What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-28 16:16:44 | KB4Con 2022 – The Latest in Hacking Techniques with the World\'s Most Famous Hacker (lien direct) | KB4Con 2022 ended on a high point as it involved an individual many of the attendees had been excited to hear from – someone who is widely considered to have coined the term hacking. It was none other than computing security consultant, author, “one-time world-most wanted hacker” and Chief Hacking Officer at KnowBe4, Kevin Mitnick. […] | |||
|
2022-04-28 16:14:38 | KB4Con 2022 – Cyber Resilience and the Fourth Industrial Revolution (lien direct) | Humanity has always embraced technology and, today, we are seeing increased IoT integration, cloud adoption and vast wave of remote workers who are connecting to more online infrastructures. However, this is leading many to question the cyber resiliency of organisations, particularly at a time when cyber-attacks are at an all-time high. In fact, according to […] | Guideline | ||
|
2022-04-28 11:21:35 | Ransoms only make up 15% of ransomware costs (lien direct) | Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors. The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption. Ransomware attacks are an increasingly popular […] | Ransomware Threat | ||
|
2022-04-28 08:51:12 | Synopsys Acquires WhiteHat Security to Expand Application Security Software-as-a-Service Capabilities (lien direct) | Yesterday, Synopsys, Inc. announced that it has signed a definitive agreement to acquire WhiteHat Security, a leading provider of application security Software-as-a-Service (SaaS). The addition of WhiteHat Security will provide Synopsys with significant SaaS capabilities and market-segment-leading dynamic application security testing (DAST) technology to strengthen what is considered one of the industry’s broadest application security testing portfolio. […] | Guideline | ★★ | |
|
2022-04-27 10:12:23 | Hackers claim to have breached Coca Cola (lien direct) | The group behind Stormous ransomware has announced the sale of almost 161GB of data allegedly belonging to Coca Cola. The data up for sale includes passwords, financial data and account details. The group is asking for 1.6467000 Bitcoin, or $ 64,396.67 for the data. The announcement follows Stormous publishing a poll in which the group […] | Ransomware | ||
|
2022-04-27 09:25:59 | US pledges $10m for Sandworm information (lien direct) | Authorities in the United States have offered a $10m reward for anyone that can help locate or identify six members of a state-sponsored Russian hacking group responsible for NotPetya. The call for information was issued by the Department of State’s Rewards for Justice (RFJ). The six officers of the Main Intelligence Directorate of the General […] | NotPetya | ||
|
2022-04-26 14:58:53 | Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™ (lien direct) | Synopsys has been named by Gartner, Inc. as a Leader in the “Magic Quadrant for Application Security Testing” for the sixth consecutive year.1 In the report, Gartner evaluated 14 application security testing vendors based on their Completeness of Vision and Ability to Execute. Synopsys placed highest in Ability to Execute and Completeness of Vision for the […] | Guideline | ||
|
2022-04-26 10:13:51 | North Korea targets journalists with novel malware (lien direct) | State sponsored hackers operating out of North Korea have been targeting journalists with a novel malware strain, it has been revealed. The group, known as APT37, distribute the malware through a phishing attack originally discovered by NK news, a US news site specialising in covering news and providing research and analysis about North Korea, using […] | Malware Cloud | APT 37 | |
|
2022-04-26 09:00:11 | Learn Why Adaptive Shield Provides Ultimate SaaS Security Posture Management (lien direct) | Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring that these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is: Each app has […] | ★★★★★ | ||
|
2022-04-25 11:12:01 | Universities lose over £2m to ransomware (lien direct) | A new report by Jisc has revealed that ransomware attacks cost organisations in the UK’s education sector upwards of £2m per incident. Jisc is a non-profit providing the UK’s higher and further education sector with IT services, including the Janet network and incident response. John Chapmans, head of Janet policy and strategy, has warned that […] | Ransomware | ||
|
2022-04-25 09:04:45 | FBI sounds alarm on BlackCat ransomware (lien direct) | The US Federal Bureau of Investigation (FBI) has issued a warning regarding the BlackCat ransonware-as-a-service (RaaS). The ransomware is reported to have hit at least 60 entities globally since its emergence in November of last year to March 2022. Also known as ALPHV and Noberus, BlackCat is notable for being the first malware ever written […] | Ransomware Malware | ||
|
2022-04-22 10:16:36 | FBI warns US farmers of ransomware attacks (lien direct) | The FBI has warned agricultural cooperatives in the US of ransomware attacks that could have devastating impacts on the country’s food supply. A Private Industry Notification issued this week claimed that the farming industry could be viewed as an irresistible target during the planting and harvesting seasons. Successful attacks could have major financial implications and […] | Ransomware | ||
|
2022-04-22 09:55:47 | North Korea funding nuclear program with cyber campaigns (lien direct) | An expert at the United Nations has called for an increased focus on North Korean cyber activity, as they believe it is being used to fund the country’s banned nuclear weapons program. Eric Penton-Voak, a co-ordinator of the the UN group tasked with monitoring the enforcement of sanctions on North Korea made the statement on […] | ★★★★★ | ||
|
2022-04-21 18:43:03 | Live from KB4-Con: Security Culture in the Spotlight (lien direct) | “How strong is your security culture… and are you controlling it?” This is the question posed by Kai Roer, chief research officer and Perry Carpenter, chief strategy officer at KnowBe4 during their session entitled Security Awareness, Behaviour and Culture – The Key to Making it Work at KB4-Con in Orlando. The pair posited to the […] | ★★★★★ | ||
|
2022-04-21 18:34:50 | Live from KB4-Con: KnowBe4 CEO introduces HDR – Human Detection and Response (lien direct) | Today, live from KB4-Con, Knowbe4’s CEO Stu Sjouwerman welcomed KnowBe4 partners and customers to the event and introduced the concept of HDR, or Human Detection and Response to attendees. Similar to the already recognised industry buzz phrase XDR that encapsulates all security defences with the end goal of reducing complexity through integration of many cybersecurity […] | |||
|
2022-04-21 14:44:02 | Five-Eyes issues Russian cyberattack warning (lien direct) | The Five-Eyes joint advisory board has warned that Russia is considering cyber attacks on Western nations as part of its war in Ukraine. Five-Eyes agencies have said several Russian government and military organisations, including the Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the General Staff Main Intelligence Directorate (GRU), have conducted malicious […] | ★★★★ | ||
|
2022-04-21 10:52:22 | Synopsys\' OSSRA report reveals challenges with managing open source risk in software supply chains (lien direct) | Last week, Synopsys released its 2022 Open Source Security and Risk Analysis (OSSRA) report. The report, produced analysed over 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, performed by the Black Duck® Audit Services team. The report highlights trends in open source usage within commercial and proprietary applications and provides insights to help developers […] | |||
|
2022-04-21 09:14:12 | UK government staff hit with billions of malicious emails in 2021 (lien direct) | New research from Comparitech has revealed that UK government employees received 2.4 billion malicious emails in 2021. This equates to around 2400 emails per employee, per year. The tech research firm acquired this information through Freedom of Information Requests. Perhaps more concerning, it’s estimated that employees across 260 organisations clicked 57,000 suspicious links over 2021. Assessed […] | ★★★★ | ||
|
2022-04-20 15:33:40 | NINETEEN GROUP APPOINTS QUEEN\'S AWARD WINNING ESKENZI PR TO PROMOTE UK\'S NEWEST CYBERSECURITY EVENT (lien direct) | Nineteen Group, organisers of the International Cyber Expo, today announces it has partnered with Queen's Award for Enterprise winning technology PR agency, Eskenzi PR to help spread the word about the industry's newest cybersecurity event. Eskenzi PR has been a pillar within the industry for nearly three decades and brings a wealth of experience […] | |||
|
2022-04-20 14:52:50 | Tips for Cybersecurity in Remote Working (lien direct) | The world has had a rough time following the spread of Coronavirus, also referred to as COVID-19. Following the pandemic's impact on economical, political, and social aspects, one of the biggest adoptions was working from home, also referred to as remote working. If companies and businesses were to continue operating and cut down losses, remote […] | ★★★★ | ||
|
2022-04-20 12:21:25 | (Déjà vu) LinkedIn the most impersonated brand for phishing attacks (lien direct) | Research carried out by Check Point Research (CPR) has revealed that LinkedIn is the most impersonated brand for phishing attacks. In its 2022 Q1 Brand Phishing Report, CPR revealed that phishing attacks impersonating LinkedIn made up 52% of all attempts globally in the first quarter of 2022. This is a 44% increase when compared to […] | |||
|
2022-04-20 09:03:11 | One Identity Builds Upon Partner Program Growth with Focus on Partner Needs, Partner Business Model Development (lien direct) | One Identity, a leader in unified identity security, announced yesterday that its One Identity Partner Circle Program had achieved exceptional results during the recently ended fiscal year as evidenced by 80% of global company sales linked to the channel (fiscal year 2022 ended January 31). Other milestones include the addition of more than 600 new […] | Guideline | ||
|
2022-04-19 10:41:45 | (Déjà vu) Blockchain companies warned of North Korean hackers (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the Treasury Department have all warned of new, ongoing attacks targeting blockchain companies, carried out by the Lazarus Group. The activity cluster has been dubbed TraderTraitor, involving the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the […] | Threat Medical | APT 38 APT 28 | |
|
2022-04-19 09:19:52 | Researchers say Pegasus spyware targeted UK PM (lien direct) | The UK Prime Minister’s Office has been targeted by Pegasus spyware over the past two years. Citizen Lab, a Canadian non-profit, has been tracking the use of the spyware, produced by Israel’s NSO group, in recent years. NSO Group is being sued by WhatsApp and Apple as their customers were targeted by the covert malware. It also […] | |||
|
2022-04-19 09:00:50 | The Checklist to Ensure the Ultimate SaaS Security Posture Management (SSPM) (lien direct) | Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility […] | |||
|
2022-04-14 10:41:22 | (Déjà vu) Microsoft disrupts ZLoader Cybercrime Botnet (lien direct) | A global consortium of cybersecurity companies have collaborated with Microsoft to disrupt the Zloader botnet. The operation succeeded in seizing control of 65 domains used to control and communicate with infected hosts. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based […] | |||
|
2022-04-14 09:44:56 | Wind turbine giant hacked (lien direct) | Nordex Group, a major German wind turbine manufacturer, suffered a cyberattack on the 31 March 2022. According to Nordex, the attack was discovered early by IT security teams, who reacted quickly. The company has announced that IT systems across multiple locations and business units were shut down as part of their response protocols. The company […] | ★★★★★ | ||
|
2022-04-13 10:31:57 | 600k worth of crypto stolen by ethical hacker (lien direct) | Authorities in Pinellas Park, Florida have arrested 27-year old Aaron Daniel Motta after he allegedly stole a client’s Trezor hardware wallet and its password while providing security assistance. Motta is a “certified ethical hacker”, and has been charged with grand theft and other computer offenses. The accused is currently self employed and owns Motta Management […] | |||
|
2022-04-13 09:57:41 | RaidForums hacker forum domain seized (lien direct) | RaidForums, one of the world’s largest hacking forums, has been raided and taken down by an international law enforcement operation. The forum was notorious for selling access to stolen personal information. The operation, dubbed “Tourniquet”, involved authorities from the US, UK, Sweden, Portugal and Romania. The investigation culminated in the arrest of the forum’s administrator […] | |||
|
2022-04-12 09:23:52 | CISA warns of Russian state hackers exploiting WatchGuard bug (lien direct) | The Cybersecurity and Infrastructure Security Agency has warned of Russian state actors exploiting a bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, reportedly exploited the high severity privilege escalation flaw (CVE-2022-23176) to develop a new botnet, dubbed “Cyclops Blink”, […] | |||
|
2022-04-12 09:00:53 | What Real-Life SaaS Attack Misconfiguration Exploits Can Teach Us (lien direct) | It's unfortunate, but true: SaaS attacks continue to increase. You can't get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company's SaaS estate. […] | ★★ | ||
|
2022-04-12 08:46:58 | Pegasus spyware targeted EU officials (lien direct) | Several senior European Union (EU) officials were reportedly targeted with Pegasus spyware last year. Among those targeted were European Justice Commissioner Didier Reynders and at least four other commission staff. Reuters has said that it was notified of the claims by two EU officials and documentation it had reviewed. The EU commission reportedly became aware […] | |||
|
2022-04-11 10:01:39 | Fraudsters stole £58m with RATs in 2021 (lien direct) | 2021 saw victims of Remote Access Tool (RAT)scams lost £58m in 2021, official UK police figures show. RAT scams involve scammers taking control of a victims device, typically in order to access bank accounts. Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident. Typically, RAT attacks begin […] | Tool | ★★★ | |
|
2022-04-08 14:30:21 | Server-Side-Request-Forgery Enabled Administrative Account Takeover on FinTech Platform (lien direct) | Salt Labs has uncovered a Server-Side-Request Forgery on a major FinTech platform, enabling an administrative account takeover. Researchers identified API vulnerabilities allowing them to launch attacks where: Attackers could gain administrative access to the banking platform Attackers could leak users' personal data Attackers could access users' banking details and financial transactions Attackers could perform unauthorised […] | ★★★ | ||
|
2022-04-08 10:21:24 | Mobile banking overwhelmingly safer for UK consumers (lien direct) | Mobile banking is the safest way to bank for UK consumers, RiskOps platform for financial risk management Feedzai revealed in their Q2 2022 Financial Crime Report, based on the analysis of over 18 billion global banking transactions throughout 2021. According to the report, banking represented 88% of all banking transactions in the U.K. during this […] | |||
|
2022-04-08 09:19:11 | 50% of security leaders consider quitting due to stress (lien direct) | A new study from Vectra AI has revealed that half of UK cybersecurity leaders consider leaving their jobs due to the pressure they face at work. The security vendor polled 200 security chiefs in the UK in order to better understand the emerging industry health crisis. The study revealed that two out of five security […] | Guideline | ||
|
2022-04-08 09:05:44 | (Déjà vu) Website of Russian oil giant allegedly hacked (lien direct) | Gazprom Neft, the oil arm of Russian state gas company Gazprom, has allegedly suffered a hack on Wednesday bringing down its website. A statement allegedly from Gazprom CEO Alexie Miller was displayed on the website, appearing to criticise Russia’s invasion of Ukraine. Miller is a close friend of President Vladimir Putin. The website went down […] | Hack | ||
|
2022-04-07 18:56:11 | Webinar: Secure Your Cloud Environment from Evolving Threats (lien direct) | The IT Security Guru has teamed up with Synopsys, a recognised leader in application security, to bring you the webinar, ‘Secure Your Cloud Environment from Evolving Threats‘. As the migration to the cloud continues at an unabated pace, the threats in the cloud are also increasing proportionally and evolving constantly. Data breaches, misconfiguration risks, weak […] | Guideline | ||
|
2022-04-07 10:35:16 | Fox News leaks 13 million internal records (lien direct) | Researchers have claimed that a misconfiguration has exposed millions of internal records, including employees’ personally identifiable information, belonging to Fox News. The exposure was discovered by a team at Website Planet led by Jeremiah Fowler, who claimed that theoretically, anyone with an internet connection could have found the 58GB of internal records, which was left […] | ★★★★ | ||
|
2022-04-07 09:38:42 | (Déjà vu) Zoom paid $1.8 million in bug bounty rewards in 2021 (lien direct) | Zoom has awarded researchers $1.8 million in bug bounties over 2021, and $2.4 million since the programs launch. Bug bounties have emerged as a popular cybersecurity method recently, amidst the industry’s skill shortage. Estimates suggest that there will be roughly 3.5 million unfilled job openings by 2025 in the US alone. Zoom has experienced a […] | |||
|
2022-04-07 09:13:37 | (Déjà vu) Electric vehicle chargers hacked to show pornography (lien direct) | Electric vehicle owners in the Isle of Wight, UK, were surprised yesterday when public charging points displayed pornography. Service screens at the council-owned car parks across Quay Road, Cross Street, Cowes and Moa Place, Freshwater were supposed to display the council website, but hackers changed several of them to show explicit images. The Isle of […] | |||
|
2022-04-06 10:54:42 | Cash App notifies 8 million customers of data breach (lien direct) | Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users. It has been reported that the breach was caused by a former employee illegitimately accessing customer information. Block, Cash App’s owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing […] | Data Breach | ||
|
2022-04-06 10:34:17 | (Déjà vu) Germany closes Russian “Hydra” darknet marketplace (lien direct) | The Hydra Market, a Russian-language darknet marketplace formerly specialising in the sale of illicit drugs, forged documents, intercepted data and illegal digital service, has been shut down by German Federal police. Working in conjunction with the United States Justice Department, authorities closed German servers of the marketplace on Tuesday, seizing $25m in Bitcoin of alleged […] | ★★★★ | ||
|
2022-04-06 10:20:22 | New Risk-based Application Access Control aims to solve BYOD and Remote Work Security and Productivity Challenges (lien direct) | Yesterday, Cato Networks introduced its new risk-based application access control for combatting the threat of infiltration posed by remote workers and Bring Your Own Device (BYOD). Now, enterprise policies will be able to consider real-time device context when restricting access to certain capabilities within corporate applications, the internet and cloud resources. “User devices can be […] | Threat | ||
|
2022-04-05 15:23:56 | Armis Appoints Tom Gol as CTO for Research (lien direct) | Today, Armis announced the appointment of Tom Gol as CTO for Research. He will be reporting directly to Nadir Izrael, Global CTO and Co-founder at Armis. In this role, Tom will lead and oversee all research efforts as the company continues to solidify its place as a security leader and expert in threat and vulnerability research. His team […] | Vulnerability Threat Guideline | ||
|
2022-04-05 12:00:58 | Nominations for 2022\'s European Cybersecurity Blogger Awards NOW OPEN! (lien direct) | Now in its ninth successive year, the much-anticipated annual European Cyber Security Blogger Awards, sponsored by KnowBe4 and Qualys, is now open for nominations. The awards have always been committed to celebrating the cybersecurity industry's most coveted bloggers, vloggers, podcasters and social media influencers. Previous award winners have included renowned blogging and podcast stars such […] | |||
|
2022-04-05 11:15:55 | The Works closes stores after cyber attack (lien direct) | The Works has reported that five of its 526 shops were forced to close last week as hackers gained access to its computer systems and caused issues with its tills. While customers are experiencing longer delivery times for online orders, the company has said that no shoppers’ payment details had been compromised. The Works said […] | |||
|
2022-04-05 09:18:15 | (Déjà vu) New attack method could disrupt electric vehicle charging (lien direct) | Academics from the University of Oxford and Armasuisse S+T have identified a novel attack technique targeting the widely-used Combined Charging System (CCS). They say the method could potentially disrupt the ability to charge electric vehicles at scale. The “Brokenwire” attack method meddles with the control communications between the vehicle and charger, wirelessly aborting charging from […] | ★★★ | ||
|
2022-04-05 09:00:20 | The Differences in How CASB vs. SSPM Secures SaaS Apps (lien direct) | There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property […] | ★★★★★ | ||
|
2022-04-04 15:58:58 | Darkweb researcher warns of possible cyberattack against Indonesian energy company Perushaan Gas Negare (lien direct) | Deepweb researcher DarkFeed has taken to Twitter to announce they have discovered an attack at the hands of the Hive hacking group against Indonesian energy company Perushaan Gas Negare (PGN). 🌐 Hive #Ransomware team ransomed another huge energy company 🚨 Perusahaan Gas Negara is a state-owned natural gas company operated by the Indonesian government with […] |
To see everything:
Our RSS (filtrered)
