What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-09 09:12:24 | (Déjà vu) Russian publication Yandex says it is experiencing a “record scale” DDoS attack (lien direct) | Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and and it reportedly continues this week, Bleeping Computer reports. Russian media called the assault the largest in the history of Russian internet (RuNet), and that a US based company confirmed that the attack was ongoing. The […] | |||
|
2021-09-08 10:12:09 | Beating ransomware – 6 issues to solve before it strikes (lien direct) | Being struck by ransomware has been compared to having a heart attack. It's something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes – and sometimes hours – organisations are on their own. It's a moment of unexpected trauma which […] | Ransomware | ||
|
2021-09-07 16:21:52 | KnowBe4 hosts KB4-CON EMEA to help strengthen organisations\' Human Firewalls (lien direct) | KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, will be hosting KB4-CON EMEA (Europe, Middle East and Africa) on the 23rd of September 2021. The European virtual event is an extension of the highly successful KB4-CON US event, which the company says attracted over 10,000 registrants. The cybersecurity-focused event […] | |||
|
2021-09-07 02:30:31 | Password Security – Now\'s the time to get serious (lien direct) | Did you know that over 80% of breaches involve brute force or lost and stolen credentials, and that over 70% of employees reuse passwords at work? Passwords are on your first line of defence against cyber-attacks and won't be going away any time soon, getting this piece of the puzzle correct is foundational for cyber defence, the protection […] | |||
|
2021-09-06 10:27:12 | Irish Gardai clamp down on cyber gang that attacked HSE (lien direct) | Gardaí have seized cyber infrastructure used by the cyber gang involved in the HSE cyber attack earlier this year. The operation is believed to have prevented more than 750 ransomware attacks, the Irish Times has reported. The Garda-led operation targeted websites, domain names and servers used in the attacks, has been led by An Garda […] | Ransomware | ||
|
2021-09-06 10:17:14 | US Cyber Command issues warning on Atlassian Confluence software (lien direct) | The US Cyber Command issued a warning that the Atlassian Corp. PLC's Confluence software is being exploited on a large scale and that users should patch their installations immediately. The vulnerability, formally named CVE-2021-26084, was revealed by Atlassian on Aug. 25 and was described as allowing an authenticated user to execute arbitrary code on a […] | |||
|
2021-09-03 14:50:13 | How to Smartly Scale AppSec Testing (lien direct) | The IT Security Guru has paired up with Synopsys, a recognised leader in application security, to bring you the webinar, ‘How to Smartly Scale AppSec Testing’. No matter what any blog or vendor says you know there is no silver bullet for application security. Complete one item on your to-do list, seven more things are […] | Guideline | ||
|
2021-08-31 15:23:11 | Startup success: manoeuvring a competitive industry (lien direct) | They say hard work is one of the core tenets of success. But, while a strong work ethic can undoubtedly get the job done, the efficiency and experience to guide hard work can go a long way. After all, even if you’re willing to work as hard as possible, it’s not easy to tackle a […] | |||
|
2021-08-31 11:49:52 | CISA Bad Practices list updated to include single-factor authentication (SFA) (lien direct) | The US’ CYbersecurity Infrastructure Security Agency (CISA) has added signle-factor authentication (SFA) to its list of bad practices, which outlines exceptionally risky cybersecurity practices. The agency has specified that this low-security method of authentication is particularly dangerous when used to secure Critical Infrastructure or National Critical Functions. The list also includes the use of unsupported/end-of-life […] | |||
|
2021-08-31 11:42:33 | Microsoft warns of phishing campaign abusing \'open redirects\' (lien direct) | Office 365 customers have been warned by Microsoft of an ongoing phishing campaign that abuses open redirects, an email sales and marketing tool that redirects a visitor to an untrusted site. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying […] | Tool | ||
|
2021-08-27 12:38:43 | Cybersecurity Is the \'Core National Security Challenge\' according to Biden at this week\'s CEO Summit (lien direct) | On Wednesday, President Joe Biden hosted executives from major technology, financial and energy companies for a summit on national cybersecurity, saying that the issue was “the core national security challenge we are facing.” At the start of the meeting, whilst talking to reporters in attendance, President Biden estimated that approximately 500,000 US cybersecurity jobs are […] | |||
|
2021-08-24 16:20:07 | 38 million personal identifiable information exposed in Microsoft Power Apps data leak (lien direct) | Researchers at cybersecurity vendor Upguard have discovered multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data exposed varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, […] | |||
|
2021-08-20 13:45:59 | The four As of identity-based security (lien direct) | In the famous words of David Byrne, there is no time for “dancing, or lovey dovey” when it comes to security. In a world where technology is constantly evolving, it is important to always stay on top of protecting confidential and sensitive information. The standard go-to for security within organisations is the account-based approach; however, […] | |||
|
2021-08-20 13:39:16 | DemonWare ransomware gang attempts to recruit disgruntled employees in insider threat scheme (lien direct) | According to a report by Abnormal Security, on August 12, 2021, their team identified and blocked a number of emails sent to customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies' networks with ransomware. These emails allege to come from someone with ties to […] | Ransomware Threat | ||
|
2021-08-20 13:38:31 | T-Mobile data breach impacts over 40 million users – Security Experts Have Their Say (lien direct) | T-Mobile, one of the world’s largest telecommunications providers and mobile networks, admitted this week that over 40 million customers had been impacted by a data breach. With a reported 104 million T-Mobile customers, this latest breach has hit a significant number of the user base. The company released a statement saying “a highly sophisticated cyberattack” […] | Data Breach | ★★ | |
|
2021-08-19 16:28:07 | Visibility into vulnerabilities: 3 steps to improve software vulnerability management (lien direct) | Vulnerabilities in enterprise IT are everywhere. While it's clear that they need to be addressed, how to do so isn't as clear. The sheer number of vulnerable software versions in an enterprise environment can be overwhelming, making it challenging to address them. The process requires time: to identify the need for an update, to create […] | Vulnerability | ||
|
2021-08-19 14:17:11 | Armis continues to expand in healthcare markets with appointment of new CTO for healthcare (lien direct) | Armis, the unified asset visibility and security platform provider, today announced Oscar Miranda as its new Chief Technology Officer (CTO) for Healthcare. His appointment, the company says, further reinforces Armis’ strategic commitment to securing the healthcare sector, particularly when it comes to identifying and providing mitigation steps for vulnerabilities associated with connected devices within the […] | |||
|
2021-08-16 16:19:56 | Ransomware is a societal problem requiring societal solutions (lien direct) | Ransomware is a crime that is predominantly financially motivated, yet the effects of attacks are far broader and more profound than just the financial impact. Pervasive attacks against healthcare, local government, schools and other forms of critical infrastructure are threatening our quality and safety of life every day. These disruptive attacks tear at the very […] | |||
|
2021-08-16 16:13:10 | What does the Colonial Pipeline attack tell us about security today? (lien direct) | In May the US Colonial Pipeline shut its operational network after a ransomware cyber-attack. It's said to be one of the costliest attacks for an economy. A painful accolade if ever there was one. New details are emerging about the specifics of the pipeline attack all the time but there are a few concerns that […] | Ransomware | ||
|
2021-08-16 16:04:32 | Why you should never pay for ransomware (lien direct) | In the last 13 months the UK lost a reported £10.4 million to cybercrime, as per official police statistics. One of the most damaging forms of cybercrime comes in the form of Ransomware. Not only that, but 81% of cyber security experts believe we are likely to see more ransomware than ever across the next […] | Ransomware | ||
|
2021-08-11 16:17:02 | Comparitech research shows cybercrime victims lose $17.4 billion annually in the UK (lien direct) | Researchers at Comparitech, the security and privacy advice and comparison website, have conducted an assessment of reported figures released by the police and/or government, to reveal that victims worldwide lose an estimated $318bn each year to cybercrime. Unfortunately, the UK specifically was found to have the highest number of reported cybercrime victims with 1,095 victims […] | |||
|
2021-08-06 13:50:31 | DNS vulnerability allows for \'nation-state level spying\' (lien direct) | A new class of DNS vulnerabilities has been discovered, which impacts major DNS-as-a-Service (DNSaaS) providers. It could give hackers the ability to access sensitive information on corporate networks and the power for ‘nation-state level spying’. The flaws provide potential hackers with intelligence harvesting abilities by using a simple domain registration. The research explained: “We found […] | Vulnerability | ||
|
2021-08-06 11:03:22 | CISA partners with Amazon, Google, Microsoft and others to fight Ransomware (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new initiative, in which it will partner with several tech companies to bolster the U.S.’s defences against cyber threats. Named the Joint Cyber Defense Collaborative, the effort aims to combat ransomware and cyberattacks on critical infrastructure. The announcement comes after a string of high-profile attacks, […] | Ransomware | ||
|
2021-08-05 09:51:25 | Vulnerabilities allow for takeover of capsule hotel rooms (lien direct) | Kya Supa, security consultant at LEXFO, inadvertently found a series of security bugs in IoT devices within connected hotel rooms. These vulnerabilities allowed him to take control of the amenities in multiple capsule hotel rooms (tiny rooms stacked side-by-side). Supa presented his findings on Wednesday at the Black Hat Conference 2021. The rooms are controlled […] | |||
|
2021-08-05 09:28:24 | Ransomware hits Isle of Wight schools (lien direct) | The Isle of Wight Education Federation disclosed that its IT systems were shut down last week as a result of a ransomware attack. The attackers encrypted the school data of Carisbrooke College, Island 6th Form, Medina College, Barton Prymary, Hunnyhill Primary and Lanesend Primary. The police have been informed and are working with the schools […] | Ransomware | ||
|
2021-08-05 08:39:25 | Round Table: Confident Cyber Security (lien direct) | The Eskenzi Cyber Book and Film Club take a look at Jessica Barker's book 'Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career,' an easy-to-read, jargon-busting guide on the world of cybersecurity. Javvad Malik – Security Awareness Advocate at KnowBe4, hosts the roundtable and is joined by Jessica Barker, Stephen Khan – […] | |||
|
2021-08-04 17:05:07 | Feedzai acquires behavioural biometrics specialist Revelock to secure cashless commerce (lien direct) | Feedzai, the cloud-based financial risk management platform company, has announced the acquisition of an advanced behavioural biometric platform, Revelock, following a significant $200m investment round earlier this year. Feedzai's acquisition of Revelock will create “the world's largest AI-powered financial risk management platform with native, integrated behavioural biometrics”, the company states. The integrated platform enables financial institutions […] | |||
|
2021-08-04 10:58:03 | Critical flaws affecting embedded TCP/IP Stack used in OT devices (lien direct) | On Wednesday, cybersecurity researchers disclosed 14 vulnerabilities that affect a common TCP/IP stack, which is used in a large amount of OT devices. These devices are manufactured by less than 200 vendors and utilised in manufacturing plants, power generation, water treatment and critical infrastructure sectors. The vulnerabilities have been labelled “INFRA:HALT” and target NicheStack. If […] | |||
|
2021-08-04 10:26:16 | Lazio region hit by Ransomware (lien direct) | On Sunday morning, Italy’s Lazio region suffered a ransomware attack, disabling its IT systems and disrupting the COVID-19 vaccination registration portal. The attackers reportedly encrypted every file in the portal’s data centre and shut down its IT network. President of the Lazio region, Nicola Zingaretti issued a statement, in which she said: “On the night […] | Ransomware | ||
|
2021-08-03 11:09:43 | 2021 sets new record for ransomware attacks (lien direct) | Ransomware attacks have sky-rocketed this year, with H1 2021 already surpassing last year’s total of 304.6 million. Attackers are continuously targeting established technology, infrastructure, innocent people and vulnerable institutions, resulting in a 151% year-to-date increase. April and May of this year reached a new record high while June saw 78.4 recorded ransomware attacks. Both the […] | Ransomware | ||
|
2021-08-03 10:41:06 | Major telecommunications companies hit by APT (lien direct) | Cybereason Nocturnos has published a new report disclosing the discovery of three cyberespionage campaigns that have been targeting major telecommunications companies. The attackers are suspected to be working for “Chinese state interests” and have been tied to the name “DeadRinger”. The campaign have been ongoing in Southeast Asia, and have been specifically focused on telcos, […] | |||
|
2021-08-02 12:46:12 | Armis identifies PwnedPiper vulnerabilities in Swisslog\'s Translogic Pneumatic Tube Systems (lien direct) | Researchers at Armis have discovered nine critical vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic's pneumatic tube system (PTS) stations by Swisslog Healthcare. The Translogic PTS system is a critical infrastructure for healthcare used in more than 3,000 hospitals worldwide. The system is responsible for delivering medications, blood products, and various […] | |||
|
2021-07-29 11:51:22 | Synopsys Rapid Scan helps developers build secure apps with faster, accurate application security testing (lien direct) | This week, Synopsys announced the availability of new Rapid Scan capabilities in its Coverity static application security testing (SAST) and Black Duck software composition analysis (SCA) solutions. The Rapid Scan features provide fast, lightweight vulnerability detection for both proprietary and open source code. Rapid Scan is optimised for the early stages of development, particularly for […] | Vulnerability | ||
|
2021-07-29 08:13:33 | Hacking group targets American defence contractors with aerobics instructor persona (lien direct) | Proofpoint has uncovered a scheme by a group of Iranian hackers posing as a flirty aerobics instructor to target employees of American defence contractors. The hackers created a fake persona named Marcella Flores to try to dupe employees and compromise their computers, according to Proofpoint researchers. The group, also known as TA456 or Tortoiseshell, has […] | |||
|
2021-07-29 08:03:28 | More than 1 in 5 exploits sold on the Dark Web are over three years old (lien direct) | Recent Trend Micro research points to a big problem when it comes to keeping up with patching in legacy IT equipment. It found that nearly a quarter (22%) of exploits sold on cybercriminal underground are more than three years old, indicating the scale of threat from unpatched legacy vulnerabilities. Trend Micro has thus urged organisations to […] | Patching | ||
|
2021-07-29 07:52:32 | Biden signs national security directive to boost critical infrastructure cyber defences (lien direct) | US President Biden has signed a national security directive aimed at boosting defences against ransomware attacks and the hacking of critical infrastructure, such as energy, food, water and power systems. Crucially, the directive sets performance standards for technology and systems used by private companies in these sectors - although it can’t force those companies […] | Ransomware | ||
|
2021-07-28 16:07:46 | Think twice before using Olympics sports in your password (lien direct) | The Authlogics Password Breach Database has once again revealed the weaknesses in people's account security, this time shining a light on the effect the Olympics have had on people's password choices. With the Olympics in full swing, it is clear that sports have been at the top of people's minds, although when it comes to […] | |||
|
2021-07-28 08:16:04 | (Déjà vu) Cost of a data breach hits record high during the pandemic (lien direct) | IBM research indicates that the cost of an enterprise data breach reached a record high during the COVID-19 pandemic. IBM has estimated in its new “Cost of a Data Breach” report that the average data breach now runs upward of $4 million. In fact, in 2021, a typical data breach experienced by companies now costs […] | Data Breach | ||
|
2021-07-28 08:10:15 | Praying Mantis hacker group strikes IIS web servers (lien direct) | An APT group dubbed Praying Mantis or TG1021, by researchers from incident response firm Sygnia, has hit IIS web servers with deserialization flaws and memory-resident malware. It says Praying Mantis group is likely a nation-state threat actor using custom malware that is especially good at avoiding detection to compromise major public and private organisations over […] | Malware Threat | ||
|
2021-07-28 07:58:53 | Racing car dealership says PwC failed to spot fraud (lien direct) | PwC is being sued by a racing car dealer for failing to spot alleged fraud. The UK accounting firm giant has been sued by the administrators of JD Classics, a racing car dealership, for allegedly failing to to spot fraud resulting in losses of over £41m. PwC was accused by administrators from Alvarez & Marsal of […] | |||
|
2021-07-27 08:05:19 | NHS COVID passes targeted by scammers (lien direct) | The CEO of Egress has warned that COVID passport phishing emails are circulating – and directed users to fake NHS websites. The NHS COVID passes allow people to show their coronavirus vaccination details or test results, and are considered an official COVID-19 status. These passes may be requested if a person is travelling abroad or […] | |||
|
2021-07-27 07:57:50 | TikTok to open new cybersecurity centre in Dublin (lien direct) | TikTok has announced it it opening a new cybersecurity centre to fight 'next-generation security threats' in Ireland. The social media giant said Dublin will be the first location of what it calls ‘regional fusion centres’ around the world, to help the company respond to security incidents in real time, 24 hours a day. 'When people […] | |||
|
2021-07-27 07:53:08 | Discord targeted to spread malware (lien direct) | In a new campaign, cybercriminals are using Discord to target gamers and steal their credentials and financial info. The bad actors have abused Discord to host, spread, and control malware aimed at the users of this chat service, according to new research from Sophos. Since last year, Discord has increased in popularity with 140 […] | Malware | ||
|
2021-07-26 11:17:30 | Specops Secure Service Desk Product Review (lien direct) | Supplier: Specops Software Website: specopssoft.com Price: Based on volume Scores Performance 5/5 Features 5/5 Value for Money 4/5 Ease of Use 4.5/5 Overall 5/5 Verdict Tight integration with Windows AD and support for a wide choice of identity services allows Secure Service Desk to verify that password reset requests are from bona fide users. […] | |||
|
2021-07-26 08:28:27 | Man City whistleblower to aid authorities in Financial Fair Play investigation (lien direct) | The man who allegedly hacked Many City is to offer Premier League help in FFP investigation. The alleged hacker, Rui Pinto, at the heart of the Football Leaks allegations has offered assistance to the Premier League in their ongoing investigation of Manchester City. Rui Pinto has been identified as the “whistleblower” who provided German newspaper […] | |||
|
2021-07-26 08:21:30 | Fresh warnings over mobile apps containing Joker malware (lien direct) | Zscaler has discovered a new batch of apps on the Google Play Store hiding Joker malware that that can steal users’ cash and read their text messages. Researchers at Zscaler’s ThreatLabz have warned people to delete these “Joker apps” that can steal cash and read your text messages from Android phones. The malware can even […] | Malware | ||
|
2021-07-26 08:14:02 | (Déjà vu) New Windows security flaw dubbed PetiPotam discovered (lien direct) | Security researcher, Gilles Lionel, has uncovered a new NTLM relay attack that lets hackers take over Windows domains, the Hacker News has reported. The security flaw, named PetiPotam, in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to […] | |||
|
2021-07-23 16:30:43 | CASE STUDY: Archroma: designing security into company processes with Edgescan (lien direct) | What were the challenges Archroma was facing from a security perspective? We are a relatively young company, and we brought Edgescan on board quite early on, so rather than transitioning from another vulnerability management solution it was more a case of deploying the Edgescan SaaS across our IT infrastructure. We operate in the Operational Technology (OT) space, as well, but currently we have a different approach […] | Vulnerability | ||
|
2021-07-23 16:19:46 | European Commission proposes changes to EU law to increase cryptocurrency transaction transparency (lien direct) | European Commission regulators have proposed changes to EU law that would force companies that transfer Bitcoin or other crypto-assets to collect details on the recipient and sender. The proposals would make crypto-assets more traceable, the EU Commission said, and would help stop money-laundering and the financing of terrorism. The package also includes the proposal for […] | |||
|
2021-07-23 16:09:09 | Departing employees pose significant cloud security risks, report finds (lien direct) | This week, cybersecurity provider Netskope released the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers. The results revealed that some departing employees present disproportionately significant cloud security […] | Threat |
To see everything:
Our RSS (filtrered)
