What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-18 20:23:46 | GPT-4 peut exploiter la plupart des vulnes simplement en lisant les avis de menace GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories (lien direct) |
La technologie d'IA existante peut permettre aux pirates d'automatiser les exploits pour les vulnérabilités publiques en minutes à plat.Très bientôt, le correctif diligent ne sera plus facultatif.
Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional. |
Vulnerability Threat Patching | ★★ | |
 |
2024-04-17 10:00:00 | Introduction à l'analyse de la composition logicielle et comment sélectionner un outil SCA Introduction to Software Composition Analysis and How to Select an SCA Tool (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Software code is constantly growing and becoming more complex, and there is a worrying trend: an increasing number of open-source components are vulnerable to attacks. A notable instance was the Apache Log4j library vulnerability, which posed serious security risks. And this is not an isolated incident. Using open-source software necessitates thorough Software Composition Analysis (SCA) to identify these security threats. Organizations must integrate SCA tools into their development workflows while also being mindful of their limitations. Why SCA Is Important Open-source components have become crucial to software development across various industries. They are fundamental to the construction of modern applications, with estimates suggesting that up to 96% of the total code bases contain open-source elements. Assembling applications from diverse open-source blocks presents a challenge, necessitating robust protection strategies to manage and mitigate risks effectively. Software Composition Analysis is the process of identifying and verifying the security of components within software, especially open-source ones. It enables development teams to efficiently track, analyze, and manage any open-source element integrated into their projects. SCA tools identify all related components, including libraries and their direct and indirect dependencies. They also detect software licenses, outdated dependencies, vulnerabilities, and potential exploits. Through scanning, SCA creates a comprehensive inventory of a project\'s software assets, offering a full view of the software composition for better security and compliance management. Although SCA tools have been available for quite some time, the recent open-source usage surge has cemented their importance in application security. Modern software development methodologies, such as DevSecOps, emphasize the need for SCA solutions for developers. The role of security officers is to guide and assist developers in maintaining security across the Software Development Life Cycle (SDLC), ensuring that SCA becomes an integral part of creating secure software. Objectives and Tasks of SCA Tools Software Composition Analysis broadly refers to security methodologies and tools designed to scan applications, typically during development, to identify vulnerabilities and software license issues. For effective management of open-source components and associated risks, SCA solutions help navigate several tasks: 1) Increasing Transparency A developer might incorporate various open-source packages into their code, which in turn may depend on additional open-source packages unknown to the developer. These indirect dependencies can extend several levels deep, complicating the understanding of exactly which open-source code the application uses. Reports indicate that 86% of vulnerabilities in node.js projects stem from transitive (indirect) dependencies, w | Tool Vulnerability Threat Patching Prediction Cloud Commercial | ★★ | |
|
2024-04-08 10:00:00 | 10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization\'s safety. Late last year, Pennsylvania\'s Municipal Water Authority of Aliquippa (MWAA) fell victim to a sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also | Vulnerability Threat Patching Legislation Industrial | ★★★★ | |
 |
2024-04-03 14:31:53 | Protéger votre entreprise: aborder la crise de la vulnérabilité de Microsoft Exchange Protecting Your Business: Addressing the Microsoft Exchange Vulnerability Crisis (lien direct) |
> Découvrez comment sauvegarder votre entreprise à partir de la crise de vulnérabilité en cours Microsoft Exchange mise en évidence par l'Office fédéral allemand pour la sécurité de l'information (BSI).Découvrez les avertissements critiques, l'importance du correctif et comment les évaluations automatisées des compromis avec Thor Cloud Lite peuvent fortifier votre stratégie de cybersécurité.
>Discover how to safeguard your business from the ongoing Microsoft Exchange vulnerability crisis highlighted by the German Federal Office for Information Security (BSI). Learn about critical warnings, the importance of patching, and how automated compromise assessments with THOR Cloud Lite can fortify your cybersecurity strategy. |
Vulnerability Patching Cloud | ★★★ | |
|
2024-03-28 21:15:17 | Les bogues IOS de Cisco permettent des attaques DOS non authentifiées et distantes Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks (lien direct) |
Plusieurs produits Cisco, y compris les logiciels iOS, iOS XE et AP, ont besoin de correction de diverses vulnérabilités de sécurité à haut risque.
Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities. |
Vulnerability Patching | ★★ | |
 |
2024-03-28 17:24:22 | La CISA invite à corriger la vulnérabilité Microsoft SharePoint (CVE-2023-24955) CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955) (lien direct) |
> Par deeba ahmed
Flaw Critical Microsoft SharePoint Exploited: Patch Now, Cisa Insigne!
Ceci est un article de HackRead.com Lire la publication originale: La CISA invite à corriger la vulnérabilité Microsoft SharePoint (CVE-2023-24955)
>By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955) |
Vulnerability Patching | ★★★ | |
 |
2024-03-27 19:14:21 | La nouvelle conduite de l'agent Tesla \\: la montée d'un nouveau chargeur Agent Tesla\\'s New Ride: The Rise of a Novel Loader (lien direct) |
#### Description
SpiderLabs a identifié un e-mail de phishing le 8 mars 2024, avec une archive ci-jointe qui comprenait un exécutable Windows déguisé en paiement bancaire frauduleux.Cette action a lancé une chaîne d'infection culminant dans le déploiement de l'agent Tesla.Le chargeur est compilé avec .NET et utilise des techniques d'obscurcissement et d'emballage pour échapper à la détection.Il présente également un comportement polymorphe avec des routines de décryptage distinctes, ce qui rend difficile la détection des systèmes antivirus traditionnels.Le chargeur utilise des méthodes telles que le correctif pour contourner la détection de la détection d'interface de numérisation anti-anti-logiciels (AMSI) et charge dynamiquement des charges utiles, assurant une exécution furtive et minimisant les traces sur le disque.
> [Consultez la rédaction de Microsoft \\ sur les informationsStealiers ici.] (Https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6)
#### URL de référence (s)
1. https://www.trustwave.com/en-us/Ressources / blogs / spiderLabs-blog / agent-teslas-new-ride-the-ramen-of-a-novel-chargedeur /
#### Date de publication
26 mars 2024
#### Auteurs)
Bernard Bautista
#### Description SpiderLabs identified a phishing email on March 8, 2024, with an attached archive that included a Windows executable disguised as a fraudulent bank payment. This action initiated an infection chain culminating in the deployment of Agent Tesla. The loader is compiled with .NET and uses obfuscation and packing techniques to evade detection. It also exhibits polymorphic behavior with distinct decryption routines, making it difficult for traditional antivirus systems to detect. The loader uses methods like patching to bypass Antimalware Scan Interface (AMSI) detection and dynamically load payloads, ensuring stealthy execution and minimizing traces on disk. > [Check out Microsoft\'s write-up on Information Stealers here.](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6) #### Reference URL(s) 1. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/agent-teslas-new-ride-the-rise-of-a-novel-loader/ #### Publication Date March 26, 2024 #### Author(s) Bernard Bautista |
Patching | ★★★ | |
 |
2024-03-26 06:00:09 | Proofpoint Discloses Technique Pivot by Attacker Group TA577: Targeting Windows NTLM (lien direct) | Proofpoint was the first to uncover a concerning new development in the world of cyberthreats that involves a group known as TA577. These cybercriminals, which typically act as initial access brokers (IAB), have pivoted to attacking an old, but widely deployed Windows service to steal sensitive information. Specifically, they aim to steal at scale the hash of the NT LAN Manager (NTLM) authentication session details. Then it is expected that they either sell the data, or they exploit it for various downstream activities like stealing sensitive data and ransoming systems. The planned end result is the same, a significant business-impacting breach of the targeted organizations. How did the new attack happen? Proofpoint detected two distinct email-based campaigns that TA577 carried out on February 26 and 27, 2024. The campaigns targeted hundreds of businesses globally via tens of thousands of emails. The attackers cleverly disguised the emails as replies to previous emails. This is an effective social engineering tactic known as thread hijacking. The emails contained HTML attachments compressed into zip files. Each malicious attachment had its own unique identifier. And the HTML files contained within the attachment were customized for each recipient. Because all the hashes were unique, a simple signature-based detection system could not consistently detect and block these emails. When the email recipient opened the files, it triggered a connection to a Server Message Block (SMB) server that the threat actor controlled. No malware was directly delivered through these connections. However, the attackers\' objective was clear-to capture the details of the challenge/response transaction and the NTLM hashes of the user\'s Windows machine, which include the user\'s password authentication data. The attackers can use this data in the next stage of the attack either in hash form or by cracking the hash first to retrieve the password. Note: In this case, the use of multifactor authentication (MFA) would not stop the attack, as TA577 targeted previously authenticated users on active Windows machines. If targeted businesses used MFA, that authentication step would have already occurred; thus, it would not significantly hinder this attack. What was the attackers\' intent? As noted earlier, TA577 usually acts as an IAB. So, the group likely aimed to exploit the data that they collected by cracking password hashes or facilitating “pass-the-hash” attacks. They could sell access to other threat actors who seek to penetrate targeted companies\' networks more deeply. As part of our investigation, Proofpoint identified the use of a well-known toolkit, Impacket, on the SMB servers involved in the attack. This discovery further confirmed that the malicious intent behind TA577\'s activities is to go well beyond the initial account or system compromise. What is especially concerning about this attack approach is that any connection to the SMB servers would compromise sensitive information that includes: Usernames Passwords Session hashes Domain names Computer names More troubling is the fact that the attackers delivered the malicious HTML files within zip archives. That means they bypassed measures in Outlook mail clients last patched before July 2023. If your email security provider did not block the inbound email and a user engaged with the message, your last hope to avoid the compromise is the timeliness of your software patching program. The impacts on businesses This attack is based on an old protocol (NTLM) from the 1990s. But this new twist by TA577 is noteworthy because it represents a departure from the group\'s usual tactics of delivering malware and bots directly. It suggests that the group is adapting and evolving. They are seeking new ways to bypass security measures and monetize their campaigns. This cyberthreat poses a significant risk to businesses that run Microsoft Windows. Through the theft of NTLM authenti | Malware Threat Patching | ★★★ | |
|
2024-03-26 06:00:09 | ProofPoint révèle la technique PIVOT par un groupe d'attaquant TA577: Cibler Windows NTLM Proofpoint Discloses Technique Pivot by Attacker Group TA577: Targeting Windows NTLM (lien direct) |
Proofpoint was the first to uncover a concerning new development in the world of cyberthreats that involves a group known as TA577. These cybercriminals, which typically act as initial access brokers (IAB), have pivoted to attacking an old, but widely deployed Windows service to steal sensitive information. Specifically, they aim to steal at scale the hash of the NT LAN Manager (NTLM) authentication session details. Then it is expected that they either sell the data, or they exploit it for various downstream activities like stealing sensitive data and ransoming systems. The planned end result is the same, a significant business-impacting breach of the targeted organizations. How did the new attack happen? Proofpoint detected two distinct email-based campaigns that TA577 carried out on February 26 and 27, 2024. The campaigns targeted hundreds of businesses globally via tens of thousands of emails. The attackers cleverly disguised the emails as replies to previous emails. This is an effective social engineering tactic known as thread hijacking. The emails contained HTML attachments compressed into zip files. Each malicious attachment had its own unique identifier. And the HTML files contained within the attachment were customized for each recipient. Because all the hashes were unique, a simple signature-based detection system could not consistently detect and block these emails. When the email recipient opened the files, it triggered a connection to a Server Message Block (SMB) server that the threat actor controlled. No malware was directly delivered through these connections. However, the attackers\' objective was clear-to capture the details of the challenge/response transaction and the NTLM hashes of the user\'s Windows machine, which include the user\'s password authentication data. The attackers can use this data in the next stage of the attack either in hash form or by cracking the hash first to retrieve the password. Note: In this case, the use of multifactor authentication (MFA) would not stop the attack, as TA577 targeted previously authenticated users on active Windows machines. If targeted businesses used MFA, that authentication step would have already occurred; thus, it would not significantly hinder this attack. What was the attackers\' intent? As noted earlier, TA577 usually acts as an IAB. So, the group likely aimed to exploit the data that they collected by cracking password hashes or facilitating “pass-the-hash” attacks. They could sell access to other threat actors who seek to penetrate targeted companies\' networks more deeply. As part of our investigation, Proofpoint identified the use of a well-known toolkit, Impacket, on the SMB servers involved in the attack. This discovery further confirmed that the malicious intent behind TA577\'s activities is to go well beyond the initial account or system compromise. What is especially concerning about this attack approach is that any connection to the SMB servers would compromise sensitive information that includes: Usernames Passwords Session hashes Domain names Computer names More troubling is the fact that the attackers delivered the malicious HTML files within zip archives. That means they bypassed measures in Outlook mail clients last patched before July 2023. If your email security provider did not block the inbound email and a user engaged with the message, your last hope to avoid the compromise is the timeliness of your software patching program. The impacts on businesses This attack is based on an old protocol (NTLM) from the 1990s. But this new twist by TA577 is noteworthy because it represents a departure from the group\'s usual tactics of delivering malware and bots directly. It suggests that the group is adapting and evolving. They are seeking new ways to bypass security measures and monetize their campaigns. This cyberthreat poses a significant risk to businesses that run Microsoft Windows. Through the theft of NTLM authenti | Malware Threat Patching | ★★★ | |
 |
2024-03-25 13:35:39 | Tanium et Orange Cyberdefense lancent l\'offre Xtended (lien direct) | Tanium et Orange Cyberdefense lancent l'offre Xtended Patching pour protéger les entreprises en France contre les cybermenaces en sécurisant leurs endpoints en temps réel et à grande échelle Cette nouvelle offre associe l'expertise d'Orange Cyberdefense en matière de cybermenaces aux capacités de la plateforme Tanium à fournir une solution puissante pour l'identification et la remédiation des vulnérabilités - Produits | Patching | ★★ | |
 |
2024-03-21 16:00:00 | GitHub lance l'outil AutoFix alimenté par AI pour aider les développeurs à patcher des défauts de sécurité GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws (lien direct) |
GitHub a annoncé mercredi qu'il met à disposition une fonctionnalité appelée Code Scanning Autofix en bêta publique pour All & NBSP; Advanced Security Clients & NBSP; pour fournir des recommandations ciblées dans le but d'éviter d'introduire de nouveaux problèmes de sécurité.
"Powered by & nbsp; github copilot & nbsp; et & nbsp; codeQL, le code scan de code Autofix couvre plus de 90% des types d'alerte en javascript, dactylographié, java, et
GitHub on Wednesday announced that it\'s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and |
Tool Patching | ★★ | |
|
2024-03-21 05:00:00 | Les émirats arabes unis sont des faces de cyber-risque intensifiés United Arab Emirates Faces Intensified Cyber-Risk (lien direct) |
Les EAU mènent le Moyen-Orient dans les efforts de transformation numérique, mais la technologie lente des correctifs et de l'héritage continue de contrecarrer sa posture de sécurité.
The UAE leads the Middle East in digital-transformation efforts, but slow patching and legacy technology continue to thwart its security posture. |
Patching | ★★★ | |
 |
2024-03-18 19:00:10 | Plus de 133 000 appareils Fortinet toujours vulnérables au bogue critique âgé d'un mois More than 133,000 Fortinet appliances still vulnerable to month-old critical bug (lien direct) |
Une énorme surface d'attaque pour une vulnérabilité avec divers POC disponibles Le volume de boîtes Fortinet exposées à l'Internet public et vulnérable à un défaut de sécurité critique vieux de Fortios est encore extrêmement élevé, malgré unAugmentation progressive des correctifs…
A huge attack surface for a vulnerability with various PoCs available The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching.… |
Vulnerability Patching | ★★ | |
 |
2024-03-12 21:23:32 | Exploitation de la vulnérabilité de Jet-Brains met en évidence le débat sur \\ 'Patching silencieux \\' JetBrains vulnerability exploitation highlights debate over \\'silent patching\\' (lien direct) |
Le géant des logiciels tchèques Jet-Brains a critiqué la société de sécurité Rapid7 cette semaine après une dispute sur deux vulnérabilités récemment découvertes .Dans un article de blog publié lundi,JetBrains a attribué le compromis de plusieurs serveurs de clients à la décision de Rapid7 \\ de divulguer des informations détaillées sur les vulnérabilités.«Après la divulgation complète, nous avons commencé à entendre des clients qui
Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers\' servers to Rapid7\'s decision to release detailed information on the vulnerabilities. “After the full disclosure was made, we started hearing from some customers who |
Vulnerability Patching | ★★ | |
 |
2024-03-06 17:30:00 | Placer dans Dalvik: un aperçu des fichiers dex Delving into Dalvik: A Look Into DEX Files (lien direct) |
Lors de l'analyse d'un échantillon de Troie bancaire ciblant les smartphones Android, Mandiant a identifié l'utilisation répétée d'un mécanisme d'obscurcation de chaîne tout au long du code d'application.Pour analyser et comprendre pleinement la fonctionnalité de l'application \\, une possibilité est de décoder manuellement les chaînes dans chaque méthode obscurcie rencontrée, qui peut être un processus long et répétitif. & Nbsp; Une autre possibilité consiste à utiliser des outils payants tels que & nbsp; jeb décompulier qui permettent une identification et un correctif rapides du code dans les applications Android, mais nous avons constaté que la possibilité de faire de même avec la statique gratuite
During the analysis of a banking trojan sample targeting Android smartphones, Mandiant identified the repeated use of a string obfuscation mechanism throughout the application code. To fully analyze and understand the application\'s functionality, one possibility is to manually decode the strings in each obfuscated method encountered, which can be a time-consuming and repetitive process. Another possibility is to use paid tools such as JEB decompiler that allow quick identification and patching of code in Android applications, but we found that the ability to do the same with free static |
Tool Patching Mobile | ★★ | |
|
2024-02-20 16:14:57 | Plus des deux tiers des décideurs de la sécurité informatique signalent une augmentation des budgets de la cybersécurité pour 2024 Over two-thirds of IT security decision-makers report an increase in cybersecurity budgets for 2024 (lien direct) |
Plus des deux tiers des décideurs de sécurité informatique signalent une augmentation des budgets de la cybersécurité pour 2024
Infoscurity Europe ouvre l'enregistrement pour 2024 avec le cyber-investissement un sujet de discussion significatif alors que les organisations abordent les dépenses de sécurité
• 69% des décideurs informatiques interrogés citent qu'ils ont vu ou verront leurs budgets de cybersécurité augmenter entre 10 et 100% en 2024.
• Près d'un sur cinq (19%) des personnes interrogées voient ou s'attendent à voir des budgets augmenter entre 30 et 49% au cours de l'année à venir.
• Alors que 15% des décideurs informatiques soulignent que leurs budgets de sécurité avaient diminué, ou seront, en 2024.
• La sécurité du cloud et la réponse aux incidents verront l'injection la plus élevée, suivie de l'externalisation et de l'antivirus MSSP, de l'éducation et de la formation, de la détection et des correctifs gérés.
-
rapports spéciaux
Over two-thirds of IT security decision-makers report an increase in cybersecurity budgets for 2024 Infosecurity Europe opens registration for 2024 with cyber investment a significant talking point as organisations address security spend • 69% of surveyed IT decision-makers cite that they have seen, or will see, their cybersecurity budgets increase between 10-100% in 2024. • Almost one in five (19%) of those surveyed are seeing or are expecting to see budgets increase between 30-49% over the coming year. • Whilst 15% of IT decision-makers highlight that their security budgets had decreased, or will, in 2024. • Cloud security and incident response will see the highest injection, followed by MSSP outsourcing and antivirus, education and training, managed detection and patching. - Special Reports |
Patching | ★★ | |
|
2024-02-13 16:28:37 | Ivanti obtient de mauvaises notes pour la réponse aux incidents cyber-incidents Ivanti Gets Poor Marks for Cyber Incident Response (lien direct) |
Les CVE critiques en cascade, les cyberattaques et les correctifs retardés affligent des VPN Ivanti et forcent les équipes de cybersécurité à se précipiter pour des solutions.Les chercheurs ne sont pas impressionnés.
Cascading critical CVEs, cyberattacks, and delayed patching are plaguing Ivanti VPNs, and forcing cybersecurity teams to scramble for solutions. Researchers are unimpressed. |
Patching | ★★★ | |
 |
2024-02-07 17:15:00 | L'importance du correctif: une analyse de l'exploitation des vulnérabilités des jours The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities (lien direct) |
Une analyse de l'exploitation des vulnérabilités de Fortinet à la journée résolues par un acteur inconnu.
An analysis of the exploitation of resolved N-Day Fortinet vulnerabilities by an unknown actor. |
Vulnerability Patching | ★★ | |
 |
2024-01-31 13:07:18 | Échelle de sécurité avec l'IA: de la détection à la solution Scaling security with AI: from detection to solution (lien direct) |
Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Nowakowski and Jan Keller, Machine Learning for Security TeamThe AI world moves fast, so we\'ve been hard at work keeping security apace with recent advancements. One of our approaches, in alignment with Google\'s Safer AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs. Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we\'re excited to share some updates. Today, we\'re releasing our fuzzing framework as a free, open source resource that researchers and developers can use to improve fuzzing\'s bug-finding abilities. We\'ll also show you how we\'re using AI to speed up the bug patching process. By sharing these experiences, we hope to spark new ideas and drive innovation for a stronger ecosystem security.Update: AI-powered vulnerability discoveryLast August, we announced our framework to automate manual aspects of fuzz testing (“fuzzing”) that often hindered open source maintainers from fuzzing their projects effectively. We used LLMs to write project-specific code to boost fuzzing coverage and find more vulnerabilities. Our initial results on a subset of projects in our free OSS-Fuzz service | Vulnerability Patching Cloud | ★★ | |
|
2024-01-26 11:00:00 | Cybersécurité pour les systèmes de contrôle industriel: meilleures pratiques Cybersecurity for Industrial Control Systems: Best practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS). Although ICSs significantly improve health and safety by automating dangerous tasks, facilitating remote monitoring and control, and activating safety protocols in the case of emergency, they’re increasingly exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay. ICS cyberattacks on the rise ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved. Segment networks By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency. When it comes to | Ransomware Malware Vulnerability Threat Patching Industrial | ★★★ | |
|
2024-01-22 06:00:26 | Types de menaces et d'attaques d'identité que vous devez être consciente Types of Identity Threats and Attacks You Should Be Aware Of (lien direct) |
It\'s easy to understand why today\'s cybercriminals are so focused on exploiting identities as a key step in their attacks. Once they have access to a user\'s valid credentials, they don\'t have to worry about finding creative ways to break into an environment. They are already in. Exploiting identities requires legwork and persistence to be successful. But in many ways this tactic is simpler than exploiting technical vulnerabilities. In the long run, a focus on turning valid identities into action can save bad actors a lot of time, energy and resources. Clearly, it\'s become a favored approach for many attackers. In the past year, 84% of companies experienced an identity-related security breach. To defend against identity-based attacks, we must understand how bad actors target the authentication and authorization mechanisms that companies use to manage and control access to their resources. In this blog post, we will describe several forms of identity-based attacks and methods and offer an overview of some security controls that can help keep identity attacks at bay. Types of identity-based attacks and methods Below are eight examples of identity attacks and related strategies. This is not an exhaustive list and, of course, cybercriminals are always evolving their techniques. But this list does provide a solid overview of the most common types of identity threats. 1. Credential stuffing Credential stuffing is a type of brute-force attack. Attackers add pairs of compromised usernames and passwords to botnets that automate the process of trying to use the credentials on many different websites at the same time. The goal is to identify account combinations that work and can be reused across multiple sites. Credential stuffing is a common identity attack technique, in particular for widely used web applications. When bad actors find a winning pair, they can steal from and disrupt many places at once. Unfortunately, this strategy is highly effective because users often use the same passwords across multiple websites. 2. Password spraying Another brute-force identity attack method is password spraying. A bad actor will use this approach to attempt to gain unauthorized access to user accounts by systematically trying commonly used passwords against many usernames. Password spraying isn\'t a traditional brute-force attack where an attacker attempts to use many passwords against a single account. It is a more subtle and stealthy approach that aims to avoid account lockouts. Here\'s how this identity attack usually unfolds: The attacker gathers a list of usernames through public information sources, leaked databases, reconnaissance activities, the dark web and other means. They then select a small set of commonly used or easily guessable passwords. Next, the attacker tries each of the selected passwords against a large number of user accounts until they find success. Password spraying is designed to fly under the radar of traditional security detection systems. These systems may not flag these identity-based attacks due to the low number of failed login attempts per user. Services that do not implement account lockout policies or have weak password policies are at risk for password spraying attacks. 3. Phishing Here\'s a classic and very effective tactic that\'s been around since the mid-1990s. Attackers use social engineering and phishing to target users through email, text messages, phone calls and other forms of communication. The aim of a phishing attack is to trick users into falling for the attacker\'s desired action. That can include providing system login credentials, revealing financial data, installing malware or sharing other sensitive data. Phishing attack methods have become more sophisticated over the years, but they still rely on social engineering to be effective. 4. Social engineering Social engineering is more of an ingredient in an identity attack. It\'s all about the deception and manipulation of users, and it\'s a feature in | Malware Vulnerability Threat Patching Technical | ★★ | |
|
2024-01-19 12:32:42 | Les défauts critiques «Pixiefail» exposent des millions d'appareils aux cyberattaques Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks (lien direct) |
par deeba ahmed
QuarksLab découvre "Pixiefail" Vulnérabilités: les défauts critiques dans le code UEFI open source nécessitent un correctif immédiat.
Ceci est un article de HackRead.com Lire le post original: Critical & # 8220; Pixiefail & # 8221;Les défauts exposent des millions d'appareils aux cyberattaques
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks |
Vulnerability Patching | ★★★ | |
|
2024-01-19 11:00:00 | Les entreprises nigérianes sont confrontées à un ransomware croissant en tant que commerce Nigerian Businesses Face Growing Ransomware-as-a-Service Trade (lien direct) |
Le groupe de plaidoyer INFOSEC avertit que les mauvaises pratiques de correction et la dépendance à l'égard des logiciels fissurés augmentent les risques.
Infosec advocacy group warns that poor patching practices and reliance on cracked software increases risk. |
Patching | ★★★ | |
 |
2024-01-17 18:15:00 | Une nouvelle attaque vole des secrets AI des GPU fabriqués par Apple, AMD et Qualcomm New attack steals AI secrets from GPUs made by Apple, AMD, and Qualcomm (lien direct) |
Le correctif de tous les appareils affectés, qui incluent certains Mac et iPhones, peut être difficile.
Patching all affected devices, which include some Macs and iPhones, may be tough. |
Patching | ★★★ | |
|
2024-01-16 18:00:00 | L'Afrique, le Moyen-Orient dirige les pairs en cybersécurité, mais lame à l'échelle mondiale Africa, Middle East Lead Peers in Cybersecurity, But Lag Globally (lien direct) |
Les deux régions obtiennent un score supérieur à la moyenne par rapport aux économies de taille similaire, mais investir dans des technologies mises à jour et des processus de correction aiderait la cyber-résilience à l'échelle mondiale.
Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally. |
Patching | ★★ | |
|
2023-12-29 10:46:00 | Microsoft désactive le protocole d'installation de l'application MSIX largement utilisée dans les attaques de logiciels malveillants Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks (lien direct) |
Microsoft a déclaré jeudi qu'il désactivant à nouveau le gestionnaire de protocole & nbsp; MS-Appinstaller & NBSP; à la suite de ses abus de plusieurs acteurs de menace pour distribuer des logiciels malveillants.
«L'activité de l'acteur de menace observée abuse
Microsoft on Thursday said it\'s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence |
Ransomware Malware Threat Patching | ★★★★ | |
|
2023-12-28 13:27:00 | La surveillance insouciante des serveurs SSH Linux dessine des cryptomineurs, des bots DDOS Careless oversight of Linux SSH servers draws cryptominers, DDoS bots (lien direct) |
Les cybercriminels ciblent les serveurs Linux SSH mal gérés pour installer des logiciels malveillants pour la cryptomiminage ou l'effort d'attaques distribuées au déni de service, ont révélé des chercheurs.Selon un rapport de AHNLAB publié cette semaine, une mauvaise gestion des mots de passe et un correctif de vulnérabilité laxiste peuvent permettre aux pirates d'exploiter les serveurs pour la cybercriminalité.Les serveurs SSH offrent un accès à distance sécurisé à un
Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime. SSH servers provide secure remote access to a |
Malware Vulnerability Threat Patching | ★★ | |
|
2023-12-22 18:00:00 | Google libère le huitième patch zéro-jour de 2023 pour Chrome Google Releases Eighth Zero-Day Patch of 2023 for Chrome (lien direct) |
CVE-2023-7024, exploité dans la nature avant le correctif, est une vulnérabilité chromée qui permet l'exécution de code distant dans le composant Webrtc du navigateur \\.
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser\'s WebRTC component. |
Vulnerability Threat Patching | ★★★ | |
|
2023-12-21 11:00:00 | Violations de données: analyse approfondie, stratégies de récupération et meilleures pratiques Data breaches: In-depth analysis, recovery strategies, and best practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the dynamic landscape of cybersecurity, organizations face the ever-present risk of data breaches. This article provides a detailed exploration of data breaches, delving into their nuances, and offers comprehensive recovery strategies along with best practices. A data breach occurs when unauthorized threat actors gain access to sensitive information, jeopardizing data integrity and confidentiality. There are some common causes behind major data breaches: Cyber-attacks: Sophisticated cyber-attacks, techniques such as spear phishing, ransomware, and advanced persistent threats, are predominant causes behind data breaches. Insider threats: Whether arising from employee errors, negligence, or intentional malicious actions, insider threats contribute significantly to data breaches. Third-party incidents: Weaknesses in the security protocols of third-party vendors or service providers can expose organizations to the risk of data breaches. Learnings acquired Rapid detection and response: The criticality of swift detection and response cannot be overstated. Delayed identification prolongs the impact and complicates the recovery process. Comprehensive incident response: Organizations must establish a robust incident response plan, encompassing communication strategies, legal considerations, and meticulous technical remediation steps. Regulatory compliance: Adherence to regulatory requirements and industry standards is not only essential for legal compliance but is also a fundamental aspect of maintaining trust and credibility. Employee training: Ongoing training initiatives that elevate employees\' awareness of security threats and best practices play a pivotal role in preventing data breaches. Continuous security audits: Regular security audits and assessments serve as proactive measures, identifying vulnerabilities before they can be exploited. Best practices for recovery Detailed incident communication: Provide a comprehensive and transparent communication plan, detailing the incident\'s scope, impact, and the organization\'s proactive steps for resolution. Stakeholder engagement: Engage with stakeholders, including customers, employees, and regulatory bodies. Keep them informed about the incident\'s progress and the measures being taken for recovery. Comprehensive cyber insurance coverage: Cyber insurance can be a strategic asset, covering a range of costs related to the incident, including investigation, legal proceedings, and potential regulatory fines. Strengthen cybersecurity measures: Advanced threat detection: Implement advanced threat detection mechanisms that can identify anomalous behavior and potential threats in real-time. Encryption and access controls: Enhance data protection by implementing robust encryption protocols and access controls, limiting unauthorized access to sensitive information. Regular system updates: Maintain an agile cybersecurity posture by regularly updating and patching systems to address known vulnerabilities. Law enforcement partnership: Collaborate with law enforcement agencies and relevant authorities, leveraging their expertise to aid in the investigation and apprehension of cybercriminals. Legal counsel engagement: Engage legal counsel to navigate the legal intricacies associated with the breach, ensuring compliance with regulations and m | Ransomware Data Breach Vulnerability Threat Patching Technical | ★★ | |
 |
2023-12-12 13:00:24 | Rencontrez le nouveau CloudGuard: gestion des risques en action Meet the new CloudGuard: Risk Management in Action (lien direct) |
> Une CVE critique ou une vulnérabilité et une exposition communes sont identifiées chaque jour.Les équipes de sécurité doivent planifier les mesures (stratégies d'atténuation) prises pour réduire les effets nocifs d'un CVE, afin de s'assurer que les applications qu'ils gèrent restent en sécurité alors que la disponibilité des entreprises n'est pas affectée, et les développeurs peuvent continuer avec leurs activités quotidiennes.Check Point CloudGuard transforme le flux de travail de l'équipe de sécurité en transitionnant une situation frustrante et chronophage en une liste facilement gérée et bien résolue des actifs de haute priorité basés sur le contexte de l'environnement cloud spécifique.Ensuite, les efforts de correction peuvent être exécutés progressivement, offrant à la fois des affaires plus élevées [& # 8230;]
>A critical CVE or Common Vulnerability and Exposure is identified every day. Security teams need to plan the measures (mitigation strategies) taken to reduce the harmful effects of a CVE, to ensure that the applications they are managing remain secure while business availability is not affected, and developers can continue with their day-to-day activities. Check Point CloudGuard transforms the workflow of the security team by transitioning a frustrating, time-consuming situation into an easily managed and well-triaged list of high-priority assets based on the context of the specific cloud environment. Then, patching efforts can be executed gradually, offering both higher business […] |
Vulnerability Patching Cloud | ★★★ | |
|
2023-11-16 22:45:00 | Dangereux exploit activemq apache permet de contourner EDR furtif Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass (lien direct) |
Il n'y a pas de temps à perdre: pour les organisations sur la clôture sur le correctif du bogue critique dans ActiveMQ, le nouvel exploit de preuve de concept devrait les pousser vers l'action.
There\'s no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action. |
Threat Patching | ★★ | |
 |
2023-11-15 11:30:00 | Critique CVE-2023-34060 Vulnérabilité dans VMware Cloud Director Appliance: CISA conseille des correctifs immédiats Critical CVE-2023-34060 Vulnerability in VMware Cloud Director Appliance: CISA Advises Immediate Patching (lien direct) |
VMware a récemment publié un avis (VMSA-2023-0026) concernant une vulnérabilité de contournement d'authentification critique dans son VMware ...
VMware recently issued an advisory (VMSA-2023-0026) regarding a critical authentication bypass vulnerability in its VMware... |
Vulnerability Patching Cloud | ★★★ | |
|
2023-11-10 14:28:00 | Alerte: \\ 'Effluence \\' Backdoor persiste malgré le patchage des serveurs de confluence atlassienne Alert: \\'Effluence\\' Backdoor Persists Despite Patching Atlassian Confluence Servers (lien direct) |
Les chercheurs en cybersécurité ont découvert une porte dérobée furtive nommée effluence qui a été déployée à la suite de l'exploitation réussie d'un défaut de sécurité récemment divulgué dans le centre de données et le serveur Atlassian Confluence.
"Le malware agit comme une porte dérobée persistante et n'est pas corrigée en appliquant des correctifs à Confluence", a déclaré la publication de Stroz Friedberg de Stroz Friedberg dans une analyse publiée
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that\'s deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon\'s Stroz Friedberg Incident Response Services said in an analysis published |
Malware Patching | ★★ | |
|
2023-11-07 20:40:00 | CVSS 4.0 offre beaucoup plus de contexte de correction CVSS 4.0 Offers Significantly More Patching Context (lien direct) |
Le dernier système de notation de gravité de la vulnérabilité comble les lacunes dans la version précédente;Voici comment en tirer le meilleur parti.
The latest vulnerability severity scoring system addresses gaps in the previous version; here\'s how to get the most out of it. |
Vulnerability Patching | ★★★ | |
|
2023-11-07 08:40:50 | LogPoint améliore la sécurité critique (BCS) Logpoint enhances Business-Critical Security (BCS) (lien direct) |
LogPoint améliore la solution de sécurité commerciale (BCS) avec des capacités d'automatisation pour simplifier le correctif SAP Systems
• L'analyseur de surveillance de la vulnérabilité de LogPoint \\ aide les organisations à automatiser et à simplifier la gestion des vulnérabilités dans les systèmes SAP.
• Les organisations peuvent obtenir un aperçu complet et faciliter la hiérarchisation des correctifs critiques de la sécurité.
-
revues de produits
Logpoint enhances Business-Critical Security (BCS) solution with automation capabilities to simplify patching SAP systems • Logpoint\'s new Vulnerability Monitoring Analyzer helps organizations automate and simplify vulnerability management in SAP systems. • Organizations can get a complete overview and ease prioritization of security-critical patches. - Product Reviews |
Vulnerability Patching | ★★ | |
|
2023-11-03 21:51:00 | Exploit de bogues atlassian critique maintenant disponible;Patchage immédiat nécessaire Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed (lien direct) |
L'activité d'exploitation dans les ventes de dizaines de réseaux de cyberattaques s'accélère pour la vulnérabilité de sécurité dans Confluence, suivi comme CVE-2023-22518.
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518. |
Vulnerability Threat Patching | ★★ | |
|
2023-10-13 17:20:00 | Microsoft fait ses débuts sur le programme BUG Bounty, offre 15 000 $ Microsoft Debuts AI Bug-Bounty Program, Offers $15K (lien direct) |
L'objectif du programme est de découvrir des vulnérabilités critiques ou importantes au sein du programme Bing propulsé par l'IA.
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program. |
Vulnerability Patching | ★★★ | |
|
2023-10-11 12:30:00 | Microsoft publie des correctifs d'octobre 2023 pour 103 défauts, y compris 2 exploits actifs Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (lien direct) |
Microsoft a publié ses mises à jour de Patch Mardi pour octobre 2023, abordant un total de 103 défauts dans son logiciel, dont deux ont fait l'objet d'une exploitation active dans la nature.
Sur les 103 défauts, 13 sont classés critiques et 90 sont notés importants en gravité.Ceci est en dehors de 18 vulnérabilités de sécurité abordées dans son navigateur Edge basé sur le chrome depuis le deuxième mardi de septembre.
Les deux
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two |
Patching | ★★★ | |
 |
2023-09-08 08:30:00 | Apple Patches deux jours zéro exploités dans les attaques de pégase Apple Patches Two Zero-Days Exploited in Pegasus Attacks (lien direct) |
Les utilisateurs d'appareils iOS ont demandé à activer le mode de verrouillage
Users of iOS devices urged to enable lockdown mode |
Patching Mobile | ★★ | |
|
2023-07-13 00:55:02 | Vulnérabilités critiques de contournement de l'authentique: Sonicwall demande des correctifs immédiats pour les GM / analytiques Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics (lien direct) |
Sonicwall a émis un avis de sécurité urgent concernant les vulnérabilités critiques ayant un impact sur leur système de gestion mondial ...
SonicWall has issued an urgent security notice regarding critical vulnerabilities impacting their Global Management System... |
Patching | ★★ | |
|
2023-07-07 19:31:00 | Une autre faille SQLI non authentifiée critique découverte dans le logiciel de transfert Moveit Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software (lien direct) |
Progress Software a annoncé la découverte et le correctif d'une vulnérabilité critique d'injection SQL dans le transfert Moveit, un logiciel populaire utilisé pour le transfert de fichiers sécurisé.De plus, Progress Software a corrigé deux autres vulnérabilités de haute sévérité.
La vulnérabilité d'injection SQL identifiée, étiquetée comme CVE-2023-36934, pourrait potentiellement permettre aux attaquants non authentifiés de gagner
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized |
Vulnerability Patching | ★★★ | |
 |
2023-06-29 21:15:09 | CVE-2023-36469 (lien direct) | La plate-forme Xwiki est une plate-forme wiki générique offrant des services d'exécution pour des applications construites en plus.Tout utilisateur qui peut modifier son propre profil utilisateur et paramètres de notification peut exécuter des macros de script arbitraire, y compris les macros Groovy et Python qui permettent l'exécution de code distant, y compris l'accès à lecture et à écrire sans restriction à tous les contenus du wiki.Cela a été corrigé dans Xwiki 14.10.6 et 15.2RC1.Il est conseillé aux utilisateurs de mettre à jour.En tant que solution de contournement, la principale correction de sécurité peut être appliquée manuellement en corrigeant le document affecté `xwiki.notifications.code.notificationRssService`.Cela brisera le lien vers les différences, mais cela nécessite des modifications supplémentaires dans les modèles de vitesse comme indiqué dans le patch.Bien que le modèle par défaut soit disponible dans l'instance et puisse être facilement corrigé, le modèle de mentions est contenu dans un fichier `.jar` et ne peut donc pas être fixé sans remplacer ce pot.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar. |
Patching | ||
|
2023-06-23 20:44:00 | NSA: Black Lotus Bootkit Patching n'empêchera pas les compromis NSA: BlackLotus BootKit Patching Won\\'t Prevent Compromise (lien direct) |
On ne sait pas pourquoi la NSA a publié des conseils d'atténuation approfondis pour la menace de démarrage du logiciel maintenant, mais les organisations devraient prendre des mesures pour durcir leur environnement.
It\'s unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments. |
Threat Patching | ★★ | |
|
2023-06-22 21:48:15 | Pour tuer les logiciels malveillants BlackLotus, le patch est un bon début, mais ... To kill BlackLotus malware, patching is a good start, but... (lien direct) |
... que seul \\ 'pourrait fournir un faux sentiment de sécurité, \' NSA avertit dans ce guide gratuit pour les orgs BlackLotus, le malware capable de contourner les protections de démarrage sécurisées et de compromettreWindows Computers, a attrapé la colère de la NSA, qui a publié aujourd'hui un guide pour aider les organisations à détecter et à prévenir les infections de l'UEFI Bootkit.…
...that alone \'could provide a false sense of security,\' NSA warns in this handy free guide for orgs BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today published a guide to help organizations detect and prevent infections of the UEFI bootkit.… |
Malware Patching | ★★★ | |
 |
2023-06-20 14:45:25 | L'art de réduire la dette de sécurité en 3 étapes clés The Art of Reducing Security Debt In 3 Key Steps (lien direct) |
Introduction
Dans le paysage en constante évolution des menaces numériques et des défis de la cybersécurité, les organisations sont confrontées à un fardeau important connu sous le nom de dette de sécurité.Tout comme la dette financière, la dette de sécurité revient lorsque les organisations compromettent les mesures de sécurité en faveur des mesures de commodité, de vitesse ou de réduction des coûts.Au fil du temps, cette dette accumulée peut présenter de graves risques pour les données, la réputation et la stabilité globale de l'organisation.Cependant, avec une approche stratégique et un engagement envers les pratiques de sécurité proactives, les organisations peuvent réduire efficacement leur dette de sécurité.Dans cet article de blog, nous explorerons l'art de réduire la dette de sécurité en trois étapes clés, permettant aux organisations de renforcer leur posture de sécurité et de protéger leurs précieux actifs.
Étape 1: évaluer et hiérarchiser les risques de sécurité
La première étape dans la réduction de la dette de sécurité consiste à effectuer une évaluation approfondie des risques de sécurité de votre organisation.Cela implique d'identifier les vulnérabilités, d'évaluer la sécurité existante…
Introduction In the ever-evolving landscape of digital threats and cybersecurity challenges, organizations face a significant burden known as security debt. Just like financial debt, security debt accrues when organizations compromise security measures in favor of convenience, speed, or cost-cutting measures. Over time, this accumulated debt can pose serious risks to the organization\'s data, reputation, and overall stability. However, with a strategic approach and a commitment to proactive security practices, organizations can effectively reduce their security debt. In this blog post, we will explore the art of reducing security debt in three key steps, enabling organizations to strengthen their security posture and safeguard their valuable assets. Step 1: Assess and Prioritize Security Risks The first step in reducing security debt is to conduct a thorough assessment of your organization\'s security risks. This involves identifying vulnerabilities, evaluating existing security… |
Patching Guideline | ★★ | |
 |
2023-06-13 13:00:00 | CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks (lien direct) |
CyberheistNews Vol 13 #24 | June 13th, 2023
[The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks
The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section.
They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.
"The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top."
A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear.
BEC Attacks Have Nearly Doubled
It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor.
Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category.
Financially Motivated External Attackers Double Down on Social Engineering
Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection.
However, unlike the times we live in, this section isn\'t all doom and |
Spam Malware Vulnerability Threat Patching | Uber APT 37 ChatGPT ChatGPT APT 43 | ★★ |
|
2023-06-09 18:15:09 | CVE-2023-34100 (lien direct) | Contiki-ng est un système d'exploitation de la plate-plaqueur open-source pour les appareils IoT.Lors de la lecture de la valeur de l'option TCP MSS à partir d'un paquet entrant, le système d'exploitation Contiki-NG ne vérifie pas que certains indices de tampon à lire sont dans les limites du tampon de paquets IPv6, UIP_BUF.En particulier, il y a un tampon de 2 octets lu dans le module OS / Net / IPv6 / UIP6.c.Le tampon est indexé à l'aide de \\ 'UIP_IPTCPH_LEN + 2 + C \' et \\ 'UIP_IPTCPH_LEN + 3 + C \', mais le tampon UIP_BUF peut ne pas avoir suffisamment de données, ce qui entraîne une lecture de 2 octets.Le problème a été corrigé dans la branche "Develop" de Contiki-NG et devrait être inclus dans la version 4.9.Il est conseillé aux utilisateurs de surveiller la version 4.9 et de mettre à niveau lorsqu'elle devient disponible.Il n'y a pas de solution de contournement pour cette vulnérabilité en dehors de la correction manuelle avec le Diff dans Commit `CDE4E9839`.
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using \'UIP_IPTCPH_LEN + 2 + c\' and \'UIP_IPTCPH_LEN + 3 + c\', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`. |
Vulnerability Patching | ||
 |
2023-06-08 20:17:06 | Barracuda demande de remplacer - pas de correction - ses passerelles de sécurité par e-mail Barracuda Urges Replacing - Not Patching - Its Email Security Gateways (lien direct) |
Ce n'est pas souvent qu'une vulnérabilité zéro-jour amène un fournisseur de sécurité du réseau à exhorter les clients à supprimer et à écarter physiquement toute une gamme de matériel affecté - au lieu de simplement appliquer des mises à jour logicielles.Mais les experts disent que c'est exactement ce qui s'est passé cette semaine avec Barracuda Networks, alors que la société a eu du mal à lutter contre une menace de logiciels malveillante tentaculaire qui semble avoir sapé ses appareils de sécurité des e-mails de manière si fondamentale qu'ils ne peuvent plus être mis à jour en toute sécurité avec des correctifs logiciels.
It\'s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. |
Malware Vulnerability Threat Patching | ★★★★ | |
|
2023-06-06 09:46:00 | Les pare-feu zyxel sont attaqués!Rattuage urgent requis Zyxel Firewalls Under Attack! Urgent Patching Required (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a classée lundi deux défauts récemment divulgués dans les pare-feu de zyxel à son catalogue connu sur les vulnérabilités exploités (KEV), sur la base de preuves d'exploitation active.
Les vulnérabilités, suivies comme CVE-2023-33009 et CVE-2023-33010, sont des vulnérabilités de débordement de tampon qui pourraient permettre à un attaquant non authentifié de provoquer un
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a |
Patching | ★★ | |
|
2023-06-05 10:00:00 | Trois façons dont l'agro-industrie peut protéger les actifs vitaux des cyberattaques Three ways agribusinesses can protect vital assets from cyberattacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where digital technology increasingly underpins food production and distribution, the urgency of cybersecurity in agriculture has heightened. A surge of cyberattacks in recent years, disrupting operations, causing economic losses, and threatening food industry security- all underscore this escalating concern. In April 2023, hackers targeted irrigation systems and wastewater treatment plants in Israel. The attack was part of an annual "hacktivist" campaign, and it temporarily disabled automated irrigation systems on about a dozen farms in the Jordan Valley. The attack also disrupted wastewater treatment processes at the Galil Sewage Corporation. In addition, in June 2022, six grain cooperatives in the US were hit by a ransomware attack during the fall harvest, disrupting their seed and fertilizer supplies. Adding to this growing list, a leading US agriculture firm also fell victim to a cyberattack the same year, which affected operations at several of its production facilities. These incidents highlight the pressing need for improved cybersecurity in the agricultural sector and underscore the challenges and risks this sector faces compared to others. As outlined in a study, “Various technologies are integrated into one product to perform specific agricultural tasks.” An example provided is that of an irrigation system which "has smart sensors/actuators, communication protocols, software, traditional networking devices, and human interaction." The study further elaborates that these complex systems are often outsourced from diverse vendors for many kinds of environments and applications. This complexity “increases the attack surface, and cyber-criminals can exploit vulnerabilities to compromise one or other parts of the agricultural application.” However, the situation is far from hopeless. By taking decisive action, we can significantly strengthen cybersecurity in the agricultural sector. Here are three strategies that pave the way toward a more secure future for the farming industry: 1. Strengthening password practices Weak or default passwords are an easily avoidable security risk that can expose vital assets in the agricultural sector to cyber threats. Arguably, even now, people have poor habits when it comes to password security. As per the findings of a survey conducted by GoodFirms: A significant percentage of people - 62.9%, to be exact - update their passwords only when prompted. 45.7% of people admitted to using the same password across multiple platforms or applications. More than half of the people had shared their passwords with others, such as colleagues, friends, or family members, raising the risk of unauthorized access. A surprising 35.7% of respondents reported keeping a physical record of their passwords on paper, sticky notes, or in planners. These lax password practices have had tangible negative impacts, with 30% of users experiencing security breaches attributable to weak passwords. Hackers can use various methods, such as brute force attacks or phishing attacks, to guess or obtain weak passwords and access sensitive inf | Ransomware Tool Vulnerability Patching | ★★ |
To see everything:
Our RSS (filtrered)
