What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-11-19 18:54:36 | Russian Ransomware Gangs on the Hunt for Pen Testers (lien direct) | In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.
In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations. |
Ransomware | ★★ | |
|
2024-11-19 18:09:26 | \\'Phobos\\' Ransomware Cybercriminal Extradited From South Korea (lien direct) | According to the unsealed criminal charges, the operation is believed to have running for nearly four years.
According to the unsealed criminal charges, the operation is believed to have running for nearly four years. |
Ransomware | ★★ | |
|
2024-11-19 16:27:01 | Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree (lien direct) | The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals.
The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals. |
★★★ | ||
|
2024-11-19 15:00:00 | We Can Do Better Than Free Credit Monitoring After a Breach (lien direct) | Individual companies and entire industries alike must take responsibility for protecting customer data - and doing the right thing when they fail.
Individual companies and entire industries alike must take responsibility for protecting customer data - and doing the right thing when they fail. |
★★ | ||
|
2024-11-18 22:16:04 | WhatsApp: NSO Group Operates Pegasus Spyware for Customers (lien direct) | Freshly released court documents reveal new details on controversial Israeli spyware firm\'s operations.
Freshly released court documents reveal new details on controversial Israeli spyware firm\'s operations. |
★★★ | ||
|
2024-11-18 22:09:52 | Security Industry Association Announces SIA RISE Scholarship Awardees (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-11-18 22:06:02 | AI About-Face: \\'Mantis\\' Turns LLM Attackers Into Prey (lien direct) | Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands.
Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands. |
★★★ | ||
|
2024-11-18 21:54:40 | Kyndryl & Microsoft Unveil New Services to Advance Cyber Resilience for Customers (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-11-18 21:44:11 | Akamai Reports Third Quarter 2024 Financial Results (lien direct) | Pas de details / No more details | ★★ | ||
|
2024-11-18 21:14:35 | Bugcrowd Names Trey Ford as CISO (lien direct) | Pas de details / No more details | ★★ | ||
|
2024-11-18 20:43:39 | Jen Easterly, CISA Director, to Step Down on Inauguration Day (lien direct) | Other Biden administration appointees at CISA will also submit their resignations on Jan. 20, as the cyberdefense agency prepares for President-elect Trump\'s new DHS director.
Other Biden administration appointees at CISA will also submit their resignations on Jan. 20, as the cyberdefense agency prepares for President-elect Trump\'s new DHS director. |
★★ | ||
|
2024-11-18 20:14:15 | Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover (lien direct) | A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled.
A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled. |
Vulnerability | ★★ | |
|
2024-11-18 19:49:30 | Akira Ransomware Racks Up 30+ Victims in a Single Day (lien direct) | Of the numerous victims, at least three refused to pay the demanded ransom, with the rest seemingly in talks with the cybercriminal group.
Of the numerous victims, at least three refused to pay the demanded ransom, with the rest seemingly in talks with the cybercriminal group. |
Ransomware | ★★ | |
|
2024-11-18 18:02:53 | Name That Toon: Meeting of Minds (lien direct) | Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. |
★★ | ||
|
2024-11-18 18:00:00 | To Map Shadow IT, Follow Citizen Developers (lien direct) | The tangle of user-built tools is formidable to manage, but it can lead to a greater understanding of real-world business needs.
The tangle of user-built tools is formidable to manage, but it can lead to a greater understanding of real-world business needs. |
Tool | ★★ | |
|
2024-11-18 17:11:38 | Palo Alto Networks Patches Critical Zero-Day Firewall Bug (lien direct) | The security vendor\'s Expedition firewall appliance\'s PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet.
The security vendor\'s Expedition firewall appliance\'s PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet. |
Tool Vulnerability Threat | ★★ | |
|
2024-11-18 15:00:00 | Why the Demand for Cybersecurity Innovation Is Surging (lien direct) | Companies that recognize current market opportunities - from the need to safely implement revolutionary technology like AI to the vast proliferation of cyber threats - have remarkable growth prospects.
Companies that recognize current market opportunities - from the need to safely implement revolutionary technology like AI to the vast proliferation of cyber threats - have remarkable growth prospects. |
★★ | ||
|
2024-11-18 13:38:03 | DHS Releases Secure AI Framework for Critical Infrastructure (lien direct) | The voluntary recommendations from the Department of Homeland Security cover how artificial intelligence should be used in the power grid, water system, air travel network, healthcare, and other pieces of critical infrastructure.
The voluntary recommendations from the Department of Homeland Security cover how artificial intelligence should be used in the power grid, water system, air travel network, healthcare, and other pieces of critical infrastructure. |
Medical | ★★ | |
|
2024-11-15 22:52:16 | Microsoft Pulls Exchange Patches Amid Mail Flow Issues (lien direct) | Email at many organizations has stopped working; the tech giant has advised users who are facing the issue to uninstall the updates so that it can address flaw.
Email at many organizations has stopped working; the tech giant has advised users who are facing the issue to uninstall the updates so that it can address flaw. |
★★★ | ||
|
2024-11-15 22:21:57 | ChatGPT Exposes Its Instructions, Knowledge & OS Files (lien direct) | According to Mozilla, users have a lot more power to manipulate ChatGPT than they might realize. OpenAI hopes those manipulations remain within a clearly delineated sandbox.
According to Mozilla, users have a lot more power to manipulate ChatGPT than they might realize. OpenAI hopes those manipulations remain within a clearly delineated sandbox. |
ChatGPT | ★★ | |
|
2024-11-15 15:00:00 | Combating the Rise of Federally Aimed Malicious Intent (lien direct) | In the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills.
In the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills. |
★★ | ||
|
2024-11-15 14:36:02 | Lessons From OSC&R on Protecting the Software Supply Chain (lien direct) | A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production.
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production. |
★★ | ||
|
2024-11-15 13:00:00 | Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats (lien direct) | Given increased tensions with China over tariffs, companies could see a shift in attacks, but also fewer regulations and a run at a business-friendly federal privacy law.
Given increased tensions with China over tariffs, companies could see a shift in attacks, but also fewer regulations and a run at a business-friendly federal privacy law. |
★★ | ||
|
2024-11-15 00:38:16 | TSA Proposes Cyber Risk Mandates for Pipelines, Transportation Systems (lien direct) | The proposed rules codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber risk management plans.
The proposed rules codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber risk management plans. |
★★★ | ||
|
2024-11-14 23:51:57 | Frenos Takes Home the Prize at 2024 DataTribe Challenge (lien direct) | Frenos offers a zero-impact, continuous security assessment platform for operational technology environments.
Frenos offers a zero-impact, continuous security assessment platform for operational technology environments. |
★★ | ||
|
2024-11-14 21:53:19 | Varonis Warns of Bug Discovered in PostgreSQL PL/Perl (lien direct) | Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch.
Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch. |
★★★ | ||
|
2024-11-14 20:50:19 | Idaho Man Gets 10 Years for Hacking, Cyber Extortion (lien direct) | In addition to his prison sentence, he will have to pay more than $1 million in restitution to his victims.
In addition to his prison sentence, he will have to pay more than $1 million in restitution to his victims. |
Legislation | ★★ | |
|
2024-11-14 18:00:00 | The Vendor\\'s Role in Combating Alert Fatigue (lien direct) | As alerts pile up, the complexity can overwhelm security professionals, allowing real threats to be missed. This is where vendors must step up.
As alerts pile up, the complexity can overwhelm security professionals, allowing real threats to be missed. This is where vendors must step up. |
★★ | ||
|
2024-11-14 15:00:00 | Washington\\'s Cybersecurity Storm of Complacency (lien direct) | If the government truly wants to protect the US\'s most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.
If the government truly wants to protect the US\'s most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures. |
★★ | ||
|
2024-11-14 13:00:00 | Microsoft Power Pages Leak Millions of Private Records (lien direct) | Less experienced users of Microsoft\'s website building platform may not understand all the implications of the access controls in its low- or no-code environment.
Less experienced users of Microsoft\'s website building platform may not understand all the implications of the access controls in its low- or no-code environment. |
★★★ | ||
|
2024-11-14 07:00:00 | Hamas Hackers Spy on Mideast Gov\\'ts, Disrupt Israel (lien direct) | APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target. |
Malware | ★★ | |
|
2024-11-13 23:40:17 | Cloud Ransomware Flexes Fresh Scripts Against Web Apps (lien direct) | Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.
Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says. |
Ransomware Cloud | ★★ | |
|
2024-11-13 22:46:14 | OpenText Cybersecurity Unveils 2024\\'s Nastiest Malware (lien direct) | Pas de details / No more details | Malware | ★★★ | |
|
2024-11-13 22:39:34 | Toolkit Vastly Expands APT41\\'s Surveillance Powers (lien direct) | The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia. |
APT 41 | ★★ | |
|
2024-11-13 22:36:55 | Lacoste First to Use AI-Powered Anti-counterfeiting Solution (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-11-13 22:34:56 | Zero-Days Win the Prize for Most Exploited Vulns (lien direct) | Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.
Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco. |
Vulnerability Threat | ★★★ | |
|
2024-11-13 22:32:20 | CISA Releases Its First Ever International Strategic Plan (lien direct) | Pas de details / No more details | ★★ | ||
|
2024-11-13 22:23:33 | Trustwave-Cybereason Merger Boost MDR Portfolio (lien direct) | The consolidation folds Cybereason\'s endpoint detection and response (EDR) platform into Trustwave\'s managed security services offerings.
The consolidation folds Cybereason\'s endpoint detection and response (EDR) platform into Trustwave\'s managed security services offerings. |
★★ | ||
|
2024-11-13 22:12:11 | (Déjà vu) 20% of Industrial Manufacturers Are Using Network Security as a First Line of Defense (lien direct) | Pas de details / No more details | Industrial | ★★★ | |
|
2024-11-13 20:31:41 | 5 Ways to Save Your Organization From Cloud Security Threats (lien direct) | The shift to cloud means securing your organization\'s digital assets requires a proactive, multi-layered approach
The shift to cloud means securing your organization\'s digital assets requires a proactive, multi-layered approach |
Cloud | ★★ | |
|
2024-11-13 20:21:21 | Iranian Cybercriminals Target Aerospace Workers via LinkedIn (lien direct) | The group seeks out aerospace professionals by impersonating job recruiters - a demographic it has targeted in the past as well - then deploys the SlugResin backdoor malware.
The group seeks out aerospace professionals by impersonating job recruiters - a demographic it has targeted in the past as well - then deploys the SlugResin backdoor malware. |
Malware | ★★ | |
|
2024-11-13 19:47:53 | Google AI Platform Bugs Leak Proprietary Enterprise LLMs (lien direct) | The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models. |
Vulnerability | ★★★ | |
|
2024-11-13 15:00:00 | How CISOs Can Lead the Responsible AI Charge (lien direct) | CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology\'s promises and opportunities.
CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology\'s promises and opportunities. |
★★ | ||
|
2024-11-13 07:00:00 | Middle East Cybersecurity Efforts Catch Up After Late Start (lien direct) | Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East - led by Saudi Arabia and other Gulf nations - have adopted mature frameworks and regulations amid escalating volumes of attacks.
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East - led by Saudi Arabia and other Gulf nations - have adopted mature frameworks and regulations amid escalating volumes of attacks. |
★★ | ||
|
2024-11-12 22:41:11 | 2 Zero-Day Bugs in Microsoft\\'s Nov. Update Under Active Exploit (lien direct) | The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack. |
Vulnerability Threat | ★★ | |
|
2024-11-12 22:18:29 | Amazon Employee Data Compromised in MOVEit Breach (lien direct) | The data leak was not actually due to a breach in Amazon\'s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
The data leak was not actually due to a breach in Amazon\'s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well. |
★★ | ||
|
2024-11-12 20:48:52 | New Essay Competition Explores AI\\'s Role in Cybersecurity (lien direct) | The essays focuses on the impact AI will have on European policy.
The essays focuses on the impact AI will have on European policy. |
★★ | ||
|
2024-11-12 19:46:24 | CrowdStrike Spends to Boost Identity Threat Detection (lien direct) | Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise.
Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise. |
Threat | ★★★ | |
|
2024-11-12 17:44:24 | \\'GoIssue\\' Cybercrime Tool Targets GitHub Developers En Masse (lien direct) | Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches. |
Malware Tool | ★★★ | |
|
2024-11-12 16:31:25 | Citrix Issues Patches for Zero-Day Recording Manager Bugs (lien direct) | There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE." |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
