What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-10 12:50:00 | Les analystes cryptographiques exposent la garantie de Huione Crypto Analysts Expose HuiOne Guarantee\\'s $11 Billion Cybercrime Transactions (lien direct) |
Les analystes de crypto-monnaie ont mis en lumière un marché en ligne appelé Huione garantissent que \\ est largement utilisé par les cybercriminels en Asie du Sud-Est, en particulier ceux liés à des escroqueries de boucherie de porcs.
"Les commerçants sur la plate-forme offrent des services de technologie, de données et de blanchiment d'argent et se sont engagés dans des transactions totalisant au moins 11 milliards de dollars", a déclaré Elliptic dans un rapport partagé avec le Hacker News.
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that\'s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News. |
|||
|
2024-07-10 11:05:00 | Vipersoftx Malware déguise en ebooks sur des torrents pour répandre des attaques furtives ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks (lien direct) |
Les logiciels malveillants sophistiqués connus sous le nom de Vipersoftx ont été observés distribués sous forme de livres électroniques sur des torrents.
"Un aspect notable de la variante actuelle de Vipersoftx est qu'il utilise le Language Runtime (CLR) commun pour charger et exécuter dynamiquement les commandes PowerShell, créant ainsi un environnement PowerShell au sein d'Autoit for Operations", Trellix Security Researchs Mathanraj Thangaraju et Sijo Jacob
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob |
Malware | ★★★ | |
 |
2024-07-10 10:54:21 | Vigilance Vulnerability Alerts - Tanuki Java Service Wrapper: security improvement via Disabling SeImpersonatePrivilege, analyzed on 25/06/2024 (lien direct) | The security of Tanuki Java Service Wrapper was improved via Disabling SeImpersonatePrivilege. - Security Vulnerability | |||
 |
2024-07-10 10:00:15 | Ransomware crews investing in custom data stealing malware (lien direct) | BlackByte, LockBit among the criminals using bespoke tools As ransomware crews increasingly shift beyond just encrypting victims' files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing custom malware for their data theft.… | |||
 |
2024-07-10 10:00:00 | Digital Forensics in the Age of Cryptocurrency: Investigating Blockchain and Crypto Crimes (lien direct) | The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. The rise of cryptocurrencies has introduced a new frontier for criminals, presenting unique challenges for investigators. Unlike traditional financial transactions, cryptocurrency transactions are pseudonymous, meaning identities are obscured by cryptographic addresses. This, coupled with the decentralized nature of blockchain technology, necessitates specialized techniques and tools for digital forensics in the age of cryptocurrency. Understanding Cryptocurrency and Blockchain Before diving into forensic techniques, let's establish some foundational knowledge: Blockchain: A decentralized, public ledger that records transactions across a network of computers. Each transaction is cryptographically linked to the previous one, forming a secure and tamper-proof chain. Cryptocurrency: A digital or virtual currency secured by cryptography. Bitcoin, Ethereum, and Litecoin are popular examples. The pseudonymous nature of blockchain transactions means that while all transactions are publicly visible, the identities of the parties involved are obscured by cryptographic addresses. Key Challenges in Crypto Forensics Pseudonymity: Unlike traditional bank accounts, cryptocurrency transactions do not directly link to real-world identities. Decentralization: The absence of a central authority complicates efforts to track and freeze illicit funds. Multiple Cryptocurrencies: The diverse landscape of cryptocurrencies, each with unique characteristics, requires adaptable forensic techniques. Forensic Techniques for Investigating Crypto Crimes Blockchain Analysis Transaction Tracing: By analyzing the flow of transactions on the blockchain, investigators can track the movement of funds. Tools like Chainalysis, Elliptic, and CipherTrace offer visualizations of transaction flows, highlighting suspicious patterns. Example Scenario: An investigator traces a series of Bitcoin transactions from a ransomware payment to multiple addresses. Using address clustering, they identify a cluster linked to a known exchange, leading to the suspect's identification. Address Clustering: Grouping addresses controlled by the same entity helps link pseudonymous transactions. Techniques like "co-spending" (using multiple addresses in one transaction) aid in clustering. Crypto Wallet Analysis Wallet Extraction: Digital wallets store private keys needed for cryptocurrency transactions. Extracting wallet data from devices involves locating wallet files or using memory forensics to recover private keys. Example Scenario: During a raid, law enforcement seizes a suspect's laptop. Forensic imaging and subsequent analysis reveal a Bitcoin wallet file. The extracted private keys allow investigators to access and trace illicit funds. Forensic Imaging Creating forensic images of suspect devices ensures data integrity and enables detailed analysis. Tools like FTK Imager and EnCase are used for imaging and analyzing digital evidence. Address Attribution KYC Data: Know Your Customer (KYC) regulations require exchanges to collect user identification information. By subpoenaing exchange records, investigators can link blockchain addresses to real-world identities. Example Scenar | |||
 |
2024-07-10 10:00:00 | Google Targets Passkey Support to High-Risk Execs, Civil Society (lien direct) | The tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys. | |||
|
2024-07-10 09:53:58 | Fortinet : Les incidents de cybersécurité sont étroitement liés à la pénurie de compétences dans le domaine (lien direct) | Selon Fortinet, les incidents de cybersécurité sont étroitement liés à la pénurie de compétences dans le domaine L'an dernier, près de 90% des entreprises ont confirmé avoir été victime d'une intrusion en raison d'un manque de compétences cyber. 70% d'entre elles ont reconnu que la pénurie de talents augmentait les cyber risques. - Investigations | |||
 |
2024-07-10 09:51:20 | Unsecured Database Exposed 39 Million Sensitive Legal Records Online (lien direct) | Millions of Legal Documents Exposed Online! Sensitive data leak raises security concerns for the legal industry. Learn how… | |||
 |
2024-07-10 09:30:00 | Most Security Pros Admit Shadow SaaS and AI Use (lien direct) | Next DLP study finds majority of security professionals have used unauthorised apps in past year | |||
|
2024-07-10 09:22:55 | TEHTRIS lance une version intégrale On-Premise de la TEHTRIS XDR AI PLATFORM (lien direct) | TEHTRIS annonce la disponibilité d'une version intégrale On-Premise de la TEHTRIS XDR AI PLATFORM • Selon la criticité de leurs activités, leur localisation géographique ou les réglementations, certaines organisations sont contraintes d'héberger leurs données sur site (on-prem). • De plus en plus d'organisations font par ailleurs le choix, dans une recherche d'équilibre entre flexibilité, sécurité et maîtrise des coûts, de rapatrier leurs solutions cloud sur site (cloud repatriation). • Avec une version On-Prem de l'intégralité de sa plateforme XDR, TEHTRIS développe une capacité unique pour adresser les diverses exigences de chaque organisation. - Produits | |||
|
2024-07-10 08:56:00 | Nouvelle vulnérabilité OpenSSH découverte: risque d'exécution de code à distance potentiel New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (lien direct) |
Les versions sélectionnées de la suite de réseautage OpenSSH Secure sont sensibles à une nouvelle vulnérabilité qui peut déclencher l'exécution du code distant (RCE).
La vulnérabilité, suivie comme CVE-2024-6409 (score CVSS: 7.0), est distincte du CVE-2024-6387 (aka Regresshion) et se rapporte à un cas d'exécution de code dans le processus enfant privés en raison d'une condition de race dans la gestion du signal de la gestion des signals de signal Privsep en raison d'une condition de race dans la gestion des signaux de signal de signal de la gestion des signaux Privsep en raison d'une condition de course dans la gestion des signaux de signal Privsep Treataling Signal Threating in Signal Threatling.Cela n'a aucun impact sur les versions 8.7p1
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 |
Vulnerability | ★★★ | |
 |
2024-07-10 08:55:58 | Cyberattaque sur Snowflake : les derniers enseignements (lien direct) | Les conclusions de Crowdstrike, additionnées à celles de Mandiant, donnent un éclairage sur la campagne de cyberattaques au cœur de laquelle se trouve Snowflake. | |||
|
2024-07-10 08:47:03 | Classement Top Malware juin 2024 : RansomHub prend la tête du classement des ransomwares les plus courants dans le sillage du repli de LockBit3 (lien direct) | Classement Top Malware juin 2024 : RansomHub prend la tête du classement des ransomwares les plus courants dans le sillage du repli de LockBit3 Le Threat Index de Check Point met en évidence un changement dans le paysage du ransomware-as-a-Service (RaaS), puisque RansomHub devance LockBit3 et prend la tête du classement des groupes les plus courants. Dans le même temps, les chercheurs sont parvenus à identifier une campagne de porte dérobée BadSpace Windows diffusée via de fausses mises à jour de navigateur - Malwares | Malware Threat | ||
|
2024-07-10 08:42:01 | Les réseaux de barrière deviennent un fournisseur de services assuré pour le système d'exercice de cyber-incident NCSC Barrier Networks becomes Assured Service Provider for NCSC Cyber Incident Exercising Scheme (lien direct) |
Les réseaux de barrière deviennent assurés de service de service pour NCSC Cyber Incident Exercise Scheme
-
actualités du marché
Barrier Networks becomes Assured Service Provider for NCSC Cyber Incident Exercising Scheme - Market News |
|||
|
2024-07-10 08:40:00 | Microsoft corrige quatre jours zéro en juillet mardi Microsoft Fixes Four Zero-Days in July Patch Tuesday (lien direct) |
Microsoft a abordé deux bogues zéro-jours activement exploités et deux bogues zéro-jours
Microsoft has addressed two actively exploited and two publicly disclosed zero-day bugs this month |
Vulnerability Threat | ||
|
2024-07-10 07:31:07 | Nokia pour livrer le réseau complet, la sécurité et les services gérés à Norlys du Danemark avec Red Hat OpenShift Nokia to deliver full core network, security, and managed services to Norlys of Denmark with Red Hat OpenShift (lien direct) |
Nokia pour fournir des services de réseau, de sécurité et gérés complets à Norlys du Danemark avec Red Hat OpenShift
• Le déploiement des solutions complets de paquets 4G / 5G de Nokia \\ solutions améliorera la qualité et la fiabilité des services de données et de fiabilité pour Norlys (Telia Denmark).
• Nokia sécurisera l'infrastructure réseau avec son portefeuille de produits de sécurité NetGuard pour protéger les points de terminaison du réseau, l'accès aux utilisateurs privilégiés et les identités de réseau numérique.
• Nokia offrira également une enveloppe de service holistique avec des services de sécurité, de performance et d'assurance gérés.
-
actualités du marché
Nokia to deliver full core network, security, and managed services to Norlys of Denmark with Red Hat OpenShift • Deployment of Nokia\'s full 4G/5G packet core, IMS, and SDM solutions will enhance voice and data service quality and reliability for Norlys (Telia Denmark) subscribers. • Nokia will secure the network infrastructure with its NetGuard security product portfolio to protect core network endpoints, privileged user access, and digital network identities. • Nokia will also deliver a holistic service wrap entailing managed security, performance, and assurance services. - Market News |
★★★ | ||
 |
2024-07-10 07:00:00 | Hoarder – Tout sauvegarder mais surtout, tout retrouver… (lien direct) | Hoarder est une application open source et auto-hébergeable qui permet de tout sauvegarder : liens, notes, images. Grâce à sa recherche puissante et son étiquetage automatique par IA, vous pouvez facilement organiser et retrouver vos contenus. | ★★★ | ||
|
2024-07-10 06:26:11 | VIPERSOFTX VARIANT SPOSET ABUSION DE .NET RUNIME pour déguiser le vol de données ViperSoftX variant spotted abusing .NET runtime to disguise data theft (lien direct) |
Freeware AutoIt a également utilisé pour masquer des environnements PowerShell dans les scripts Un logiciel malveillant infostateur en évolution rapide connue sous le nom de Vipersoftx a évolué pour devenir plus dangereux, selon les chercheurs en sécurité du vendeur de détection des menaces Trellix.…
Freeware AutoIt also used to hide entire PowerShell environments in scripts A rapidly-changing infostealer malware known as ViperSoftX has evolved to become more dangerous, according to security researchers at threat detection vendor Trellix.… |
Malware Threat | ★★★ | |
|
2024-07-10 05:00:00 | Cible apt aligné par Houthi-Iligned Moyen-Orient avec \\ 'Guardzoo \\' Spyware Houthi-Aligned APT Targets Mideast Militaries With \\'GuardZoo\\' Spyware (lien direct) |
Des logiciels malveillants simples et des TTP simples jouent sur un contexte de conflits géopolitiques complexes dans le monde arabe.
Simple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world. |
Malware | ★★ | |
|
2024-07-10 03:31:15 | Protocole de réseautage RADIUS a fait exploser dans la soumission via une faille à base de MD5 RADIUS networking protocol blasted into submission through MD5-based flaw (lien direct) |
Si quelqu'un peut faire un peu de craquage de mitm \\ 'ing et de hachage, il peut se connecter sans mot de passe valide nécessaire Les experts en cybersécurité des universités et de Big Tech ont révélé une vulnérabilité dans un client commun.Protocole de réseautage de serveurs qui permet à Snoops de potentiellement contourner l'authentification des utilisateurs via des attaques man-in-the-middle (MITM).…
If someone can do a little MITM\'ing and hash cracking, they can log in with no valid password needed Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to potentially bypass user authentication via man-in-the-middle (MITM) attacks.… |
Vulnerability | ★★★ | |
 |
2024-07-10 02:51:40 | Navigation de la conformité: un guide de base de la configuration du gouvernement américain Navigating Compliance: A Guide to the U.S. Government Configuration Baseline (lien direct) |
Pour les professionnels de la cybersécurité chargés de défendre le secteur public, la lutte contre la ligne de base de la configuration du gouvernement américain (USGCB) n'est qu'un autre obstacle à un fédéral plus sûr demain.Faisant partie d'une large collection d'exigences de conformité au gouvernement fédéral nécessaires, elle a accroché les configurations de sécurité de base nécessaires aux produits informatiques déployés par le gouvernement fédéral.Bien qu'il ne s'agisse pas d'une législation autonome, la conformité de l'USGCB est une exigence fondamentale du FISMA (Federal Information Security Modernization Act).Voici les 10 meilleures FAQ liées à USGCB et comment vous pouvez sortir en tête.1. Qu'est-ce que ...
For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on which baseline security configurations are necessary for federally deployed IT products. While not a standalone piece of legislation, USGCB compliance is a core requirement of FISMA (Federal Information Security Modernization Act). Here\'s the top 10 FAQs related to USGCB and how you can come out on top. 1. What is... |
Legislation | ★★★ | |
|
2024-07-10 00:59:17 | Bogues de licence Critical Windows, plus deux autres sous attaques, Top Patch Mardi Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (lien direct) |
Citrix, SAP mérite également votre attention & # 8211;Parce que les mécréants envisagent déjà d'exploiter mercredi patch mardi effacez votre journal de l'administrateur du système Microsoft \\: le bundle de correctifs dans le patch de juillet de Redmond \\ mardi est unDoozy, avec au moins deux bugs sous exploitation active.…
Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday Patch Tuesday Clear your Microsoft system administrator\'s diary: The bundle of fixes in Redmond\'s July Patch Tuesday is a doozy, with at least two bugs under active exploitation.… |
Threat | ★★★ | |
|
2024-07-10 00:15:44 | Distribution de l'asyncrat déguisé en Ebook Distribution of AsyncRAT Disguised as Ebook (lien direct) |
1.Présentation Ahnlab Security Intelligence Center (ASEC) Couvrait des cas d'Asyncrat distribués via diverses extensions de fichiers (.chm, .wsf et .lnk).[1] [2] Dans les articles de blog susmentionnés, on peut voir que l'acteur de menace a utilisé des fichiers de documents normaux déguisés en questionnaires pour cacher le malware.Dans la même veine, il y a eu récemment des cas où le malware était déguisé en ebook.2. Les logiciels malveillants exécutés via des scripts Le fichier compressé déguisé en Ebook contient un fichier LNK malveillant déguisé ...
1. Overview AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). [1] [2] In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there have been cases recently where the malware was disguised as an ebook. 2. Malware Executed via Scripts The compressed file disguised as an ebook contains a malicious LNK file disguised... |
Malware Threat | ★★★ | |
|
2024-07-09 23:30:00 | Florent Skrabacz, Groupe Erium : A l\'occasion du Cybermois, entrainez-vous et profitez de ce mois de la cyber pour faire mentir l\'adage en devenant étanche à l\'ingénierie sociale ! (lien direct) | Florent Skrabacz, Groupe Erium : A l'occasion du Cybermois, entrainez-vous et profitez de ce mois de la cyber pour faire mentir l'adage en devenant étanche à l'ingénierie sociale ! - Interviews / primetime | |||
|
2024-07-09 23:22:25 | Microsoft Patch Mardi: Microsoft Patches 142 Vulnérabilités critiques Microsoft Patch Tuesday: Microsoft Patches 142 Critical Vulnerabilities (lien direct) |
Microsoft branche des trous de sécurité critiques en juillet mardi!142 vulnérabilités corrigées, y compris les zéro-jours et la télécommande activement exploités & # 8230;
Microsoft plugs critical security holes in July Patch Tuesday! 142 vulnerabilities patched, including actively exploited zero-days and remote… |
Vulnerability | ★★★ | |
 |
2024-07-09 22:59:54 | US Intel Officiels: Kremlin préfère une fois de plus Trump US intel officials: Kremlin once again prefers Trump (lien direct) |
> Dans un briefing auprès des journalistes mardi, des responsables du renseignement américain ont déclaré que la Russie était l'adversaire américain le plus actif cherchant à influencer la politique américaine.
>In a briefing with reporters on Tuesday, U.S. intelligence officials said Russia is the most active U.S. adversary seeking to influence American politics. |
★★★ | ||
|
2024-07-09 22:40:39 | 5 conseils pour minimiser les effets coûteux de l'exfiltration des données 5 Tips to Minimize the Costly Effects of Data Exfiltration (lien direct) |
Plus une organisation de données plus sensible recueille, plus elle est à risque pour une cyberattaque.Voici comment limiter les dégâts.
The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here\'s how to limit the damage. |
★★★ | ||
|
2024-07-09 22:30:00 | Benoît Fuzeau, CASDEN Banque Populaire, et CLUSIF : NIS 2 est une opportunité pour les RSSI et un moyen de renforcer la Cybersécurité au sein de milliers d\'entreprises et d\'organisations. (lien direct) | Benoît Fuzeau, CASDEN Banque Populaire, et CLUSIF : NIS 2 est une opportunité pour les RSSI et un moyen de renforcer la Cybersécurité au sein de milliers d'entreprises et d'organisations. - Interviews / affiche | |||
 |
2024-07-09 22:28:31 | GCP-2024-041 (lien direct) | Published: 2024-07-08Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-52654CVE-2023-52656 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin High CVE-2023-52654 CVE-2023-52656 | |||
|
2024-07-09 22:28:31 | GCP-2024-018 (lien direct) | Published: 2024-03-12Updated: 2024-04-04, 2024-05-06Description Description Severity Notes 2024-05-06 Update: Added patch versions for GKE Ubuntu node pools. 2024-04-04 Update: Corrected minimum versions for GKE Container-Optimized OS node pools. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-1085 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-1085 | |||
|
2024-07-09 22:28:31 | GCP-2024-013 (lien direct) | Published: 2024-02-27Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-3610 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3610 | |||
|
2024-07-09 22:28:31 | GCP-2024-030 (lien direct) | Published: 2024-05-15Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-52620 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-52620 | |||
|
2024-07-09 22:28:31 | GCP-2024-039 (lien direct) | Published: 2024-06-28Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26923 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin High CVE-2024-26923 | |||
|
2024-07-09 22:28:31 | GCP-2024-028 (lien direct) | Published: 2024-05-13Updated: 2024-05-22Description Description Severity Notes 2024-05-22 Update: Added patch versions for Ubuntu The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26581 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26581 | |||
|
2024-07-09 22:28:31 | GCP-2024-012 (lien direct) | Published: 2024-02-20Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-0193 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-0193 | |||
|
2024-07-09 22:28:31 | GCP-2024-035 (lien direct) | Published: 2024-06-12Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26584 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26584 | |||
|
2024-07-09 22:28:31 | GCP-2024-029 (lien direct) | Published: 2024-05-14Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26642 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26642 | |||
|
2024-07-09 22:28:31 | GCP-2024-017 (lien direct) | Published: 2024-03-06Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-3611 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3611 | |||
|
2024-07-09 22:28:31 | GCP-2024-024 (lien direct) | Published: 2024-04-25Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26585 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26585 | |||
|
2024-07-09 22:28:31 | GCP-2024-036 (lien direct) | Published: 2024-06-18Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:CVE-2024-26584 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26584 | |||
|
2024-07-09 22:28:31 | GCP-2024-034 (lien direct) | Published: 2024-06-11Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:CVE-2024-26583 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26583 | |||
|
2024-07-09 22:28:31 | GCP-2024-014 (lien direct) | Published: 2024-02-26Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-3776 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3776 | |||
|
2024-07-09 22:28:31 | GCP-2024-027 (lien direct) | Published: 2024-05-08Updated: 2024-05-09, 2024-05-15Description Description Severity Notes 2024-05-15 Update: Added patch versions for GKE Ubuntu node pools. 2024-05-09 Update: Corrected severity from Medium to High and clarified that GKE Autopilot clusters in the default configuration are not impacted. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26808 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26808 | |||
|
2024-07-09 22:28:31 | GCP-2024-026 (lien direct) | Published: 2024-05-07Updated: 2024-05-09Description Description Severity Notes 2024-05-09 Update: Corrected severity from Medium to High. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26643 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26643 | |||
|
2024-07-09 22:28:31 | GCP-2024-038 (lien direct) | Published: 2024-06-26Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26924 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin High CVE-2024-26924 | |||
|
2024-07-09 22:28:31 | GCP-2024-011 (lien direct) | Published: 2024-02-15Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-6932 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-6932 | |||
|
2024-07-09 22:28:31 | GCP-2024-033 (lien direct) | Published: 2024-06-10Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:CVE-2022-23222 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2022-23222 | |||
|
2024-07-09 22:28:31 | GCP-2024-010 (lien direct) | Published: 2024-02-14Updated: 2024-04-17Description Description Severity Notes 2024-04-17 Update: Added patch versions for GKE on VMware. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.CVE-2023-6931 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-6931 | |||
|
2024-07-09 22:22:28 | La plate-forme d'investigations basée sur le cloud cible la complexité de la réponse aux incidents Cloud-Based Investigations Platform Targets Complexity in Incident Response (lien direct) |
Le logiciel en tant que société de service Command Zero se lance avec une plate-forme pour enquêter sur les incidents de cybersécurité qui visent à minimiser le travail de grognement.
Software-as-a-service company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work. |
★★★ | ||
|
2024-07-09 21:25:28 | Le projet de loi sur le Sénat bipartisan vise \\ 'trop lourde \\' Cybersecurity Regs Bipartisan Senate bill takes aim at \\'overly burdensome\\' cybersecurity regs (lien direct) |
> La rationalisation de la Loi sur les réglementations fédérales sur la cybersécurité établirait un comité interinstitutions pour recommander les cyber réglementations pour réduire ou renoncer.
>The Streamlining Federal Cybersecurity Regulations Act would establish an interagency committee to recommend which cyber regulations to lessen or waive. |
★★★ |
To see everything:
