What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-10 19:00:06 | Exploitation active de deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) |
> La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifié dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.Cependant, une atténuation ne remédie pas à un compromis passé ou continu.Les systèmes devraient simultanément être analysés en profondeur par détails dans ce post pour rechercher des signes de violation.Au cours de la deuxième semaine de décembre 2023, la volexité a détecté un mouvement latéral suspect sur le réseau de l'un de ses clients de services de surveillance de la sécurité de réseau.Après une inspection plus approfondie, Volexity a constaté qu'un attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.Ces détections ont lancé une enquête sur la réponse aux incidents sur plusieurs systèmes que la volexité a finalement retrouvé à l'Ivanti Connect Secure (ICS) de l'organisation (anciennement connu sous le nom de Pulse Connect Secure, ou simplement Pulse Secure).Une inspection plus approfondie [& # 8230;]
>Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach. During the second week of December 2023, Volexity detected suspicious lateral movement on the network of one of its Network Security Monitoring service customers. Upon closer inspection, Volexity found that an attacker was placing webshells on multiple internal and external-facing web servers. These detections kicked off an incident response investigation across multiple systems that Volexity ultimately tracked back to the organization\'s Internet-facing Ivanti Connect Secure (ICS) VPN appliance (formerly known as Pulse Connect Secure, or simply Pulse Secure). A closer inspection […] |
Vulnerability Threat | ★★★ | |
 |
2024-01-10 14:45:00 | Cyber-insécurité et désinformation TOP WEF Global Risk List Cyber Insecurity and Misinformation Top WEF Global Risk List (lien direct) |
Les cyberattaques et la désinformation de la liste des risques mondiaux de WEF \\, avec une cybercriminalité, en raison de l'exploitation des progrès technologiques et de la domination de l'IA, des préoccupations concernant la vulnérabilité
Cyber-attacks and misinformation top WEF\'s list of global risks, with cybercrime poised to exploit tech advancements and AI dominance raising concerns about vulnerability |
Vulnerability Threat | ★★★ | |
 |
2024-01-10 14:20:00 | CISA a mis en garde contre la vulnérabilité critique de Fortinet (CVE-2023-44250) et a émis un nouvel avis ICS CISA Warned of Critical Fortinet Vulnerability (CVE-2023-44250) and Issued a New ICS Advisory (lien direct) |
Dans une alerte récente, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a exhorté les utilisateurs et ...
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) has urged users and... |
Vulnerability Industrial | ★★★ | |
|
2024-01-10 13:20:38 | Janvier 2024 & # 8211;Microsoft Patch Mardidis et SAP Security Patch Day Faits saillants January 2024 – Microsoft Patch Tuesday & SAP Security Patch Day Highlights (lien direct) |
Microsoft a publié mardi son correctif de janvier 2024, abordant un total de 48 vulnérabilités de sécurité, ...
Microsoft has released its January 2024 Patch Tuesday, addressing a total of 48 security vulnerabilities,... |
Vulnerability | ★★ | |
 |
2024-01-10 13:00:00 | Les lois sur la vulnérabilité créent des primes de bogue avec les caractéristiques chinoises \\ ' Vulnerability laws create \\'bug bounties with Chinese characteristics\\' (lien direct) |
Pour les acteurs de l'État-nation ciblant les adversaires dans le cyberespace, les vulnérabilités non corrigées dans les logiciels sont comme des munitions.En tant que matière générale, les agences de renseignement et les pirates militaires dépensent des millions de dollars sur le marché gris et des milliers d'heures d'homme dans le but de déterrer des défauts dans le code que personne n'a encore découvert. _But pour le passé
For nation-state actors targeting adversaries in cyberspace, unpatched vulnerabilities in software are like ammunition. As a general matter, intelligence agencies and military hackers spend millions of dollars in the gray market and thousands of man-hours in a bid to dig up flaws in code that no one has discovered yet. _But for the past |
Vulnerability | ★★ | |
 |
2024-01-10 12:14:51 | Vulnérabilités de sécurité critiques identifiées dans ConnectWise ScreenConnect par des chercheurs de sécurité Gotham Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers (lien direct) |
Vulnérabilités de sécurité critiques identifiées dans ConnectWise ScreenConnect par les chercheurs de sécurité Gotham
Gotham Security a travaillé en partenariat étroit avec ConnectWise pour identifier et traiter rapidement les vulnérabilités de sécurité dans ScreenConnect pour empêcher une violation majeure pour des milliers d'entreprises
-
vulnérabilité de sécurité
Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers Gotham Security worked in close partnership with ConnectWise to rapidly identify and address security vulnerabilities in ScreenConnect to prevent major breach for thousands of companies - Security Vulnerability |
Vulnerability | ★★ | |
 |
2024-01-10 11:00:00 | Attaques d'ingénierie sociale: exemples réels et comment les éviter Social engineering attacks: Real-life examples and how to avoid them (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the ever-evolving landscape of cybersecurity threats, social engineering remains a potent and insidious method employed by cybercriminals. Unlike traditional hacking techniques that exploit software vulnerabilities, social engineering manipulates human psychology to gain unauthorized access to sensitive information. In this article, we will delve into various social engineering tactics, highlighting real-life examples, and offering guidance on how to recognize and avoid falling victim to these deceptive schemes. Understanding social engineering Social engineering is an umbrella term encompassing a range of techniques used to exploit human behaviour. Attackers leverage psychological manipulation to trick individuals into divulging confidential information, clicking on malicious links, or performing actions that compromise security. The following are common social engineering tactics: 1. Phishing attacks: Real-life example: An employee receives an email purportedly from their company\'s IT department, requesting login credentials for a system upgrade. Guidance: Verify the legitimacy of such emails by contacting the IT department through official channels. 2. Pretexting: Real-life example: A scammer poses as a co-worker, claiming to need sensitive information urgently for a project. Guidance: Always verify requests for sensitive information directly with the person involved using trusted communication channels. 3. Baiting: Real-life example: Malicious software disguised as a free software download is offered, enticing users to compromise their systems. Guidance: Avoid downloading files or clicking on links from untrusted sources, and use reputable security software. 4. Quizzes and surveys: Real-life example: Individuals are tricked into taking quizzes that ask for personal information, which is then used for malicious purposes. Guidance: Be cautious about sharing personal details online, especially in response to unsolicited quizzes or surveys. 5. Impersonation: Real-life example: A fraudster poses as a tech support agent, convincing the victim to provide remote access to their computer. Guidance: Verify the identity of anyone claiming to represent a legitimate organization, especially if unsolicited. Recognizing social engineering attacks Recognizing social engineering attacks is crucial for thwarting cyber threats. Here are key indicators that can help individuals identify potential scams: Urgency and pressure: Attackers often create a sense of urgency to prompt impulsive actions. Be skeptical of requests that demand immediate responses. Unsolicited communications: Be wary of unexpected emails, messages, or calls, especially if they request sensitive information or prompt you to click on links. Unusual requests: Any request for sensitive information, such as passwords or financial details, should be treated with suspicion, especially if it deviates from normal procedures. Mismatched URLs: Hover over links to reveal the actual destination. Verify that the URL matches the purported source, and look for subtle misspellings or variations. How to avoid falling victim Protecting oneself from social engineering requires a combination of vigilance, skepticism, and proactive measures: Employee training programs: Conduct regular training sessions to educate employees about social engineering tactics, emphasizing the importance of verifying requests for sensitive information. Multi-factor authentication (MFA): Implement MFA to add an ext | Vulnerability Threat | ★★★ | |
 |
2024-01-10 10:56:00 | Microsoft \\'s Janvier 2024 Windows Update Patches 48 NOUVELLES Vulnérabilités Microsoft\\'s January 2024 Windows Update Patches 48 New Vulnerabilities (lien direct) |
Microsoft a abordé un total de & nbsp; 48 Security Flaws & nbsp; couvrant son logiciel dans le cadre de ses mises à jour du patch mardi pour janvier 2024.
Sur les 48 bogues, deux sont critiques et 46 sont évalués en fonction de la gravité.Il n'y a aucune preuve que l'un des problèmes est connu publiquement ou sous une attaque active au moment de la libération, ce qui en fait le deuxième patch consécutif mardi sans jour zéro.
Le
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The |
Vulnerability | ★★★ | |
|
2024-01-10 10:20:00 | CISA Flags 6 Vulnérabilités - Apple, Apache, Adobe, D-Link, Joomla sous attaque CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a & nbsp; ajouté & nbsp; six défauts de sécurité à son catalogue connu vulnérabilités exploitées (KEV), citant des preuves d'exploitation active.
Cela inclut & nbsp; CVE-2023-27524 & NBSP; (Score CVSS: 8.9), une vulnérabilité de haute sévérité ayant un impact sur le logiciel de visualisation de données open-source APACHE qui pourrait permettre l'exécution du code distant.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution. |
Vulnerability | ★★★ | |
|
2024-01-10 09:30:00 | Microsoft corrige 12 bogues RCE en janvier mardi Microsoft Fixes 12 RCE Bugs in January Patch Tuesday (lien direct) |
Le défaut Hyper-V critique est l'une des 12 vulnérabilités d'exécution de code distant résolues ce patch mardi
Critical Hyper-V flaw is one of 12 remote code execution vulnerabilities fixed this Patch Tuesday |
Vulnerability | ★★★ | |
 |
2024-01-09 23:00:00 | Patch maintenant: le bogue Critical Windows Kerberos contourne Microsoft Security Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (lien direct) |
Une deuxième vulnérabilité de sécurité critique facile à exploiter dans le premier correctif de Microsoft \\ le mardi 2024 Mardi permet un RCE dans l'hyper-virtualisation.
A second, easy-to-exploit critical security vulnerability in Microsoft\'s first 2024 Patch Tuesday allows RCE within Hyper-Virtualization. |
Vulnerability | ★★★ | |
|
2024-01-09 16:45:00 | Flaw in AI Plugin expose 50 000 sites WordPress à l'attaque à distance Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack (lien direct) |
La vulnérabilité pourrait conduire à l'exécution du code à distance sur les systèmes affectés
The vulnerability could lead to remote code execution on affected systems |
Vulnerability | ★★ | |
|
2024-01-09 15:22:00 | Alerte: nouvelles vulnérabilités découvertes dans le gestionnaire de périphériques QNAP et Kyocera Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (lien direct) |
Une faille de sécurité a été divulguée dans Kyocera \\ 'S & nbsp; Device Manager & NBSP; produit qui pourrait être exploité par de mauvais acteurs pour mener des activités malveillantes sur les systèmes affectés.
"Cette vulnérabilité permet aux attaquants de contraindre des tentatives d'authentification à leurs propres ressources, comme une part de SMB malveillante, pour capturer ou relayer les informations d'identification active Directory si le \\ 'restreint NTLM: NTLM sortant
A security flaw has been disclosed in Kyocera\'s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the \'Restrict NTLM: Outgoing NTLM |
Vulnerability | ★★ | |
 |
2024-01-09 14:32:37 | CISA avertit les agences du quatrième défaut utilisé dans les attaques de logiciels spy CISA warns agencies of fourth flaw used in Triangulation spyware attacks (lien direct) |
L'Agence américaine de sécurité de cybersécurité et d'infrastructure a ajouté à la sienne au catalogue connu des vulnérabilités exploités six vulnérabilités qui ont un impact sur les produits d'Adobe, Apache, D-Link et Joomla.[...]
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...] |
Vulnerability | ★★ | |
 |
2024-01-09 14:24:00 | Alerte Vert Threat: Janvier 2024 Patch mardi Analyse VERT Threat Alert: January 2024 Patch Tuesday Analysis (lien direct) |
Aujourd'hui, les adresses d'alerte VERT de \\ sont des mises à jour de sécurité de Janvier 2024 de Microsoft \\.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1088 dès la fin de la couverture.CVE dans la volonté et divulgués, il n'y avait pas de CVE in-wild ou divulgué inclus dans la goutte de mardi de patch de janvier.La ventilation de CVE par TAG tandis que les groupes historiques de Bulletin de sécurité Microsoft ont disparu, les vulnérabilités Microsoft sont taguées avec un identifiant.Cette liste fournit une ventilation des CVE sur une base par étiquette.Les vulnérabilités sont également codées par couleur pour aider à identifier les problèmes clés ...
Today\'s VERT Alert addresses Microsoft\'s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues... |
Vulnerability Threat | ★★ | |
|
2024-01-09 14:00:00 | Vulnérabilités trouvées dans les clés Bosch de haute puissance populaires auprès des constructeurs automobiles Vulnerabilities found in high-power Bosch wrenches popular with carmakers (lien direct) |
Plusieurs vulnérabilités ont été trouvées dans une ligne populaire de clés à couple pneumatique fabriquées par une filiale de Bosch, une société allemande d'ingénierie et de technologie.Les clés mécaniques se trouvent généralement dans les installations de fabrication qui effectuent des tâches de resserrement critiques, en particulier les lignes de production automobile, selon les chercheurs de la société de cybersécurité industrielle Nozomi Networks.Les vulnérabilités dans
Several vulnerabilities have been found in a popular line of pneumatic torque wrenches made by a subsidiary of Bosch, a German engineering and technology corporation. The mechanical wrenches are typically found in manufacturing facilities that perform safety-critical tightening tasks, especially automotive production lines, according to researchers at industrial cybersecurity firm Nozomi Networks. The vulnerabilities in |
Vulnerability Industrial | ★★ | |
|
2024-01-09 11:00:00 | Histoires du SOC: quelque chose sent Phishy Stories from the SOC: Something smells phishy (lien direct) |
Executive summary
In the current cyber landscape, adversaries commonly employ phishing as the leading technique to compromise enterprise security. The susceptibility of human behavior makes individuals the weakest link in the security chain. Consequently, there is an urgent need for robust cybersecurity measures. Phishing, which capitalizes on exploiting human behavior and vulnerabilities, remains the adversary\'s top choice. To counter this threat effectively, ongoing education and awareness initiatives are essential. Organizations must recognize and address the pivotal role of human vulnerability in cybersecurity.
During regular business hours, an alarm was generated due to a customer’s user that had interacted with a potentially malicious phishing link. This prompted a thorough investigation conducted by analysts that involved leveraging multiple Open-Source Intelligence (OSINT) tools such as VirusTotal and URLscan.io. Through a meticulous examination, analysts were able to unveil suspicious scripts within the phishing webpage’s Document Object Model (DOM) that pinpointed an attempt to exfiltrate user credentials. This detailed analysis emphasizes the importance of proactive cybersecurity measures and showcases the effectiveness of analysts leveraging OSINT tools along with their expertise to accurately assess threats within customer’s environments.
Investigation
The alarm
The Managed Detection and Response (MDR) Security Operations Center (SOC) initially received an alarm triggered by a potentially malicious URL that a user received in their inbox. Office 365\'s threat intelligence feed flagged this URL as potentially malicious. The initial steps in addressing this alarm involve two key actions.
First, it is crucial to determine the scope of impact on the customer\'s environment by assessing how many other users received the same URL. Second, a thorough validation process is essential to confirm whether the URL is indeed malicious. These initial steps lay the foundation for a comprehensive response to safeguard the security of the environment.
To determine how many users received the same URL, a comprehensive search within the customer\'s environment revealed that no other users received the same URL. As a result, only one user is affected, suggesting that this is an isolated incident and does not appear to be part of a targeted attack on the customer\'s environment. With this understanding, the focus can now shift to the second step: Validating the reputation of the URL.
By employing the OSINT tool VirusTotal and inputting the URL received by the user, we aim to assess its potential threat level. VirusTotal aggregates results from various security vendors to provide a comprehensive analysis. In the current evaluation, 13 out of 90 security vendors classify this URL as malicious. It\'s important to note that while the number of vendors flagging the URL is a key factor, a conclusive determination of malicious intent typically considers a consensus among a significant portion of these vendors. A higher number of detections by diverse security platforms strengthens the confidence in labeling the URL as malicious.
With a potentially malicious URL identified, it is imperative to delve deeper to ascertain the underlying reasons for its malicious reputation. Analysts will utilize a tool such as URLscan.io for this purpose. URLscan.io serves as a sandbox, providing a risk-free environment for visiting websites. This tool is instrumental in conducting a thorough examination to uncover the nuances contributing to the URL\'s malicious classification.
After entering our identified malicious URL into URLscan.io, |
Data Breach Tool Vulnerability Threat | ★★ | |
|
2024-01-09 10:02:04 | IP criminel et partenaire tenable pour la détection de vulnérabilité rapide Criminal IP and Tenable Partner for Swift Vulnerability Detection (lien direct) |
Le moteur de recherche Cyber Threat Intelligence (CTI) Criminal IP a établi un partenariat technique avec Tenable.En savoir plus sur Criminal IP sur la façon dont ce partenariat peut aider à la vulnérabilité en temps réel et aux analyses de malveillance.[...]
Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. [...] |
Vulnerability Threat Technical | ★★ | |
|
2024-01-09 02:59:09 | Tripwire Patch Priority Index pour décembre 2023 Tripwire Patch Priority Index for December 2023 (lien direct) |
Le décembre 2023 de Tripwire \\ Index de la priorité du patch (PPI) rassemble des vulnérabilités importantes pour Microsoft et Google.Les correctifs pour Google Chrome et Microsoft Edge (basés sur le chrome) qui résolvent l'élévation des privilèges, l'exécution du code à distance et les vulnérabilités de divulgation des informations.Veuillez noter que CVE-2023-7024 pour Chrome est sur le catalogue CISA connu exploité des vulnérabilités (KEV), ce qui signifie que cette vulnérabilité a été activement exploitée.La liste des priorités du correctif des correctifs ce mois-ci est les correctifs pour Microsoft Word et Outlook qui résolvent 2 informations ...
Tripwire\'s December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google. First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024 for Chrome is on the CISA Known Exploited Vulnerabilities (KEV) catalog, which means this vulnerability has been actively exploited. Next on the patch priority list this month are patches for Microsoft Word and Outlook that resolve 2 information... |
Vulnerability | ★★ | |
 |
2024-01-09 00:00:00 | Fortiportal - Contrôle d'accès insuffisant sur les points de terminaison de l'API FortiPortal - Insufficient Access Control over API endpoints (lien direct) |
Une contournement d'autorisation par le biais de la vulnérabilité clé contrôlée par l'utilisateur [CWE-639] affectant Fortiportal peut permettre à un utilisateur authentifié à distance avec au moins des autorisations en lecture seule pour accéder à d'autres points de terminaison organisationnels via des demandes de GET fabriquées.
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting FortiPortal may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortiportal - Création de compte en dehors des PDI initiaux FortiPortal - Account creation outside initial IdP (lien direct) |
Une vulnérabilité de gestion de privilèges inappropriée [CWE-269] à Fortiportal peut permettre à un attaquant distant et authentifié d'ajouter des utilisateurs en dehors de son PDI initial
An improper privilege management vulnerability [CWE-269] in FortiPortal may allow a remote and authenticated attacker to add users outside its initial Idp |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortivoice - Vulnérabilité de traversée de chemin dans l'interface administrative FortiVoice - Path traversal vulnerability in administrative interface (lien direct) |
Une limitation inappropriée d'un chemin d'accès à un répertoire restreint (\\ 'Path Traversal \') Vulnérabilité [CWE-22] dans Fortivoice peut permettre à un attaquant authentifié de lire des fichiers arbitraires à partir du système via l'envoi de requêtes HTTP ou HTTPS conçues ou HTTPS
An improper limitation of a pathname to a restricted directory (\'path traversal\') vulnerability [CWE-22] in FortiVoice may allow an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortipam - Manque de contrôle des taux pour protéger contre les attaques DOS FortiPAM - Lack of rate control to protect against DoS attacks (lien direct) |
Une allocation de ressources sans limites ou de la vulnérabilité étrangle [CWE-770] à Fortipam peut permettre à un attaquant authentifié d'effectuer une attaque de déni de service via l'envoi de demandes HTTP ou HTTPS artisanales à une fréquence élevée.
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM may allow an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests at a high frequency. |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortios & Fortiproxy - Autorisation inappropriée pour les demandes HA FortiOS & FortiProxy - Improper authorization for HA requests (lien direct) |
Une vulnérabilité de gestion de privilèges inappropriée [CWE-269] dans un cluster Fortios & Fortiproxy HA peut permettre à un attaquant authentifié d'effectuer des actions élevées via des demandes HTTP ou HTTPS conçues.
An improper privilege management vulnerability [CWE-269] in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. |
Vulnerability | ||
|
2024-01-08 23:00:00 | Outil de surveillance des cactus enrichi par une vulnérabilité critique d'injection SQL Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability (lien direct) |
Les attaquants peuvent exploiter le problème pour accéder à toutes les données dans la base de données CACTI;Et, il permet RCE lorsqu'il est enchaîné avec une vulnérabilité précédente.
Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability. |
Tool Vulnerability Threat | ★★★ | |
|
2024-01-08 14:31:00 | Webinaire & # 8211;Tirez parti de la sécurité zéro fiducie pour minimiser votre surface d'attaque Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface (lien direct) |
L'expansion numérique augmente inévitablement la surface d'attaque externe, ce qui vous rend sensible aux cyber-états.Les acteurs de la menace exploitent de plus en plus les vulnérabilités résultant des logiciels et des infrastructures exposés à Internet;Cela comprend ironiquement les outils de sécurité, en particulier les pare-feu et les VPN, qui donnent aux attaquants un accès direct au réseau pour exécuter leurs attaques.En fait, & nbsp; Gartner &
Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner& |
Tool Vulnerability Threat | ★★ | |
|
2024-01-08 13:23:00 | NIST avertit les risques de sécurité et de confidentialité du déploiement rapide du système d'IA NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (lien direct) |
L'Institut national américain des normes et de la technologie (NIST) attire l'attention sur le & nbsp; défis de confidentialité et de sécurité et NBSP; qui résultent de l'accroître le déploiement des systèmes d'intelligence artificielle (IA) ces dernières années.
«Ces défis de sécurité et de confidentialité comprennent le potentiel de manipulation contradictoire des données de formation, l'exploitation contradictoire des vulnérabilités du modèle
The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years. “These security and privacy challenges include the potential for adversarial manipulation of training data, adversarial exploitation of model vulnerabilities to |
Vulnerability | ★★ | |
 |
2024-01-08 13:22:44 | Données empoisonnées, manipulation malveillante: l'étude NIST révèle des vulnérabilités de l'IA Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities (lien direct) |
> Par waqas
NIST dévoile les informations sur les vulnérabilités de l'IA et les menaces potentielles.
Ceci est un article de HackRead.com Lire le post original: Données empoisonnées, manipulation malveillante: l'étude NIST révèle des vulnérabilités de l'IA
>By Waqas NIST Unveils Insights on AI Vulnerabilities and Potential Threats.w This is a post from HackRead.com Read the original post: Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities |
Vulnerability Studies | ★★ | |
|
2024-01-08 11:00:00 | Le siège de botnet: comment votre grille-pain pourrait renverser une société The Botnet siege: How your toaster could topple a corporation (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In addition to the overt signs of cyber threats we\'ve become conditioned to recognize, like ransomware emails and strange login requests, malicious actors are now utilizing another way to achieve their nefarious purposes — by using your everyday devices. These hidden dangers are known as botnets. Unbeknownst to most, our everyday devices, from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants. This insidious force operates in silence, escaping the notice of even the most vigilant users. A recent report by Nokia shows that criminals are now using these devices more to orchestrate their attacks. In fact, cyber attacks targeting IoT devices are expected to double by 2025, further muddying the already murky waters. Let us go to the battlements of this siege, and we’ll tackle the topic in more depth. What is a botnet? Derived from the words “robot” and "network.", a botnet refers to a group of devices that have been infected with malicious software. Once infected, these devices are controlled remotely by a central server and are often used to carry out malicious activities such as cyber attacks, espionage, financial fraud, spam email campaigns, stealing sensitive information, or simply the further propagation of malware. How does a botnet attack work? A botnet attack begins with the infection of individual devices. Cybercriminals use various tactics to compromise these devices, such as sending malicious emails, exploiting software vulnerabilities, or tricking users into downloading malware. Everyday tech is notoriously prone to intrusion. The initial stages of building a botnet are often achieved with deceptively simple yet elegant tactics. Recently, a major US energy company fell prey to one such attack, owing to hundreds of phishing emails. By using QR code generators, the attacks combined two seemingly benign elements into a campaign that hit manufacturing, insurance, technology, and financial services companies, apart from the aforementioned energy companies. This new attack vector is now being referred to as Quishing — and unfortunately, it’s only going to become more prevalent. Once a device has been compromised, it becomes part of the botnet. The cybercriminal gains control over these infected devices, which are then ready to follow the attacker\'s commands. The attacker is then able to operate the botnet from a central command-and-control server to launch various types of attacks. Common ones include: Distributed denial-of-service (DDoS). The botnet floods a target website or server with overwhelming traffic, causing it to become inaccessible to legitimate users. Spam emails. Bots can be used to send out massive volumes of spam emails, often containing phishing scams or malware. Data theft. Botnets can steal sensitive information, such as login credentials or personal data, from the infected devices. Propagation. S | Ransomware Spam Malware Vulnerability Threat | ★★ | |
 |
2024-01-08 09:39:09 | Sécuriser JavaScript: meilleures pratiques et vulnérabilités communes Securing JavaScript: Best Practices and Common Vulnerabilities (lien direct) |
JavaScript est le langage de programmation le plus utilisé, selon la plus récente enquête sur les développeurs Stackoverflow.Bien que JavaScript offre une grande flexibilité et une grande facilité d'utilisation, il présente également des risques de sécurité qui peuvent être exploités par les attaquants.Dans ce blog, nous explorerons les vulnérabilités en JavaScript, les meilleures pratiques pour sécuriser votre code et les outils pour empêcher les attaques.
Comprendre les vulnérabilités JavaScript
Cet article explore les vulnérabilités communes liées à la sécurité JavaScript et fournit les meilleures pratiques pour sécuriser votre code.
Si vous manquez de temps, vous pouvez commencer par utiliser Veracode Dast Essentials, un scanner de sécurité JavaScript, pour identifier les vulnérabilités potentielles.L'exécution de cet outil générera rapidement des rapports, mettra en évidence vos vulnérabilités spécifiques et fournira des instructions claires sur la façon de les résoudre.
Vulnérabilités de code source javascript
Les développeurs JavaScript s'appuient généralement sur l'intégration de nombreux packages et bibliothèques publiques ou open source contenant…
JavaScript is the most commonly-used programing language, according to the most recent StackOverflow developer survey. While JavaScript offers great flexibility and ease of use, it also introduces security risks that can be exploited by attackers. In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks. Understanding JavaScript Vulnerabilities This article explores the common vulnerabilities related to JavaScript security and provides best practices to secure your code. If you\'re short on time, you can begin by using Veracode DAST Essentials, a JavaScript security scanner, to identify potential vulnerabilities. Running this tool will quickly generate reports, highlight your specific vulnerabilities, and provide clear instructions on how to remediate them. JavaScript Source Code Vulnerabilities JavaScript developers typically rely on integrating numerous public or open-source packages and libraries containing… |
Tool Vulnerability | ★★ | |
|
2024-01-05 13:12:00 | Alerte: Ivanti publie un patch Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution (lien direct) |
Ivanti a publié des mises à jour de sécurité pour aborder un défaut critique impactant sa solution de gestion de terminaux (EPM) qui, s'il est exploité avec succès, pourrait entraîner une exécution de code distante (RCE) sur des serveurs sensibles.
Suivi en CVE-2023-39336, la vulnérabilité a été évaluée à 9,6 sur 10 sur le système de notation CVSS.La lacune a un impact sur l'EPM 2021 et l'EPM 2022 avant SU5.
«Si exploité, un
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an |
Vulnerability | ★★★ | |
|
2024-01-05 11:40:00 | Ivanti a publié un patch dans Endpoint Manager Solution (EPM) pour une vulnérabilité critique, CVE-2023-39336 Ivanti Released a Patch in Endpoint Manager Solution (EPM) for a Critical Vulnerability, CVE-2023-39336 (lien direct) |
ivanti a abordé une vulnérabilité critique dans sa solution de gestionnaire de terminaux (EPM), identifiée comme CVE-2023-39336, ...
Ivanti has addressed a critical vulnerability in its Endpoint Manager (EPM) solution, identified as CVE-2023-39336,... |
Vulnerability | ★★★ | |
|
2024-01-05 10:47:35 | La CISA émet des conseils ICS pour les vulnérabilités affectant Rockwell Automation, Mitsubishi Electric et Unitronics CISA Issues ICS Advisories for Vulnerabilities Affecting Rockwell Automation, Mitsubishi Electric, and Unitronics (lien direct) |
CISA a publié trois avis sur les systèmes de contrôle industriel (ICS), abordant les dernières vulnérabilités de sécurité ...
CISA has issued three advisories on Industrial Control Systems (ICS), addressing the latest security vulnerabilities... |
Vulnerability Industrial | ★★★ | |
 |
2024-01-05 09:48:19 | CISA Personne des avis ICS couvrant les vulnérabilités matérielles à Rockwell, Mitsubishi Electric Equipment CISA issues ICS advisories covering hardware vulnerabilities in Rockwell, Mitsubishi Electric equipment (lien direct) |
> L'Agence américaine de sécurité de cybersécurité et d'infrastructure (CISA) a publié jeudi trois avis axés sur les systèmes de contrôle industriel ...
>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued on Thursday three advisories focused on industrial control systems... |
Vulnerability Industrial | ★★★★ | |
 |
2024-01-05 06:00:31 | 2023 Année en revue: versions de contenu axées sur les menaces pour la sensibilisation à la sécurité 2023 Year in Review: Threat-Driven Content Releases for Security Awareness (lien direct) |
As a new year approaches, it is natural to reflect on recent accomplishments. At Proofpoint, we are reflecting on our work to deliver security awareness content and updated features in line with our ongoing goal to drive behavior change. Proofpoint Security Awareness integrates our rich threat intelligence, which means it taps into current and emerging attacks. Our threat analysts surface threat trends, such as artificial intelligence (AI)-enhanced vishing, malicious QR codes and remote IT support scams. And then we work quickly to release new training features and awareness material to ensure inform security administrators and educate employees about ever-evolving attacks. In 2023, our content releases focused on three areas: Delivering a threat-driven program Improving how security awareness administrators work Enhancing how people learn Let\'s review the past year and explore how Proofpoint used content releases to respond to the changing threat landscape. Image from AI Chatbot Threats training (play video). Quick turnaround for threat trends Proofpoint Security Awareness alerts customers to threats in two powerful ways-Threat Alerts and Attack Spotlights. It also continuously trains employees with threat-driven training modules. Threat Alerts These weekly releases focus on a specific and current ongoing attack. They explain what the threat is and who it might target. And they describe a specific lure, if applicable. Each alert is linked to activity that our threat analysts see happening in the wild. We recommend applicable training like simulated phishing and awareness material and include suggested email messaging. In 2023, we released Threat Alerts on: IRS-themed phishing lures for tax season (February, March, April) AI-enhanced vishing calls that impersonate loved ones (March) Malicious QR codes for credential phishing (May, August) Telephone-oriented attack delivery (TOAD) using a Geek Squad PDF lure (July, October) Charity donation scams around the Israel-Palestine crisis (October) Christmas party lures for credential phishing (November) Attack Spotlights These monthly releases cast a wider lens on attack types. They focus on a time-based or reoccurring threat that is expected to trend, typically related to holidays, travel seasons or shopping events. Each spotlight is released a month in advance with a campaign plan, awareness material and training modules, and is available in 12 core languages. In 2023, Proofpoint published these Attack Spotlight campaigns: Smishing with package delivery lures (February) Business email compromise (BEC) phishing with requests for quotations (RFQs) (April) LinkedIn phishing lures (May) Amazon phishing lures (June) Remote IT support scams (September) Gift card scams (December) Image from Attack Spotlight video (play video). Threat modules These training videos are relevant to the changing threat landscape. They are inspired by our threat intelligence and our team\'s threat landscape research. These micro-learning modules are grounded in learning science principles that are designed to drive behavior change. Each module has a concise and specific learning objective. The delivery of content is tailored to individual factors such as a person\'s role, learning style, vulnerability level and preferred language. In 2023, we covered these topics in our new threat training modules: Data loss protection AI chatbot threats Amazon phishing scams Cryptocurrency investment scams QR code dangers Multifactor authentication (MFA) Image from Threat Module video (play video). Staying ahead of generative AI attacks AI-powered systems are promoted as tools to help us work faster, and they are transforming businesses and industries. This wide-reaching access can create security risks from potential data breaches to concerns over user privacy. Your employees need to be aware of the limitations and risks of using AI-powered tools, especiall | Ransomware Tool Vulnerability Threat Studies Prediction Cloud | ★★★★ | |
|
2024-01-04 22:24:00 | (Déjà vu) Signal de risque de défenseur industriel, une solution de gestion de vulnérabilité basée sur les risques pour la sécurité OT Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security (lien direct) |
As a new year approaches, it is natural to reflect on recent accomplishments. At Proofpoint, we are reflecting on our work to deliver security awareness content and updated features in line with our ongoing goal to drive behavior change. Proofpoint Security Awareness integrates our rich threat intelligence, which means it taps into current and emerging attacks. Our threat analysts surface threat trends, such as artificial intelligence (AI)-enhanced vishing, malicious QR codes and remote IT support scams. And then we work quickly to release new training features and awareness material to ensure inform security administrators and educate employees about ever-evolving attacks. In 2023, our content releases focused on three areas: Delivering a threat-driven program Improving how security awareness administrators work Enhancing how people learn Let\'s review the past year and explore how Proofpoint used content releases to respond to the changing threat landscape. Image from AI Chatbot Threats training (play video). Quick turnaround for threat trends Proofpoint Security Awareness alerts customers to threats in two powerful ways-Threat Alerts and Attack Spotlights. It also continuously trains employees with threat-driven training modules. Threat Alerts These weekly releases focus on a specific and current ongoing attack. They explain what the threat is and who it might target. And they describe a specific lure, if applicable. Each alert is linked to activity that our threat analysts see happening in the wild. We recommend applicable training like simulated phishing and awareness material and include suggested email messaging. In 2023, we released Threat Alerts on: IRS-themed phishing lures for tax season (February, March, April) AI-enhanced vishing calls that impersonate loved ones (March) Malicious QR codes for credential phishing (May, August) Telephone-oriented attack delivery (TOAD) using a Geek Squad PDF lure (July, October) Charity donation scams around the Israel-Palestine crisis (October) Christmas party lures for credential phishing (November) Attack Spotlights These monthly releases cast a wider lens on attack types. They focus on a time-based or reoccurring threat that is expected to trend, typically related to holidays, travel seasons or shopping events. Each spotlight is released a month in advance with a campaign plan, awareness material and training modules, and is available in 12 core languages. In 2023, Proofpoint published these Attack Spotlight campaigns: Smishing with package delivery lures (February) Business email compromise (BEC) phishing with requests for quotations (RFQs) (April) LinkedIn phishing lures (May) Amazon phishing lures (June) Remote IT support scams (September) Gift card scams (December) Image from Attack Spotlight video (play video). Threat modules These training videos are relevant to the changing threat landscape. They are inspired by our threat intelligence and our team\'s threat landscape research. These micro-learning modules are grounded in learning science principles that are designed to drive behavior change. Each module has a concise and specific learning objective. The delivery of content is tailored to individual factors such as a person\'s role, learning style, vulnerability level and preferred language. In 2023, we covered these topics in our new threat training modules: Data loss protection AI chatbot threats Amazon phishing scams Cryptocurrency investment scams QR code dangers Multifactor authentication (MFA) Image from Threat Module video (play video). Staying ahead of generative AI attacks AI-powered systems are promoted as tools to help us work faster, and they are transforming businesses and industries. This wide-reaching access can create security risks from potential data breaches to concerns over user privacy. Your employees need to be aware of the limitations and risks of using AI-powered tools, especiall | Vulnerability Industrial | ★★★ | |
 |
2024-01-04 20:13:46 | Plus de 11 millions de serveurs SSH vulnérables à l'attaque de Terrapin Over 11 Million SSH Servers Vulnerable To Terrapin Attack (lien direct) |
Les chercheurs en sécurité de l'Allemagne \'s Ruhr University Bochum il y a deux semaines ont découvert une vulnérabilité dans le protocole de réseau cryptographique Secure Shell (SSH) qui permet à un attaquant de rétrograder la sécurité de la connexion \\ exécutée par le protocole.
appelé terrapin ( cve-2023-48795 , score CVSS 5.9), cet exploit est une attaque de troncature préfixe, où certains paquets cryptés au début de la chaîne SSH peuvent être supprimés sans que le client ou le serveur le remarque.
Ceci est accompli pendant le processus de poignée de main dans lequel les numéros de séquence sont manipulés lors de l'établissement d'une connexion SSH et des messages échangés entre le client et le serveur sont alors spécifiquement supprimés.
Pour effectuer une attaque de terrapine, les attaquants doivent être dans une position adversaire dans le milieu (également abrégé en AITM et connu sous le nom d'homme dans le milieu ou du MITM) à la couche de réseau pour intercepter et modifier leÉchange de poignées de main et la connexion doit être sécurisée par Chacha20-Poly1305 ou CBC avec Encrypt-then-mac.
& # 8220; L'attaque peut être effectuée dans la pratique, permettant à un attaquant de rétrograder la sécurité de la connexion en tronquant le message de négociation d'extension (RFC8308) à partir de la transcription, & # 8221;Les chercheurs expliquée dans leur papier.
& # 8220; La troncature peut conduire à l'utilisation d'algorithmes d'authentification du client moins sécurisés et à la désactivation des contre-mesures spécifiques contre les attaques de synchronisation de Keystroke dans OpenSSH 9.5. & # 8221;
Maintenant, un récent scan par la plate-forme de surveillance de la menace de sécurité ShadowServer Warnsqu'il y a près de 11 millions d'adresses IP exposant un serveur SSH vulnérable aux attaques Terrapin.
Près d'un tiers de ces adresses, 3,3 millions, ont été identifiés aux États-Unis, suivis par la Chine (1,3 million), l'Allemagne (1 million), la Russie (700 000), Singapour (390 000) et le Japon (380 000).
Cela représente environ 52% de toutes les adresses IPv4 et IPv6 analysées par le système de surveillance de la Fondation ShadowServer. .
Bien que tous les 11 millions de serveurs SSH (par IP unique) soient immédiatement risqués d'être attaqués compte tenu des conditions de l'attaque de Terrapin, cela laisse encore de nombreuses possibilités pour que les cybercriminels exploitent.
Les chercheurs de Bochum de l'Université Ruhr ont fourni un scanner de vulnérabilité sur le Référentiel GitHub Pour les utilisateurs de Linux, Windows et MacOS qui souhaitent vérifier si leur client ou serveur SSH est vulnérable à Terrapin.
Security researchers at Germany\'s Ruhr University Bochum two weeks ago discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that allows an attacker to downgrade the connection\'s security executed by the protocol. Called Terrapin (CVE-2023-48795, CVSS score 5.9), this exploit is a prefix truncation attack, where some encrypted packets at the beginning of the SSH channel can be deleted without the cl |
Vulnerability Threat | ★★★ | |
|
2024-01-04 17:00:49 | InfoSec Global Federal ajouté à la liste de produits approuvés du Département de la sécurité intérieure et de la liste des produits approuvés InfoSec Global Federal Added to Department of Homeland Security Continuous Diagnostics and Mitigation Approved Product List (lien direct) |
Federal mondial Infosec ajouté au diagnostic continu du ministère de la Sécurité intérieure et à la liste des produits approuvés
-
nouvelles commerciales
InfoSec Global Federal Added to Department of Homeland Security Continuous Diagnostics and Mitigation Approved Product List - Business News |
Tool Vulnerability | ★★★ | |
 |
2024-01-04 15:00:00 | It et OT Cybersecurity: une approche holistique IT and OT cybersecurity: A holistic approach (lien direct) |
> Dans le domaine de la cybersécurité, les technologies de l'information (TI) et les technologies opérationnelles (OT) présentent des défis distincts que les organisations doivent naviguer.Assurer la sécurité de ces domaines distincts est primordial pour renforcer votre cyber-résilience globale.En suivant les meilleures pratiques décrites dans cet article, vous pouvez minimiser les vulnérabilités potentielles et garder votre posture de sécurité forte.[& # 8230;]
>In the realm of cybersecurity, both information technology (IT) and operational technology (OT) present distinct challenges that organizations must navigate. Ensuring the security of these distinct domains is paramount to bolstering your overall cyber resilience. By following the best practices outlined in this article, you can minimize potential vulnerabilities and keep your security posture strong. […] |
Vulnerability Industrial | ★★★ | |
|
2024-01-04 13:35:17 | Que rechercher dans un scanner de vulnérabilité open source What To Look For in an Open Source Vulnerability Scanner (lien direct) |
L'une des principales préoccupations de sécurité que nous entendons des leaders de la technologie concerne la sécurité des logiciels open source (OSS) et le développement de logiciels cloud.Un scanner de vulnérabilité open source (pour la numérisation OSS) vous aide à découvrir le risque dans le code tiers que vous utilisez.Cependant, ce n'est pas parce qu'une solution scanne l'open source que vous réduisez finalement le risque de sécurité.Voici ce qu'il faut rechercher dans un scanner de vulnérabilité open source et une solution de test de sécurité pour trouver et corriger les vulnérabilités dans l'OSS.
Contexte sur les vulnérabilités en open source et à quoi ressemble le risque
Avant de pouvoir parler de ce qu'il faut rechercher dans une solution de numérisation, nous devons parler des vulnérabilités que les outils recherchent.Né en 1999, la base de données nationale de vulnérabilité (NVD) était un produit de l'Institut national des normes et de la technologie (NIST) conçu pour être «le référentiel du gouvernement américain des données de gestion de la vulnérabilité basées sur les normes».Il représente un indice des vulnérabilités connues…
One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it. Here is what to look for in an open source vulnerability scanner and security testing solution to find and fix vulnerabilities in OSS. Background on Vulnerabilities in Open Source and What the Risk Looks Like Before we can talk about what to look for in a scanning solution, we need to talk about the vulnerabilities the tools are looking for. Born in 1999, the National Vulnerability Database (NVD) was a product of the National Institute of Standards and Technology (NIST) made to be “the U.S. government repository of standards based vulnerability management data.” It represents an index of known vulnerabilities… |
Tool Vulnerability Cloud | ★★★ | |
|
2024-01-04 13:01:29 | La CISA prévient les vulnérabilités exploitées dans la bibliothèque d'analyse chromée et Excel CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library (lien direct) |
> Par waqas
CISA exhorte une action rapide à mesure que deux vulnérabilités critiques émergent.
Ceci est un article de HackRead.com Lire le post original: CISA met en garde contre les vulnérabilités exploitées dans la bibliothèque d'analyse chrome et Excel
>By Waqas CISA Urges Swift Action as Two Critical Vulnerabilities Emerge. This is a post from HackRead.com Read the original post: CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library |
Vulnerability | ★★★ | |
 |
2024-01-04 12:11:49 | New iPhone Exploit utilise quatre jours zéro New iPhone Exploit Uses Four Zero-Days (lien direct) |
Kaspersky Researchers sont des détails & # 8220; une attaque qui sur quatre ans en arrière des dizaines, sinon des milliers d'iPhones, dont beaucoup appartenaient à des employés de la société de sécurité basée à Moscou, Kaspersky. & # 8221;Il est un exploit en clic zéro qui utilise quatre jours zéro-jours d'iPhone.
Le nouveau détail le plus intrigant est le ciblage de la fonctionnalité matérielle avant-monnale, qui s'est avérée cruciale de la campagne de triangulation de l'opération.Une journée zéro dans la fonction a permis aux attaquants de contourner les avancés protection de mémoire matérielle Conçu pour protéger l'intégrité du système d'appareils même après qu'un attaquant a acquis la possibilité de falsifier la mémoire du noyau sous-jacent.Sur la plupart des autres plateformes, une fois que les attaquants exploitent avec succès une vulnérabilité du noyau, ils ont le contrôle total du système compromis ...
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel. On most other platforms, once attackers successfully exploit a kernel vulnerability they have full control of the compromised system... |
Vulnerability Threat Mobile | ★★★★ | |
|
2024-01-04 10:17:18 | Le signal de risque de défenseur industriel offre une solution de gestion de vulnérabilité basée sur les risques pour la sécurité OT Industrial Defender Risk Signal delivers risk-based vulnerability management solution for OT security (lien direct) |
OT Asset Data and Cybersecurity Solutions Company Industrial Defender, fournisseur d'OT Asset Data and Cybersecurity Solutions pour ...
OT asset data and cybersecurity solutions company Industrial Defender, provider of OT asset data and cybersecurity solutions for... |
Vulnerability Industrial | ★★★ | |
|
2024-01-04 06:00:10 | Cybersecurity Stop of the Month: MFA Manipulation (lien direct) | This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cybercriminals. Cybersecurity Stop of the Month focuses on the critical first three steps in the attack chain in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have covered the following types of attacks: Supplier compromise EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion In this post, we examine an attack technique called multifactor (MFA) manipulation. This malicious post-compromise attack poses a significant threat to cloud platforms. We cover the typical attack sequence to help you understand how it works. And we dive deeper into how Proofpoint account takeover capabilities detected and prevented one of these threats for our customer. Background MFA manipulation is an advanced technique where bad actors introduce their own MFA method into a compromised cloud account. These attackers are used after a cloud account takeover attack, or ATO. ATOs are an insidious threat that are alarmingly common. Recent research by Proofpoint threat analysts found that in 2023 almost all businesses (96%) were targeted by cloud-based attacks. What\'s more, a whopping 60% were successfully compromised and had at least one account taken over. MFA manipulation attacks can work several ways with bad actors having multiple options for getting around MFA. One way is to use an adversary-in-the-middle (AiTM) attack. This is where the bad actor inserts a proxy server between the victim and the website that they\'re trying to log into. Doing so enables them to steal that user\'s password as well as the session cookie. There\'s no indication to the user that they\'ve been attacked-it just seems like they\'ve logged into their account as usual. However, the attackers have what they need to establish persistence, which means they can maintain access even if the stolen MFA credentials are revoked or deemed invalid. The scenario Recently, Proofpoint intercepted a series of MFA manipulation attacks on a large real estate company. In one case, the bad actors used an AiTM attack to steal the credentials of the firm\'s financial controller as well as the session cookie. Once they did that, they logged into that user\'s business account and generated 27 unauthorized access activities. The threat: How did the attack happen? Here is a closer look at how this MFA manipulation attack played out: 1. Bad actors used the native “My Sign-Ins” app to add their own MFA methods to compromise Microsoft 365 accounts. We observed that the attackers registered their own authenticator app with notification and code. They made this move right after they gained access to the hijacked account as part of an automated attack flow execution. This, in turn, allowed them to secure their foothold within the targeted cloud environment. The typical MFA manipulation flow using Microsoft\'s “My Sign-Ins” app. 2. After the compromise, the attackers demonstrated a sophisticated approach. They combined MFA manipulation with OAuth application abuse. With OAuth abuse, an attacker authorizes and/or uses a third-party app to steal data, spread malware or execute other malicious activities. Attackers also use the abused app to maintain persistent access to specific resources even after their initial access to a compromised account has been cut off. 3. The attackers authorized the seemingly benign application, “PERFECTDATA SOFTWARE,” to gain persistent access to the user\'s account and the systems, as well as the resources and applications that the user could access. The permissions the attackers requested for this app included: | Malware Tool Vulnerability Threat Cloud | ★★★ | |
 |
2024-01-03 23:00:00 | La recherche sur la vulnérabilité met en évidence 2023 Vulnerability Research Highlights 2023 (lien direct) |
Notre équipe de recherche sur la vulnérabilité revient sur une grande année et résume les points forts de 2023.
Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023. |
Vulnerability Studies | ★★★ | |
|
2024-01-03 21:30:00 | La CISA avertit les agences fédérales des vulnérabilités exploitées Google Chrome et open source CISA warns federal agencies of exploited Google Chrome and open-source vulnerabilities (lien direct) |
Deux nouvelles vulnérabilités ont été ajoutées à la liste des bogues exploités par la Cybersecurity and Infrastructure Security Agency (CISA).CISA a mis en garde mardi une vulnérabilité concernant la bibliothèque Perl open source, classée comme CVE-2023-7101, ainsi qu'un bogue impactant Google Chrome qui a été abordé par la société le mois dernier.Les vulnérabilités ont été ajoutées
Two new vulnerabilities have been added to the list of exploited bugs by the Cybersecurity and Infrastructure Security Agency (CISA). CISA on Tuesday warned of a vulnerability concerning the open-source Perl library, classified as CVE-2023-7101, as well as a bug impacting Google Chrome that was addressed by the company last month. The vulnerabilities were added |
Vulnerability | ★★ | |
|
2024-01-03 21:00:00 | Apache Erp Zero-Day souligne les dangers des correctifs incomplets Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (lien direct) |
Apache a corrigé une vulnérabilité dans son cadre OfBiz Enterprise Resource Planning (ERP) le mois dernier, mais les attaquants et les chercheurs ont trouvé un moyen de contourner le patch.
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. |
Vulnerability Threat | ★★★ | |
 |
2024-01-03 15:04:12 | Plusieurs infostateurs utilisant des cookies persistants pour détourner les comptes Google Several Infostealers Using Persistent Cookies to Hijack Google Accounts (lien direct) |
> Une vulnérabilité dans le processus d'authentification de Google \\ permet aux logiciels malveillants de restaurer les cookies et de détourner les sessions utilisateur.
>A vulnerability in Google\'s authentication process allows malware to restore cookies and hijack user sessions. |
Malware Vulnerability | ★★★ | |
|
2024-01-03 12:49:36 | Otorio révèle les vulnérabilités critiques dans les systèmes de contrôle d'accès physique utilisés dans la sécurité du bâtiment OTORIO discloses critical vulnerabilities in physical access control systems used across building security (lien direct) |
La société de cybersécurité Otorio a mené des recherches en lumière sur les risques de sécurité posés par le contrôle d'accès physique moderne ...
Cybersecurity firm OTORIO has conducted research shedding light on the security risks posed by modern Physical Access Control... |
Vulnerability Industrial | ★★★★ | |
|
2024-01-03 11:00:00 | Décodage du piratage éthique: une exploration complète des pratiques de chapeau blanc Decoding ethical hacking: A comprehensive exploration of white hat practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In era of digital devices, where the specter of data breaches and cyber threats looms large, the role of ethical hackers, colloquially known as white hat hackers, has become paramount. This article embarks on an in-depth journey into the realm of ethical hacking, illuminating its profound significance in identifying vulnerabilities and fortifying the intricate tapestry of overall cybersecurity. Ethical hacking, at its core, entails authorized and legal endeavors to infiltrate computer systems, networks, or applications. The primary objective is to unveil vulnerabilities. Diverging from their malevolent counterparts, ethical hackers leverage their skills to fortify security rather than exploit weaknesses. The strategic importance of ethical hacking: Proactive defense: Ethical hacking adopts a proactive stance, aiming to unearth and neutralize potential threats before malicious actors can exploit them. Vulnerability assessment: Systematic assessments conducted by ethical hackers pinpoint weaknesses in systems, networks, and applications, enabling organizations to address vulnerabilities in a timely manner. Compliance and risk management: Ethical hacking aligns seamlessly with regulatory compliance requirements, facilitating effective risk management. This ensures organizations adhere to industry standards and safeguard sensitive information. The crucial role of ethical hackers 1. Identifying vulnerabilities: Ethical hackers employ an array of techniques, including penetration testing, code review, and network analysis, to uncover vulnerabilities. By replicating the tactics of malicious hackers, they unveil potential entry points and weaknesses susceptible to exploitation. 2. Penetration testing: A cornerstone of ethical hacking, penetration testing involves simulating real-world cyber-attacks to evaluate the security posture of a system. This practice assesses how well an organization\'s defenses can withstand various threats. 3. Code Review: Analyzing source code for security flaws is fundamental. Ethical hackers scrutinize the codebase to identify vulnerabilities such as injection flaws, buffer overflows, and insecure dependencies. Navigating the ethical hacking process 1. Planning: Ethical hacking commences with meticulous planning. The ethical hacker collaborates with the organization to define the scope, goals, and methodologies of the assessment. 2. Reconnaissance: Gathering information about the target system is a critical phase. Ethical hackers employ both passive and active reconnaissance techniques to understand the environment they are assessing. 3. Scanning: The scanning phase involves identifying live hosts, open ports, and services on a network. Tools like Nmap and Nessus are commonly employed to assess the target\'s attack surface comprehensively. 4. Gaining access: Ethical hackers attempt to exploit identified vulnerabilities, gaining access to systems or sensitive data. This phase provides organizations insights into the potential impact of a suc | Tool Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
