What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-14 10:36:58 | On New Sec 4 Day Rule To Report Cyberattacks (lien direct) | The US Securities and Exchange Commission (SEC) has proposed a new rule that would force public companies to disclose cyberattacks within four days. Industry leaders reacted on how this new rule will ensure that organisations are more transparent with their stakeholders. | Guideline | ||
|
2022-03-11 12:26:06 | WhatsApp Web Introduces Code Verification To Boost Security (lien direct) | As reported by TechRadar, WhatsApp has released a new open source browser extension to help further protect those who use its messaging service on the web. WhatsApp’s Code Verify extension works with Cloudflare’s infrastructure to validate the code being delivered in WhatsApp Web. This prevents malicious actors from tampering with your software or masking unfavorable […] | |||
|
2022-03-11 12:20:03 | Tuckers Solicitors ICO Fine (lien direct) | The ICO has issued a fine to Tuckers Solicitors following a successful ransomware attack against them. The company was fined £98,000 after a data breach caused by ransomware, during which hackers accessed 24,000 court bundles containing sensitive data such as medical files and witness statements – which were then released on the dark web. The action […] | Ransomware Data Breach | ||
|
2022-03-11 12:15:21 | 16 Vulnerabilities Found In Firmware Of HP Enterprise Devices (lien direct) | It has been reported that firmware security company Binarly has discovered at least 13 serious vulnerabilities affecting BIOS firmware present on devices by HP and possibly other manufacturers, resulting in a total of 15 CVE identifiers. The vulnerabilities have been characterized as stack overflows, heap overflows, and corruption of memory. All of these security holes have been assigned “high […] | |||
|
2022-03-10 12:57:29 | Fewer Than Half Of London Boroughs Have Invested In Cyber Insurance (lien direct) | According to Techmonitor, 48 percent of London boroughs have invested in cyber insurance, leaving 17 boroughs vulnerable to a significant loss in the event of a cyberattack. In the beginning of 2020, Hackney council was the victim of a phishing attack, where confidential information was compromised and the council incurred losses of £10 million. A study conducted by Ispos […] | |||
|
2022-03-09 12:53:51 | Ukraine Conflict Puts Organisations\' Cyber-Resilience To The Test (lien direct) | Julia O'Toole, founder and CEO of MyCena Security Solutions,urges businesses to bolster their cybersecurity to avoid getting caught in the cyber crossfire of the Russia-Ukraine conflict. Russia's invasion of Ukraine has provoked a massive rally of hackers to join both sides of the conflict and take up arms in the cyber-war. As has been the […] | |||
|
2022-03-09 12:47:59 | 68% Govt Covid Passport Apps At Risk (lien direct) | Symantec is reporting that two-thirds of the digital vaccine apps they analyzed exhibited risky behavior. Governments have been requiring people to carry so-called “digital passport apps” that store proof of a person’s COVID-19 vaccination status. The apps store a person's full name, ID number, date of birth, and other (PII) either encoded in a QR […] | |||
|
2022-03-09 12:24:11 | Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks (lien direct) | It has been reported that cyber researchers have revealed a long-running hacking campaign that breached at least six US state governments over the past year. Chinese cyberespionage group APT41 used a vulnerability in web-based software USAHERDS to penetrate at least two of those targets. It may have hit many more, given that 18 states run USAHERDS […] | Vulnerability Guideline | APT 41 | |
|
2022-03-09 12:17:31 | Expert Reacted On \'Dirty Pipe\' Linux Vulnerability (lien direct) | It has been reported that a cybersecurity researcher released the details of a Linux vulnerability that allows an attacker to overwrite data in arbitrary read-only files. The vulnerability — CVE-2022-0847 — was discovered by Max Kellermann in April 2021, but it took another few months for him to figure out what was actually happening. Kellermann explained that the vulnerability affects […] | Vulnerability | ||
|
2022-03-09 12:11:43 | New Specops Report Reveals Passwords Are Weakest Link For Networks (lien direct) | Organisations' current password usage and policies leaving businesses and employees vulnerable to cyberattacks Password-related attacks are on the rise. Stolen user credentials including name, email and password were the most common root cause of breaches in 2021 with several high-profile and disruptive attacks over the last two years on SolarWinds, Colonial Pipeline, and others made possible by […] | |||
|
2022-03-09 12:04:33 | Log4j Breaches At Least 6 U.S. State Governments (lien direct) | Following the news that the China-backed APT41 hacking group has compromised at least six US state governments by exploiting the Log4j vulnerability, cyber security experts commented below. | Guideline | APT 41 | |
|
2022-03-08 14:14:51 | The Rules Don\'t Apply To Me: Addressing The Cultural Aspect Of Cyber Security (lien direct) | It's been impossible to ignore the media reports about rules being followed - or, more importantly, not followed - by our leaders. This demonstrates that those in a privileged position may believe they can circumvent guidelines and regulations designed to keep people safe. Politics aside, there are parallels between recent events and how some organisations […] | Guideline | ||
|
2022-03-08 13:58:19 | Experts Reactions On Samsung Data Breach (lien direct) | Samsung has suffered a data breach and the cybercriminals responsible are teasing the data they have stolen. | Data Breach | ||
|
2022-03-07 17:01:21 | Why GMSAs Present Such A Threat, Expert Insight (lien direct) | An attacker with high privileges can obtain all the ingredients for generating the password of any gMSA in the domain at any time with two steps: Retrieve several attributes from the KDS root key in the domain Use the GoldenGMSA tool to generate the password of any gMSA associated with the key, without a privileged account. Introducing […] | |||
|
2022-03-07 11:09:01 | London Has The Highest Cybercrime Rate In The United Kingdom With Over 5,000 Incidents In 2021 (lien direct) | A new study from cybersecurity specialists ESET reveals the UK areas that saw the highest rates of cybercrime in 2021. The study found that there has been a very small decrease in the number of cybercrimes reported in December 2021, compared to January 2021. ESET, a global leader in cybersecurity has conducted a study into […] | Guideline | ||
|
2022-03-07 11:03:56 | The \'Revelations\' Chapter 2 – Waking Up To CyberWar And Conflict (lien direct) | The year was 1993 when I attended the Third Virus Bulleting Conference in Amsterdam, held at the Grand Hotel Krasnapolsky where I presented my first ever paper, on the subject of defeating Anti-Virus by means of encapsulation of malicious payload – My session was the second PM of the day, and as the hall filled […] | |||
|
2022-03-04 11:26:33 | Why Deep Learning Technology Is Dividing Opinion In The Tech World (lien direct) | The history of deep learning goes back as far as 1943, when Walter Pitts and Warren McCulloch created a computer model based on the neural networks of the human brain. Today, if we asked a language model like GPT-3 to write an article about the history of deep learning, it might begin with that sentence. […] | |||
|
2022-03-04 11:01:30 | Over 100,000 Medical Infusion Pumps Vulnerable To Years Old Critical Bug (lien direct) | In response to reports that data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are are running with known security issues that hackers could exploit, cybersecurity experts commented below. | ★★★ | ||
|
2022-03-04 10:50:25 | (Déjà vu) Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability (lien direct) | The quantity of cyber-attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to new Threat Spotlight analysis from Barracuda Networks. The Log4Shell vulnerabilities have now been around for more than two months, and Barracuda researchers observed that the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, […] | Vulnerability Threat | ★★★★★ | |
|
2022-03-04 10:46:35 | Survey Finds Electric Vehicle Cybersecurity Fears (lien direct) | Reportedly, about 15% of small and medium-sized businesses had leased or purchased electric cars for commercial applications. However, only 77% of them believed that EVs would become victims of hackers, ransomware, and other breaches when they were hooked up to public charging stations. Zogby Analytics conducted a survey among small and medium-sized business owners to […] | |||
|
2022-03-03 20:48:32 | High Assurance Delivers SD-WANs For All (lien direct) | The prohibitive cost of WAN technology has become a major concern for businesses and governments and driven the explosion in adoption of Software-Defined Wide Area Networks (SD-WAN) in recent years. Yet a gap is beginning to emerge between those businesses able to explore the flexibility and low cost offered by SD-WAN and those, typically regulated, […] | ★★★★★ | ||
|
2022-03-03 20:37:37 | Critical GitLab Vulnerability Could Allow Attackers To Steal Runner Registration Tokens (lien direct) | It has been reported that critical vulnerability in both GitLab Community and Enterprise Edition could enable an attacker to steal runner registration tokens. The vulnerability, which affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, was announced in a security advisory from GitLab. If exploited, an […] | Vulnerability | ||
|
2022-03-03 12:42:09 | Log4Shell Threat Remains Extremely High, Cyber Security Expert Insight (lien direct) | The quantity of cyber-attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to new Threat Spotlight analysis from Barracuda Networks. The Log4Shell vulnerabilities have now been around for more than two months, and Barracuda researchers observed that the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, […] | Threat | ||
|
2022-03-02 12:57:48 | Soaring Cyber Attacks On BBC – \'No Industry Is Untouchable\' (lien direct) | In light of official figures showing that the BBC fends off an average of 383,278 email attacks every day, Industry leaders reacted below. | Guideline | ||
|
2022-03-02 12:46:02 | Ukraine Conflict Puts Organisations\' Cyber-resilience To The Test (lien direct) | critical advantages in the build-up to the Russia-Ukraine conflict. In anticipation of escalating cyberattacks, organisations should take immediate action to secure cyber-resilience. The invasion of Ukraine is the culmination of years of careful preparation from the Russian state. Strategic cyber-advantages were gained in several areas, convincing them of their own cyber-supremacy. Cyber-advantage one: Cyberwar practice […] | |||
|
2022-03-02 12:41:08 | Reality Winner\'s Twitter Account Was Hacked To Target Journalists (lien direct) | Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organisations. Hackers took over Winner’s verified Twitter account and changed the profile name to “Feedback Team” to impersonate Twitter staff before sending out suspicious DMs to verified users. | Threat | ||
|
2022-03-01 12:59:46 | How Can Organisations Protect Themselves From Cyberattacks In An Increasingly Virtual World? (lien direct) | Research by McAfee discovered that 81% of global organisations experienced increased cyber threats during the Covid-19 pandemic. This threat has also extended to the public sector, and has become a significant enough concern to prompt the UK government to launch the nation's first ever cybersecurity strategy to help protect public sector bodies from bad actors. […] | Threat | ||
|
2022-03-01 12:54:37 | What Caused The Ransomware Attack On Toyota? Experts Insight (lien direct) | Toyota, the world's largest carmaker has halted production at all of its plants in Japan after a ransomware attack on a key supplier. This marks another major enterprise casualty as hackers continue to see rising success with ransomware attacks. | Ransomware | ||
|
2022-02-28 19:27:35 | Healthcare\'s Digital Transformation: Powered By PETs (lien direct) | Data has fundamentally changed the way organizations operate, a fact that is particularly true in the healthcare space. There is certainly no shortage of data to leverage - in fact, some estimates suggest that 30% of the world's data volume is generated from the healthcare industry and the worldwide data volume is increasing at a […] | |||
|
2022-02-28 19:23:00 | An Olympic Effort? Ensuring Security In A Rising Threat Landscape (lien direct) | High-profile, global events are always likely to create cybersecurity concerns – and the Olympic Games is no exception. During the 2020 Tokyo Olympics and Paralympics, the NTT Corporation – which provided its services for the Tokyo Olympic and Paralympic Games – revealed it successfully blocked over 450 million attempted cyber security related incidents during the […] | Threat | ||
|
2022-02-28 19:20:18 | What Experts Have To Say On Samsung Shipped 100 Mil+ Phones With Flawed Encryption (lien direct) | The Register is reporting Samsung shipped ‘100 million’ phones with flawed encryption. Researchers at TelAviv University demonstrated a method that could compromise the hardware security of over 100 million Samsung phones. Android-based Samsung phones had been shipped with design flaws that could allow the extraction of cryptographic keys. … Samsung failed to implement Keymaster TA properly in […] | |||
|
2022-02-25 16:30:25 | Dating Apps Sexual Assault Rise Comment From Experts (lien direct) | Following today’s annoucement that that sexual assaults linked to dating apps have doubled in the past 3 years. Please see a comment from cybersecurity experts. | |||
|
2022-02-25 16:25:03 | Illusive Research Reveals Identity Risks On 1 In 6 Enterprise Endpoints (lien direct) | Following the news that Illusive research reveals identity risks on 1 in 6 endpoints, Cyber Security Expert, highlights the problem with poorly managed or configured identity and the need for tools to help manage account access and identity. | |||
|
2022-02-25 16:21:14 | Amazon And DocuSign Among Most Impersonated Brands For Phishing Worldwide (lien direct) | Amazon was the most impersonated brand in email phishing attacks in 2021, according to a report from AtlasVPN. In 2018, 17.7 percent of brand phishing emails impersonated Amazon, while 16.5 percent impersonated the global logistics company DHL and 12.7 percent impersonated the eSign software company DocuSign. Community payments platform PayPal came in fourth as its […] | |||
|
2022-02-24 12:52:42 | GitHub Goes Open Source On Security Research (lien direct) | It has been announced that GitHub has opened up its security Advisory Database to community contributions with the aim of furthering the security of the software supply chain. Independent security researchers, academics, and enthusiasts are now able to submit their own research into security vulnerabilities into the open source development platform to provide further insight […] | |||
|
2022-02-24 11:10:43 | “noVNC” Allows MFA Bypass. Expert Reaction (lien direct) | Researcher Mr.dox discovered a way to steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client with a browser running in kiosk mode. Knowing that companies such as Google & LinkedIn now detect the use of reverse proxies commonly used in MiTM attacks, this method was no […] | |||
|
2022-02-23 13:43:36 | Metaverse App Allows Kids Into Virtual Strip Clubs, Experts Advice (lien direct) | Following the news that a researcher posing as a 13-year-old was able to access adult content on the Metaverse, it's clear that metaverse creators will need much more effective age verification to protect children from harm, and thus create trust in their platforms. It's possible to eradicate the age-old trick of simply using a fake identity that […] | |||
|
2022-02-23 13:27:48 | Identity And Access Management Survey Finds 45% Of Organisations Have Deployed An Enterprise Password Management Solution (lien direct) | Includes large enterprises that wish to provide an extra layer of protection and user convenience, and SMBs with limited security budgets LastPass, the global leader in password management, today released the findings of an IDC Global Survey on Identity and Access Management by LastPass. The survey revealed that “balancing company security requirements and the employee […] | Guideline | LastPass | |
|
2022-02-23 13:24:00 | New Report Calls For Increased Industry Collaboration To Speed IoT Security Adoption (lien direct) | It has been reported that new research from PSA Certified 2022 was released yesterday. With regard to IoT security, the survey indicates a positive trend towards increasing the importance placed on security by companies. Almost nine out of ten (89%) believe that security is important to them, and almost half (47%) say that it is one of […] | |||
|
2022-02-23 13:16:49 | Meyer Data Breach – Expert Commentary (lien direct) | A major US-based kitchenware giant Meyer Corp has disclosed a cyber attack that may have led to the exposure of employee data. Meyer discovered an external hack to their employee database system, but is yet to confirm the number of employees impacted and the extent of the data breach. | Data Breach Hack | ||
|
2022-02-23 13:13:25 | Police Return £4m To Victims Of International Crypto Scam (lien direct) | The Greater Manchester Police have managed to return $22.3 million (equivalent to £15m*) in virtual currency to its rightful owners after successfully bringing down a dodgy crypto savings and trading service. To ensure the thugs behind this con are brought to justice, specialist officers from the Manchester police force were able to seize approximately 150 […] | |||
|
2022-02-23 13:07:51 | Russian Cyber Criminals Pose An Increased Threat To UK Firms (lien direct) | With a cyber rapid-response team (CRRT) now being deployed across Europe after a call for help from Ukraine, and a full-scale Russian invasion imminent, cyber attacks are highly likely. With the EU proactively responding to the threat, organisations should follow suit and ensure their protection is up to speed. | Threat | ||
|
2022-02-22 13:23:57 | How Hundreds Of NFTs Have Been Stolen From NFT Marketplace OpenSea (lien direct) | ||||
|
2022-02-22 13:18:29 | .UK Domain Disputes At Record Low (lien direct) | …From insurance for pets and people to big brands, the .UK Dispute Resolution Service has it covered… Nominet, responsible for running the .UK namespace for 25 years, has today released its summary of domain name disputes brought before its Dispute Resolution Service (DRS) during 2021. The number of Complaints was at a record low since […] | |||
|
2022-02-21 13:32:50 | Massive Data Leak Hits Credit Suisse, Cyber Security Experts Reactions (lien direct) | Credit Suisse has hit out after a massive data leak has brought to light the hidden wealth of several clients of the bank. Data on over 18,000 bank accounts was leaked to German media. The data includes personal, shared and corporate accounts as well as ones opened all the way back in the 40s. Nearly 50 […] | |||
|
2022-02-21 13:22:45 | Priti Patel Cyberattack Warning (lien direct) | Following the news that Priti Patel and GCHQ are urging UK companies and public services to take “pre-emptive measures” to defend themselves against cyberattacks amid the Ukraine / Russia tensions, Industry leaders commented below. | Guideline | ||
|
2022-02-17 13:29:28 | Google Almost Doubles Linux Kernel, Kubernetes Zero-day Rewards (lien direct) | Google says it’s paying researchers for reporting vulnerabilities in its latest operating systems, including Google Kubernetes Engine (GKE), and that it’s offering bigger bonuses to those who report zero-day bugs and exploits. Google says it increased rewards to match the community’s expectations, but also that “because we consider the program a success,” they’re extending the […] | Uber | ||
|
2022-02-17 13:26:44 | Expert Commentary On BlackCat Ransomware Claims Ownership Of Swissport Attack (lien direct) | Last week, Swissport was hit by a ransomware attack that caused flight delays and service disruption. BlackCat ransomware has now claimed they were behind the attack and stole data containing images of passports, internal business memos and personal information of job candidates. Dubbed the “most sophisticated” ransomware group of 2021, BlackCat ransomware has already become […] | Ransomware | ||
|
2022-02-17 13:18:46 | “LinkedIn” Phishing Attacks Up 232% In Feb (lien direct) | Researchers at Egress have just issued findings that LinkedIn-themed phishing attacks are up 232% in February. Excerpt: Since February 1st, 2022, we have recorded a 232% increase in email phishing attacks which are impersonating LinkedIn. These attacks use display name spoofing and stylized HTML templates to socially engineer victims into clicking on phishing links and then […] | |||
|
2022-02-17 13:14:34 | Record Year For UK Cyber Investment, Expert Weighs In (lien direct) | According to Annual Cyber Sector Report, the security industry has contributed £5.3bn to the country during 2021, a 33% relative increase compared to what it was in 2020 and 12.5% over 2017 – which is the earliest date that statistics have been available publicly. The findings showed that people operating in this space added more value to […] |
To see everything:
Our RSS (filtrered)
