What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-12 13:00:00 | Auto-réplication des vers Morris II cible les assistants e-mail AI Self-replicating Morris II worm targets AI email assistants (lien direct) |
> La prolifération des assistants par courrier électronique de l'intelligence artificielle générative (Genai) tels que GPT-3 d'Openai et de la composition intelligente de Google ont révolutionné des flux de travail de communication.Malheureusement, il a également introduit de nouveaux vecteurs d'attaque pour les cybercriminels.Tirant parti des progrès récents dans l'IA et le traitement du langage naturel, les acteurs malveillants peuvent exploiter les vulnérabilités dans les systèmes Genai pour orchestrer les cyberattaques sophistiquées avec une grande portée [& # 8230;]
>The proliferation of generative artificial intelligence (GenAI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in GenAI systems to orchestrate sophisticated cyberattacks with far-reaching […] |
Vulnerability Threat | ★★ | |
 |
2024-06-12 10:00:00 | Cybersécurité des médias sociaux: ne laissez pas les employés être votre maillon le plus faible Social Media Cybersecurity: Don\\'t Let Employees Be Your Weakest Link (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Maintaining an active social media presence can be a great way to improve brand visibility and generate leads, but it also opens the door to cybersecurity risks — from phishing scams and malware to identify theft and data breaches. If employees accidentally post confidential information or click dodgy links via corporate accounts, cybercriminals can launch malicious attacks that can cause lasting damage to your business (67% of data breaches result from human error). Despite that, as many as 45% of businesses don’t have an official social media policy for employees to follow. Fortunately, by creating a comprehensive social media policy, you can raise social media cybersecurity awareness among your employees, and keep sensitive company data safe. Creating a social media policy A formal social media policy should outline cybersecurity best practices for employees working with your business’s social media accounts. At a minimum, the policy should prevent employees from posting things like private business plans, trade secrets, and personal details about other employees, customers, and clients. It’s also important to include guidance that helps employees avoid common cybersecurity risks — for example, they should know not to click on suspicious messages or links as these can contain worms (self-replicating malware) and phishing campaigns. Quizzes should also be off-limits. Although they might seem like harmless fun, social media quizzes may be harvesting company and/or personal data to sell to third-parties. Hackers can also guess passwords from the information provided in quizzes, so they should be avoided altogether. Corporate content should be posted with corporate devices, not personal ones Your social media policy should also state that work devices (and only work devices) should be used to create and publish corporate content. When staff are free to use their personal devices, they may accidentally post personal content on the corporate account (or vice versa). So, personal devices should never be used for business purposes, so as to prevent any mix-ups. Personal devices also tend to be far less secure than corporate ones. Shockingly, 36% of remote workers don’t even have standard password protection on all their personal devices, which leaves any corporate accounts accessed on them at greater risk of compromise. That said, it’s also important to regularly invest in new corporate devices rather than relying on old ones in order to save money. 60% of businesses hit by a data breach say unpatched vulnerabilities were to blame, and these weaknesses are often present on old devices. “Consider the fact that older devices run older software and are often prone to working slowly and freezing up” Retriever warns. “They’re also less likely to be able to stand cyber attacks. These factors put data at risk and it’s why it\'s recommended that compu | Malware Vulnerability | ★★★ | |
 |
2024-06-12 09:56:00 | Microsoft émet des correctifs pour 51 défauts, y compris la vulnérabilité critique du MSMQ Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (lien direct) |
Microsoft a publié des mises à jour de sécurité pour aborder 51 défauts dans le cadre de ses mises à jour du patch mardi pour juin 2024.
Sur les 51 vulnérabilités, l'une est critique et 50 sont notées importantes.Cela s'ajoute à 17 vulnérabilités résolues dans le navigateur Edge à base de chrome au cours du mois dernier.
Aucun des défauts de sécurité n'a été activement exploité dans la nature, l'un d'eux répertorié comme
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month. None of the security flaws have been actively exploited in the wild, with one of them listed as |
Vulnerability | ★★★ | |
 |
2024-06-12 09:15:00 | Microsoft patchs une vulnérabilité critique et une vulnérabilité à jour zéro Microsoft Patches One Critical and One Zero-Day Vulnerability (lien direct) |
Le mardi de juin mardi voit Microsoft corriger plus de 50 bogues, dont un déjà divulgué publiquement
June Patch Tuesday sees Microsoft fix over 50 bugs, including one already publicly disclosed |
Vulnerability Threat | ★★ | |
 |
2024-06-12 08:59:25 | La vulnérabilité Critical Outlook RCE exploite le volet Aperçu & # 8211;Patch maintenant! Critical Outlook RCE Vulnerability Exploits Preview Pane – Patch Now! (lien direct) |
Une vulnérabilité critique (CVE-2024-30103) dans Microsoft Outlook permet aux attaquants d'exécuter du code malveillant simplement en ouvrant un e-mail.Cet exploit "zéro clique" n'exige pas l'interaction de l'utilisateur et représente une menace sérieuse.Découvrez comment fonctionne cette vulnérabilité et comment rester protégé.
A critical vulnerability (CVE-2024-30103) in Microsoft Outlook allows attackers to execute malicious code simply by opening an email. This "zero-click" exploit doesn\'t require user interaction and poses a serious threat. Learn how this vulnerability works and how to stay protected. |
Vulnerability Threat | ★★★ | |
 |
2024-06-12 03:26:13 | 4 choses qu'une bonne politique de gestion de la vulnérabilité devrait inclure 4 Things a Good Vulnerability Management Policy Should Include (lien direct) |
Le rapport d'enquête sur les violations de données de Verizon 2024 a noté une augmentation de 180% des vulnérabilités exploitées par rapport aux chiffres de l'année précédente.L'importance de maintenir une politique de gestion de vulnérabilité à jour pour remédier et contrôler les vulnérabilités de sécurité ne peut pas être sous-estimée.1. Présentation: Résumé de la politique de gestion de la vulnérabilité prenant le temps de donner un bref résumé de la politique et de qui et de ce qu'elle implique aidera à mieux étoffer la politique que l'organisation essaie de mettre en œuvre.Décrivant quels types d'appareils, de logiciels et de réseaux sont soumis à une vulnérabilité ...
The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year\'s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated. 1. Overview: Summary of Vulnerability Management Policy Taking the time to give a short summary of the policy and who and what it involves will help to better flesh out the policy the organization is trying to implement. Describing what types of devices, software, and networks are subject to vulnerability... |
Data Breach Vulnerability | ★★★ | |
 |
2024-06-11 22:57:35 | Patch mardi, juin 2024 Édition «Rappel» Patch Tuesday, June 2024 “Recall” Edition (lien direct) |
Microsoft a publié aujourd'hui des mises à jour pour corriger plus de 50 vulnérabilités de sécurité dans Windows et les logiciels connexes, un correctif relativement léger mardi ce mois-ci pour les administrateurs de Windows.Le géant du logiciel a également répondu à un torrent de commentaires négatifs sur une nouvelle fonctionnalité du système d'exploitation phare de Redmond \\ qui prend constamment des captures d'écran de tout ce que les utilisateurs font sur leurs ordinateurs, affirmant que la fonctionnalité ne serait plus activée par défaut.
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond\'s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default. |
Vulnerability | ★★ | |
|
2024-06-11 22:47:43 | Sécuriser les transactions commerciales en ligne: outils et pratiques essentielles Securing Online Business Transactions: Essential Tools and Practices (lien direct) |
Améliorez votre sécurité de transaction en ligne avec le chiffrement, les VPN et l'authentification.Comprendre les menaces, répondre aux vulnérabilités et utiliser des passerelles de paiement sécurisées.Restez conforme aux PCI DSS et aux normes réglementaires pour protéger votre entreprise et établir la confiance des clients.
Enhance your online transaction security with encryption, VPNs, and authentication. Understand threats, address vulnerabilities, and use secure payment gateways. Stay compliant with PCI DSS and regulatory standards to protect your business and build customer trust. |
Tool Vulnerability | ★★ | |
|
2024-06-11 15:19:50 | Alerte Vert Threat: Juin 2024 Patch mardi Analyse VERT Threat Alert: June 2024 Patch Tuesday Analysis (lien direct) |
Aujourd'hui, les adresses d'alerte vert de Microsoft \\ sont des mises à jour de sécurité en juin 2024.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1110 dès la fin de la couverture.CVE CVE-2023-50868 de la seule arme et divulguée La seule vulnérabilité divulguée que nous avons ce mois-ci, est CVE-2023-50868, une vulnérabilité au niveau du protocole DNSSEC qui peut conduire au déni de service.La vulnérabilité est un épuisement du processeur lié à la preuve de l'encloseur la plus proche dans NSEC3, un mécanisme du DNSSEC.NSEC3 est la version améliorée de NSEC, une technologie qui aide à prévenir contre l'empoisonnement du cache DNS ...
Today\'s VERT Alert addresses Microsoft\'s June 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The vulnerability is a CPU Exhaustion related to the Closest Encloser Proof in NSEC3, a mechanism within DNSSEC. NSEC3 is the improved version of NSEC, a technology that helps prevent against DNS Cache Poisoning... |
Vulnerability Threat | ★★ | |
|
2024-06-11 12:07:00 | ARM avertit la vulnérabilité activement exploitée zéro-jour dans les chauffeurs du Mali GPU Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers (lien direct) |
ARM est averti d'une vulnérabilité de sécurité ayant un impact sur le conducteur du noyau Mali GPU qui, selon lui, a été activement exploité dans la nature.
Suivi en CVE-2024-4610, le problème de l'utilisation après sans impact sur les produits suivants -
Pilote de noyau GPU Bifrost (toutes les versions de R34p0 à R40p0)
Conducteur du noyau GPU Valhall (toutes les versions de R34p0 à R40p0)
"Un utilisateur local non privilégié peut créer une mémoire GPU incorrecte
Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) Valhall GPU Kernel Driver (all versions from r34p0 to r40p0) "A local non-privileged user can make improper GPU memory |
Vulnerability Threat | ★★★ | |
 |
2024-06-11 10:42:30 | ForeScout identifie les PLC, DCSS, les robots industriels comme les meilleures vulnérabilités dans le rapport de risque 2024 Forescout identifies PLCs, DCSs, industrial robots as top vulnerabilities in 2024 risk report (lien direct) |
> ForeScout Technologies a constaté que les dispositifs OT les plus vulnérables sont des API critiques et peu sûrs par conception (contrôleurs logiques programmables) ...
>Forescout Technologies has found that the most vulnerable OT devices are critical and insecure-by-design PLCs (programmable logic controllers)... |
Vulnerability Industrial | ★★★★ | |
|
2024-06-11 10:00:00 | Les risques cachés de l'eSports: cybersécurité sur le champ de bataille virtuel The Hidden Risks of eSports: Cybersecurity on the Virtual Battlefield (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. From humble beginnings as a niche hobby relegated to small gaming cafes and basements, eSports has grown into a huge affair where gamers compete for million-dollar prizes and prestigious titles. As of 2024, the global eSports industry is worth $4.3 billion, up from just $1.2 billion in 2017. Major eSports tournaments now fill virtual arenas and stadiums, with millions of viewers tuning in. Amid the excitement and fanfare, however, a crucial aspect often gets overlooked – cybersecurity. Maintaining integrity and security in these virtual environments has become increasingly vital. From the potential for game-altering hacks and cheats to the risk of data breaches and cyberattacks, the challenges facing the industry are growing more complex by the day. Understanding the Cybersecurity Threats in eSports The eSports industry\'s rapid growth, lucrative prize pools, and massive online viewership have made it an attractive target for cybercriminals and unscrupulous actors seeking to disrupt events, compromise systems, or gain an unfair advantage. Additionally, some eSports organizations like FaZe Clan are experiencing surges on the stock market, making them even more attractive targets than, let’s say, stealing data from individual players. To begin with, let’s go through the primary cybersecurity threats plaguing the world of eSports: DDoS Attacks Distributed Denial of Service (DDoS) attacks involve sending an influx of malicious traffic to a network or server, overwhelming it and making it unable to respond to legitimate requests, effectively taking it offline. In eSports, DDoS attacks can disrupt live tournaments, causing delays, disconnections, and frustration for players and viewers alike. These can also target individual players, knocking them offline during crucial matches. For instance, in 2023, a DDoS attack on the 24 Hours of Le Mans Virtual eSports event kicked out Max Verstappen, who was leading the race. Activision Blizzard was also hit with multiple DDoS attacks in 2020, affecting several of its game titles, including Call of Duty, Overwatch, and World of Warcraft. Account Hijacking Account hijacking involves unauthorized access to a player\'s account, typically through phishing, keylogging, or exploiting security vulnerabilities. Hijacked accounts can be used for cheating, sabotage, or even sold on the black market, putting players at risk of financial loss and reputational damage. In 2019, for example, | Ransomware Malware Tool Vulnerability Threat Legislation | ★★★ | |
 |
2024-06-11 08:00:01 | Injection de code QR SQL et autres vulnérabilités dans un terminal biométrique populaire QR code SQL injection and other vulnerabilities in a popular biometric terminal (lien direct) |
Le rapport analyse les propriétés de sécurité d'un terminal de contrôle d'accès biométrique populaire fabriqué par ZKTECO et décrit les vulnérabilités qui y sont trouvées.
The report analyzes the security properties of a popular biometric access control terminal made by ZKTeco and describes vulnerabilities found in it. |
Vulnerability | ★★ | |
 |
2024-06-11 00:00:00 | Dérivation de clé faible pour le fichier de sauvegarde Weak key derivation for backup file (lien direct) |
Une utilisation du hachage de mot de passe avec une vulnérabilité d'effort de calcul insuffisant [CWE-916] affectant Fortios et Fortiproxy peut permettre un attaquant privilégié avec un profil super-administrateur et un accès CLI au décryptage du fichier de sauvegarde.
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS and FortiProxy may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. |
Vulnerability | ||
|
2024-06-11 00:00:00 | Débordement de tampon de pile sur la fonction d'écriture Bluetooth Stack buffer overflow on bluetooth write feature (lien direct) |
Les vulnérabilités de débordement de tampon basées sur des piles [CWE-121] dans FortiOS peuvent permettre à un attaquant authentifié d'atteindre une exécution de code arbitraire via des commandes CLI spécialement conçues.
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiOS may allow an authenticated attacker to achieve arbitrary code execution via specially crafted CLI commands. |
Vulnerability | ||
|
2024-06-11 00:00:00 | TunnelVision - CVE-2024-3661 (lien direct) | Fortinet est conscient de la publication récente de la vulnérabilité TunnelVision (CVE-2024-3661) .La recherche [1] a identifié une technique pour contourner l'utilisation de tunnels VPN protégés lorsque les clients se connectent via un réseau non fiable, comme le réseau Wi-Fi Rogue.Cette attaque peut permettre à un serveur DHCP contrôlé par l'attaquant sur le même réseau que l'utilisateur ciblé de réacheminer le trafic VPN en définissant des routes plus spécifiques que la table de routage de Target \\ de VPN \\.Notez que cette technique ne permet pas de décrypter le trafic HTTPS, mais permet plutôt de rediriger le trafic via des canaux contrôlés par l'attaquant avant que le trafic ne soit crypté par le VPN.
Fortinet is aware of the recent publication of the TunnelVision vulnerability (CVE-2024-3661).The research [1] identified a technique to bypass the use of protected VPN tunnels when clients connect via untrusted network, such as rogue Wi-Fi network. This attack may allow an attacker controlled DHCP server on the same network as the targeted user to reroute VPN traffic by setting more specific routes than VPN\'s on target\'s routing table. Note that this technique does not allow decrypting HTTPS traffic but rather allows to redirect the traffic through attacker controlled channels before the traffic is encrypted by the VPN. |
Vulnerability | ||
|
2024-06-11 00:00:00 | Débordement de tampon dans FGFMD Buffer overflow in fgfmd (lien direct) |
Une vulnérabilité de débordement basée sur la pile [CWE-124] dans Fortios, Fortiproxy, Fortipam et FortiswitchManager peut permettre à un attaquant distant d'exécuter du code ou de la commande arbitraire via des paquets conçus atteignant le démon FGFMD, dans certaines conditions qui sont en dehors du contrôle de l'attaquant.
A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets reaching the fgfmd daemon, under certain conditions which are outside the control of the attacker. |
Vulnerability | ||
|
2024-06-11 00:00:00 | Fortios / Fortiproxy - XSS dans la page de redémarrage FortiOS/FortiProxy - XSS in reboot page (lien direct) |
Une neutralisation incorrecte des entrées lors de la génération de pages Web (\\ 'Scripting Cross-Site \') Vulnérabilité [CWE-79] dans Fortios et Fortiproxy Reboot Page peut permettre à un attaquant privilégié distant avec un accès super-traditionHttp reçoit des demandes.
An improper neutralization of input during web page Generation (\'Cross-site Scripting\') vulnerability [CWE-79] in FortiOS and FortiProxy reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. |
Vulnerability | ||
|
2024-06-11 00:00:00 | Plusieurs débordements de tampon dans la commande NPU Diag Multiple buffer overflows in diag npu command (lien direct) |
Plusieurs vulnérabilités de débordement de tampon basées sur des piles [CWE-121] dans l'interprète de ligne de commande de fortes peuvent permettre à un attaquant authentifié d'exécuter du code ou des commandes non autorisés via des arguments de ligne de commande spécialement conçus.
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. |
Vulnerability | ||
|
2024-06-11 00:00:00 | Fortisoar est vulnérable à l'injection SQL dans l'API de l'événement Auth via le paramètre UUID FortiSOAR is vulnerable to sql injection in Event Auth API via uuid parameter (lien direct) |
Une neutralisation incorrecte multiple des éléments spéciaux utilisés dans les commandes SQL (\\ 'sql injection \') vulnérabilités [CWE-89] dans l'API de l'événement Fortisoar peut permettre à un attaquant authentifié d'exécuter du code ou des commandes non autorisés via des paramètres de chaînes spécifiquement conçus.
Multiple improper neutralization of special elements used in SQL commands (\'SQL Injection\') vulnerabilities [CWE-89] in FortiSOAR Event Auth API may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. |
Vulnerability | ||
|
2024-06-10 16:50:00 | Azure Service Tags Vulnérabilité: Microsoft met en garde contre les abus potentiels par les pirates Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (lien direct) |
Microsoft met en garde contre les abus potentiels des étiquettes de service Azure par des acteurs malveillants pour forger les demandes d'un service de confiance et contourner les règles de pare-feu, leur permettant ainsi d'obtenir un accès non autorisé aux ressources cloud.
"Ce cas met en évidence un risque inhérent à l'utilisation de balises de service comme mécanisme unique pour vérifier le trafic réseau entrant", le Microsoft Security Response Center (
Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center ( |
Vulnerability Cloud | ★★★ | |
 |
2024-06-10 13:31:29 | Faire des choix pour une gestion de vulnérabilité plus forte Making Choices for Stronger Vulnerability Management (lien direct) |
L'environnement de menace continuera de croître en complexité.Il est maintenant temps pour les organisations de rationaliser la façon dont ils gérent et atténuent les vulnérabilités négligées.
The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities. |
Vulnerability Threat | ★★ | |
 |
2024-06-10 13:07:23 | Faits saillants hebdomadaires OSINT, 10 juin 2024 Weekly OSINT Highlights, 10 June 2024 (lien direct) |
## Instantané La semaine dernière, les rapports OSINT de \\ révèlent des cyber-menaces diverses et sophistiquées ciblant divers secteurs.L'ingénierie sociale et le phishing étaient des thèmes prominants, le kit de phishing V3B ciblant les clients de la banque européenne et la campagne sur le thème de Flyeti \\ contre les Ukrainiens.Les thèmes supplémentaires incluent l'évolution des attaques de ransomwares, illustrés par l'émergence de ransomwares et de ransomhub de brouillard, ainsi que des groupes et des groupes de cybercrimins exploitant les vulnérabilités logicielles, telles que les attaques de Water Sigbin \\ sur les serveurs Weblogic Oracle et la déshabitation contre les utilisateurs avancés du scanner IP.En outre, l'utilisation de logiciels malveillants de marchandises comme Chalubo pour perturber les routeurs Soho et les attaques en plusieurs étapes contre des entités ukrainiennes met en évidence la nature persistante et adaptative des acteurs de la menace moderne, soulignant la nécessité de mesures de sécurité robustes et dynamiques. ## Description 1. ** [Fausses mises à jour livrant BitRat et Lumma Stealer] (https://security.microsoft.com/intel-explorer/articles/aff8b8d5) **: ESENTRE a détecté de fausses mises à jour délivrant Bittrat et Lumma Stealer, lancé par des utilisateurs visitant une fausse mise à jourpage Web infectée.L'attaque a utilisé un code JavaScript malveillant, conduisant à une fausse page de mise à jour et en tirant parti des noms de confiance pour une large portée et un impact. 2. ** [Nouveau kit de phishing \\ 'v3b \' ciblant les banques européennes] (https://security.microsoft.com/intel-explorer/articles/5c05cdcd) **: les cybercriminaux utilisent le kit de phishing V3B, promusur Telegram, ciblant les clients des grandes institutions financières européennes.Le kit, offrant une obscurité avancée et un soutien à OTP / TAN / 2FA, facilite l'interaction en temps réel avec les victimes et vise à intercepter les références bancaires et les détails de la carte de crédit. 3. ** [TargetCompany Ransomware \'s New Linux Variant] (https://security.microsoft.com/intel-explorer/articles/dccc6ab3) **: Trend Micro Rapportsvariante, à l'aide d'un script de shell personnalisé pour la livraison de charge utile et l'exfiltration des données.Le ransomware cible les environnements VMware ESXi, visant à maximiser les perturbations et les paiements de rançon. 4. ** [Water Sigbin exploite Oracle Weblogic Vulnérabilités] (https://security.microsoft.com/intel-explorer/articles/d4ad1229) **: le gang 8220 basé en Chine, également connu sous le nom de Water Sigbin, exploite les vulnérabilités dans les vulnérabilités dans la Chine 8220, également connues sous le nom de Water Sigbin, exploite les vulnérabilités dans les vulnérabilités dans la Chine 8220, également connues sous le nom de Water Sigbin, exploite les vulnérabilités dans les vulnérabilités dans la Chine 8220, également connues sous le nom de Water Sigbin, exploite les vulnérabilités dans les vulnérabilités dans la Chine 8220, également connues sous le nom de Water Sigbin, exploite les vulnérabilités dans les vulnérabilités dans la Chine,Serveurs Oracle Weblogic pour déployer des logiciels malveillants d'exploration de crypto-monnaie.Le groupe utilise des techniques d'obscuscations sophistiquées et HTTP sur le port 443 pourLivraison de charge utile furtive. 5. ** [Ransomware de brouillard cible les organisations éducatives américaines] (https://security.microsoft.com/intel-Explorateur / articles / B474122C) **: Arctic Wolf Labs a découvert des ransomwares de brouillard ciblant les établissements d'enseignement américains via des informations d'identification VPN compromises.Les attaquants utilisent des tactiques à double extension, cryptant des fichiers et le vol de données pour contraindre les victimes dans le paiement des rançons. 6. **[FlyingYeti Targets Ukrainian Entities](https://security.microsoft.com/intel-explorer/articles/46bbe9fb)* | Ransomware Malware Tool Vulnerability Threat Prediction | ★★ | |
|
2024-06-10 13:00:00 | Les vulnérabilités IoT montent en flèche, devenant un point d'entrée clé pour les attaquants IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers (lien direct) |
Un nouveau rapport de FoStcout a révélé que les appareils IoT contenant des vulnérabilités ont augmenté de 136% par rapport à il y a un an, devenant un objectif clé pour les attaquants
A new Forescout report found that IoT devices containing vulnerabilities surged 136% compared to a year ago, becoming a key focus for attackers |
Vulnerability Industrial | ★★★★ | |
 |
2024-06-10 12:00:50 | Garder le contenu frais: 4 meilleures pratiques pour la sensibilisation à la sécurité axée sur les menaces pertinente Keeping Content Fresh: 4 Best Practices for Relevant Threat-Driven Security Awareness (lien direct) |
The threat landscape moves fast. As new attack methods and social engineering techniques appear, organizations need to maintain security awareness programs that are relevant, agile and focused. Research from Proofpoint for the 2024 State of the Phish report found that most businesses used real-world threat intelligence to shape their security awareness programs in 2023. That makes us happy! At Proofpoint, we know it is essential to use threats and trends from the wild to teach your employees about attacks they might encounter. It is equally important to ensure that your program isn\'t teaching them about security topics that are no longer relevant. In this article, we discuss four essential best practices to help keep your security awareness and training content both fresh and threat-driven: Analyze real threat trends to stay current and relevant Use real-world threats to inform your testing and training Refresh your training plan so that it\'s relevant and accurate Ensure that security practitioners stay on top of content changes An image from our always-fresh (see what we did here?) phishing template that tests brand impersonation. The human-centric risk of not keeping it fresh Let\'s first talk about what happens when you use outdated threat content to train your employees. The results can create significant human-centric risk for your business because your employees might approach security with unsafe behavior such as: Having a false sense of security about their knowledge. People might believe they are well prepared to identify and respond to threats, leading to actions based on incorrect assumptions. Not responding effectively to targeted threats. People might make decisions based on incorrect assumptions, increasing the possibility of successful attacks specific to their role or industry. Incorrectly reporting a security incident. Outdated training content may give incorrect procedures for reporting and responding to security incidents. Being noncompliant with industry regulations. Outdated content might not fit the required compliance training, exposing your company to possible legal and financial penalties. Being unengaged in your security culture. If employees perceive security education as outdated or irrelevant, they might see security responsibility as a waste of their time. Now, let\'s talk about our four best practices to help ensure that none of this happens. An image from the “AI Chatbot Threats” training (play video). 1: Analyze real threat trends to stay current and relevant Informing your program with threat intelligence is a must. Real-world insights will help your employees understand the scope and impact of the threats they may face. It will also enable your security teams to tailor their training and messaging accordingly. To use threat intelligence effectively, security awareness practitioners must work collaboratively across their organizations. You want to understand the attack trends that the security practitioners who monitor, analyze and investigate cyber threats see in real time. These practitioners might be your incident response team or your security operations center (SOC) team. At Proofpoint, we are committed to staying on top of the latest threats and passing this information to customers. The Proofpoint Security Awareness solution is built on insights that we gather from analyzing over 2.6 billion emails daily, monitoring 430+ million domains and tracking hundreds of threat groups to stay ahead of attackers. We do this by collaborating with our in-house Threat Intelligence Services team and using their insights in our integrated threat platform, which ties email monitoring and remediation to human risk detection and education. Recent insights from real-world trends include: Telephone-oriented attack delivery (TOAD). In the 2024 State of the Phish, we reported | Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-06-10 10:00:00 | OT Cybersecurity: sauvegarde notre infrastructure OT Cybersecurity: Safeguard Our Infrastracture (lien direct) |
What is Operational Technology? Operational Technology (OT) is the backbone of our modern world as we know it today. Think about the daily operations of a factory, the precise control of our power grids, and even the supply of clean water to our homes. All of these modern capabilities are made possible and efficient due to OT systems. Unlike Information Technology (IT), which revolves around systems that process and store data, OT focuses on the physical machinery and processes which drive key industries including manufacturing, energy, and transportation. Each component of an OT system serves a critical purpose in ensuring the continuity of industrial operations. OT systems are typically made up of: Programmable Logic Controllers (PLCs): Devices that control industrial processes through execution of programmed instructions. Human-Machine Interfaces (HMIs): Interfaces that allow human users to interact with the control system Sensors and Actuators: Devices that monitor the physical environment through collection of data, and then perform actions according to input from the physical environment. The various subsets of OT system types include Industrial Control Systems (ICS), which manage factory equipment; Supervisory Control and Data Acquisition (SCADA) systems, which monitor and control industrial operations; and Distributed Control Systems (DCS), which automate processes. These systems are essential for keeping our modern infrastructure up and running. It is imperative that measures are taken to secure the availability of our OT systems, as an interruption to these systems would be disruptive to our day to day lives, and potentially catastrophic. To put things into perspective, can you imagine what your day would look like if your power grid went down for a prolonged period? What if the supply of clean water to your home was disrupted, are you ready for the chaos that will ensue? Both of these examples as well as other OT security incidents has the potential to cause loss of human life. In this blog, we\'ll discuss the importance of securing OT systems, best practices to align with, as well as challenges faced when safeguarding these indispensable systems. The Convergence of IT and OT Traditionally, OT environments were intended to be contained within their own highly secured network, without the ability to communicate externally. Today, the boundary between IT and OT is increasingly blurred with modern industrial operations relying on the convergence of IT and OT to enhance efficiency, optimize performance, and reduce costs. Additionally, the rise of adding network connectivity to devices and appliances that were traditionally not connected to the internet has further accelerated this convergence. This shift to network connectivity dependency has introduced the terms “Internet of Things (IOT) and “Industrial Internet of Things” (IIOT), which has brought numerous benefits but also introduced significant cybersecurity concerns. Cybersecurity of OT Systems As opposed to IT Security which focuses on the protection and integrity of data, OT cybersecurity prioritizes the availability of OT systems as a cyber attack on these systems is certain to disrupt business operations, cause physical damage, and endanger public safety. Security Concerns around OT Systems OT systems were designed with a specific purpose in mind and were not originally thought of as traditional computers as we know it, therefore security aspects of the design were not a first thought. As a result, the only security that many of these systems have is due to bolted-on security due to security as an afterthought. Also, many of the standard security best practices are often not conducted on this equipment due a multitude of factors such as the difficulty of patching OT systems, accommodating downtime hours on these critical systems that need to always be available. As a result, OT systems are | Vulnerability Patching Industrial Cloud | ★★★ | |
 |
2024-06-08 16:54:16 | Alertes de vulnérabilité de la vigilance - OpenSSL: fuite de mémoire via TLSV1.3 Gestion de session, analysée le 08/04/2024 Vigilance Vulnerability Alerts - OpenSSL: memory leak via TLSv1.3 Session Handling, analyzed on 08/04/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire d'OpenSSL, via la manipulation de session TLSV1.3, afin de déclencher un déni de service.
-
vulnérabilité de sécurité
An attacker can create a memory leak of OpenSSL, via TLSv1.3 Session Handling, in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★ | |
|
2024-06-08 13:05:00 | Une nouvelle vulnérabilité PHP expose les serveurs Windows à l'exécution du code distant New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (lien direct) |
Des détails ont émergé sur un nouveau défaut de sécurité critique ayant un impact sur PHP qui pourrait être exploité pour réaliser l'exécution du code distant dans certaines circonstances.
La vulnérabilité, suivie comme CVE-2024-4577, a été décrite comme une vulnérabilité d'injection d'argument CGI affectant toutes les versions de PHP installées sur le système d'exploitation Windows.
Selon le chercheur de la sécurité de Devcore, la lacune fait
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to DEVCORE security researcher, the shortcoming makes |
Vulnerability | ★★★ | |
|
2024-06-07 19:53:27 | Water Sigbin utilise des techniques d'obscurcissement avancées dans les dernières attaques exploitant les vulnérabilités Oracle Weblogic Water Sigbin Employs Advanced Obfuscation Techniques in Latest Attacks Exploiting Oracle WebLogic Vulnerabilities (lien direct) |
## Snapshot Trend Micro has discovered that Water Sigbin, a China-based threat actor also known as the 8220 Gang, has been exploiting vulnerabilities in Oracle WebLogic servers to deploy cryptocurrency-mining malware. The group has adopted new techniques to conceal its activities, such as hexadecimal encoding of URLs and using HTTP over port 443 for stealthy payload delivery. ## Description Water Sigbin has been actively exploiting vulnerabilities in Oracle WebLogic server, specifically [CVE-2017-3506](https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2017-3506/overview) and [CVE-2023-21839](https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2023-21839/overview), to deploy cryptocurrency-mining malware. The group employs fileless attacks using .NET reflection techniques in PowerShell scripts, allowing the malware code to run solely in memory, evading disk-based detection mechanisms. The threat actor\'s exploitation of CVE-2023-21839 involved the deployment of shell scripts in Linux and a PowerShell script in Windows, showcasing obfuscation techniques and the use of HTTP over port 443 for stealthy communication. The PowerShell script "bin.ps1" and the subsequent "microsoft\_office365.bat" script both contain obfuscated code and instructions for executing malicious activities, demonstrating the threat actor\'s sophisticated tactics to evade detection and execute their malicious payload. ### Additional Analysis Active since at least 2017, Water Sigbin focuses on cryptocurrency-mining malware in cloud-based environments and Linux servers. For example, in 2023, [Ahnlab Security Emergency response Center (ASEC) discovered that Water Sigbin was using the Log4Shell](https://security.microsoft.com/intel-explorer/articles/11512be5) vulnerability to install CoinMiner in VMware Horizon servers. Water Sigbin\'s malicious activity highlights several key trends Microsoft has been tracking in recent years, including cryptojacking, threats to Linux (GNU/Linux OS), and recent attack trends in the malicious use of Powershell. - Microsoft has tracked the growing risk that [cryptojacking](https://security.microsoft.com/intel-explorer/articles/6a3e5fd2)– a type of cyberattack that uses computing power to mine cryptocurrency – poses to targeted organizations. In cloud environments, cryptojacking takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse. - [Threats to Linux (GNU/Linux OS) have made OSINT headlines](https://security.microsoft.com/intel-explorer/articles/ccbece59) in recent months as threat actors continue to evolve attack techniques and increasingly prioritize Linux-based targets. Microsoft has been tracking trends across recent reporting of Linux malware across the security community. These trends include: exploiting misconfigurations or previous service versions, targeting service 1-day vulnerabilities, and ransomware and cryptocurrency mining. - From cybercrime to nation-state groups, threat actors have long used Windows PowerShell to assist in their malicious activities. Read more here about Microsoft\'s most frequent observations and how to protect against the [Malicious use of Powershell.](https://security.microsoft.com/intel-explorer/articles/3973dbaa) ## Detections/Hunting Queries ### Microsoft Defender for Endpoint The following alerts might indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report - **PowerShell execution phase detections** - PowerShell created possible reverse TCP shell - Suspicious process executed PowerShell command - Suspicious PowerShell download or encoded command execution - Suspiciously named files launched u | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★ | |
|
2024-06-07 18:04:34 | Solarwinds Flaw Flagged par OTAN Pen Tester SolarWinds Flaw Flagged by NATO Pen Tester (lien direct) |
La dernière mise à jour de la plate-forme de SolarWinds comprend des correctifs pour trois vulnérabilités, dont deux bogues de haute sévérité.
The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. |
Vulnerability | ★★ | |
|
2024-06-07 17:32:33 | Cloudforce One perturbe la campagne de phishing Flyetyeti alignée en Russie exploitant le stress financier ukrainien Cloudforce One Disrupts Russia-Aligned FlyingYeti Phishing Campaign Exploiting Ukrainian Financial Stress (lien direct) |
#### Géolocations ciblées - Ukraine - Russie - L'Europe de l'Est #### Industries ciblées - Services financiers - Produits de dépôt, de crédit à la consommation et de systèmes de paiement ## Instantané Des chercheurs de Cloudflare ont détaillé les activités de l'acteur de menace aligné par la Russie, Flyingyeti, qui ciblait des individus ukrainiens, en particulier ceux confrontés au stress financier en raison de la levée de l'interdiction du gouvernement et de l'interdiction des expulsions et de la fin des services utilitaires pour une dette impayée. ## Description Flyetyeti a utilisé des tactiques de phishing à l'aide de leurres sur le thème de la dette et a exploité la vulnérabilité Winrar [CVE-2023-38831] (https://security.microsoft.com/intel-explorer/cves/cve-2023-38831/description) pour livrer la Cookbox/CVE-2023-38831/description) pour livrer le Cookboxmalware.L'acteur de menace s'est principalement concentré sur le ciblage des entités militaires ukrainiennes, en utilisant DNS dynamique pour les infrastructures et en tirant parti des plates-formes cloud pour l'hébergement de contenu malveillant et de contrôle et de contrôle des logiciels malveillants.L'objectif de l'acteur de menace était de livrer le logiciel malveillant de la boîte de cuisine via des documents de leurre et des liens de suivi cachés, avec le serveur C2 situé à Postdock \ [. \] Serveftp \ [. \] Com. Les actions de Cloudforce One ont conduit au retrait des fichiers malveillants de l'acteur de menace et de la suspension de leurs comptes, ainsi que de la coordination avec des partenaires de l'industrie pour atténuer l'activité de l'acteur.Cloudflare a fourni des informations sur les techniques de phishing et de livraison de Flyeti \\, les mesures défensives prises par Cloudforce One, les efforts de coordination avec les partenaires de l'industrie et les recommandations pour la chasse aux opérations Flyety et l'atténuation des menaces liées. ## Détections / requêtes de chasse ** antivirus ** Microsoft Defender Antivirus détecte les composants et les activités de menace comme logiciels malveillants suivants: ** CVE-2023-38831 Détections connexes ** - [Exploit: win32 / cve-2023-38831] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=exPLOIT: WIN32 / CVE-2023-38831 & menaceID = -2147077428 & ocid = magicti_ta_ency) - [Exploit: BAT / CVE-2023-38831.D] (https://www.microsoft.com/en-us/wdssi/Threats/Malware-encyClopedia-Scription?name=Exploit:bat/CVE-2023-38831.D & menaceID = -2147078218 & ocid = magicti_ta_ency) ## Recommandations Microsoft recommande leE Suite à des atténuations pour réduire l'impact de cette menace. - Utilisez la dernière version [Winrarsion 6.23] (https://www.win-rar.com/singlenewsview.html?&l=0&tx_ttnews%5BTT_NEWS%5D=232&chash=c5bf79590657e3 . - Investir dansSolutions avancées et anti-phishing qui surveilleront les e-mails entrants et les sites Web visités.[Microsoft Defender pour OFFFICE 365] (https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-security-center-mdo?ocid=Magicti_ta_learndoc) rassemble une gestion d'incident et d'alerte à travers les e-mails, les appareilset identités, centraliser les enquêtes pour les menaces par courrier électronique.Les organisations peuvent également tirer parti des navigateurs Web qui [Indentiftify and Block] (https: //learn.microsoft.com/deployedge/microsoft-edge-security-smartScreen?ocid=Magicti_ta_learndoc) Site Web malveillantS, y compris ceux utilisés dans cette campagne de phishing. - Exécutez la détection et la réponse des points de terminaison [(EDR) en mode bloc] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-lock-mode?ocid=Magicti_TA_Learndoc) pour que MicrosoftLe défenseur du point final peut bloquer les artefacts malveillants, même lorsque votre antivirus non microsoft ne détecte pas la menace ou l | Malware Tool Vulnerability Threat | ★★★ | |
 |
2024-06-07 14:33:48 | Dans d'autres nouvelles: Tiktok Zero-Day, DMM Bitcoin Hack, Analyse des applications VPN gratuites In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis (lien direct) |
> Des histoires remarquables qui pourraient avoir glissé sous le radar: Tiktok Patchs Compte Rijacking Zero-Day, 300 millions de dollars DMM Bitcoin Hack, Applications VPN Android gratuites analysées.
>Noteworthy stories that might have slipped under the radar: TikTok patches account hijacking zero-day, $300 million DMM Bitcoin hack, free Android VPN apps analyzed. |
Hack Vulnerability Threat Mobile | ★★★ | |
|
2024-06-07 14:28:34 | Tendances du paysage des menaces: cybercriminels plus rapides, vulnérabilités non corrigées et moins de ransomwares Threat landscape trends: Faster cybercriminals, unpatched vulnerabilities and less ransomware (lien direct) |
Tendances du paysage de menace: cybercriminels plus rapides, vulnérabilités non corrigées et moins de ransomwares
Dave Spillane, directeur de l'ingénieur des systèmes chez Fortinet
-
opinion
Threat landscape trends: Faster cybercriminals, unpatched vulnerabilities and less ransomware Dave Spillane, Systems Engineer Director at Fortinet - Opinion |
Ransomware Vulnerability Threat | ★★★ | |
|
2024-06-07 12:35:23 | Vulnérabilité des kiosques de l'hôtel Données invitées exposées, accès aux chambres Hotel Kiosks Vulnerability Exposed Guest Data, Room Access (lien direct) |
Une vulnérabilité de sécurité dans les kiosques d'enregistrement de l'hôtel Ariane Allegro a exposé les données des clients et un accès potentiellement compromis en chambre.Cependant, & # 8230;
A security vulnerability in Ariane Allegro Hotel Check-In Kiosks exposed guest data and potentially compromised room access. However,… |
Vulnerability | ★★ | |
|
2024-06-06 20:46:03 | Nouveau Flaw Emailgpt met les données utilisateur en danger: supprimez l'extension maintenant New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW (lien direct) |
Synopsys met en garde contre un nouveau hack d'injection rapide impliquant une vulnérabilité de sécurité dans EmailGpt, un e-mail populaire de l'IA & # 8230;
Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI email… |
Hack Vulnerability | APT 42 | ★★ |
|
2024-06-06 20:16:47 | Attaques Surge sur Check Point \\'s VPN Zero-Day Flaw Attacks Surge on Check Point\\'s Recent VPN Zero-Day Flaw (lien direct) |
Une entreprise de surveillance a détecté des tentatives d'exploitation ciblant le CVE-2024-24919 à partir de plus de 780 adresses IP uniques au cours de la semaine dernière.
One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week. |
Vulnerability Threat | ★★★ | |
|
2024-06-06 15:30:00 | # Infosec2024: le fournisseur d'équipe rouge AI Mindgard nommé Cyber PME le plus innovant de UK \\ #Infosec2024: AI Red Teaming Provider Mindgard Named UK\\'s Most Innovative Cyber SME (lien direct) |
Mingard fournit une plate-forme d'assainissement en équipe et de vulnérabilité en rouge continu et vulnérabilité
Mingard provides a continuous AI red teaming and vulnerability remediation platform |
Vulnerability | ★★ | |
|
2024-06-06 11:22:57 | HC3 Issues du secteur alerte sur les vulnérabilités à haut risque dans l'équipement médical Baxter Welch Allyn HC3 issues sector alert on high-risk vulnerabilities in Baxter Welch Allyn medical equipment (lien direct) |
> Le centre de coordination de la cybersécurité du secteur de la santé (HC3) dans le département américain de la santé & # 38;Services humains (HHS) publiés ...
>The Health Sector Cybersecurity Coordination Center (HC3) in the U.S. Department of Health & Human Services (HHS) published... |
Vulnerability Medical | ★★ | |
 |
2024-06-05 21:45:10 | Tiktok confirme CNN, d'autres comptes de haut niveau détournés via une vulnérabilité à jour zéro TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability (lien direct) |
Méfiez-vous des logiciels malveillants zéro cliquez dans votre DMS Les mécréants ont exploité un jour zéro dans Tiktok pour compromettre les comptes de CNN et d'autres grands noms.Le fabricant d'applications a confirmé qu'il y avait une cyberattaque et qu'il s'est brouillé pour sécuriser les comptes et empêcher toute exploitation supplémentaire.…
Beware of zero-click malware sliding into your DMs Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation.… |
Malware Vulnerability Threat | ★★★ | |
|
2024-06-05 20:12:47 | RansomHub: le nouveau ransomware a des origines dans le chevalier plus âgé RansomHub: New Ransomware has Origins in Older Knight (lien direct) |
## Instantané RansomHub, un nouveau ransomware en tant que service (RAAS), est rapidement devenu une menace majeure de ransomware.L'analyse de Symantec \\ indique que RansomHub est probablement une version évoluée et rebaptisée de l'ancien [Knight Ransomware] (https://sip.security.microsoft.com/intel-explorer/articles/b0b59b62?tid=72f988bf-86f1-41AF-91AB-2D7CD011DB47).Les deux partagent un degré élevé de similitude, tous deux écrits en Go et en utilisant Gobfuscate pour l'obscurcissement, avec un chevauchement de code significatif, ce qui les rend difficiles à distinguer sans indicateurs spécifiques comme les liens intégrés. ## Description Le code source de Knight \\ a été vendu sur des forums souterrains au début de 2024 après que ses créateurs ont arrêté leur opération.Cette vente a probablement conduit au développement de RansomHub \\ par différents acteurs.Knight et RansomHub utilisent une méthode d'obscurcissement de cordes unique où les chaînes cruciales sont codées avec des clés uniques et décodées pendant l'exécution. Les notes de rançon des deux familles de ransomwares contiennent de nombreuses phrases identiques, suggérant des mises à jour minimales du texte d'origine.Une caractéristique clé partagée par les deux est la possibilité de redémarrer un point de terminaison en mode sûr avant de démarrer le chiffrement, une technique également utilisée par [Snatch] (https://security.microsoft.com/intel-explorer/articles/77d8ea16) ransomware.Cependant, Snatch n'a pas les commandes configurables et l'obscurcissement présents dans Knight et RansomHub. Les récentes attaques de RansomHub ont exploité la vulnérabilité de Zerologon ([CVE-2010-1472] (https://security.microsoft.com/intel-profiles/cve-2020-1472)) pour gagner les privilèges des administrateurs de domaine.Les attaquants ont utilisé des outils à double usage comme Atera et Splashtop pour un accès à distance et NetScan pour la reconnaissance du réseau.Ils ont utilisé des outils de ligne de commande IIS pour arrêter les services d'information Internet. La croissance rapide de RansomHub \\, bien qu'elle n'apparaît qu'en février 2024, peut être attribuée à son appel aux anciens affiliés d'autres groupes de ransomwares éminents, tels que Noberus.Selon Symantec, cet établissement rapide suggère que RansomHub est exploité par des cybercriminels expérimentés avec des connexions souterraines substantielles. Lisez la rédaction de Microsoft \\ sur la vulnérabilité Zerologon [ici] (https://security.microsoft.com/intel-profiles/cve-2020-1472). ## Détections / requêtes de chasse ** antivirus ** Microsoft Defender Antivirus détecte les composants et les activités de menace comme logiciels malveillants suivants: - [* ransom: win64 / ransomhub *] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=ransom:win64 / ransomhub.b & menaceID = -2147056321) - [* rançon: win64 / knight *] (https://www.microsoft.com/en-us/wdsi/Thereats/Malware-encyClopedia-DEscription? Name = ransom: win64 / knight.zc! Mtb & menaceID = -2147061874) - [* Trojan: Win64 / Splinter *] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojan:win64/splinter! - [* HackTool: Win32 / Sharpzerologon *] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=hacktool:win32/sharpzerologon& ;Theatid=-2147202813) - [* comportement: win32 / cve-2020-1472.a *] (https://www.microsoft.com/en-us/wdsi/atherets/malware-encycopedia-description?name=behavior:win32/cve-2020-1472.d & menaceID = -2147189839) ** Détection et réponse des points de terminaison (EDR) ** Les alertes avec les titres suivants dans le centre de sécurité peuvent indiquer une activité de menace sur votre réseau: - * Exploitation possible de CVE-2020-1472 * - * Exécution de l'outil de vol d'identification malveillant détecté * ** Microsoft Defender pour l'identité * | Ransomware Malware Tool Vulnerability Threat Patching | ★★ | |
|
2024-06-05 12:40:00 | Zyxel publie des correctifs pour les vulnérabilités du micrologiciel dans les modèles EOL NAS Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models (lien direct) |
Zyxel a publié des mises à jour de sécurité pour aborder des défauts critiques ayant un impact sur deux de ses appareils de stockage (NAS) attachés au réseau qui ont actuellement atteint l'état de fin de vie (EOL).
L'exploitation réussie de trois des cinq vulnérabilités pourrait permettre à un attaquant non authentifié d'exécuter des commandes de système d'exploitation (OS) et un code arbitraire sur les installations affectées.
Les modèles impactés incluent NAS326
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations. Impacted models include NAS326 |
Vulnerability | ★★ | |
|
2024-06-05 10:00:00 | Pourquoi les pare-feu ne suffisent pas dans le paysage de la cybersécurité d'aujourd'hui Why Firewalls Are Not Enough in Today\\'s Cybersecurity Landscape (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Firewall technology has mirrored the complexities in network security, evolving significantly over time. Originally serving as basic traffic regulators based on IP addresses, firewalls advanced to stateful inspection models, offering a more nuanced approach to network security. This evolution continued with the emergence of Next-Generation Firewalls (NGFWs), which brought even greater depth through data analysis and application-level inspection. Yet, even with these advancements, firewalls struggle to contend with the increasingly sophisticated nature of cyberthreats. The modern digital landscape presents formidable challenges like zero-day attacks, highly evasive malware, encrypted threats, and social engineering tactics, often surpassing the capabilities of traditional firewall defenses. The discovery of CVE-2023-36845 in September 2023, affecting nearly 12,000 Juniper firewall devices, is a case in point. This zero-day exploit enabled unauthorized actors to execute arbitrary code, circumventing established security measures and exposing critical networks to risk. Incidents like this highlight the growing need for a dynamic and comprehensive approach to network security, one that extends beyond the traditional firewall paradigm. Human Element – The Weakest Link in Firewall Security While the discovery of CVEs highlights vulnerabilities to zero-day exploits, it also brings to the forefront another critical challenge in firewall security: human error. Beyond the sophisticated external threats, the internal risks posed by misconfiguration due to human oversight are equally significant. These errors, often subtle, can drastically weaken the protective capabilities of firewalls. Misconfigurations in Firewall Security Misconfigurations in firewall security, frequently a result of human error, can significantly compromise the effectiveness of these crucial security barriers. These misconfigurations can take various forms, each posing unique risks to network integrity. Common types of firewall misconfigurations include: Improper Access Control Lists (ACLs) Setup: ACLs define who can access what resources in a network. Misconfigurations here might involve setting rules that are too permissive, inadvertently allowing unauthorized users to access sensitive areas of the network. An example could be erroneously allowing traffic from untrusted sources or failing to restrict access to critical internal resources. Faulty VPN Configurations: Virtual Private Networks (VPNs) are essential for secure remote access. Misconfigured VPNs can create vulnerabilities, especially if they are not properly integrated with the firewall\'s rule set. Common errors include not enforcing strong authentication or neglecting to restrict access based on user roles and permissions. Outdated or Redundant Firewall Rules: Over time, the network environment changes, but firewall rules may not be updated accordingly. Outdated rules can create security gaps or unnecessary complexity. Redundant or conflicting rules can also lead to confusion in policy enforcement, potentially leaving the network open to exploitation. Incorrect Port Management: Open ports are necessary for network communication, but unnecessary open ports can be explo | Malware Tool Vulnerability Threat Legislation Industrial | ★★ | |
|
2024-06-05 06:44:14 | Microsoft a payé Tenable une prime de bogue pour un défaut azur qu'il dit n'a pas besoin d'un correctif, juste une meilleure documentation Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn\\'t need a fix, just better documentation (lien direct) |
Laissez les clients interférer avec les autres locataires?Que \\ est notre cloud travaillant par conception, Redmond semble dire une vulnérabilité - ou tout simplement un travail comme prévu, selon qui vous demandez - dans le cloud de Microsoft \\ permet potentiellement que les mécréants ondulentRègles du pare-feu à l'extérieur et accéder à d'autres ressources Web privées.…
Let customers interfere with other tenants? That\'s our cloud working by design, Redmond seems to say A vulnerability - or just Azure working as intended, depending on who you ask - in Microsoft\'s cloud potentially allows miscreants to wave away firewall rules and access other people\'s private web resources.… |
Vulnerability Cloud | ★★ | |
|
2024-06-04 20:57:15 | Alertes de vulnérabilité de vigilance - Undertow: fuite de mémoire via le stockage de la demande, analysé le 04/04/2024 Vigilance Vulnerability Alerts - Undertow: memory leak via Request Storage, analyzed on 04/04/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire de Undertow, via le stockage de la demande, afin de déclencher un déni de service.
-
vulnérabilité de sécurité
An attacker can create a memory leak of Undertow, via Request Storage, in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★★★ | |
 |
2024-06-04 17:39:22 | GCP-2024-032 (lien direct) | Publié: 2024-06-04 Description
Description
Gravité
notes
Les CVE suivants exposent le maillage de service cloud aux vulnérabilités exploitables: CVE-2024-23326: Envoy accepte incorrectement la réponse HTTP 200 pour la saisie du mode de mise à niveau.
CVE-2024-32974: Crash in EnvoyquicserServerStream :: OninitialHeasterComplete ().
CVE-2024-32975: Crash in QuicheDataReader :: peekvarint62Length ().
CVE-2024-32976: boucle sans fin lors de la décompression des données de brotli avec une entrée supplémentaire.
CVE-2024-34362: Crash (use-après-libre) dans EnvoyquicserServerStream.
CVE-2024-34363: Crash en raison de l'exception de Nlohmann JSON non cambrée.
CVE-2024-34364: Vector Oom Envoy de HTTP Async Client avec tampon de réponse illimité pour la réponse miroir. Pour les instructions et plus de détails, consultez le Cloud Service Mesh Security Bulletin .
High
cve-2024-23326
CVE-2024-32974
CVE-2024-32975
CVE-2024-32976
CVE-2024-34362
CVE-2024-34363
CVE-2024-34364
Published: 2024-06-04Description Description Severity Notes The following CVEs expose Cloud Service Mesh to exploitable vulnerabilities: CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode. CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete(). CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length(). CVE-2024-32976: Endless loop while decompressing Brotli data with extra input. CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream. CVE-2024-34363: Crash due to uncaught nlohmann JSON exception. CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response. For instructions and more details, see the Cloud Service Mesh security bulletin. High CVE-2024-23326 CVE-2024-32974 CVE-2024-32975 CVE-2024-32976 CVE-2024-34362 |
Vulnerability Cloud | ||
|
2024-06-04 15:58:00 | Snowflake avertit: la campagne de vol d'identification ciblée frappe les clients cloud Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers (lien direct) |
La société de cloud computing et d'analyse Snowflake a déclaré qu'un "nombre limité" de ses clients avait été distingué dans le cadre d'une campagne ciblée.
"Nous n'avons pas identifié de preuves suggérant que cette activité a été causée par une vulnérabilité, une erreur de configuration ou une violation de la plate-forme de Snowflake \\", a déclaré la société dans une déclaration conjointe avec Crowdstrike et Mandiant appartenant à Google.
"Nous n'avons pas identifié
Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake\'s platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant. "We have not identified |
Vulnerability Cloud | ★★★ | |
 |
2024-06-04 14:00:54 | Étendre et renforcer la sécurité DDOS sur l'ensemble du réseau avec Infinity Playblocks Extend & Strengthen DDoS Security Across the Entire Network with Infinity Playblocks (lien direct) |
Vulnerability Cloud | ★★★ | ||
|
2024-06-04 13:00:00 | NIST s'engage à planifier de reprendre le travail NVD NIST Commits to Plan to Resume NVD Work (lien direct) |
L'agence vise à brûler l'arriéré des vulnérabilités en attendant d'être ajoutée à la base de données nationale des vulnérabilités via un financement supplémentaire, un contrat tiers et un partenariat avec CISA.
The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and partnership with CISA. |
Vulnerability | ★★★ | |
|
2024-06-04 13:00:00 | NIST s'engage au plan de vulnérabilité, mais les chercheurs ont des préoccupations NIST Commits to Vulnerability Plan, But Researchers\\' Concerns Remain (lien direct) |
L'agence vise à brûler l'arriéré des vulnérabilités qui nécessitent un enrichissement en utilisant un financement supplémentaire et un contrat tiers, mais quelle est la solution à long terme?
The agency aims to burn down the backlog of vulnerabilities that need enrichment using additional funding and a third-party contract, but what\'s the long-term solution? |
Vulnerability | ★★★ | |
|
2024-06-04 10:00:00 | Test de pénétration de A.I.Des modèles Penetration Testing of A.I. Models (lien direct) |
Penetration testing is a cornerstone of any mature security program and is a mature and well understood practice supported by robust methodologies, tools, and frameworks. The tactical goals of these engagements typically revolve around identification and exploitation of vulnerabilities in technology, processes, and people to gain initial, elevated, and administrative access to the target environment. When executed well, the insights from penetration testing are invaluable and help the organization reduce IT related risk. Organizations are still discovering new ways in which Large Language Models (LLM’s) and Machine Learning (ML) can create value for the business. Conversely, security practitioners are concerned with the unique and novel risks to the organization these solutions may bring. As such the desire to expand penetration testing efforts to include these platforms is not surprising. However, this is not as straight forward as giving your testers the IP addresses to your AI stack during your next test. Thoroughly evaluating these platforms will require adjustments in approach for both organizations being evaluated and the assessors. Much of the attack surface to be tested for AI systems (i.e. cloud, network, system, and classic application layer flaws) is well known and addressed by existing tools and methods. However, the models themselves may contain risks as detailed in the OWASP Top Ten lists for LLM’s (https://llmtop10.com/) and Machine Learning (https://mltop10.info/). Unlike testing for legacy web application Top Ten flaws, where the impacts of any adversarial actions were ephemeral (i.e., SQL Injection) or easily reversed (i.e., stored XSS attack), this may not be the case when testing AI systems. The attacks submitted to the model during the penetration test could potentially influence long-term model behavior. While it is common to test web applications in production environments, for AI models that incorporate active feedback or other forms of post-training learning where testing could lead to perturbations in responses, it may be best to perform penetration testing in a non-production environment. Checksum mechanisms can be used to verify that the model versions are equivalent. Furthermore, several threat vectors in these lists deal specifically with the poisoning of training data to make the model generate malicious, false, or bias responses. If successful such an attack would potentially impact other concurrent users of the environment and having trained the model on such data, persist beyond the testing period. Lastly, there are hard dollar costs involved in training and operating these models. Taking any compute/storage/transport costs into account should test environments or retraining be required as part of recovering from a penetration test will be a new consideration for most. As penetration testers, the MITRE ATT&CK framework has long been a go-to resource for offensive security Tactics, Techniques and Procedures (TTP’s). With the attack surface expanding to AI platforms MITRE has expand their framework and created the Adversarial Threat Landscape for Artificial-Intelligence Systems, or “ATLAS”, knowledge base (https://atlas.mitre.org/matrices/ATLAS). ATLAS, along with the OWASP lists, give penetration testers a great place to start in terms of understanding and assessing the unique attack surface presented by AI models. Context of the model will need to be considered in both the rules of engagement under which the test is performed but also in judging model responses. Is the model public or private? Production or test? If access to training data is achieved, can poisoning attacks be conducted? If allowable, what | Tool Vulnerability Threat Cloud Technical Commercial | ★★★ |
To see everything:
Our RSS (filtrered)
