What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-27 07:48:30 | VSCode Extension vulnerabilities could lead to cyberattacks on the supply chain (lien direct) | The Hacker News has reported that newly discovered bugs in VSCode Extensions could lead to supply chain attacks. The severe security flaws uncovered in the popular Visual Studio Code extensions could enable attackers to compromise local machines and build/deployment systems through a developer’s integrated development environment (IDE). The vulnerable extensions can also be exploited to […] | Guideline | ||
|
2021-05-26 08:10:02 | Almost half of British organisations aren\'t reporting data breaches, Crowdstrike finds (lien direct) | Nearly half of firms aren’t reporting data breaches, which is a problem since GDPR demands businesses who suffered a breach to report it within 72 hours. However, new figures from cybersecurity firm CrowdStrike suggest many British firms aren't reporting data breaches in a timely manner, as is required per General Data Protection Regulation (GDPR). Crowdstrike […] | ★★★ | ||
|
2021-05-26 08:04:15 | (Déjà vu) VMware issues critical patch on vCenter Server installs (lien direct) | According to Bleeping Computer, VMware is warning of a critical bug affecting all vCenter Server installs and the company is urging its customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that impacts all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs […] | Vulnerability | ||
|
2021-05-26 07:54:35 | Recent ransomware attacks prompt action from two-thirds of companies (lien direct) | In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the second half of 2021. According to the report, the severe disruptions caused by these attacks has […] | Ransomware | ||
|
2021-05-25 07:59:31 | (Déjà vu) Bose reports data breach following ransomware attack (lien direct) | Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company’s systems in early March. A breach notification letter filed with New Hampshire’s Office of the Attorney General by Bose stated the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.” | Ransomware Data Breach | ★★★★ | |
|
2021-05-25 07:54:09 | It\'s GDPR\'s 3rd Anniversary! (lien direct) | To celebrate the third Anniversary of GDPR, let’s have a look at some stories from around the web on its impact and effectiveness over the years: The New Statesman thinks getting hacked should be more expensive: https://www.newstatesman.com/business/sectors/2021/05/why-getting-hacked-should-be-more-expensive Here, Tripwire takes a look at GDPR’s impact on cloud service providers: Impact of GDPR on Cloud […] | ★★★ | ||
|
2021-05-25 07:42:34 | Latest MacOS patch sees fix for zero-day screenshot malware (lien direct) | Apple has released its macOS Big Sur 11.4 that expands support for external GPUs, fixes bugs in Safari and more. In addition, this update also makes the system more secure by patching an exploit that let sneaky malware take screenshots without the user being aware. Jamf, an Apple-focused mobile device management company, reported that the […] | Malware Patching | ||
|
2021-05-24 10:46:17 | Reinventing Asset Management for Cybersecurity Professionals (lien direct) | In conversations with our customers, it's very clear that organisations need to establish a comprehensive view of their IT asset infrastructure because you can't secure what you don't know or can't see. But that comprehensive view needs to be specific to the security team, which has a different role than IT teams concerned with inventory, […] | |||
|
2021-05-24 07:56:01 | City Police COVID loan fraud probes on the up (lien direct) | City police opened 50 per cent more Covid loan fraud probes in February, according to a City AM report. It noted that the City of London police had begun more investigations into fraud connected to the government's Bounce Back Loan scheme (BBLs) in February than the prior month. In fact, police opened 26 fraud probes […] | ★★★★ | ||
|
2021-05-24 07:46:47 | Damage of SITA data breach still unfolding as Air India compromised (lien direct) | Tech Crunch has reported that a recently found Air India passenger data breach indicates that the SITA hack is worse than first anticipated. Three months after air transport data giant SITA reported its own data breach, the damage is still mounting. Air India said this week that personal data of about 4.5 million passengers had […] | Data Breach Hack | ★★★★★ | |
|
2021-05-21 12:20:30 | How has Covid-19 changed our relationship with digital identity? (lien direct) | Almost every day, no matter where we go or what we do, we often have to provide proof that we are who we say we are. This can be when you open up a bank account, collect a parcel from the post office, or when you make certain purchases. What all these situations have in […] | |||
|
2021-05-20 11:58:33 | Beating ransomware criminals at their own game (lien direct) | With the steady stream of recent ransomware headlines from Colonial Pipeline to the Irish Health Service, it is clear that attempts to stem the wave of successful attacks are not working. The worry of waking up to a ransom message is what keeps many IT security managers and their bosses awake at night. For cybercriminals, […] | Ransomware | ||
|
2021-05-20 08:41:30 | Bug allowed strangers to access Eufy camera feeds (lien direct) | Eufy warned its customers this week after discovering an internal server bug that gave strangers the power to access and control private home-video feeds for an entire day. Customers were also given access to do the same to other users. The vulnerability was the result of a planned server upgrade, which accidentally connected Eufy customers […] | Vulnerability | ||
|
2021-05-20 08:26:10 | Domain Group targeted in phishing attack (lien direct) | Domain Group, an Australian digital real estate business has recently confirmed being targeted in a phishing attack. Jason Pellegrino, CEO of Domain Group, released a statement, in which he stated that “[they] have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made […] | |||
|
2021-05-19 13:57:56 | Round Table: The Smartest Person in the Room (lien direct) | The Eskenzi Cyber Book and Film Club delves into some of the themes that emerge from Christian Espinosa's best-selling book, 'The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity'. Chaired by co-founder of Eskenzi PR, Neil Stinchcombe, Christian is joined by Stephen Khan – Head of Tech and Cyber Security Risk at HSBC and Chair of ClubCISO as well […] | ★★★★★ | ||
|
2021-05-19 13:19:51 | KnowBe4 launches PhishFlip (lien direct) | KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, has announced a new product feature called PhishFlipTM, which turns real-world phishing attacks into safe, simulated phishing templates. A majority of data breaches begin with a phishing attack and the threat continues to grow. According to the fourth quarter 2020 Phishing Activity […] | Threat | ||
|
2021-05-19 12:47:52 | Synopsys Unveils Technology Alliance Partner Program, Adds Integrations for Application Security Orchestration Solution (lien direct) | Synopsys, Inc. has announced the expansion of the Technology Alliance Partner (TAP) segment of the Software Integrity Group's new Global Partner Program at RSA Conference. Synopsys is showcasing integrations between the company's Intelligent Orchestration solution and technology partner tools, including CloudBees and GitHub Actions. With more than 40 DevOps ecosystem vendors currently engaged, the TAP […] | |||
|
2021-05-19 08:43:37 | Issues with legacy data and IT systems (lien direct) | The National Audit Office (NAO) has said that the Covid-19 pandemic has “laid bare” issues caused by legacy IT within the government. The report analysing the government and the pandemic exposed some significant issues with regards to legacy data and IT systems. A large part of the government’s Covid-19 response has been the use and […] | ★★★★★ | ||
|
2021-05-19 08:24:07 | 2.9 million DDoS attacks recorded in Q1 2021 (lien direct) | Researchers from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT) have reported that the first quarter of 2021 saw the launch of approximately 2.9 Distributed Denial of Service (DDoS) attacks. This is a 31% increase to the amount launched at the same time last year. The researchers claimed that “the first two months of the […] | ★★ | ||
|
2021-05-18 08:42:58 | Ireland\'s HSE refuses to pay ransom (lien direct) | Following the cyber attack on the Ireland’s Health Service Executive (HSE), the attackers have sought a ransom. HSE has, however, stated they will not be paying the hackers, even while the country’s healthcare and social services continue dealing with the disruption of the ransomware, which has been described as potentially the ‘most significant’ case of […] | ★★★ | ||
|
2021-05-18 08:24:26 | Strange – but effective – cyber defence trick (lien direct) | Recently, KrebsOnSecurity discovered that close to all ransomware strains have a particular built-in failsafe: they will not install on a device that uses specific virtual keyboards, specifically Russian or Ukrainian. Several Russian-language affiliate moneymaking programmes, including Darkside, prevent their criminal associates to install any malicious software on devices in several Eastern European countries. This is […] | Ransomware | ||
|
2021-05-17 08:35:15 | Irish healthcare system suffers two cyber-attacks (lien direct) | It has been confirmed that Ireland’s healthcare system fell victim to two cyber-attacks on Thursday and Friday last week. The Department of Health reported that its IT systems were shut down after the first ransomware attack on Thursday. On Friday a similar attack was launched against the Health Service Executive (HSE) causing “substantial” cancellations to […] | Ransomware | ||
|
2021-05-17 08:28:31 | Insurance giant hit by ransomware (lien direct) | Over the weekend AXA, an insurance giant based in Thailand, Malaysia, Hong Kong and the Philippines, reported falling victim to a ransomware attack. The attack is claimed to have been perpetrated by the Avaddon ransomware group, which has said it stole 3 TB of sensitive data from AXA’s Asian operations. The attack was not limited […] | Ransomware | ||
|
2021-05-14 15:58:21 | Are your remote or furloughed employees a security threat? (lien direct) | The evolution of the workplace has accelerated over the past year for reasons too painfully obvious to mention. In light of the office exodus, employers have been set the enormous task of adapting and accommodating a remote workforce and managing morale in the face of furloughs. Among the many practical challenges is shoring up your […] | |||
|
2021-05-14 09:50:05 | Heightened work-related stress and increased workloads are taking their toll on technology leader\'s mental wellbeing (lien direct) | A CISOs workday is riddled with high-stress situations as they constantly battle the deluge of threats emerging from the ever-expanding threat landscape. Therefore it is no wonder that the majority of technology leaders are feeling stressed. In recent years the challenges that CISOs face have only intensified. Since the pandemic, security professionals have had […] | Threat Guideline | ||
|
2021-05-13 10:07:40 | Unlock your potential with an intensive cybersecurity retraining bootcamp (lien direct) | The skills gap in cybersecurity is a much-discussed problem in the industry. Diversity is another issue that employers and educational institutions are trying to tackle, but changes are somewhat slow to come. And as the economy moves further into the digital age, it was clear to see people need help changing their career. These were […] | |||
|
2021-05-10 21:52:31 | Protected: Password Security – Now\'s the time to get serious (lien direct) | There is no excerpt because this is a protected post. | |||
|
2021-05-10 11:06:31 | Where DevOps collides with identity security (lien direct) | DevOps is fast becoming a central part of enterprise IT. For entirely understandable reasons, too. As organisations mature and grow, unintended IT silos often prevent the innovation of new products and services from taking flight. DevOps represents the unification of Development and Operations teams and, within that, huge gains for productivity, efficiency and innovation in […] | |||
|
2021-05-10 11:00:58 | Hurrah – It\'s (patch) Tuesday! (lien direct) | When you look at the root causes of a breach – the most prevalent cause is human error. But dig a little deeper and that human error is often failure to patch known security vulnerabilities – many of which have gone unnoticed for not just a few days, but often months and years. This past […] | |||
|
2021-05-07 15:41:46 | Three US healthcare providers suffer data breach (lien direct) | Following a ransomware attack on the administrative services company, CaptureRx, at least three US healthcare providers suffered a data breach. The attach occurred on February 6, and an investigation was launched almost two weeks later, discovering that several files had been accessed by an unauthorised user. The personal health information (PHI) of more than 24,000 […] | Ransomware Data Breach | ||
|
2021-05-07 13:35:49 | Risk to Financial Services and Insurance Organisations increased by 125% in 2020, report reveals (lien direct) | Despite the increased use of mobile device management (MDM), mobile phishing among financial services was at an all-time high last year. A report conducted by endpoint security expert, Lookout, revealed a 125% increase in exposure to considerable risk in both financial services and insurance organisations. The financial report also uncovered that the risk exposure to […] | |||
|
2021-05-07 13:34:05 | Obrela teams up with ABS to boost industrial defences against cyberattacks (lien direct) | The recent cyber-attack against Oldsmar Water Plant in Florida has increased concerns over cybercriminals targeting industrial organisations and highlighted that the cyber-physical attacks that have been predicted for years, are now happening. In February this year, it was announced that cybercriminals had broken into the water plant and changed the level of sodium hydroxide being fed […] | |||
|
2021-05-07 10:09:24 | NCSC provides guidance on cybersecurity for smart cities (lien direct) | The National Cyber Security Centre (NCSC) has released a set of security principles for local authorities to help protect smart city technology from cyber threats. Along with the guidance, it is warning that compromise of a single system in a smart city could have a negative impact across the network if badly designed, this includes […] | ★★★★ | ||
|
2021-05-06 13:07:24 | It\'s World Password Day – Here\'s what the experts say (lien direct) | Passwords essentially are the gateways to our digital lives. From business accounts, social media, shopping, banking – you name it – if they're compromised, it can have big implications. To mark the day, we've compiled the advice of some of the world's leading experts in cybersecurity to help keep individuals and, ultimately, businesses safer on […] | Guideline | ||
|
2021-05-06 11:42:51 | Belgium\'s parliament suffer DDoS attack (lien direct) | On Tuesday the internet service provider Belnet fell victim to a cyberattack. The attack took place at 11:00am CEST when the company experienced a distributed denial of service (DDoS) attack. This resulted in Belnet’s servers being overloaded and preventing any availability of their online services. The attack affected any website with .be domains. As a […] | |||
|
2021-05-05 16:38:04 | 21Nails: Multiple Critical Vulnerabilities in Exim Mail Server (lien direct) | Researchers from Qualys released a study that found 21 unique vulnerabilities in the Exim mail server. Some of these can be linked together to obtain full remote unauthenticated code execution and gain root privileges. In a blog post, the Qualys Research Team said that the vulnerabilities potentially affect numerous organisations due to an estimated 60% […] | |||
|
2021-05-05 16:29:47 | Deja Vu: Apple macOS needs updating again to sort vulnerabilities (lien direct) | Just last week, Apple notified customers about a serious security vulnerability that was patched in macOS 11.3. And just a week later, it’s now warning over another bug fix in a macOS 11.3.1 release that corrects two separate issues which, if exploited, would allow for arbitrary code execution. It’s possible that these new vulns are […] | Vulnerability | ||
|
2021-05-04 17:16:10 | Synopsys Launches New Tool for Automated Application Security (lien direct) | Synopsys has today announced it will showcase the Software Integrity Group's new Intelligent Orchestration solution at RSA Conference on May 17th – 20th. Intelligent Orchestration is a dedicated application security automation pipeline, optimized for speed and efficiency, that ensures the right security tests are performed at the right time. Intelligent Orchestration, which runs in parallel to […] | Tool | ||
|
2021-04-30 07:57:44 | Dorset police investigating data breach (lien direct) | ITV reports on how Dorset police are investigating a “serious data breach” involving pupils from two schools in Christchurch. This is after information about an alleged race hate crime was sent by mistake to a man from Wimborne who had initially emailed the police about a separate incident. Dorset police insist it was human error […] | Data Breach | ||
|
2021-04-30 07:46:47 | Microsoft identifies critical code execution flaws in IoT and OT devices (lien direct) | The 25 security flaws are known collectively as BadAlloc and affect Internet of Things (IoT) devices and Operational Technology (OT) industrial systems. The flaws are caused by memory allocation Integer Overflow or Wraparound bugs. Threat actors can exploit the vulnerabilities to trigger system crashes and execute malicious code remotely on susceptible IoT and OT systems. | Threat | ||
|
2021-04-30 07:38:14 | BBC reports on the Ransomware surge ruining lives (lien direct) | Technology giants Microsoft and Amazon, as well as the FBI and the UK’s National Crime Agency have joined the Ransomware Task Force (RTF) to give governments nearly 50 recommendations on how to take action against ransomware, according to a BBC report. The task force is critical now more than ever as ransomware gangs are now […] | Ransomware | ||
|
2021-04-29 08:07:42 | Lloyds Bank tells customers to beware of text message scam (lien direct) | Lloyds Bank customers are under attack by cybercriminals again. This time, text messages are being used to bait people into thinking there is a security issue with their bank accounts. An example message reads: “LLOYDS-SECURITY: You have successfully scheduled a payment of £69.99 to payee MR ADAMS 28/04. If this was NOT you, visit: https://payee-confirmationcentre.com.” […] | ★★★★★ | ||
|
2021-04-29 07:52:21 | Warning over illegally streaming football on websites “riddled with malware” (lien direct) | A report from cybersecurity firm Webroot shows that almost all (92%) illegal football streaming websites contain some form of malicious content, from malware and phishing lures to social engineering scams. This puts fans at considerable risk In fact, Webroot says in its report that anyone who used an illegal website to watch last weekend's Carabao […] | Malware | ||
|
2021-04-29 07:42:30 | Student researcher discovered Experian API flaw that exposed credit scores of “most Americans” (lien direct) | Credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity learned. Though the flaw has been fixed according to Experian, the researcher, Bill Demirkapi, who reported the finding says he fears the […] | |||
|
2021-04-26 09:22:59 | Cybersecurity and Online Gaming (lien direct) | The online gaming industry has exploded in recent years and is expected to generate close to $200 billion in revenue by 2022. Popular games are reporting revenues in the range of hundreds of millions of dollars per month. This booming industry is seeing significant growth, largely due to the pandemic, with many turning to […] | |||
|
2021-04-26 08:44:33 | Facebook disables Palestinian APT Group Activities (lien direct) | Facebook threat intelligence analysts discovered recent activities linked to two known APT Groups that have been active since 2015. According to Facebook, the groups, AridViper and Preventive Security Service, used Android and Windows malware and advanced social engineering tactics in an effort to attack journalists, human rights activities and military groups in the Middle East. […] | Malware Threat | ||
|
2021-04-23 14:38:43 | 90-Year-Old Woman falls victim to \'largest phone scam ever\' (lien direct) | An elderly woman has lost £23 Million to what could be the largest phone scam ever. The scam took place in Hong Kong in which the victim, who remains nameless, was contacted by someone pretending to be a Chinese official. The scammer tricked the woman in August last year, by telling her that her identity […] | |||
|
2021-04-23 08:48:52 | GCHQ: West faces “moment of reckoning” (lien direct) | Jeremy Fleming, the head of intelligence at intelligence agency GCHQ has said that the technology on which we rely will no longer be shaped by the West. When addressed with the growing challenge from China, he claimed: “we have to keep evolving our approach if we’re going to keep up.” As an example he listed […] | ★★★★★ | ||
|
2021-04-22 15:21:39 | Signal CEO hacks mobile-hacking firm (lien direct) | Moxie Marlinspike, CEO of encrypted messaging app Signal has found vulnerabilities in the software developed by Cellebrite. The vulnerabilities found in the data extraction company’s code allow for arbitrary code execution on the device. Cellebrites products are mostly used by governments and the police to unlock any iOS and Android devices to extract data. Late […] | ★★★★★ | ||
|
2021-04-22 10:45:14 | New UK laws to protect IoT devices amid sales surge (lien direct) | New figures published by the UK government show that almost half (49%) of UK residents have purchased at least one new smart device since the beginning of COVID-19. As a result, manufacturers of smart devices such as phones, speakers, and doorbells will need to provide customers with information about how long they will be guaranteed […] | ★★★★ |
To see everything:
Our RSS (filtrered)
