What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-22 16:35:00 | Miter Corporation violé par des pirates d'État-nation exploitant Ivanti Flaws MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws (lien direct) |
La Miter Corporation a révélé que c'était la cible d'une cyberattaque nationale qui a exploité deux défauts zéro jour dans les appareils sécurisés à Ivanti Connect à partir de janvier 2024.
L'intrusion a conduit au compromis de son environnement d'expérimentation, de recherche et de virtualisation en réseau (nerf), un réseau de recherche et de prototypage non classifié.
L'adversaire inconnu "a réalisé une reconnaissance
The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance |
Vulnerability Threat | ★★★ | |
 |
2024-04-22 15:04:06 | Faits saillants hebdomadaires, 22 avril 2024 Weekly OSINT Highlights, 22 April 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting focused on attack activity by APT groups and the infamous FIN7 (tracked by Microsoft as Sangria Tempest). These articles showcase the evolution of threat actor tactics, from FIN7\'s precise spear-phishing campaign targeting a US-based automotive manufacturer with the Anunak backdoor to TA427\'s (Emerald Sleet) strategic information gathering efforts aligned with North Korea\'s interests. ## Description 1. **[Spear-Phishing Campaign by FIN7 (Sangria Tempest) Targeting US-Based Automotive Manufacturer](https://sip.security.microsoft.com/intel-explorer/articles/e14e343c):** BlackBerry analysts detect a spear-phishing campaign by FIN7, tracked by Microsoft as Sangria Tempest, targeting a US-based automotive manufacturer with the Anunak backdoor. The attackers focus on IT department employees with elevated privileges, deploying living off the land binaries (lolbas) and multi-stage processes to mask malicious activity, illustrating a shift towards precise targeting in high-value sectors. 2. **[Information Gathering Tactics of TA427 (Emerald Sleet)](https://sip.security.microsoft.com/intel-explorer/articles/5d36b082):** Proofpoint details the information gathering tactics of TA427, a North Korea-aligned threat actor engaged in benign conversation starter campaigns targeting US and South Korea foreign policy initiatives. TA427 heavily relies on social engineering tactics and web beacons for reconnaissance, impersonating individuals from various verticals to gather strategic intelligence, demonstrating persistence and adaptability in adjusting tactics and infrastructure. 3. **[Analysis of Russia\'s Notorious APT44 (Seashell Blizzard)](https://sip.security.microsoft.com/intel-explorer/articles/24c2a760):** Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. Tracked by Microsoft as Seashell Blizzard, APT44 is actively engaged in espionage, attack, and influence operations to serve Russian national interests. APT44 presents a persistent, high-severity threat to governments and critical infrastructure globally, with a history of aggressive cyber attacks undermining democratic processes and presenting a significant proliferation risk for new cyber attack concepts and methods. 4. **[Zero-Day Exploitation of Palo Alto Networks PAN-OS by UTA0218](https://sip.security.microsoft.com/intel-explorer/articles/958d183b):** Volexity discovers zero-day exploitation of a vulnerability in Palo Alto Networks PAN-OS by threat actor UTA0218, resulting in unauthenticated remote code execution. UTA0218 exploits firewall devices to deploy malicious payloads, facilitating lateral movement within victim organizations, demonstrating highly capable threat actor tradecraft and a clear playbook to further their objectives. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments: - Vulnerability Profile: [CVE-2024-3400](https://sip.security.microsoft.com/intel-profiles/CVE-2024-3400) - Actor Profile: [Sangria Tempest](https://security.microsoft.com/intel-profiles/3e4a164ad64958b784649928499521808aea4d3565df70afc7c85eae69f74278) - Actor Profile: [Seashell Blizzard](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb) - Actor Profile: [Emerald Sleet](https://sip.security.microsoft.com/intel-profiles/f1e214422d | Vulnerability Threat | ★★★ | |
 |
2024-04-22 13:30:00 | Vulnérabilité de confusion de dépendance trouvée dans le projet Apache Dependency Confusion Vulnerability Found in Apache Project (lien direct) |
Cela se produit lorsqu'un package privé récupère un public similaire, conduisant à l'exploit en raison de erreurs de configuration dans les gestionnaires de packages
This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers |
Vulnerability Threat | ★★ | |
 |
2024-04-22 12:50:21 | 22 avril & # 8211;Rapport de renseignement sur les menaces 22nd April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violations Mitre Corporation ont révélé un événement de sécurité qui s'est produit en janvier 2024. L'attaque, liée au groupe chinois de l'APP, UNC5221, a impliqué l'exploitation de deux vulnérabilités zéro jour dans les produits VPN Ivanti.L'attaquant [& # 8230;]
>For the latest discoveries in cyber research for the week of 22nd April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES MITRE Corporation disclosed a security event that occurred in January 2024. The attack, which is linked to Chinese APT group UNC5221, involved exploitation of two zero-day vulnerabilities in Ivanti VPN products. The attacker […] |
Vulnerability Threat | ★★ | |
 |
2024-04-22 12:30:29 | DC3, DCSA collabore pour lancer le programme de divulgation de vulnérabilité pour la base industrielle de la défense DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base (lien direct) |
> Le Département américain de la Défense (DOD) Cyber Crime Center (DC3) et l'agence de contre-espionnage et de sécurité de la défense (DCSA) annoncent ...
>The U.S. Department of Defense (DoD) Cyber Crime Center (DC3) and Defense Counterintelligence and Security Agency (DCSA) announce... |
Vulnerability Industrial | ★★ | |
|
2024-04-22 11:00:00 | La vulnérabilité de transfert de fichiers Crushftp permet aux attaquants de télécharger des fichiers système CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (lien direct) |
Crushftp exhorte les clients à télécharger V11 de sa plate-forme de transfert de fichiers, les attaquants exploitant activement une vulnérabilité qui leur permet de télécharger des fichiers système
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files |
Vulnerability | ★★★ | |
 |
2024-04-22 10:00:00 | Apportez votre propre appareil: comment éduquer vos employés sur les meilleures pratiques de cybersécurité Bring Your Own Device: How to Educate Your Employees On Cybersecurity Best Practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
With the rise of remote and flexible work arrangements, Bring Your Own Device (BYOD) programs that allow employees to use their personal devices for work are becoming increasingly mainstream. In addition to slashing hardware costs, BYOD improves employee satisfaction by 56% and productivity by 55%, a survey by Crowd Research Partners finds. Yet, cybersecurity remains a concern for businesses. 72% are worried about data leakage or loss, while 52% fear the potential for malware on personal devices. But by implementing a strong BYOD policy and educating your employees on cybersecurity best practices, you can reap the benefits of BYOD without putting your company assets and data at risk.
Put a Formal BYOD Policy in Place
Just as your business has acceptable use policies in place for corporate devices, similar policies for personal devices are just as important. Your company’s BYOD policy should provide your employees with clear rules and guidelines on how they can use their devices safely at work without compromising cybersecurity. This policy should cover:
Devices, software, and operating systems that can be used to access digital business resources
Devices, software, and operating systems that can’t be used to access digital business resources
Policies that outline the acceptable use of personal devices for corporate activities
Essential security measures employees must follow on personal devices (such as, complex passwords and regular security updates)
Steps employees must follow if their device is stolen or lost (like immediately report it to their manager or IT department)
A statement that your business will erase company-related data from lost or stolen devices remotely
What happens if an employee violates your BYOD policy (are you going to revoke certain access privileges? If you give employees an allowance to cover BYOD costs, will you freeze the funds? Provide additional corrective training?).
Don’t forget to also include a signature field the employee must sign in to indicate their agreement with your BYOD policies. The best time to introduce employees to the policy is during onboarding or, for existing employees, during the network registration process for the BYOD device. Setting expectations and educating your employees is essential to protect both company data and employee privacy.
Basic Cybersecurity Training
When putting together your BYOD employee training program, don’t make the mistake of thinking basic device security is too…basic. It’s not. Since personal devices are usually less secure than corporate devices, they’re generally at a greater risk of data breaches, viruses, and loss or theft. Comprehensive user education that includes the basics is therefore all the more important to mitigate these risks.
So as a basic rule, your employees should know not to allow their devices to auto-connect to public networks. If, on rare occasions, employees really do need to access company data on an open network, they should use a virtual private network (VPN). VPNs encrypt data and hide we |
Malware Vulnerability | ★★★ | |
 |
2024-04-22 02:35:32 | La NSA lance les 10 meilleurs stratégies d'atténuation de la sécurité du cloud NSA Debuts Top 10 Cloud Security Mitigation Strategies (lien direct) |
Alors que les entreprises passent aux configurations hybrides et multi-clouds, les vulnérabilités résultant de erreurs de configuration et de lacunes de sécurité augmentent, attirant l'attention des mauvais acteurs.En réponse, l'Agence américaine de sécurité nationale (NSA) a publié un ensemble de dix stratégies d'atténuation recommandées, publiées plus tôt cette année (avec le soutien de l'Agence américaine de sécurité de la cybersécurité et des infrastructures sur six des stratégies).Les recommandations couvrent la sécurité du cloud, la gestion de l'identité, la protection des données et la segmentation du réseau.Laissez \\ examiner de plus près: 1. Conservez le modèle de responsabilité partagée dans le cloud ...
As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let \' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model... |
Vulnerability Cloud | ★★★ | |
|
2024-04-21 05:44:44 | Améliorer la cybersécurité industrielle en s'attaquant aux menaces, en respectant les réglementations, en stimulant la résilience opérationnelle Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience (lien direct) |
> Les organisations de l'espace de cybersécurité industrielle traitent constamment des défis, notamment les violations de logiciels, les vulnérabilités matérielles, la chaîne d'approvisionnement ...
>Organizations across the industrial cybersecurity space are constantly dealing with challenges including software breaches, hardware vulnerabilities, supply chain... |
Vulnerability Industrial | ★★ | |
|
2024-04-20 11:23:00 | Palo Alto Networks révèle plus de détails sur la faille Pan-OS critique Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (lien direct) |
Palo Alto Networks a partagé plus de détails sur un défaut de sécurité critique ayant un impact sur Pan-OS qui a été soumis à l'exploitation active & nbsp; in the wild & nbsp; par des acteurs malveillants.
La société a décrit la vulnérabilité, suivie comme & nbsp; CVE-2024-3400 & nbsp; (score CVSS: 10,0), comme "complexe" et une combinaison de deux bugs dans les versions Pan-OS 10.2, Pan-OS 11.0 et Pan-OS 11.1 & nbspdu logiciel.
"Dans
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software. "In |
Vulnerability | ★★★ | |
|
2024-04-20 10:48:00 | Mise à jour critique: une défaut zéro-jour Crushftp exploité dans des attaques ciblées Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (lien direct) |
Les utilisateurs du logiciel de transfert de fichiers d'entreprise CRrsUfTP sont & nbsp; être & nbsp; exhorté & nbsp; à mettre à jour vers la dernière version & nbsp; après la découverte de & nbsp; un défaut de sécurité qui a été soumis à l'exploitation ciblée dans la nature.
"Les versions Crushftp V11 inférieures à 11.1 ont une vulnérabilité où les utilisateurs peuvent échapper à leurs VFS et télécharger des fichiers système", Crushftp & nbsp; Said & NBSP; dans un avis publié vendredi.
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday. |
Vulnerability Threat | ★★★ | |
 |
2024-04-20 09:09:57 | Alertes de vulnérabilité de vigilance - FreeGlut: fuite de mémoire via glutaddsubmenu (), analysé le 20/02/2024 Vigilance Vulnerability Alerts - freeglut: memory leak via glutAddSubMenu(), analyzed on 20/02/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire de FreeGlut, via glutaddsubMenu (), afin de déclencher un déni de service.
-
vulnérabilité de sécurité
An attacker can create a memory leak of freeglut, via glutAddSubMenu(), in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★★ | |
 |
2024-04-19 20:15:33 | FBI: Akira Ransomware Group a fait 42 millions de dollars sur plus de 250 orgs FBI: Akira Ransomware Group Made $42 Million From 250+ Orgs (lien direct) |
The Akira ransomware group has breached the networks of over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds, according to a recent joint cybersecurity advisory issued by the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol\'s European Cybercrime Centre (EC3), and the Netherlands\' National Cyber Security Centre (NCSC-NL). According to FBI investigations, Akira ransomware has targeted a wide range of businesses and critical infrastructure entities across North America, Europe, and Australia since March 2023. While the ransomware initially targeted Windows systems, the FBI recently found Akira\'s Linux variant targeting VMware ESXi virtual machines that are used widely across many large businesses and organizations. ? #StopRansomare: Review our ? #cybersecurity advisory, outlining known #AkiraRansomware #TTPs & #IOCs, developed with @FBI, @EC3Europol, & @NCSC_NL to reduce the exploitation of businesses and critical infrastructure. https://t.co/2VBMKhoAXK pic.twitter.com/Nn0fEK4HRw — CISA Cyber (@CISACyber) April 18, 2024 “Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension. Akira threat actors have continued to use both Megazord and Akira, including Akira_v2 (identified by trusted third party investigations) interchangeably,” the joint cybersecurity advisory reads. The FBI and cybersecurity researchers have observed Akira threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured, mostly using known Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269. Additional methods of initial access include the use of external-facing services such as Remote Desktop Protocol (RDP), spear phishing attacks, and credential abuse. Once initial access is obtained, Akira threat actors attempt to exploit the functions of domain controllers by creating new domain accounts to establish persis | Ransomware Vulnerability Threat Studies | ★★★ | |
 |
2024-04-19 19:17:22 | Mitre a été violée par des vulnérabilités Ivanti Zero-Day MITRE was breached through Ivanti zero-day vulnerabilities (lien direct) |
Pas de details / No more details | Vulnerability Threat | ★★★ | |
 |
2024-04-19 08:59:00 | Les vulnérabilités d'Openmetadata exploitées pour abuser des grappes de Kubernetes pour la cryptomiminage OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining (lien direct) |
> Microsoft avertit que plusieurs vulnérabilités Openmetadata sont exploitées pour déployer des logiciels malveillants de cryptomine dans les environnements Kubernetes.
>Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments. |
Malware Vulnerability | ★★ | |
 |
2024-04-18 20:23:46 | GPT-4 peut exploiter la plupart des vulnes simplement en lisant les avis de menace GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories (lien direct) |
La technologie d'IA existante peut permettre aux pirates d'automatiser les exploits pour les vulnérabilités publiques en minutes à plat.Très bientôt, le correctif diligent ne sera plus facultatif.
Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional. |
Vulnerability Threat Patching | ★★ | |
|
2024-04-18 15:11:02 | UE Cyber Agency ne créera pas de base de données de vulnérabilité active, explique le chef de la cybersécurité EU cyber agency will not create active vulnerability database, says chief cybersecurity officer (lien direct) |
Pas de details / No more details | Vulnerability | ★★★ | |
|
2024-04-18 11:24:00 | Les pirates exploitent Openmetadata Flaws to Mine Crypto sur Kubernetes Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes (lien direct) |
Les acteurs de la menace exploitent activement les vulnérabilités critiques à Openmetadata pour obtenir un accès non autorisé aux charges de travail de Kubernetes et les exploiter pour l'activité minière des crypto-monnaies.
C'est selon l'équipe Microsoft Threat Intelligence, qui & nbsp; a dit & nbsp; les défauts sont armées depuis le début d'avril 2024.
OpenMetadata est un & nbsp; plateforme open source & nbsp; qui fonctionne comme un
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That\'s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a |
Vulnerability Threat | ★★ | |
 |
2024-04-18 11:06:45 | Autres tentatives pour reprendre les projets open source Other Attempts to Take Over Open Source Projects (lien direct) |
Après la découverte de XZ Utils, les gens ont été Examen .Ne surprenant personne, l'incident n'est pas unique:
Le Conseil OpenJS Foundation Cross Project a reçu une série suspecte d'e-mails avec des messages similaires, portant différents noms et chevauchant des e-mails associés à GitHub.Ces e-mails ont imploré OpenJS pour prendre des mesures pour mettre à jour l'un de ses projets JavaScript populaires à & # 8220; Addressez toutes les vulnérabilités critiques, & # 8221;Pourtant, aucune spécification n'a cité.L'auteur de courriels voulait que OpenJS les désigne en tant que nouveau responsable du projet malgré peu de participation préalable.Cette approche ressemble fortement à la manière dont & # 8220; Jia Tan & # 8221;se positionné dans la porte dérobée XZ / Liblzma ...
After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor... |
Vulnerability | ★★ | |
 |
2024-04-18 09:53:59 | The Windows Registry Adventure # 1: Résultats d'introduction et de recherche The Windows Registry Adventure #1: Introduction and research results (lien direct) |
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer based on the Bochs x86 emulator (one of my favorite tools for security research: see Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though I had previously fuzzed PE files in 2019, the new element of code coverage guidance allowed me to discover a completely new bug: issue #2281. For my next target, I chose the Windows registry. That\'s because arbitrary registry hives can be loaded from disk without any special privileges via the RegLoadAppKey API (since Windows Vista). The hives use a binary format and are fully parsed in the kernel, making them a noteworthy local attack surface. Furthermore, I was also somewhat familiar with basic harnessing of the registry, having fuzzed it in 2016 together with James Forshaw. Once again, the code coverage support proved useful, leading to the discovery of issue #2299. But when I started to perform a root cause analysis of the bug, I realized that: The hive binary format is not very well suited for trivial bitflipping-style fuzzing, because it is structurally simple, and random mutations are much more likely to render (parts of) the hive unusable than to trigger any interesting memory safety violations.On the other hand, the registry has many properties that make it an attractive attack | Tool Vulnerability Threat Studies | ★★★★ | |
 |
2024-04-18 06:00:36 | FAQ à partir de l'état du rapport Phish 2024, partie 2: comportements et attitudes des utilisateurs envers la sécurité FAQs from the 2024 State of the Phish Report, Part 2: User Behaviors and Attitudes Toward Security (lien direct) |
Welcome to the second installment of our two-part blog series where we answer the most frequently asked questions about the 2024 State of the Phish Report. In our previous article, we answered questions related to the threat landscape findings. Here, we answer questions related to user behaviors and attitudes, as well as how to grow your security awareness program. One of the most interesting findings that came out of the 2024 State of the Phish report was the fact that 71% of users admitted to engaging in a risky action and 96% of those users understood the risk. This suggests that people are not acting out of ignorance. Despite knowing that their actions could compromise themselves or their organization, people chose to proceed anyway. This information is crucial for the growth of any security awareness program. It enables organizations to tailor their efforts. By observing and analyzing how users interact with security policies, organizations can identify knowledge gaps and areas of resistance. When you engage users in this manner, you not only educate them but also transform them into active participants in protecting your organization. 96% of users who took a risky action knew that it was risky. (Source: 2024 State of the Phish from Proofpoint.) Our findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are some ways to get users to care about security and get engaged? Two-way communication is key. Take a moment to explain to your employees why you\'re running a behavior change program, what the expectations are and what projected outcomes you foresee. Make it personal. Let people know that cybersecurity isn\'t just a work skill but a portable skill they can take home to help themselves and their families be safer in life. Keep your employees up to speed on what\'s happening in the current threat landscape. For example: What types of threats does your business see? Which departments are under attack? How does the security team handle these incidents? What can people do to defend against emerging threats that target them? Research for the 2024 State of the Phish report found that 87% of end users are more motivated to prioritize security when they see increased engagement from leadership or the security team. In short: You need to open up the lines of communication, listen to your employees and incorporate their feedback, and establish a security champion network to help facilitate communication more effectively. Any ideas on why the click rate for phishing simulations went up for many industries this year? There may be a few possible reasons. For starters, there has been an increase in the number of phishing tests sent. Our customers sent out a total of 183 million simulated phishing tests over a 12-month period, up from 135 million in the previous 12-month period. This 36% increase suggests that our customers may have either tested their users more frequently or tested more users in general. Also, some users might be new to these tests, resulting in a higher click rate. Regardless, if you are conducting a phishing campaign throughout the year, the click rates of phishing tests are expected to go up and down because you want to challenge your employees with new attack tactics they have not seen. Otherwise, the perception would be, “Oh, this is the face of a phish,” if you keep phishing your users with the same test. At Proofpoint, we use machine learning-driven leveled phishing to provide a more reliable way to accurately assess user vulnerability. This unique feature allows security teams to examine the predictability of a phishing template and obtain more consistent outcomes while improving users\' resilience against human-activated threats. People need to understand how attackers exploit human vulnerability. Phishing tests should reflect reality and be informed by real-world threats. They are designed to help people spot and re | Tool Vulnerability Threat | ★★ | |
|
2024-04-17 18:07:07 | Ivanti verse des correctifs pour plus de 2 douzaines de vulnérabilités Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities (lien direct) |
Les utilisateurs devront télécharger la dernière version de l'avalanche d'Ivanti \\ pour appliquer des correctifs pour tous les bogues.
Users will need to download the latest version of Ivanti\'s Avalanche to apply fixes for all of the bugs. |
Vulnerability | ★★ | |
|
2024-04-17 16:27:00 | Flaw atlassien critique exploité pour déployer la variante Linux de Cerber Ransomware Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (lien direct) |
Les acteurs de la menace exploitent les serveurs Atlassian non corrigés pour déployer une variante Linux du ransomware Cerber (AKA C3RB3R).
Les attaques Levier et NBSP; CVE-2023-22518 & NBSP; (Score CVSS: 9.1), une vulnérabilité de sécurité critique ayant un impact sur le centre de données de Confluence Atlassian qui permet un attaquant non authentifié pour réinitialiser la confluence et créer un compte administrateur.
Armé de cet accès, un
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a |
Ransomware Vulnerability Threat | ★★ | |
 |
2024-04-17 16:20:25 | Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400) (lien direct) | > Par cyber navre
Le vendeur de réseautage de connaissances zéro hausse les épaules du pare-feu
Ceci est un article de HackRead.com Lire la publication originale: xiid scelledtunnel: imperturbable par une autre vulnérabilité critique du pare-feu (CVE-2024-3400)
>By Cyber Newswire Zero Knowledge Networking vendor shrugs off firewall flaw This is a post from HackRead.com Read the original post: Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400) |
Vulnerability | ★★★ | |
|
2024-04-17 12:24:32 | Ivanti Patches 27 vulnérabilités dans le produit Avalanche MDM Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product (lien direct) |
> Ivanti verse des correctifs pour 27 vulnérabilités dans le produit Avalanche MDM, y compris des défauts critiques menant à l'exécution des commandes.
>Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution. |
Vulnerability | ★★ | |
|
2024-04-17 10:00:00 | Introduction à l'analyse de la composition logicielle et comment sélectionner un outil SCA Introduction to Software Composition Analysis and How to Select an SCA Tool (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Software code is constantly growing and becoming more complex, and there is a worrying trend: an increasing number of open-source components are vulnerable to attacks. A notable instance was the Apache Log4j library vulnerability, which posed serious security risks. And this is not an isolated incident. Using open-source software necessitates thorough Software Composition Analysis (SCA) to identify these security threats. Organizations must integrate SCA tools into their development workflows while also being mindful of their limitations. Why SCA Is Important Open-source components have become crucial to software development across various industries. They are fundamental to the construction of modern applications, with estimates suggesting that up to 96% of the total code bases contain open-source elements. Assembling applications from diverse open-source blocks presents a challenge, necessitating robust protection strategies to manage and mitigate risks effectively. Software Composition Analysis is the process of identifying and verifying the security of components within software, especially open-source ones. It enables development teams to efficiently track, analyze, and manage any open-source element integrated into their projects. SCA tools identify all related components, including libraries and their direct and indirect dependencies. They also detect software licenses, outdated dependencies, vulnerabilities, and potential exploits. Through scanning, SCA creates a comprehensive inventory of a project\'s software assets, offering a full view of the software composition for better security and compliance management. Although SCA tools have been available for quite some time, the recent open-source usage surge has cemented their importance in application security. Modern software development methodologies, such as DevSecOps, emphasize the need for SCA solutions for developers. The role of security officers is to guide and assist developers in maintaining security across the Software Development Life Cycle (SDLC), ensuring that SCA becomes an integral part of creating secure software. Objectives and Tasks of SCA Tools Software Composition Analysis broadly refers to security methodologies and tools designed to scan applications, typically during development, to identify vulnerabilities and software license issues. For effective management of open-source components and associated risks, SCA solutions help navigate several tasks: 1) Increasing Transparency A developer might incorporate various open-source packages into their code, which in turn may depend on additional open-source packages unknown to the developer. These indirect dependencies can extend several levels deep, complicating the understanding of exactly which open-source code the application uses. Reports indicate that 86% of vulnerabilities in node.js projects stem from transitive (indirect) dependencies, w | Tool Vulnerability Threat Patching Prediction Cloud Commercial | ★★ | |
|
2024-04-17 09:15:00 | Ivanti correcte deux défauts d'avalanche critiques dans la mise à jour majeure Ivanti Patches Two Critical Avalanche Flaws in Major Update (lien direct) |
Ivanti a fixé deux vulnérabilités critiques dans son produit MDM Avalanche qui pourrait conduire à l'exécution du code distant
Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution |
Vulnerability | ★★ | |
 |
2024-04-16 20:18:19 | Le Congrès se répercute contre UnitedHealth Group après une attaque de ransomware Congress rails against UnitedHealth Group after ransomware attack (lien direct) |
> Les législateurs de la Chambre soutiennent que la consolidation croissante dans le secteur des soins de santé a créé des vulnérabilités aux cyberattaques.
>House lawmakers argue that growing consolidation in the health care sector has created vulnerabilities to cyberattacks. |
Ransomware Vulnerability | ★★ | |
|
2024-04-16 18:56:00 | Les outils AWS, Google et Azure CLI pourraient fuir les informations d'identification dans les journaux de construction AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs (lien direct) |
La nouvelle recherche sur la cybersécurité a révélé que les outils d'interface de ligne de commande (CLI) d'Amazon Web Services (AWS) et de Google Cloud peuvent exposer des informations d'identification sensibles dans les journaux de construction, posant des risques importants aux organisations.
La vulnérabilité a été nommée Coded & nbsp; Leakycli & nbsp; par la société de sécurité cloud Orca.
"Certaines commandes sur Azure CLI, AWS CLI et Google Cloud CLI peuvent exposer des informations sensibles
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in |
Tool Vulnerability Cloud | ★★★★ | |
|
2024-04-16 18:42:47 | La nouvelle vulnérabilité «Leakycli» fuit AWS et Google Cloud Indementiels New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials (lien direct) |
par waqas Une vulnérabilité critique nommée Leakycli expose les informations d'identification de cloud sensibles à partir d'outils populaires utilisés avec AWS et Google Cloud.Cela présente un risque majeur pour les développeurs, montrant la nécessité de pratiques de sécurité solides.Apprenez à atténuer Leakycli et fortifier votre infrastructure cloud. Ceci est un article de HackRead.com Lire la publication originale: | Tool Vulnerability Cloud | ★★★ | |
|
2024-04-16 16:44:00 | Client de mastic largement utilisé trouvé vulnérable à l'attaque de récupération clé Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack (lien direct) |
Les mainteneurs du & nbsp; Putty Secure Shell (SSH) et Telnet Client & NBSP; ont-t-il alerter les utilisateurs d'une vulnérabilité critique impactant les versions de 0,68 à 0,80 qui pourraient être exploitées pour obtenir une récupération complète de NIST P-521 (ECDSA-SHA2-NISTP521).
La faille a été attribuée à l'identifiant CVE & NBSP; CVE-2024-31497, avec la découverte créditée aux chercheurs Fabian B & Auml; Umer et Marcus
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus |
Vulnerability | ★★ | |
|
2024-04-16 16:40:00 | Identité dans l'ombre: faire la lumière sur les menaces invisibles de la cybersécurité Identity in the Shadows: Shedding Light on Cybersecurity\\'s Unseen Threats (lien direct) |
Dans le paysage numérique en évolution rapide d'aujourd'hui, les organisations sont confrontées à un éventail de plus en plus complexe de menaces de cybersécurité.La prolifération des services cloud et des dispositions de travail à distance a renforcé la vulnérabilité des identités numériques à l'exploitation, ce qui rend impératif pour les entreprises de fortifier leurs mesures de sécurité de l'identité.
Notre récent rapport de recherche, & nbsp; The Identity Underground
In today\'s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground |
Vulnerability Cloud | ★★ | |
 |
2024-04-16 15:52:14 | Ivanti met en garde contre les défauts critiques dans sa solution Avalanche MDM Ivanti warns of critical flaws in its Avalanche MDM solution (lien direct) |
Ivanti a publié des mises à jour de sécurité pour corriger 27 vulnérabilités dans sa solution Avalanche Mobile Device Management (MDM), dont deux critiques de tas critiques qui peuvent être exploitées pour l'exécution de la commande distante.[...]
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...] |
Vulnerability Mobile | ★★ | |
 |
2024-04-16 15:00:00 | Les botnets continuent d'exploiter le CVE-2023-1389 pour une propagation à grande échelle Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread (lien direct) |
Fortiguard Labs dévoile Moobot, Miroi, Agoent, Gafgyt et plus exploitant TP-Link Archer AX21 Vulnérabilité CVE-2023-1389.Apprendre encore plus.
FortiGuard Labs unveils Moobot, Miroi, AGoent, Gafgyt and more exploiting TP-Link Archer AX21 vulnerability CVE-2023-1389. Learn more. |
Vulnerability | ★★ | |
 |
2024-04-16 15:00:00 | Importation dangereuse: Sourceforge Patches Critical Code Vulnérabilité Dangerous Import: SourceForge Patches Critical Code Vulnerability (lien direct) |
Notre équipe de recherche sur la vulnérabilité a découvert une vulnérabilité critique de code dans Sourceforge, que les attaquants auraient pu utiliser pour empoisonner les fichiers déployés et répandre des logiciels malveillants à des millions d'utilisateurs.
Our Vulnerability Research team discovered a critical code vulnerability in SourceForge, which attackers could have used to poison deployed files and spread malware to millions of users. |
Malware Vulnerability | ★★ | |
|
2024-04-16 13:15:00 | Lefakycli Flaw expose AWS et Google Cloud Credentials LeakyCLI Flaw Exposes AWS and Google Cloud Credentials (lien direct) |
Orca Security a déclaré que le problème reflète une vulnérabilité précédemment identifiée dans Azure CLI
Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI |
Vulnerability Cloud | ★★★ | |
|
2024-04-16 13:00:44 | Sécuriser le secteur financier avec Check Point Infinity Global Services Securing the Financial Sector with Check Point Infinity Global Services (lien direct) |
> La transformation numérique a une efficacité considérablement améliorée dans le secteur financier, mais non sans élever le paysage cyber-risque.Les résultats récents du Fonds monétaire international (FMI) révèlent une réalité frappante: les cyberattaques ont plus que doublé depuis la pandémie, mettant en lumière la vulnérabilité du secteur financier en raison de sa gestion des données et des transactions sensibles.Les entreprises ont été confrontées à d'énormes sanctions pour les violations de données, les pertes quadruples à 2,5 milliards de dollars depuis 2017. L'interdépendance de l'industrie financière facilite non seulement ces attaques, mais aussi leur potentiel de saper la confiance dans le système financier mondial. Les recherches sur le point de contrôle confirment que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cela confirme que cetteMenace, notre intelligence des menaces a trouvé [& # 8230;]
>The digital transformation has significantly enhanced efficiency within the financial sector, but not without elevating the cyber risk landscape. Recent findings by the International Monetary Fund (IMF) reveal a stark reality: cyberattacks have more than doubled since the pandemic, spotlighting the financial sector’s vulnerability due to its handling of sensitive data and transactions. Companies have faced enormous penalties for data breaches, with losses quadrupling to $2.5 billion since 2017. The financial industry’s interconnectedness not only facilitates these attacks but also their potential to undermine trust in the global financial system. Check Point Research confirms this threat, our threat intelligence found […] |
Vulnerability Threat | ★★ | |
|
2024-04-16 12:45:00 | Les pros de la cybersécurité exhortent le Congrès américain à aider le NIST à restaurer l'opération NVD Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation (lien direct) |
Une lettre ouverte signée par 50 praticiens de la cybersécurité exige que le Congrès américain soutienne le NIST dans la restauration des opérations dans la base de données nationale de vulnérabilité
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database |
Vulnerability | ★★ | |
|
2024-04-16 10:00:00 | Facteur humain de la cybersécurité: fusion de la technologie avec des stratégies centrées sur les personnes Cybersecurity\\'s Human Factor: Merging Tech with People-Centric Strategies (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a digital era marked by rapidly evolving threats, the complexity of cybersecurity challenges has surged, pressing organizations to evolve beyond traditional, tech-only defense strategies. As the cyber landscape grows more intricate, there\'s a pivotal shift towards embracing methods that are not just robust from a technical standpoint but are also deeply human-centric. This also means that a significant percentage of employees, driven by the high demands of operational pressures, may engage in risky cybersecurity behaviors. Such statistics illuminate the urgent need for a more nuanced approach to cybersecurity—one that not only fortifies defenses but also resonates with and supports the people behind the screens. Integrating human-centric design with continuous threat management emerges as a forward-thinking strategy, promising a balanced blend of technical excellence and user empathy to navigate the complex cybersecurity challenges of today and tomorrow. Embracing the Human Element in Cybersecurity Diving into the realm of human-centric security design and culture, it\'s clear that the future of cybersecurity isn\'t just about the latest technology—it\'s equally about the human touch. This approach puts the spotlight firmly on enhancing the employee experience, ensuring that cybersecurity measures don\'t become an unbearable burden that drives people to take shortcuts. By designing systems that people can use easily and effectively, the friction often caused by stringent security protocols can be significantly reduced. Gartner\'s insights throw a compelling light on this shift, predicting that by 2027, half of all Chief Information Security Officers (CISOs) will have formally embraced human-centric security practices. This isn\'t just a hopeful guess but a recognition of the tangible benefits these practices bring to the table—reducing operational friction and bolstering the adoption of essential controls. This strategic pivot also acknowledges a fundamental truth. When security becomes a seamless part of the workflow, its effectiveness skyrockets. It\'s a win-win, improving both the user experience and the overall security posture. CTEM: Your Cybersecurity Compass in Stormy Seas Imagine that your organization\'s cybersecurity landscape isn\'t just a static battleground. Instead, it’s more like the open sea, with waves of threats coming and going, each with the potential to breach your defenses. That\'s where Continuous Threat Exposure Management (CTEM) sails in, serving as your trusted compass, guiding you through these treacherous waters. CTEM isn\'t your average, run-of-the-mill security tactic. It\'s about being proactive, scanning the horizon with a spyglass, looking for potential vulnerabilities before they even become a blip on a hacker\'s radar. Think of it as your cybersecurity early-warning system, constantly on the lookout for trou | Vulnerability Threat Studies Prediction Medical Technical | ★★ | |
|
2024-04-15 20:31:45 | Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) (lien direct) | ## Instantané
Le 10 avril 2024, la volexité a découvert l'exploitation zéro-jour d'une vulnérabilité dans la fonctionnalité GlobalProtect de Palo Alto Networks Pan-OS à l'un de ses clients de surveillance de la sécurité des réseaux (NSM).La vulnérabilité a été confirmée comme un problème d'injection de commande de système d'exploitation et attribué CVE-2024-3400.Le problème est une vulnérabilité d'exécution de code distante non authentifiée avec un score de base CVSS de 10,0.L'acteur de menace, que volexité suit sous l'alias UTA0218, a pu exploiter à distance l'appareil de pare-feu, créer un shell inversé et télécharger d'autres outils sur l'appareil.L'attaquant s'est concentré sur l'exportation des données de configuration des appareils, puis en le tirant en tirant comme point d'entrée pour se déplacer latéralement au sein des organisations victimes.Au cours de son enquête, Volexity a observé que l'UTA0218 avait tenté d'installer une porte dérobée Python personnalisée, que volexité appelle Upstyle, sur le pare-feu.La porte dérobée Upstyle permet à l'attaquant d'exécuter des commandes supplémentaires sur l'appareil via des demandes de réseau spécialement conçues.UTA0218 a été observé en exploitant des appareils de pare-feu pour déployer avec succès des charges utiles malveillantes.Après avoir réussi à exploiter les appareils, UTA0218 a téléchargé des outils supplémentaires à partir de serveurs distants qu'ils contrôlaient afin de faciliter l'accès aux réseaux internes des victimes.Ils se sont rapidement déplacés latéralement à travers les réseaux victimes de victimes, extrait les informations d'identification sensibles et autres fichiers qui permettraient d'accéder pendant et potentiellement après l'intrusion.Le métier et la vitesse employés par l'attaquant suggèrent un acteur de menace hautement capable avec un livre de jeu clair sur quoi accéder pour poursuivre leurs objectifs.Il est probable que l'exploitation du dispositif de pare-feu, suivie d'une activité de planche pratique, a été limitée et ciblée.Cependant, les preuves d'une activité de reconnaissance potentielle impliquant une exploitation plus répandue visant à identifier les systèmes vulnérables semblent avoir eu lieu au moment de la rédaction.
## Les références
[https://security.paloaltonetworks.com/CVE-2024-3400#new_tab.
[https://www.volexity.com/blog/2024/04/12/zero-ay-exploitation-of-unauthenticated-remote-code-execution-vulnerabilité-in-GlobalProtect-CVE-2024-3400 /] (https://www.volexity.com/blog/2024/04/12/zero-kay-exploitation-of-unauthenticated-remote-code-execution-vulnerabilité-in-globalprotect-CVE-2024-3400 /)
## Snapshot On April 10, 2024, Volexity discovered zero-day exploitation of a vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. The vulnerability was confirmed as an OS command injection issue and assigned CVE-2024-3400. The issue is an unauthenticated remote code execution vulnerability with a CVSS base score of 10.0. The threat actor, which Volexity tracks under the alias UTA0218, was able to remotely exploit the firewall device, create a reverse shell, and download further tools onto the device. The attacker focused on exporting configuration data from the devices, and then leveraging it as an entry point to move laterally within the victim organizations. During its investigation, Volexity observed that UTA0218 attempted to install a custom Python backdoor, which Volexity calls UPSTYLE, on the firewall. The UPSTYLE backdoor allows the attacker to execute additional commands on the device via specially crafted network requests. UTA0218 was observed exploiting firewall devices to successfully deploy malicious payloads. After successfully exploiting devices, UTA0218 downloaded additional tooling from remote servers they controlled in order to facilitate access to victims\' internal networks. They quickly moved laterally thr |
Tool Vulnerability Threat | ★★ | |
|
2024-04-15 19:28:57 | Palo Alto Network émet des chaussettes pour un bug zéro-jour dans son pare-feu OS Palo Alto Network Issues Hotfixes for Zero-Day Bug in Its Firewall OS (lien direct) |
Un acteur de menace sophistiqué tire parti du bug pour déployer une porte dérobée Python pour voler des données et exécuter d'autres actions malveillantes.
A sophisticated threat actor is leveraging the bug to deploy a Python backdoor for stealing data and executing other malicious actions. |
Vulnerability Threat | ★★ | |
|
2024-04-15 16:43:18 | PALO Alto Networks Relaying Corrections pour les jours zéro alors que les attaquants essaiffent la vulnérabilité VPN Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability (lien direct) |
Pas de details / No more details | Vulnerability Threat | ★★★ | |
|
2024-04-15 14:30:00 | Palo Alto Networks Flaw Zero-Day exploité dans des attaques ciblées Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks (lien direct) |
Désigné CVE-2024-3400 et avec un score CVSS de 10,0, la faille permet aux acteurs non autorisés d'exécuter un code arbitraire sur les pare-feu affectés
Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls |
Vulnerability Threat | ★★ | |
|
2024-04-15 13:47:00 | Palo Alto Networks libère des correctifs urgents pour la vulnérabilité PAN-OS exploitée Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability (lien direct) |
Palo Alto Networks a publié des hotfixes pour lutter contre un défaut de sécurité de la sévérité maximale impactant le logiciel Pan-OS qui a fait l'objet d'une exploitation active dans la nature.
Suivi en AS & NBSP; CVE-2024-3400 & NBSP; (CVSS Score: 10.0), la vulnérabilité critique est un cas d'injection de commande dans la fonctionnalité GlobalProtect qu'un attaquant non authentifié pourrait armé pour exécuter du code arbitraire avec root
Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root |
Vulnerability | ★★ | |
|
2024-04-15 10:07:07 | Alertes de vulnérabilité de la vigilance - Wind River Vxworks: fuite de mémoire via OpenSSL Task / POSIX Thread, analysé le 15/02/2024 Vigilance Vulnerability Alerts - Wind River VxWorks: memory leak via OpenSSL Task / POSIX Thread, analyzed on 15/02/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire de Wind River Vxworks, via le thread OpenSSL Task / POSIX, afin de déclencher un déni de service.
-
vulnérabilité de sécurité
An attacker can create a memory leak of Wind River VxWorks, via OpenSSL Task / POSIX Thread, in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★★ | |
|
2024-04-13 20:13:42 | (Déjà vu) Alertes de vulnérabilité de vigilance - Open VSwitch: fuite de mémoire via Xmalloc __ (), analysé le 13/02/2024 Vigilance Vulnerability Alerts - Open vSwitch: memory leak via xmalloc__(), analyzed on 13/02/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire d'Open VSwitch, via xmalloc __ (), afin de déclencher un déni de service.
-
vulnérabilité de sécurité
An attacker can create a memory leak of Open vSwitch, via xmalloc__(), in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★★ | |
|
2024-04-13 14:24:55 | Alertes de vulnérabilité de vigilance - ISC se lier: fuite de mémoire via des modèles de requête récursifs, analysés le 13/02/2024 Vigilance Vulnerability Alerts - ISC BIND: memory leak via Recursive Query Patterns, analyzed on 13/02/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire d'ISC Bind, via des modèles de requête récursifs, afin de déclencher un déni de service.
-
vulnérabilité de sécurité
An attacker can create a memory leak of ISC BIND, via Recursive Query Patterns, in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★★ | |
|
2024-04-13 13:55:00 | Les pirates déploient la porte dérobée Python dans l'attaque de Palo Alto-Day Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (lien direct) |
Les acteurs de la menace ont exploité la faille de zéro jour nouvellement divulguée à Palo
Alto Networks Pan-OS Software datant du 26 mars 2024, près de trois
Des semaines avant, il se révèle hier.
La division Unit 42 de la société de sécurité du réseau est & nbsp; suivi & nbsp; l'activité sous le nom & nbsp; opération MidnightClipse, l'attribuant comme le travail d'un seul acteur de menace de
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company\'s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of |
Vulnerability Threat | ★★ | |
|
2024-04-13 08:35:15 | PALO Alto Networks Zero-Day exploité depuis mars dans des pare-feu de porte dérobée Palo Alto Networks zero-day exploited since March to backdoor firewalls (lien direct) |
Les pirates suspects parrainés par l'État ont exploité une vulnérabilité zéro jour dans les pare-feu Palo Alto suivis comme CVE-2024-3400 depuis le 26 mars, en utilisant les appareils compromis pour violer les réseaux internes, voler des données et des informations d'identification.[...]
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [...] |
Vulnerability Threat | ★★★ | |
 |
2024-04-12 22:29:44 | CVE-2024-3400: Ce que vous devez savoir sur le Pan-OS Zero-Day critique CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day (lien direct) |
MISE À JOUR: Il a été confirmé que la désactivation de la télémétrie ne bloquera pas cet exploit.L'application d'un correctif dès que possible est la correction la plus efficace pour cette vulnérabilité.Des correctifs pour 8 des 18 versions vulnérables ont été publiées;Les correctifs pour les versions vulnérables restantes sont attendues avant le 19 avril.Crowdsstrike travaille constamment à [& # 8230;]
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the 18 vulnerable versions have been released; patches for the remaining vulnerable versions are expected by April 19th. CrowdStrike is constantly working to […] |
Vulnerability Threat | ★★ |
To see everything:
Our RSS (filtrered)
