What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-09 00:00:00 | Fortimanager - Injection de code via le modèle Jinja FortiManager - Code Injection via Jinja Template (lien direct) |
Une neutralisation incorrecte des éléments spéciaux utilisés dans une vulnérabilité de moteur de modèle [CWE-1336] dans les modèles d'approvisionnement de Fortimanager peut permettre un attaquant authentifié local avec au moins des autorisations en lecture seule pour exécuter du code arbitraire via des modèles spécialement conçus.
An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates. |
Vulnerability | ||
|
2024-04-09 00:00:00 | Fortinac-F - Manque de validation de certificat FortiNAC-F - Lack of certificate validation (lien direct) |
Une vulnérabilité de validation de certificat incorrecte [CWE-295] dans Fortinac-F peut permettre à un attaquant distant et non authentifié d'effectuer une attaque man-au milieu sur le canal de communication HTTPS entre le dispositif FortiOS, un inventaire et Fortinac-F.
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. |
Vulnerability | ||
|
2024-04-09 00:00:00 | Fortios & Fortiproxy - Fellome des cookies administrateur FortiOS & FortiProxy - administrator cookie leakage (lien direct) |
Une vulnérabilité des informations d'identification insuffisamment protégée (CWE-522) dans Fortios et Fortiproxy peut permettre à un attaquant d'obtenir le cookie administrateur dans des conditions rares et spécifiques, en incitant l'administrateur à visiter un site Web contrôlé par un attaquant malveillant via le SSL-VPN.
An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN. |
Vulnerability | ||
|
2024-04-09 00:00:00 | [Forticlient Linux] Exécution du code distant en raison de la configuration dangereuse de NodeJS [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration (lien direct) |
Un contrôle inapproprié de la génération de codes (\\ 'injection de code \') de la vulnérabilité [CWE-94] dans ForticlientLinux peut permettre à ## un attaquant non authentifié d'exécuter du code arbitraire en trompant un utilisateur Forticlientlinux pour visiter un site Web malveillant.
An Improper Control of Generation of Code (\'Code Injection\') vulnerability [CWE-94] in FortiClientLinux may allow##an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website. |
Vulnerability | ||
|
2024-04-09 00:00:00 | ForticlientMac - Manque de validation du fichier de configuration FortiClientMac - Lack of configuration file validation (lien direct) |
Un contrôle externe du nom de fichier ou de la vulnérabilité du chemin [CWE-73] dans l'installateur de ForticlientMac \\ peut permettre à un attaquant local d'exécuter du code ou des commandes arbitraires en écrivant un fichier de configuration malveillant dans / TMP avant de démarrer le processus d'installation.
An external control of file name or path vulnerability [CWE-73] in FortiClientMac\'s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. |
Vulnerability | ||
 |
2024-04-08 16:07:21 | Holding down the Fortinet vulnerability (lien direct) | Les adversaires exploitent le CVE-2023-4878 dans les EMS FortiClient pour installer des outils RMM non autorisés et des portes couvertes PowerShell.
Adversaries are exploiting CVE-2023-4878 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors. |
Tool Vulnerability | ★★ | |
|
2024-04-08 16:07:21 | Renser la vulnérabilité de Fortinet Holding down the Fortinet vulnerability (lien direct) |
Les adversaires exploitent le CVE-2023-4878 dans les EMS FortiClient pour installer des outils RMM non autorisés et des portes couvertes PowerShell.
Adversaries are exploiting CVE-2023-4878 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors. |
Tool Vulnerability | ★★ | |
 |
2024-04-08 14:12:48 | Comment nous avons construit le nouveau réseau de recherche avec la sécurité des utilisateurs et la confidentialité How we built the new Find My Device network with user security and privacy in mind (lien direct) |
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they\'re offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered protections across three main areas: data safeguards, safety-first protections, and user controls. This approach provides defense-in-depth for Find My Device users.
How location crowdsourcing works on the Find My Device network
The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. When the owner realizes they have lost their keys and logs into the Find My Device mobile app, they will be able to see the aggregated location contributed by nearby Android devices and locate their keys.
Find My Device network protections
Let\'s dive into key details of the multi-layered protections for the Find My Device network:
Data Safeguards: We\'ve implemented protections that help ensure the privacy of everyone participating in the network and the crowdsourced location data that powers it.
Location data is end-to-end encrypted. When Android devices participating in the network report the location of a Bluetooth tag, the location is end-to-end encrypted using a key that is only a |
Vulnerability Threat Mobile | ★★ | |
 |
2024-04-08 11:30:59 | Société offrant 30 millions de dollars pour les exploits Android, iOS, navigateur zéro Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits (lien direct) |
> Crowdfense a annoncé un programme d'acquisition d'exploit de 30 millions de dollars couvrant Android, iOS, Chrome et Safari Zero-Days.
>Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. |
Vulnerability Threat Mobile | ★★ | |
 |
2024-04-08 11:03:44 | Vulnérabilité de sécurité des e-mails HTML Security Vulnerability of HTML Emails (lien direct) |
Il s'agit d'un Vulnérabilité des e-mails nouvellement découverte :
L'e-mail que votre gestionnaire a reçu et vous a transmis était quelque chose de complètement innocent, comme un client potentiel posant quelques questions.Tout ce que l'e-mail était censé réaliser était de vous être transmis.Cependant, au moment où l'e-mail est apparu dans votre boîte de réception, cela a changé.Le prétexte innocent a disparu et le véritable e-mail de phishing est devenu visible.Un e-mail de phishing vous avait en faire confiance parce que vous connaissiez l'expéditeur et ils ont même confirmé qu'ils vous l'avaient transmis.
Cette attaque est possible car la plupart des clients de messagerie permettent à CSS d'être utilisé pour styliser des e-mails HTML.Lorsqu'un e-mail est transmis, la position de l'e-mail d'origine dans le DOM change généralement, permettant aux règles CSS d'être appliquées sélectivement uniquement lorsqu'un e-mail a été transmis ...
This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you. This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded... |
Vulnerability | ★★ | |
 |
2024-04-08 10:00:00 | 10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization\'s safety. Late last year, Pennsylvania\'s Municipal Water Authority of Aliquippa (MWAA) fell victim to a sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also | Vulnerability Threat Patching Legislation Industrial | ★★★★ | |
 |
2024-04-08 00:00:00 | Vers une plus grande transparence: adopter la norme CWE pour Microsoft CVE Toward greater transparency: Adopting the CWE standard for Microsoft CVEs (lien direct) |
Au Microsoft Security Response Center (MSRC), notre mission est de protéger nos clients, nos communautés et Microsoft contre les menaces actuelles et émergentes à la sécurité et à la confidentialité.Une façon dont nous y parvenons est de déterminer la cause profonde des vulnérabilités de sécurité dans les produits et services Microsoft.Nous utilisons ces informations pour identifier les tendances de vulnérabilité et fournir ces données à nos équipes d'ingénierie de produits pour leur permettre de comprendre et d'éradiquer systématiquement les risques de sécurité.
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide this data to our Product Engineering teams to enable them to systematically understand and eradicate security risks. |
Vulnerability | ★★★ | |
 |
2024-04-05 21:38:19 | Vulnérabilités exposées étreignant le visage des attaques de la chaîne d'approvisionnement de l'IA Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks (lien direct) |
> Par deeba ahmed
Wiz.io, connu pour son expertise en sécurité cloud, et Hugging Face, un leader des outils d'IA open source, combinent leurs connaissances pour développer des solutions qui répondent à ces problèmes de sécurité.Cette collaboration signifie un accent croissant sur la sécurisation des fondements des progrès de l'IA.
Ceci est un article de HackRead.com Lire le post original: Les vulnérabilités exposées étreignant le visage des étreintes aux attaques de la chaîne d'approvisionnement de l'IA
>By Deeba Ahmed Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements. This is a post from HackRead.com Read the original post: Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks |
Tool Vulnerability Cloud | ★★★ | |
 |
2024-04-05 14:00:00 | Les acteurs de la menace chinoise déploient de nouveaux TTP pour exploiter les vulnérabilités ivanti Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities (lien direct) |
Mandiant Research Détails comment les groupes d'espionnage chinois déploient de nouveaux outils après l'exploitation des vulnérabilités ivanti récemment corrigées
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities |
Tool Vulnerability Threat | ★★ | |
 |
2024-04-05 13:39:39 | Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct) |
## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to **both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content**. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for **increasing software supply chain attacks and cryptocurrency heists over the past year**. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands **** *Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. * During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a | Malware Tool Vulnerability Threat Studies Industrial Prediction Technical | Guam | ★★★ |
 |
2024-04-05 12:45:00 | Les chercheurs identifient plusieurs groupes de pirates en Chine exploitant des défauts de sécurité Ivanti Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (lien direct) |
Plusieurs acteurs de menace en Chine-Nexus ont été liés à l'exploitation zéro-jour de trois défauts de sécurité ayant un impact sur les appareils Ivanti (CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893).
Les clusters sont suivis par Mandiant sous les surnoms & NBSP; UNC5221, UNC5266, UNC5291, & NBSP; UNC5325, UNC5330 et UNC5337.Un autre groupe lié à la série d'exploitation est & nbsp; unc3886.
Le cloud Google
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud |
Vulnerability Threat Cloud | ★★★ | |
|
2024-04-05 11:00:42 | Peut-être que les vulnérabilités de surveillance du système téléphonique seront fixes Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed (lien direct) |
Il semble que la FCC soit Fixation des vulnérabilités en SS7 et le protocole diamètre:
Le 27 mars, la Commission a demandé aux fournisseurs de télécommunications de peser et de détailler ce qu'ils font pour empêcher les vulnérabilités de SS7 et de diamètre d'être mal utilisées pour suivre les consommateurs & # 8217;emplacements.
La FCC a également demandé aux transporteurs de détailler les exploits des protocoles depuis 2018. Le régulateur veut connaître la date de l'incident, ce qui s'est passé, quelles vulnérabilités ont été exploitées et avec quelles techniques, où laLe suivi de l'emplacement s'est produit et est timide;Si connu et timide;L'identité de l'attaquant ...
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and if known the attacker’s identity... |
Vulnerability | ★★★ | |
 |
2024-04-05 06:00:25 | Amélioration de la détection et de la réponse: plaider en matière de tromperies Improving Detection and Response: Making the Case for Deceptions (lien direct) |
Let\'s face it, most enterprises find it incredibly difficult to detect and remove attackers once they\'ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In July 2023, the reported median dwell time was eight days. That\'s the time between when an attacker accesses their victim\'s systems and when the attack is either detected or executed. Combine that data point with another one-that attackers take only 16 hours to reach Active Directory once they have landed-and the takeaway is that threats go undetected for an average of seven days. That\'s more than enough time for a minor security incident to turn into a major business-impacting breach. How can you find and stop attackers more quickly? The answer lies in your approach. Let\'s take a closer look at how security teams typically try to detect attackers. Then, we can better understand why deceptions can work better. What is the problem with current detection methods? Organizations and their security vendors have evolved when it comes to techniques for detecting active threats. In general, detection tools have focused on two approaches-finding files or network traffic that are “known-bad” and detecting suspicious or risky activity or behavior. Often called signature-based detection, finding “known-bad” is a broadly used tool in the detection toolbox. It includes finding known-bad files like malware, or detecting traffic from known-bad IPs or domains. It makes you think of the good old days of antivirus software running on endpoints, and about the different types of network monitoring or web filtering systems that are commonplace today. The advantage of this approach is that it\'s relatively inexpensive to build, buy, deploy and manage. The major disadvantage is that it isn\'t very effective against increasingly sophisticated threat actors who have an unending supply of techniques to get around them. Keeping up with what is known-bad-while important and helpful-is also a bit like a dog chasing its tail, given the infinite internet and the ingenuity of malicious actors. The rise of behavior-based detection About 20 years ago, behavioral-based detections emerged in response to the need for better detection. Without going into detail, these probabilistic or risk-based detection techniques found their way into endpoint and network-based security systems as well as SIEM, email, user and entity behavior analytics (UEBA), and other security systems. The upside of this approach is that it\'s much more nuanced. Plus, it can find malicious actors that signature-based systems miss. The downside is that, by definition, it can generate a lot of false positives and false negatives, depending on how it\'s tuned. Also, the high cost to build and operate behavior-based systems-considering the cost of data integration, collection, tuning, storage and computing-means that this approach is out of reach for many organizations. This discussion is not intended to discount the present and future benefits of newer analytic techniques such as artificial intelligence and machine learning. I believe that continued investments in behavior-based detections can pay off with the continued growth of security data, analytics and computing power. However, I also believe we should more seriously consider a third and less-tried technique for detection. Re-thinking detection Is it time to expand our view of detection techniques? That\'s the fundamental question. But multiple related questions are also essential: Should we be thinking differently about what\'s the best way to actively detect threats? Is there a higher-fidelity way to detect attackers that is cost-effective and easy to deploy and manage? Is there another less-tried approach for detecting threat actors-beyond signature-based and behavior-based methods-that can dra | Ransomware Malware Tool Vulnerability Threat | ★★ | |
|
2024-04-04 16:45:00 | La nouvelle vulnérabilité HTTP / 2 expose les serveurs Web aux attaques DOS New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (lien direct) |
De nouvelles recherches ont révélé que le cadre de continuation du protocole HTTP / 2 peut être exploité pour mener des attaques de déni de service (DOS).
La technique a été nommée Coded & NBSP; HTTP / 2 Continuation Flood & NBSP; par le chercheur en sécurité Bartek Nowotarski, qui a signalé le problème au CERT Coordination Center (CERT / CC) le 25 janvier 2024.
"De nombreuses implémentations HTTP / 2 ne limitent pas ou ne désinfectent pas correctement le
New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the |
Vulnerability | ★★★★ | |
 |
2024-04-04 16:40:24 | Volt Typhoon et 4 autres groupes ciblant les secteurs de l'énergie et de la défense américains via des bogues Ivanti Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs (lien direct) |
Plusieurs groupes de piratage basés en Chine, dont Volt Typhoon, visent un trio de vulnérabilités affectant son géant ivanti aux côtés de multiples opérations cybercriminales.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) et plusieurs des principales agences de cybersécurité du monde ont publié des avertissements sur les vulnérabilités - étiquetées CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893 - en raison deleur utilisation généralisée
Several China-based hacking groups, including Volt Typhoon, are targeting a trio of vulnerabilities affecting IT giant Ivanti alongside multiple cybercriminal operations. The Cybersecurity and Infrastructure Security Agency (CISA) and several of the world\'s leading cybersecurity agencies have released warnings about the vulnerabilities - labeled CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 - due to their widespread use |
Vulnerability | Guam | ★★★ |
 |
2024-04-04 15:15:37 | Le défaut de sécurité critique expose 1 million de sites WordPress à l'injection SQL Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection (lien direct) |
Un chercheur a reçu une prime de bug de 5 500 $ pour avoir découvert une vulnérabilité (CVE-2024-2879) dans Layerslider, un plug-in avec plus d'un million d'installations actives.
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations. |
Vulnerability | ★★ | |
 |
2024-04-04 14:00:00 | Cutting avant, partie 4: Ivanti Connect Secure VPN Post-Exploitation Mouvement latéral Études de cas Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies (lien direct) |
Written by: Matt Lin, Austin Larsen, John Wolfram, Ashley Pearson, Josh Murchie, Lukasz Lamparski, Joseph Pisano, Ryan Hall, Ron Craft, Shawn Chew, Billy Wong, Tyler McLellan
Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325. This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied. Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide |
Malware Tool Vulnerability Threat Studies Mobile Cloud | Guam | ★★★ |
 |
2024-04-04 13:00:57 | Pas si privé après tout: comment les applications de rencontres peuvent révéler votre emplacement exact Not So Private After All: How Dating Apps Can Reveal Your Exact Location (lien direct) |
> Check Point Research (RCR) a récemment analysé plusieurs applications de rencontres populaires avec plus de 10 millions de téléchargements combinés afin de comprendre à quel point ils sont sûrs pour les utilisateurs.Comme les applications de rencontres utilisent traditionnellement les données de géolocalisation, offrant la possibilité de se connecter avec les personnes à proximité, cette fonctionnalité de commodité a souvent un coût.Nos recherches se concentrent sur une application spécifique appelée «Hornet» qui avait des vulnérabilités, permettant l'emplacement précis de l'utilisateur, ce qui présente un risque de confidentialité majeur pour ses utilisateurs.Les techniques clés des résultats comme la trilatération permettent aux attaquants de déterminer les coordonnées des utilisateurs en utilisant des informations à distance malgré les mesures de sécurité, l'application de datation Hornet & # 8211;A [& # 8230;]
>Check Point Research (CPR) recently analyzed several popular dating applications with over 10 million downloads combined in order to understand how safe they are for users. As dating apps traditionally utilize geolocation data, offering the opportunity to connect with people nearby, this convenience feature often comes at a cost. Our research focuses on a specific app called “Hornet” that had vulnerabilities, allowing the precise location of the user, which presents a major privacy risk to its users. Key Findings Techniques like trilateration allow attackers to determine user coordinates using distance information Despite safety measures, the Hornet dating app – a […] |
Vulnerability | ★★ | |
 |
2024-04-04 11:28:55 | La nouvelle attaque DOS HTTP / 2 peut écraser les serveurs Web avec une seule connexion New HTTP/2 DoS attack can crash web servers with a single connection (lien direct) |
Les vulnérabilités du protocole HTTP / 2 nouvellement découvertes appelées "inondation de continuation" peuvent conduire à des attaques de déni de service (DOS), en cassant de serveurs Web avec une seule connexion TCP dans certaines implémentations.[...]
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. [...] |
Vulnerability | ★★★ | |
|
2024-04-04 10:15:00 | Ivanti se précipite des correctifs pour 4 nouveaux défauts dans Connect Secure and Policy Secure Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure (lien direct) |
Ivanti a publié des mises à jour de sécurité pour aborder quatre défaillances de sécurité impactant Connect Secure and Policy Secure Gateways qui pourraient entraîner l'exécution du code et le déni de service (DOS).
La liste des défauts est la suivante -
CVE-2024-21894 & NBSP; (Score CVSS: 8.2) - Une vulnérabilité de débordement de tas dans le composant IPSec d'Ivanti Connect Secure (9.x, 22.x) et la politique Ivanti Secure permet un
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows - CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an |
Vulnerability | ★★★ | |
 |
2024-04-04 09:49:51 | Google patchs Pixel Téléphone zéro-jours après l'exploitation par "les sociétés médico-légales" Google Patches Pixel Phone Zero-days After Exploitation by "Forensic Companies" (lien direct) |
Google a émis un avis de sécurité aux propriétaires de ses smartphones Android Pixel, avertissant qu'il a découvert que quelqu'un ciblait certains appareils pour contourner leur sécurité intégrée.Ce qui rend les attaques signalées particulièrement intéressantes, c'est que les cybercriminels traditionnels peuvent ne pas être derrière eux, mais plutôt "des sociétés médico-légales" exploitant deux vulnérabilités pour extraire des informations et empêcher l'essuyage à distance.C'est l'opinion des chercheurs de Grapheneos, qui a tweeté un fil sur leurs résultats sur les vulnérabilités connues sous le nom de CVE-2024-29745 et CVE-2024-29748.L'équipe de Grapheneos ...
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping. That\'s the opinion of researchers at GrapheneOS, who tweeted a thread about their findings on the vulnerabilities known as CVE-2024-29745 and CVE-2024-29748. The team at GrapheneOS... |
Vulnerability Mobile | ★★ | |
|
2024-04-03 21:40:00 | Google Warns: Android Zero-Day Flaws in Pixel Phones exploité par des sociétés médico-légales Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (lien direct) |
Google a révélé que deux défauts de sécurité Android ayant un impact sur ses smartphones de pixels ont été exploités dans la nature par des sociétés médico-légales.
Les vulnérabilités de haute sévérité zéro sont les suivantes -
CVE-2024-29745 & NBSP; - un défaut de divulgation d'informations dans le composant de chargeur de démarrage
CVE-2024-29748 & NBSP; - un défaut d'escalade du privilège dans le composant du firmware
"Il y a des indications que le [
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [ |
Vulnerability Threat Mobile | ★★★ | |
 |
2024-04-03 21:22:02 | GCP-2024-022 (lien direct) | Publié: 2024-04-03 Description Description Gravité notes Une vulnérabilité de déni de service (DOS) (CVE-2023-45288) a récemment été découverte dans plusieurs implémentations du protocole HTTP / 2, y compris le serveur HTTP Golang utilisé par Kubernetes.La vulnérabilité pourrait conduire à un DOS du plan de contrôle Google Kubernetes Engine (GKE). Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité gke GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur GKE sur le bulletin de sécurité Bare Metal High CVE-2023-45288 Published: 2024-04-03Description Description Severity Notes A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-45288 | Vulnerability Cloud | ||
|
2024-04-03 20:00:43 | Ivanti promet une refonte de sécurité après plusieurs violations du gouvernement Ivanti pledges security overhaul after multiple government breaches (lien direct) |
Ivanti a annoncé des modifications en gros dans la façon dont elle aborde la cybersécurité après que plusieurs gouvernements ont apporté des violations récentes aux vulnérabilités des produits de la société. & NBSP;Le PDG d'Ivanti, Jeff Abbott, a publié une lettre ouverte et une vidéo de 6 minutes aux clients promettant de réviser la façon dont la société de gestion technologique construit ses produits et comment elle communique avec les clients sur les vulnérabilités.«Événements dans
Ivanti announced wholesale changes to how it approaches cybersecurity after multiple governments sourced recent breaches back to vulnerabilities in the company\'s products. Ivanti CEO Jeff Abbott published an open letter and 6-minute video to customers pledging overhaul how the technology-management company builds its products and how it communicates with customers about vulnerabilities. “Events in |
Vulnerability | ★★★★ | |
|
2024-04-03 19:58:52 | Comment apprivoiser l'injection SQL How to Tame SQL injection (lien direct) |
Dans le cadre de son initiative Secure by Design, l'agence de sécurité de cybersécurité et d'infrastructure a exhorté les entreprises à redoubler les efforts visant à annuler les vulnérabilités d'injection SQL.Voici comment.
As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency urged companies to redouble efforts to quash SQL injection vulnerabilities. Here\'s how. |
Vulnerability | ★★ | |
|
2024-04-03 16:42:00 | Gestion de la surface d'attaque vs gestion de la vulnérabilité Attack Surface Management vs. Vulnerability Management (lien direct) |
La gestion de la surface des attaques (ASM) et la gestion de la vulnérabilité (VM) sont souvent confondues, et bien qu'elles se chevauchent, elles ne sont pas les mêmes.La principale différence entre la gestion de la surface d'attaque et la gestion des vulnérabilités est dans leur portée: la gestion de la vulnérabilité vérifie une liste des actifs connus, tandis que la gestion de la surface d'attaque suppose que vous avez des actifs inconnus et commence ainsi par la découverte.Regardons
Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they\'re not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface management assumes you have unknown assets and so begins with discovery. Let\'s look at |
Vulnerability | ★★★ | |
 |
2024-04-03 14:57:27 | Construire un cas pour les programmes de primes de bogues: répondre aux préoccupations des entreprises Building a case for bug bounty programs: Addressing corporate concerns (lien direct) |
> Les programmes de primes de bogues sont devenus un outil puissant dans l'arsenal de cybersécurité, ce qui permet aux organisations de pouvoir identifier et résoudre de manière proactive les vulnérabilités avant de pouvoir être exploitées.Malgré cela, les préoccupations internes concernant les implications financières, les complexités juridiques, les risques de sécurité des données et les barrières culturelles peuvent entraver l'adoption de ces programmes. & # 160; & # 160;Les entreprises ont besoin & # 8217; n'ont pas peur d'entrer dans [& # 8230;]
>Bug bounty programs have emerged as a powerful tool in the cybersecurity arsenal, empowering organizations to proactively identify and resolve vulnerabilities before they can be exploited. Despite this, internal concerns around financial implications, legal complexities, data security risks, and cultural barriers can hinder the adoption of these programs. Companies needn’t be afraid to step into […] |
Tool Vulnerability | ★★★ | |
 |
2024-04-03 14:31:53 | Protéger votre entreprise: aborder la crise de la vulnérabilité de Microsoft Exchange Protecting Your Business: Addressing the Microsoft Exchange Vulnerability Crisis (lien direct) |
> Découvrez comment sauvegarder votre entreprise à partir de la crise de vulnérabilité en cours Microsoft Exchange mise en évidence par l'Office fédéral allemand pour la sécurité de l'information (BSI).Découvrez les avertissements critiques, l'importance du correctif et comment les évaluations automatisées des compromis avec Thor Cloud Lite peuvent fortifier votre stratégie de cybersécurité.
>Discover how to safeguard your business from the ongoing Microsoft Exchange vulnerability crisis highlighted by the German Federal Office for Information Security (BSI). Learn about critical warnings, the importance of patching, and how automated compromise assessments with THOR Cloud Lite can fortify your cybersecurity strategy. |
Vulnerability Patching Cloud | ★★★ | |
|
2024-04-03 13:29:32 | Ivanti corrige la vulnérabilité de la passerelle VPN permettant RCE, DOS ATTAQUES Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (lien direct) |
La société de logiciels de sécurité informatique Ivanti a publié des correctifs pour corriger plusieurs vulnérabilités de sécurité ayant un impact sur ses passerelles Connect Secure et Policy Secure.[...]
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. [...] |
Vulnerability | ★★ | |
|
2024-04-03 13:00:20 | Top Genai Menaces & # 8211;Et pourquoi l'accès à zéro confiance est l'avenir Top GenAI Threats – and why Zero Trust AI Access is the Future (lien direct) |
> Les modèles de grandes langues (LLM) révolutionnent la façon dont nous interagissons avec la technologie.En conséquence, les vendeurs SaaS se disputent un avantage concurrentiel en intégrant les fonctionnalités de l'IA, offrant des outils d'entreprises tels que des informations commerciales basées sur l'IA ou des copilotes de codage.Traditionnellement, les modèles de sécurité Zero-Cust se sont appuyés sur une distinction claire entre les utilisateurs et les applications.Pourtant, les applications intégrées à LLM perturbent cette distinction, fonctionnant simultanément comme les deux.Cette réalité introduit un nouvel ensemble de vulnérabilités de sécurité, telles que la fuite de données, l'injection rapide, l'accès risqué aux ressources en ligne et même l'accès aux ressources des entreprises pour le compte des employés.Pour relever ces défis dans le déploiement de LLM, un [& # 8230;]
>Large Language Models (LLMs) are revolutionizing the way we interact with technology. As a result, SaaS vendors are vying for a competitive edge by integrating AI features, offering enterprises tools such as AI-based sales insights or coding co-pilots. Traditionally, zero-trust security models have relied on a clear distinction between users and applications. Yet, LLM-integrated applications disrupt this distinction, functioning simultaneously as both. This reality introduces a new set of security vulnerabilities, such as data leakage, prompt injection, risky access to online resources, and even access to corporate resources on behalf of employees. To address these challenges in LLM deployment, a […] |
Tool Vulnerability Cloud | ★★ | |
|
2024-04-03 09:43:20 | Google Patches a exploité les vulnérabilités de pixels Google Patches Exploited Pixel Vulnerabilities (lien direct) |
> Google Patches 28 vulnérabilités dans Android et 25 bogues dans des appareils de pixels, y compris deux défauts exploités dans la nature.
>Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. |
Vulnerability Mobile | ★★★ | |
|
2024-04-03 02:57:10 | Tripwire Patch Priority Index pour mars 2024 Tripwire Patch Priority Index for March 2024 (lien direct) |
Le mars 2024 de TripWire \\ Patch Index (PPI) rassemble des vulnérabilités importantes pour Microsoft, Google et Apple.Les correctifs de priorité sur le patch sont les correctifs pour le noyau Windows et plusieurs produits Apple.Ces CVE (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) ont été ajoutés au catalogue connu des vulnérabilités exploitées (KEV) de CISA \\.Les correctifs sont ensuite des correctifs pour Microsoft Edge (basés sur le chrome) et le chrome qui résolvent l'utilisation sans accès à la mémoire hors limites et les vulnérabilités de mise en œuvre inappropriées.Le prochain sur la liste des priorités du correctif ce mois-ci est un correctif pour Microsoft ...
Tripwire\'s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA\'s Known Exploited Vulnerabilities (KEV) catalog. Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free, out of bounds memory access, and inappropriate implementation vulnerabilities. Next on the patch priority list this month is a patch for Microsoft... |
Vulnerability | ★★ | |
|
2024-04-02 22:37:11 | Vulnérabilité exposée aux codes de chambre à budget IBIS aux pirates Vulnerability Exposed Ibis Budget Guest Room Codes to Hackers (lien direct) |
> Par waqas
Les pirates trouvent un accès facile aux chambres dans les hôtels à budget IBIS!
Ceci est un article de HackRead.com Lire le post original: La vulnérabilité exposée aux codes de chambre à budget IBIS aux pirates
>By Waqas Hackers Find Easy Access to Rooms at Ibis Budget Hotels! This is a post from HackRead.com Read the original post: Vulnerability Exposed Ibis Budget Guest Room Codes to Hackers |
Vulnerability | ★★ | |
|
2024-04-02 20:54:44 | NIST veut aider à sortir de son arriéré NVD NIST Wants Help Digging Out of Its NVD Backlog (lien direct) |
La base de données nationale sur la vulnérabilité ne peut pas suivre, et l'agence demande un partenariat public-privé pour le gérer à l'avenir.
The National Vulnerability Database can\'t keep up, and the agency is calling for a public-private partnership to manage it going forward. |
Vulnerability | ★★ | |
|
2024-04-02 17:03:04 | GCP-2024-020 (lien direct) | Publié: 2024-04-02 Description Description Gravité notes Les chercheurs ont découvert une vulnérabilité ( CVE-2023-48022 ) dans | Vulnerability Threat Cloud | ||
|
2024-04-02 10:00:00 | Arrestations numériques: la nouvelle frontière de la cybercriminalité Digital Arrests: The New Frontier of Cybercrime (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as "digital arrests." In this scam, fraudsters manipulate technology to instil fear, isolate victims, and ultimately extort them for financial gain. Reports indicate that digital arrests are on the rise globally, leading to devastating consequences for individuals and businesses alike. What are Digital Arrests? Digital arrests refer to a type of a sophisticated cyber fraud where cyber-criminals impersonate law enforcement officials or other authorities. The targets of these scams are often contacted out of the blue usually on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims\' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don\'t cooperate with a series of urgent demands. Fraudsters behind digital arrests are masters of psychological manipulation. They understand that fear and urgency are powerful motivators that can cloud judgment and lead people to act against their best interests. By creating a fabricated sense of crisis, they pressure victims into making hasty decisions without the chance for rational thought or verification. The techniques used in digital arrests are diverse and constantly evolving. Here\'s how they typically unfold: Impersonation: Criminals pose as law enforcement, bank representatives, or other authoritative figures, using forged documents and spoofed phone numbers to create a convincing facade of legitimacy. False Accusations: Victims are accused of involvement in illegal activities, money laundering, identity theft, or other serious crimes. Demands and Threats: Scammers demand sensitive information like banking credentials, passwords, and personal identification details. They instil fear with threats of arrest, hefty fines, or the release of compromising information. Technological Trickery: Fraudsters often trick victims into downloading remote access software like TeamViewer or AnyDesk, inadvertently giving criminals extensive control over their devices. Monitored \'Interrogation\': Criminals may insist on video calls to maintain their illusion of authority and monitor victims. They may threaten to fabricate and disseminate compromising evidence to extort large sums of money. Some real-life incidents as to understand these cybercrimes are given below: Case I: A Noida woman was duped out of over Rs 11 lakh (approximately $13,500 USD) in a digital arrest scam. The scammers, posing as police officers, convinced her that her identity was used in illicit activities and her involvement carried severe legal ramifications. Through prolonged interrogation on a video call, they led her to transfer the funds under the guise of protection. Case II: A 23-year-old woman was defrauded of Rs 2.5 lakh (approximately $3,000 USD) after fraudsters convinced her that her Aadhaar card details were linked to human trafficking activities. Facing threats of arrest and social humiliation, she was coerced into transferring money | Vulnerability Threat Legislation Prediction Cloud | ★★ | |
 |
2024-04-02 08:11:28 | Alertes de vulnérabilité de la vigilance - Giflib: fuite de mémoire via la décharge2rgb (), analysée le 18/03/2024 Vigilance Vulnerability Alerts - GIFLIB: memory leak via DumpScreen2RGB(), analyzed on 18/03/2024 (lien direct) |
Un attaquant peut créer une fuite de mémoire de Giflib, via la baisse de bac
-
vulnérabilité de sécurité
An attacker can create a memory leak of GIFLIB, via DumpScreen2RGB(), in order to trigger a denial of service. - Security Vulnerability |
Vulnerability | ★★ | |
|
2024-04-01 20:17:13 | Backlog de base de données de vulnérabilité due à une augmentation du volume, des changements dans le support \\ ', \\' nist dit Vulnerability database backlog due to increased volume, changes in \\'support,\\' NIST says (lien direct) |
L'Institut national des normes et de la technologie (NIST) a blâmé l'augmentation du volume des logiciels et «un changement de support interinstitutions» pour le récent arriéré de vulnérabilités analysées dans la base de données nationale de vulnérabilité de l'organisation (NVD).Pendant des années, le NVD est une ressource inestimable pour les experts et les défenseurs de la cybersécurité qui comptent sur
The National Institute of Standards and Technology (NIST) blamed increases in the volume of software and “a change in interagency support” for the recent backlog of vulnerabilities analyzed in the organization\'s National Vulnerability Database (NVD). For years, the NVD has been an invaluable resource for cybersecurity experts and defenders who rely on it for |
Vulnerability | ★★ | |
|
2024-04-01 17:50:30 | Fcc à sonder \\ 'grave \\' faiblesses dans l'infrastructure du réseau téléphonique FCC to probe \\'grave\\' weaknesses in phone network infrastructure (lien direct) |
La Federal Communications Commission (FCC) dit qu'elle prend des mesures pour traiter des faiblesses importantes dans les réseaux de télécommunications qui peuvent permettre la cybercriminalité et l'espionnage. & NBSP;L'agence enquête sur la façon dont les vulnérabilités dans le système de signalisation des protocoles n ° 7 (SS7) et le diamètre - qui permettent conjointement les appels téléphoniques \\ 'et les messages texte \' à travers les réseaux - peuvent permettre
The Federal Communications Commission (FCC) says it is taking action to address significant weaknesses in telecommunications networks that can enable cybercrime and spying. The agency is investigating how vulnerabilities in the protocols Signaling System No. 7 (SS7) and Diameter - which jointly enable phone calls\' and text messages\' movement across networks - can allow |
Vulnerability | ★★ | |
|
2024-04-01 16:06:25 | \\ 'wallescape \\' linux vulnérabilité fuite des mots de passe utilisateur \\'WallEscape\\' Linux Vulnerability Leaks User Passwords (lien direct) |
Une vulnérabilité dans Util-Linux, un package de services publics dans les systèmes Linux, permet aux attaquants de fuir les mots de passe de l'utilisateur et de modifier le presse-papiers.
A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. |
Vulnerability | ★★ | |
|
2024-04-01 13:51:22 | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa | Ransomware Spam Malware Tool Vulnerability Threat Mobile Cloud | ★★ | |
|
2024-04-01 11:00:28 | Plateforme d'achat Pandabuy La fuite des données a un impact de 1,3 million d'utilisateurs Shopping platform PandaBuy data leak impacts 1.3 million users (lien direct) |
Les données appartenant à plus de 1,3 million de clients de la plate-forme d'achat en ligne Pandabuy ont été divulguées, prétendument après que deux acteurs de menace ont exploité de multiples vulnérabilités aux systèmes de violation.[...]
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. [...] |
Vulnerability Threat | ★★ | |
 |
2024-03-31 10:00:00 | Vous devez mettre à jour Apple iOS et Google Chrome dès que possible You Should Update Apple iOS and Google Chrome ASAP (lien direct) |
Plus: Microsoft patch sur 60 vulnérabilités, Mozilla corrige deux bogues de Firefox Zero-Day, Google patchs 40 problèmes dans Android, et plus encore.
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more. |
Vulnerability Threat Mobile | ★★ | |
 |
2024-03-30 00:05:31 | Du métro à la sur-sol From Underground to Overground (lien direct) |
Il existe de nombreux débats et drames Infosec liés à la recherche sur la vulnérabilité, à la publication des outils de sécurité offensive (OST), au code de la preuve de concept (POC) et ces derniers jours & # 8211;Certains gangsters originaux (OG) réfléchissent à leurs propres actions en publiant des mémoires en larmes & # 8230; Continuer la lecture & # 8594;/ span>
There are many debates and infosec dramas related to vulnerability research, publishing Offensive Security Tools (OST), Proof Of Concept (POC) Code, and in recent days – some Original Gangsters (OG) are reflecting on their own doings by posting teary memoirs … Continue reading → |
Tool Vulnerability | ★★★★ | |
|
2024-03-29 20:51:51 | Coin Ciso: escroquerie cyber-pro;Nouveaux visages de risque;Cyber stimule l'évaluation CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation (lien direct) |
Notre collection des perspectives de rapport et de l'industrie les plus pertinentes pour ceux qui guident les stratégies de cybersécurité et se sont concentrées sur SECOPS.Également inclus: l'Australie récupère son cyber-roove et la journée de terrain zéro-jour 2023.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023\'s zero-day field day. |
Vulnerability Threat | ★★ |
To see everything:
Our RSS (filtrered)
