What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-15 12:18:29 | Outpost24 report finds Top 10 US Credit Unions all have web application issues (lien direct) | A report released this week by Outpost24, that examined the security posture of web applications amongst the Top 10 US Credit Unions, has revealed that they all have security issues. Using Outpost24's attack surface discovery tool called Scout, Outpost24 was able to analyse each Credit Union's public-facing web security environments against the seven most common attack vectors […] | Tool | ★★★★ | |
|
2021-04-15 10:40:28 | University of Hertfordshire hit by cyberattack (lien direct) | Yesterday the University of Hertfordshire was targetted by a cyberattack which resulted in the universities entire IT network being taken down, as well as all access to cloud-based services being blocked. The attack started on Wednesday night at 22:00, when the universities Wi-Fi network was taken down alongside the email system and the universities student […] | |||
|
2021-04-14 14:09:40 | Capcom release final update on ransomware attack (lien direct) | Capcom has released the final update on their investigation into the major ransomware attack they suffered last year. The investigation has found that the attackers accessed the company through an outdated VPN device. Through this avenue, the attackers were able to access the companies network, as well as any compromised devices in the network. The […] | Ransomware | ||
|
2021-04-14 10:54:21 | FBI removed web shells from Exchange Servers without consent (lien direct) | The FBI has been removing web shells from compromised Microsoft Exchange serves following court authorisation. However, owners of the Microsoft Exchange servers were never informed or able to approve of the FBI’s actions. In February, the hacking group HAFIUM exploited several vulnerabilities in Microsoft Exchange’s servers. The group installed web shells in compromised Exchange servers […] | |||
|
2021-04-13 17:00:41 | Synopsys Study reveals increase in Vulned erable, Outdated, and AbandonOpen Source Components in Commercial Software (lien direct) | Synopsys, Inc. has released its 2021 Open Source Security and Risk Analysis (OSSRA) report, which examines the result of more than 1,500 audits of commercial codebases. Produced by the Synopsys Cybersecurity Research Center (CyRC) and performed by the Black Duck® Audit Services team, the report highlights trends in open source usage within commercial applications, while simultaneously providing insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It also presents the widespread risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, […] | |||
|
2021-04-13 16:57:46 | Promising news: users are becoming more savvy to COVID-19 based phishing attacks finds KnowBe4 (lien direct) | KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, has revealed the results of its latest 2021 top-clicked phishing report. It found that, despite still seeing a few phishing email attacks related to COVID-19, users are becoming more savvy and alert to these types of scams. Real phishing emails that […] | |||
|
2021-04-13 16:34:26 | Tim Mackie takes lead channel role for Armis (lien direct) | Armis®, the agentless device security platform, today announced the appointment of Tim Mackie as the new Worldwide Vice President of Channel. As part of Armis' commitment to its global channel partner programme and the accelerating demand for businesses to collaborate with it, Mackie has been appointed to lead this high growth function. Mackie is a […] | Guideline | ||
|
2021-04-12 15:31:54 | Protected: Tweet Chat: The Social Dilemma (lien direct) | There is no excerpt because this is a protected post. | |||
|
2021-04-12 14:01:43 | At last – Thinking outside the SCIF (lien direct) | Q1/21 a symposium was hosted in the US under the title 'Thinking Outside the SCIF' (Sensitive Compartmented Information Facility) to put forward the case for the utilisation of OSINT (Open Source) within the US Military and Intelligence Communities. John McLaughlin (CIA) kicked off day one by correctly pointing out that there was nothing new about […] | ★★★★★ | ||
|
2021-04-12 13:23:23 | Nation-state attackers are increasingly targeting businesses (lien direct) | A new report by criminologists at the University of Surrey and cybersecurity researchers at HP has found that nation-state attacks have risen considerably in the last three years. The report also revealed that both enterprises and businesses are amongst the most targetted organisations by nation-state attackers. The research analyses nation-state attacks taking place between 2017 […] | ★★★★★ | ||
|
2021-04-12 13:15:52 | Israel allegedly takes responsibility for Iran cyberattack (lien direct) | Iran’s main nuclear facility suffered a cyberattack on Sunday, leading to a large scale blackout at Natanz, which Israel now appears to be taking responsibility for. Tehran’s nuclear energy chief described the attack as an act of terrorism, and demands a response against the perpetrators. The incident occurred shortly after the official restarted spinning advanced […] | Guideline | ||
|
2021-04-12 12:21:58 | Apple and Google block NHS Covid-19 App update (lien direct) | The new update to the NHS COVID-19 track and tracing app has been blocked by both Apple and Google, due to its failure to comply with the terms of a recent agreement. The new update would urge users to upload logs of venue check-ins via a barcode scan if they tested positive for COVID-19. The […] | ★★★★ | ||
|
2021-04-09 14:47:51 | Data belonging to over 500 million LinkedIn users sold online to hackers (lien direct) | It has been revealed today that social media platform LinkedIn is the latest to suffer a website scraping attack at the hands of cyber criminals. Data belonging to over 500 million of its users has been posted online and is reportedly being sold to hackers. The news comes only days after it was revealed that […] | ★★ | ||
|
2021-04-09 11:40:07 | Cyber-attacks have potential to spark armed conflict (lien direct) | Mike McGuire a senior lecturer in criminology at the University of Surrey has conducted a study, called Nation States, Cyberconflict and the Web of Profit using publicly available reports into state-sponsored attacks along with interviews with various experts. The study reveals that the world is coming increasingly close to nation state retaliating against cyber-attacks with […] | |||
|
2021-04-09 10:58:57 | LinkedIn Users\' details being sold online (lien direct) | Analysts stumbled across a scraped data set from LinkedIn, in which the data from over half a billion users is being sold online. This marks the second major cybersecurity incident in the past week. The information scraped includes the full names, email addresses, phone numbers, professional titles and other work-related data. CyberNews analysts have been […] | |||
|
2021-04-09 09:16:06 | Outpost24 mark 20th anniversary by naming Karl Thedéen as new CEO (lien direct) | Outpost24, specialists in managing cybersecurity exposure, has celebrated its 20th year anniversary by announcing the appointment of Karl Thedéen as the company's new Chief Executive Officer. Thedéen brings over 20 years of experience in the software and technology sector, having previously held CEO roles at Edgeware AB and Transmode AB public in 2011 before its […] | ★★★★★ | ||
|
2021-04-08 12:09:33 | Carding Mafia hack: 300,000 user accounts exposed (lien direct) | Have I been Pwned reported that the data breach exposed users’ email addresses, hashed passwords, usernames, and IP addresses. Of the 500,000 users of the hacking forum, 297,744 have been affected; however, the forum operators have not yet notified their users. The founder of Have I Been Pwned has confirmed the authenticity of the stolen […] | Data Breach | ||
|
2021-04-08 11:03:38 | University of California and Stanford University systems breached (lien direct) | In February Accellion was the victim of a major security incident, and since then the number of Universities affected by the breach are growing by the day. The latest victims of the breach are the University of California and Stanford University. The university systems have been breached due to the Accellion incident, with an unknown […] | ★★ | ||
|
2021-04-08 09:39:09 | Hackers are using web shells to steal credit cards (lien direct) | VISA has issued a warning about the increase of web shells being used by threat actors to steal credit card details. VISA has seen a rise in the number of threat actors using web shells on compromised servers in order to extract credit card details stolen from customers making payments online. VISA has said that […] | Threat | ||
|
2021-04-07 11:02:04 | Multiple EU organisations have been hit by a cyber-attack (lien direct) | In March a number of European Union organisations, including the European Commission, were hit by a cyber-attack. A spokesperson from the European Commission has revealed that the incident, thought to have taken place last week, impacted the IT infrastructure of several EU institutions. The spokesperson told BleepingComputer, “we are working closely with CERT-EU, the Computer […] | |||
|
2021-04-07 07:44:41 | Hackers actively exploiting SAP Bugs (lien direct) | Active cyberattacks have been reported on known security vulnerabilities in widely deployed SAP applications, giving the attackers access for full take over and the ability to infest an organisation completely. Researchers warn that these attacks could lead to full control of unsecured SAP applications. An alert issued by SAP informs that threat actors are carrying […] | Threat Guideline | ||
|
2021-04-07 00:00:44 | European Cybersecurity Blogger Awards 2021 Open for Nominations (lien direct) | The European Cybersecurity Blogger Awards has returned in 2021 to recognise the best blogs and podcasts in the cybersecurity industry, as voted by themselves or peers and judged by a panel of experts. Nominations have now opened until the 14th of May. The winners will be revealed during a virtual meet-up event on Tuesday, 9th […] | ★★ | ||
|
2021-04-06 16:12:19 | How Can Security Training Harden Your DevOps Process? (lien direct) | Many organisations that are turning to DevOps are struggling with various security challenges along the way. In “The Ultimate Guide of Orchestrating Security and DevOps,” tracing those obstacles to a lingering “cultural conflict” between the developers and security teams. Security teams are struggling to keep up with the pace that DevOps teams are used to, […] | |||
|
2021-04-06 15:56:54 | A battle cry for SMBs to address cybersecurity (lien direct) | When we read about cyberattacks in the news, they typically involve a well-known brand or large enterprise. The perception is the bigger the organization, the greater the impact. However, the recent attack on Microsoft Exchange Servers is expected to impact over 60,000 organisations. Indeed, this is likely to be higher given that recent research has […] | |||
|
2021-04-06 12:50:35 | Apple Mail zero-click vulnerability could allow attackers to take-over victims accounts (lien direct) | A zero-click vulnerability has been discovered in Apple’s macOS Mail which allows attackers to take over a users account by adding or modifying any arbitrary file in Apple Mail's sandbox environment. The bug known as CVE-2020-9922 can be exploited by sending an email with two .ZIP files attached. Once a user has received these emails […] | Vulnerability | ||
|
2021-04-06 12:21:36 | Fortinet FortiOS vulnerabilities are being exploited, warns FBI (lien direct) | A number of US agencies, such as the Federal Bureau of Investigations (FBI) and the Infrastructure Security Agency (CISA), have issued a joint warning that advanced persistent threat (APT) groups are exploiting vulnerabilities found in Fortinet FortiOS. The groups are exploiting the vulnerabilities in order to compromise both government and commercial organisations using the software. […] | Threat | ||
|
2021-04-02 09:37:19 | Decrypting Cryptocurrencies (lien direct) | By Chris Sedgwick, director of security operations at Talion Cryptocurrencies are a topic that touches many areas; not only finance and investing but technology and even political arenas. Although apolitical in itself, it is the structure behind these cryptocurrencies that make them a much talked about subject amongst political purists from across the political spectrum. […] | |||
|
2021-04-01 12:18:15 | Space Industry needs Cybersecurity (lien direct) | At the LORCA Live online event, Rob Meyerson, founder and CEO at Delalune Space claimed that the commercial space industry needs support from the cybersecurity sector in order to build trust and resilience. Former employee of NASA and Blue Origin, Meyerson is now focused on investing in new businesses that aim to operate in the […] | |||
|
2021-04-01 11:53:59 | Gambling Company hit with DDoS attack (lien direct) | Already, DDoS attacks have set a new record and taken the extortion trend that started in August 2020 to the next level. Akamai, an internet security company has already reported the largest known DDoS (RDDoS) attack. The company has said the attack was more complex than previously seen incidents of DDoS attacks. In February of […] | |||
|
2021-04-01 11:27:15 | (Déjà vu) Ubiquiti: cyberattack worse than originally reported (lien direct) | Ubiquiti suffered a data breach, which they disclosed in January 2021. Recent information, however, claims that the data breach report was potentially a cover-up of a larger incident that put customer data and devices deployed on corporate and home networks at risk. Ubiquiti originally reported that an attacker had accessed some of its IT systems, […] | Data Breach | ||
|
2021-04-01 11:13:35 | IoT and IIoT security a major concern for security pros, research finds (lien direct) | In an already volatile environment, organisations are constantly being warned of the growing threat posed by the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices as both converge to bring increased productivity and communications. Yet, this strive for better connectivity is presenting significant risks which are causing sleepless nights for security professionals. A […] | Threat | ||
|
2021-04-01 11:09:12 | Ubiquiti accused of downplaying a “catastrophic” security breach (lien direct) | American journalist and investigative reporter Brian Krebs reported this week that a whistleblower has alleged that Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras, has massively downplayed a “catastrophic” incident to minimize the hit to its stock price. and that the third-party cloud […] | |||
|
2021-04-01 10:53:27 | North Korean hackers targeting Google researchers (lien direct) | A North Korean Hacking group, know to previously have targeted security researchers has recently created a fake offensive security firm. The threat actors were first documented in January 2021, per Google’s Threat Analysis Group (TAG). The TAG specialists have said that the North Korean hackers had developed a web of fake profiles on various social […] | Threat | ||
|
2021-04-01 09:18:34 | Why are you ignoring NIST, NSA and the NCSC? (lien direct) | Between August 2020 and February 2021, “the agencies”, National Institute of Standards and Technology (NIST), National Security Agency (NSA) and National Cyber Security Centre (NCSC) had all published final or preliminary (beta) guidance for Zero Trust (ZT) that is applicable to all sizes of organisations. I would suggest to you that the agencies are experts […] | |||
|
2021-03-31 17:22:37 | VMware urges customers to patch critical vulnerabilities in vRealize Operations platform (lien direct) | Cloud computing and visualisation software and services provider VMware has patched a serious vulnerability that could have led an attacker to steal admin credentials in vRealize Operations. In an advisory published on Tuesday, the company stated that “multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware.” In the same announcement, VMware said that […] | Vulnerability | ||
|
2021-03-31 13:56:11 | UK Cyber Security Council Becomes Independent Entity (lien direct) | The Cyber Security Alliance-led Formation Project has created an umbrella body that will grow to champion cyber security education, training and skills. Today it was announced that the Formation Project to create the Council has completed, allowing the Government-mandated Council to officially become an independent entity, fully and only accountable to its Trustees. The Council […] | |||
|
2021-03-30 10:32:11 | $30,000 to researchers who find bugs in Teams (lien direct) | Microsoft is offering up a $30,000 reward to security researchers who can find vulnerabilities within the Microsoft Teams application. Over the last year, the remote working and collaboration platform has seen a massive increase in users as a result of the coronavirus pandemic. This new bug bounty programme potentially highlights the importance of the application’s […] | |||
|
2021-03-30 10:19:52 | Suspected Russian hackers breach US homeland security (lien direct) | The email accounts belonging to the Trump administration’s head of homeland security (DHS) along with those of members of cybersecurity staff have been hacked by suspected Russian hackers. The hackers specifically targeted the members of cybersecurity staff whose job it is to hunt threats from foreign countries. The accounts were breached in the SolarWinds intrusion, […] | |||
|
2021-03-29 15:57:01 | Ransomware causes shutdown of TV Network (lien direct) | The production systems at Nine Network, an Australian TV network went offline for 24 hours, as a result of a suspected state-backed attack. Following the system shut down early on Sunday morning, all the staff were ordered to work from home indefinitely while the teams deal with the repercussions. Vanessa Morley, Nine Entertainment’s people and […] | |||
|
2021-03-26 15:23:58 | Two vulnerabilities found in Intel Processors (lien direct) | Positive Technologies employees Mark Ermolov and Dmitry Sklyarov, together with independent researcher Maxim Goryachi discovered two undocumented instructions in Intel processors. These can be used to change the microcode, allowing for attackers to take control of the processor and the entire system. According to the data that has been published, the vulnerabilities were left undocumented […] | |||
|
2021-03-26 15:04:13 | Hades ransomware targets \'big game\' in the US (lien direct) | An analysis published on Friday reveals that at least three major companies have been recent victims of the Hades ransomware. The analysis was published by Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams. Accenture claims that the threat actors are targeting organisations that generate at least $1 billion in annual […] | Ransomware Threat | ||
|
2021-03-26 14:25:14 | Bug bounty program issued for Teams (lien direct) | Microsoft has recently started a brand new bug bounty program for their Teams desktop application. The bug bounty program is offering up to $30,000 as a reward for finding security vulnerabilities, with the highest payouts going to whoever has the ability to expose the most Teams user data. The program manager, Lynn Miyashita, said, “The […] | |||
|
2021-03-26 12:31:48 | Mamba ransomware weakness exposed by the FBI (lien direct) | The U.S. Federal Bureau of Investigation (FBI) has issued a statement about the Mamba ransomware, also known as HDDCryptor, as a weakness has been found in the ransomware’s encryption process. This weakness means that organisations targeted by the ransomware can recover from an attack without having to pay the ransom. The weakness has been found in […] | Ransomware | ||
|
2021-03-25 17:11:56 | Popular Android Apps Putting Consumer Privacy and Security At Risk (lien direct) | An information leakage can result in grave consequences. Consider the recent SolarWinds supply chain attack which transpired from the exposure of a critical, and inanely simple, internal password (solarwinds123). In this way, making the recent findings by the Synopsys Cybersecurity Research Center (CyRC) especially troubling. The analysis of over 3,000 popular Android mobile apps showed […] | |||
|
2021-03-25 16:16:38 | DevSecOps as a culture – What you need to know (lien direct) | RosRed orange. Lemon yellow. #ff4500. #6699cc. Whether using pigment or light, when it comes to creating colours, the second word in the colour is the primary colour, and the first word is the descriptor. In “red orange,” it's an orange colour with red; “#6699cc” is a grey with blue added. It's the same idea when […] | |||
|
2021-03-25 14:46:33 | Attackers exploiting recently-patched vulnerabilities (lien direct) | Two vulnerabilities were discovered across the Legacy Themes and plugins in the popular suite of tools for WordPress websites from the marketing platform Thrive Themes. The purpose of Thrive Themes is to help WordPress websites “convert visitors into leads and customers.” The suite of products affected is called Thrive Suite, in which the Legacy Themes […] | Guideline | ||
|
2021-03-25 14:33:26 | Engineer punished for reporting data leak (lien direct) | Security engineer Rob Dyke recently reported a data leak to the Apperta Foundation, which is a non-profit, supported by NHS England and NHS Digital. The organisation thanked him for responsible reporting, however later ‘thanked him’ with legal correspondence and police intervention. Dyke discovered an exposed GitHub repository earlier this month, which was exposing passwords, API […] | |||
|
2021-03-25 12:33:19 | Facebook stops Chinese hackers spying on Uighurs living abroad (lien direct) | On Wednesday, Facebook revealed that it has blocked a group of hackers based in China, known as Evil Eye or Earth Empusa, from using the platform to spy on Uighurs living abroad. The hackers were using Facebook to trick Uighurs into clicking on links infected with malware which enabled them to spy on the victim’s […] | Malware | ||
|
2021-03-25 12:23:12 | FatFace hit by cyberattack, only informing customers two months later (lien direct) | FatFace, a British fashion retailer, suffered a cyber attack in January which may have resulted in both employees’ and customers’ data being compromised. Yesterday FatFace sent customers an email informing them that their personal data could have possibly been compromised in the hack. In the email FatFace also asked customers to keep the details of […] | |||
|
2021-03-25 08:00:32 | Decision diversity: more equals better for the sake of a more secure organisation (lien direct) | The events of 2020 from a cybersecurity perspective have brought to light the significance of diversity for businesses of all sizes. Facing a more diverse range of challenges than most will have experienced before required an equally diverse range of coping mechanisms and responses to navigate accelerated digital transitions. The move to remote working placed […] |
To see everything:
Our RSS (filtrered)
