoft Fixes Multiple Code Execution Flaws (lien direct) | Microsoft's Patch Tuesday bundle for this month is a big one: 74 documented vulnerabilities in multiple Windows products and components, some serious enough to lead to remote code execution attacks. | Guideline | ||
|
2022-02-24 19:59:17 | Nigerian Admits in US Court to Hacking Payroll Company (lien direct) | A Nigerian national pleaded guilty in a U.S. court for his role in a scheme to hack into thousands of user accounts maintained by a payroll processing company, to steal payroll deposits. | Hack Guideline | ||
|
2022-02-23 13:26:12 | SecurityWeek to Host 2022 Attack Surface Management Summit Today (lien direct) | 
Security Leaders Will Walk Away from Virtual Event with New Strategies to Get Ahead of Attackers
|
Guideline | ||
|
2022-02-23 10:54:28 | EU to Activate Cyber Response Team to Help Ukraine (lien direct) | The European Union is set to activate an EU cyber response team to help Ukraine face Russian attacks, the unit's leader Lithuania said on Tuesday. | Guideline | ||
|
2022-02-17 16:10:50 | Google Introduces \'Privacy Sandbox\' for Ads on Android (lien direct) | Google this week announced Privacy Sandbox on Android, a new initiative expected to lead to more private advertising solutions for its mobile users. The new solutions, the Internet giant claims, will limit the sharing of user data and will also prevent the use of cross-app identifiers, advertising IDs included. | Guideline | ||
|
2022-02-08 16:09:06 | Cyberattack Targets Vodafone Portugal, Disrupts Services (lien direct) | Vodafone Portugal, one of the country's leading telecommunications companies, said Tuesday it had been hacked though no confidential customer data was compromised. | Guideline | ||
|
2022-02-03 11:56:41 | Cisco Patches Critical Vulnerabilities in Small Business RV Routers (lien direct) | Cisco this week announced patches for multiple vulnerabilities in its Small Business RV160, RV260, RV340, and RV345 series routers, including critical bugs that could lead to the execution of arbitrary code with root privileges. | Guideline | ||
|
2022-02-01 17:53:29 | British Council Student Data Found in Unprotected Database (lien direct) | The information of many British Council students was recently exposed online in an unprotected repository. A world leading education institution, British Council operates in over 100 countries worldwide. In 2019 and 2020, it connected directly with roughly 80 million people, and with over 790 million overall. | Guideline | ||
|
2022-01-27 21:09:04 | Outlook Security Feature Bypass Allowed Sending Malicious Links (lien direct) | A Trustwave researcher has discovered a new technique to completely bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. The new technique, Trustwave SpiderLabs lead threat architect Reegun Richard Jayapaul explains, is a variation of a vulnerability that was initially addressed in February 2020. | Vulnerability Threat Guideline | ||
|
2022-01-26 11:49:52 | Two More Poles Identified as Victims of Hacking With Spyware (lien direct) | Two more Poles have been identified as victims of phone hacking with the notoriously powerful spyware from Israel's NSO Group: an agrarian political leader at odds with Poland's right-wing government and the co-author of a book about the head of Poland's secret services. | Guideline | ||
|
2022-01-18 11:00:59 | World Economic Forum Highlights Continued Gap Between Security and Business Leaders (lien direct) | Despite the current 'buzz' cliché phrase that 'security is top of mind' with business leadership, a new report from the World Economic Forum (WEF) highlights the continuing gap between business and security leaders. | Guideline | ||
|
2022-01-14 15:04:04 | Cyber Attack in Albuquerque Latest to Target Public Schools (lien direct) | When the superintendent of Albuquerque Public Schools announced earlier this week a cyber attack would lead to the cancellation of classes for around 75,000 students, he noted that the district's technology department had been fending off attacks “for the last few weeks.” | Guideline | ||
|
2022-01-14 00:51:00 | Maryland Lawmaker: Officials Misled on Ransomware Attack (lien direct) | A leading Maryland lawmaker said Thursday that top legislators were misled about the seriousness of a cyberattack on the state health department. | Ransomware Guideline | ||
|
2022-01-11 12:27:51 | Industrial Firms Advised Not to Ignore Security Risks Posed by URL Parsing Confusion (lien direct) | Researchers from industrial cybersecurity firm Claroty and developer security company Snyk have analyzed more than a dozen URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. Industrial organizations have been advised not to ignore these findings. | Guideline | ||
|
2022-01-11 12:02:10 | Is the \'Great Resignation\' Impacting Cybersecurity? (lien direct) | The so-called 'great resignation' currently upending the U.S. labor market is starting to affect cybersecurity programs with a growing number of senior leaders opting for early retirement and mid-level managers leaving in droves for less stressful, fully remote work opportunities. | Guideline | ||
|
2022-01-06 12:00:16 | Hackers Hit Major Portuguese Media Group, Take Down Websites (lien direct) | One of Portugal's leading media conglomerates said Thursday that a group calling itself “Lapsus$” hacked the company's online services, taking down some of its most popular websites and contacting subscribers. | Guideline | ★★★★ | |
|
2021-12-29 11:13:27 | Poland\'s Tusk Calls Spyware Use \'Crisis for Democracy\' (lien direct) | Polish opposition leader Donald Tusk on Tuesday said reports the government spied on its opponents represented the country's biggest "crisis for democracy" since the end of communism. | Guideline | ||
|
2021-12-27 15:04:25 | High-Risk Flaw Haunts Apache Server (lien direct) | The Apache Software Foundation has released a new version of its flagship web server to patch a pair of security defects, one series enough to lead to remote code execution attacks. | Guideline | ||
|
2021-12-17 11:17:39 | Spyware Find Highlights Depth of Hacker-for-Hire Industry (lien direct) | Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry. | Guideline | ||
|
2021-12-16 16:59:13 | Corellium Lands $25 Million Investment for Virtualization Tech (lien direct) | Fresh off a high-profile legal triumph over Apple, virtualization technology startup Corellium is now enjoying the attention of investors with Paladin Capital Group leading a $25 million funding round. | Guideline | ||
|
2021-12-16 14:41:29 | SecurityWeek Announces Virtual Cybersecurity Event Schedule for 2022 (lien direct) | SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, today announced its official lineup of virtual cybersecurity events for 2022. | Guideline |
To see everything:
Our RSS (filtrered)
