What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-10 18:59:47 | Olympics Has Fallen – A Misinformation Campaign Featuring Elon Musk (lien direct) | >
Authored by Lakshya Mathur and Abhishek Karnik As we gear up for the 2024 Paris Olympics, excitement is building, and...
|
|||
 |
2024-07-10 18:36:00 | Nouveau groupe de ransomwares exploitant la vulnérabilité du logiciel de sauvegarde Veeam New Ransomware Group Exploiting Veeam Backup Software Vulnerability (lien direct) |
Un défaut de sécurité maintenant par réglement dans Veeam Backup &Le logiciel de réplication est exploité par une opération de ransomware naissante connue sous le nom d'estateransomware.
Le groupe de Singapour, dont le siège social, a découvert l'acteur de menace début avril 2024, a déclaré que le modus operandi impliquait l'exploitation de CVE-2023-27532 (score CVSS: 7,5) pour mener les activités malveillantes.
Accès initial à la cible
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target |
Ransomware Vulnerability Threat | ||
 |
2024-07-10 18:24:30 | Russian researchers identify alleged Ukrainian developer of malicious remote access tool (lien direct) | Pas de details / No more details | |||
 |
2024-07-10 18:00:02 | Arrêt de cybersécurité du mois: les attaques sous les logiciels malveillants de Darkgate depuis la plage Cybersecurity Stop of the Month: Reeling in DarkGate Malware Attacks from the Beach (lien direct) |
The Cybersecurity Stop of the Month blog series explores the ever-evolving tactics of today\'s cybercriminals. It also examines how Proofpoint helps businesses to fortify their email defenses to protect people against today\'s emerging threats. Proofpoint people protection: end-to-end, complete and continuous So far in this series, we have examined these types of attacks: Uncovering BEC and supply chain attacks (June 2023) Defending against EvilProxy phishing and cloud account takeover (July 2023) Detecting and analyzing a SocGholish Attack (August 2023) Preventing eSignature phishing (September 2023) QR code scams and phishing (October 2023) Telephone-oriented attack delivery sequence (November 2023) Using behavioral AI to squash payroll diversion (December 2023) Multifactor authentication manipulation (January 2024) Preventing supply chain compromise (February 2024) Detecting multilayered malicious QR code attacks (March 2024) Defeating malicious application creation attacks (April 2024) Stopping supply chain impersonation attacks (May 2024) CEO impersonation attacks (June 2024) Background Last year, the number of malware attacks worldwide reached 6.08 billion. That\'s a 10% increase compared with 2022. Why are cybercriminals developing so much malware? Because it is a vital tool to help them infiltrate businesses, networks or specific computers to steal or destroy sensitive data. or destroy sensitive data. There are many types of malware infections. Here are just three examples. RYUK (ransomware) Astaroth (fileless malware) DarkGate (multifunctional malware) DarkGate is a notable example. It\'s a sophisticated and adaptive piece of malware that\'s designed to perform various malicious activities. This includes data theft, unauthorized access and system compromise. What makes DarkGate unique are its key characteristics: Multifunctionality. This malware can execute a range of malicious functions, like keylogging, data exfiltration, remote access and more. Evasion techniques. To help avoid detection, it uses advanced evasion techniques, like code obfuscation, encryption and anti-debugging measures. Distribution methods. Bad actors can distribute DarkGate in a variety of ways to trick users into installing it. These methods include phishing emails, malicious attachments, compromised websites and social engineering tactics. Command and control. DarkGate has automatic connectivity to remote control servers. This allows it to receive instructions and exfiltrate data. Its adaptive flexibility is why DarkGate is favored by so many cybercriminals. The scenario In a recent attack, a threat actor (TA571) used DarkGate to try to infiltrate over 1,000 organizations worldwide. The attack spanned across 14,000 campaigns and contained more than 1,300 different malware variants. DarkGate acted as an initial access broker (IAB). The intent was to gain unauthorized access to an organization\'s networks, systems and users\' credentials to exfiltrate data or deploy ransomware. Once they gain remote access, threat actors have been observed selling this access to other bad actors who can then commit further attacks. In this scenario, the threat actor TA571 targeted a resort city on the U.S. East Coast known for its sandy beaches and 10 million tourist visitors annually. The threat: How did the attack happen? Here is how the recent attack unfolded. 1. The deceptive message. Attackers crafted a message that looked like a legitimate email from a known supplier. It detailed the purchase of health and safety supplies for the city\'s office. Instead of including an attachment, the threat actors added embedded URLs to avoid raising suspicion in an attempt to bypass the incumbent email | Ransomware Malware Tool Threat Cloud | ||
 |
2024-07-10 17:30:20 | DET.Eng.Weekly # 76 - Mon chien a mangé ma newsletter Det. Eng. Weekly #76 - My dog ate my newsletter (lien direct) |
Et des tempêtes de pluie ont mangé mon pouvoir
And rainstorms ate my power |
|||
 |
2024-07-10 17:29:29 | Kematian-voleur: une plongée profonde dans un nouveau voleur d'informations Kematian-Stealer : A Deep Dive into a New Information Stealer (lien direct) |
## Snapshot The CYFIRMA research team has identified a new information stealer malware called Kematian-Stealer. Read Microsoft\'s write-up on information stealers [here](https://security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6). ## Description The malware is hosted on GitHub under the account, "Somali-Devs," and distributed as an open-source tool. Kematian-Stealer is able to extract and copy sensitive information from a number of applications including messaging apps, gaming platforms, VPN services, email clients, password managers, and cryptocurrency wallets. Further, the stealer can capture images using the webcam and from the victim\'s desktop. The stealer also employs a number of tactics to avoid detection. First, it checks for evidence of debugging tools and virtual machine environments. If one is detected, the process is terminated and the script is exited. Additionally, in-memory execution techniques are employed to covertly extract sensitive information from victim computers. ## Detections/Hunting Queries ### Microsoft Defender Antivirus Microsoft Defender Antivirus detects threat components as the following malware: *[PWS:Win32/Multiverze](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PWS:Win32/Multiverze&threatId=-2147178658)* ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-policies-configure?ocid=magicti_ta_learndoc) to check attachments to inbound email. - Encourage users to use Microsoft Edge and other web browsers that support [SmartScreen](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/web-protection-overview?ocid=magicti_ta_learndoc), which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants. - Enforce MFA on all accounts, remove users excluded from MFA, and strictly [require MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?ocid=magicti_ta_learndoc) from all devices, in all locations, at all times. - Enable passwordless authentication methods (for example, Windows Hello, FIDO keys, or Microsoft Authenticator) for accounts that support passwordless. For accounts that still require passwords, use authenticator apps like Microsoft Authenticator for MFA. [Refer to this article](https://learn.microsoft.com/azure/active-directory/authentication/concept-authentication-methods?ocid=magicti_ta_learndoc) for the different authentication methods and features. - For MFA that uses authenticator | Ransomware Spam Malware Tool Threat | ||
 |
2024-07-10 17:21:09 | Feds découvre la ferme en troll russe tentaculaire et compatible Genai Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (lien direct) |
La ferme de bot a été créée à l'aide d'un logiciel amélioré par AI qui a pu créer une multitude de fausses personnalités pour répandre la désinformation de manière convaincante et troublante.
The bot farm was created using AI-enhanced software that was able to create a host of different false personas to spread disinformation in convincing and unsettling ways. |
|||
 |
2024-07-10 17:03:17 | GCP-2024-011 (lien direct) | Published: 2024-02-15Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-6932 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-6932 | |||
|
2024-07-10 17:03:17 | GCP-2024-039 (lien direct) | Published: 2024-06-28Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26923 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin High CVE-2024-26923 | |||
|
2024-07-10 17:03:17 | GCP-2024-038 (lien direct) | Published: 2024-06-26Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26924 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin High CVE-2024-26924 | |||
|
2024-07-10 17:03:17 | GCP-2024-029 (lien direct) | Published: 2024-05-14Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26642 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26642 | |||
|
2024-07-10 17:03:17 | GCP-2024-018 (lien direct) | Published: 2024-03-12Updated: 2024-04-04, 2024-05-06Description Description Severity Notes 2024-05-06 Update: Added patch versions for GKE Ubuntu node pools. 2024-04-04 Update: Corrected minimum versions for GKE Container-Optimized OS node pools. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-1085 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-1085 | |||
|
2024-07-10 17:03:17 | GCP-2024-028 (lien direct) | Published: 2024-05-13Updated: 2024-05-22Description Description Severity Notes 2024-05-22 Update: Added patch versions for Ubuntu The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26581 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26581 | |||
|
2024-07-10 17:03:17 | GCP-2024-027 (lien direct) | Published: 2024-05-08Updated: 2024-05-09, 2024-05-15Description Description Severity Notes 2024-05-15 Update: Added patch versions for GKE Ubuntu node pools. 2024-05-09 Update: Corrected severity from Medium to High and clarified that GKE Autopilot clusters in the default configuration are not impacted. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26808 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26808 | |||
|
2024-07-10 17:03:17 | GCP-2024-026 (lien direct) | Published: 2024-05-07Updated: 2024-05-09Description Description Severity Notes 2024-05-09 Update: Corrected severity from Medium to High. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26643 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26643 | |||
|
2024-07-10 17:03:17 | GCP-2024-024 (lien direct) | Published: 2024-04-25Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26585 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26585 | |||
|
2024-07-10 17:03:17 | GCP-2024-012 (lien direct) | Published: 2024-02-20Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-0193 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-0193 | |||
|
2024-07-10 17:03:17 | GCP-2024-034 (lien direct) | Published: 2024-06-11Updated: 2024-07-10Description Description Severity Notes 2024-07-10 Update: Added patch versions for Container-Optimized OS nodes running minor version 1.26 and 1.27 and added patch versions for Ubuntu nodes. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:CVE-2024-26583 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26583 | |||
|
2024-07-10 17:03:17 | GCP-2024-017 (lien direct) | Published: 2024-03-06Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-3611 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3611 | |||
|
2024-07-10 17:03:17 | GCP-2024-010 (lien direct) | Published: 2024-02-14Updated: 2024-04-17Description Description Severity Notes 2024-04-17 Update: Added patch versions for GKE on VMware. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.CVE-2023-6931 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-6931 | |||
|
2024-07-10 17:03:17 | GCP-2024-014 (lien direct) | Published: 2024-02-26Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-3776 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3776 | |||
|
2024-07-10 17:03:17 | GCP-2024-013 (lien direct) | Published: 2024-02-27Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-3610 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3610 | |||
|
2024-07-10 17:03:17 | GCP-2024-033 (lien direct) | Published: 2024-06-10Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:CVE-2022-23222 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2022-23222 | |||
|
2024-07-10 17:03:17 | GCP-2024-035 (lien direct) | Published: 2024-06-12Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2024-26584 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26584 | |||
|
2024-07-10 17:03:17 | GCP-2024-041 (lien direct) | Published: 2024-07-08Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-52654CVE-2023-52656 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin High CVE-2023-52654 CVE-2023-52656 | |||
|
2024-07-10 17:03:17 | GCP-2024-036 (lien direct) | Published: 2024-06-18Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:CVE-2024-26584 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2024-26584 | |||
|
2024-07-10 17:03:17 | GCP-2024-030 (lien direct) | Published: 2024-05-15Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:CVE-2023-52620 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-52620 | |||
|
2024-07-10 17:00:00 | Extorsion de smash et de grab Smash-and-Grab Extortion (lien direct) |
Le problème
Le «Rapport de renseignement des attaques en 2024» du personnel de Rapid7 [1] est un rapport bien documenté et bien écrit qui mérite une étude minutieuse.Certains plats clés sont: & nbsp;
53% des plus de 30 nouvelles vulnérabilités qui ont été largement exploitées en 2023 et au début de 2024 étaient zéro-jours.
Plus d'événements de compromis en masse sont venus de vulnérabilités de jour zéro que des vulnérabilités du jour.
The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are: 53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities. |
Vulnerability Threat Studies | ||
|
2024-07-10 16:35:00 | Les correctifs de mise à jour de Microsoft \\ Juillet 143 défauts, dont deux activement exploités Microsoft\\'s July Update Patches 143 Flaws, Including Two Actively Exploited (lien direct) |
Microsoft a publié des correctifs pour aborder un total de 143 défauts de sécurité dans le cadre de ses mises à jour mensuelles de sécurité, dont deux sont en cours d'exploitation active dans la nature.
Cinq des 143 défauts sont évalués, 136 sont évalués et quatre sont évalués de gravité modérée.Les correctifs s'ajoutent à 33 vulnérabilités qui ont été abordées dans le navigateur de bord à base de chrome
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser |
Vulnerability | ||
 |
2024-07-10 16:30:00 | Smishing Triad cible l'Inde avec une forte augmentation Smishing Triad Targets India with Fraud Surge (lien direct) |
Smishing Triad \'s Mo implique d'enregistrer des noms de domaine frauduleux qui imitent les organisations légitimes
Smishing Triad\'s MO involves registering fraudulent domain names that mimic legitimate organizations |
|||
|
2024-07-10 16:30:00 | Vraie protection ou fausse promesse?Le guide ultime de présélection ITDR True Protection or False Promise? The Ultimate ITDR Shortlisting Guide (lien direct) |
C'est l'âge de la sécurité de l'identité.L'explosion des attaques de ransomwares motivées a fait réaliser que les CISO et les équipes de sécurité se rendent compte que la protection de l'identité est à la traîne de 20 ans par rapport à leurs paramètres et réseaux.Cette prise de conscience est principalement due à la transformation du mouvement latéral des beaux-arts, trouvée dans les groupes de cybercriminalité apt et supérieurs uniquement à une compétence de base utilisée dans presque toutes les attaques de ransomware.Le
It\'s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The |
Ransomware | ||
 |
2024-07-10 16:22:59 | La dure vérité derrière la résurgence de la Russie \\'s Fin7 The Stark Truth Behind the Resurgence of Russia\\'s Fin7 (lien direct) |
Le groupe de cybercriminaux basé en Russie surnommé "Fin7", connu pour ses attaques de phishing et de logiciels malveillants qui ont coûté des organisations victimes de 3 milliards de dollars depuis 2013, ont été déclarés morts l'année dernière par les autorités américaines.Mais les experts disent que FIN7 a fait la vie en 2024 - la création de milliers de sites Web imitant une gamme de sociétés de médias et de technologie - avec l'aide de solutions Stark Industries, un fournisseur d'hébergement tentaculaire est une source persistante de cyberattaques contre les ennemis de la Russie.
The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia. |
Malware | ||
 |
2024-07-10 16:00:00 | Comment parler au conseil d'administration pour qu'ils montent à bord avec la sécurité How to Speak to the Board So They Get on Board with Security (lien direct) |
En savoir plus sur ce que les CISO doivent savoir sur les réglementations de cybersécurité et faire du cyber est impératif commercial.
Learn more about what CISOs need to know about cybersecurity regulations and making cyber a business imperative. |
|||
 |
2024-07-10 16:00:00 | CVE-2024-5913 PAN-OS: Vulnérabilité de validation d'entrée incorrecte dans PAN-OS (gravité: milieu) CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS (Severity: MEDIUM) (lien direct) |
Pas de details / No more details | Vulnerability | ||
|
2024-07-10 16:00:00 | CVE-2024-5912 Agent Cortex XDR: vérification de vérification de la signature de fichiers incorrect (gravité: médium) CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks (Severity: MEDIUM) (lien direct) |
Pas de details / No more details | |||
|
2024-07-10 16:00:00 | Expédition CVE-2024-5910: l'authentification manquante mène à la prise de contrôle du compte de l'administrateur (gravité: critique) CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover (Severity: CRITICAL) (lien direct) |
Pas de details / No more details | |||
|
2024-07-10 16:00:00 | CVE-2024-5911 PAN-OS: Vulnérabilité de téléchargement de fichiers dans l'interface Web Panorama (Gravité: High) CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface (Severity: HIGH) (lien direct) |
Pas de details / No more details | Vulnerability | ||
|
2024-07-10 16:00:00 | PAN-SA-2024-0006 Bulletin d'information: le script d'installation d'expédition réinitialise le mot de passe racine (gravité: aucun) PAN-SA-2024-0006 Informational Bulletin: Expedition Installation Script Resets Root Password (Severity: NONE) (lien direct) |
Pas de details / No more details | |||
|
2024-07-10 16:00:00 | CVE-2024-3596 PAN-OS: CHAP et PAP lorsqu'ils sont utilisés avec l'authentification par rayon conduisent à l'escalade des privilèges (gravité: milieu) CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation (Severity: MEDIUM) (lien direct) |
Pas de details / No more details | |||
 |
2024-07-10 15:59:17 | Cytactic Snags 16 millions de dollars financement de semences pour la technologie de gestion de la cyber-crise Cytactic Snags $16M Seed Funding for Cyber Crisis Management Technology (lien direct) |
> La startup israélienne collecte 16 millions de dollars en financement de semences pour construire ce qui est décrit comme une plate-forme de «préparation et gestion de la cyber-crise».
>Israeli startup raises $16 million in seed funding to build what is being described as a “cyber crisis readiness and management” platform. |
|||
 |
2024-07-10 15:56:22 | Microsoft tancé sur la fin des connecteurs Office dans Teams (lien direct) | Microsoft va supprimer les connecteurs Office pour Teams au profit des workflows Power Automate. Délai de transition annoncé : trois mois. | |||
 |
2024-07-10 15:47:15 | Le piratage divulgue des milliers de détails d'employés Microsoft et Nokia Hacker Leaks Thousands of Microsoft and Nokia Employee Details (lien direct) |
Hacker & # 8220; 888 & # 8221;Fuite des données personnelles des employés de Nokia et Microsoft sur les forums de violation.Violations de données chez des entrepreneurs tiers & # 8230;
Hacker “888” leaks personal data of Nokia and Microsoft employees on Breach Forums. Data breaches at third-party contractors… |
|||
 |
2024-07-10 15:46:20 | Cybersécurité : Vers une loi mondiale de la protection des données ? (lien direct) | Cybersécurité : Vers une loi mondiale de la protection des données ? Mountaha Ndiaye, EMEA Director, Ecosystem sales & programs chez Hyland, nous donne son avis d'expert : - Points de Vue | Legislation | ||
 |
2024-07-10 15:37:43 | Le sénateur Grassley s'intensifie Senator Grassley intensifies oversight on national cybersecurity in wake of recent CISA CSAT breach (lien direct) |
U.S.Le sénateur Chuck Grassley intensifie ses efforts pour améliorer la cybersécurité nationale.Il a renouvelé son appel à plus fort ...
U.S. Senator Chuck Grassley is escalating his efforts to enhance national cybersecurity. He renewed his call for stronger... |
|||
|
2024-07-10 15:36:00 | Google ajoute Passkeys au programme de protection avancée pour les utilisateurs à haut risque Google Adds Passkeys to Advanced Protection Program for High-Risk Users (lien direct) |
Google a annoncé mercredi qu'il mettait à disposition des touches de pass pour les utilisateurs à haut risque de s'inscrire à son programme de protection avancée (APP).
"Les utilisateurs avaient traditionnellement besoin d'une clé de sécurité physique pour l'application - ils peuvent désormais choisir une clé de passe pour sécuriser leur compte", a déclaré Shuvo Chatterjee, leader du produit de l'application.
PassKeys est considéré comme une alternative plus sécurisée et résistante au phishing aux mots de passe.Basé sur
Google on Wednesday announced that it\'s making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). "Users traditionally needed a physical security key for APP - now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on |
|||
|
2024-07-10 15:30:00 | Microsoft Outlook a été confronté à la vulnérabilité RCE critique en cas de clic critique Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability (lien direct) |
Pour les expéditeurs de confiance, le défaut est zéro cliquez, mais nécessite des interactions en un clic pour les interactions non fiables
For trusted senders, the flaw is zero-click, but requires one-click interactions for untrusted ones |
Vulnerability | ||
|
2024-07-10 15:28:40 | Les escrocs exploitent Ai et Deepfakes pour vendre des faux \\ 'miracle cure \\' sur les plates-formes de méta Scammers harness AI and deepfakes to sell bogus \\'miracle cures\\' on Meta platforms (lien direct) |
Pas de details / No more details | |||
|
2024-07-10 14:56:58 | POCO Rat s'enfuira profondément dans le secteur minier Poco RAT Burrows Deep Into Mining Sector (lien direct) |
Le nouveau malware cible les utilisateurs hispanophones via des liens Google Drive malveillants et exploite une bibliothèque C ++ populaire pour échapper à la détection.
The novel malware targets Spanish-speaking users via malicious Google Drive links, and taps a popular C++ library to evade detection. |
Malware | ||
|
2024-07-10 14:42:11 | Vulnérabilité du rayon RADIUS Vulnerability (lien direct) |
nouvelle attaque contre le protocole d'authentification du rayon:
L'attaque Blast-Radius permet à un attaquant de l'homme dans le milieu entre le client et le serveur RADIUS de forger un message d'acceptation de protocole valide en réponse à une demande d'authentification ratée.Cette contrefaçon pourrait donner à l'attaquant un accès aux appareils et services réseau sans que l'attaquant ne devienne ou ne forçait pas les mots de passe ou les secrets partagés.L'attaquant n'apprend pas les informations d'identification de l'utilisateur.
C'est l'une de ces vulnérabilités qui vient avec un nom sympa, son propre site Web et un logo.
news Article .Recherche ...
New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials. This is one of those vulnerabilities that comes with a cool name, its own website, and a logo. News article. Research ... |
Vulnerability | ||
|
2024-07-10 14:20:49 | Bellingcat met en garde contre \\ 'censure \\' sur X après la recherche sur l'attaque russe est étiquetée Spam Bellingcat warns of \\'censorship\\' on X after research on Russian attack is labeled spam (lien direct) |
Pas de details / No more details | Spam |
To see everything:
