What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-04 15:00:00 | It et OT Cybersecurity: une approche holistique IT and OT cybersecurity: A holistic approach (lien direct) |
> Dans le domaine de la cybersécurité, les technologies de l'information (TI) et les technologies opérationnelles (OT) présentent des défis distincts que les organisations doivent naviguer.Assurer la sécurité de ces domaines distincts est primordial pour renforcer votre cyber-résilience globale.En suivant les meilleures pratiques décrites dans cet article, vous pouvez minimiser les vulnérabilités potentielles et garder votre posture de sécurité forte.[& # 8230;]
>In the realm of cybersecurity, both information technology (IT) and operational technology (OT) present distinct challenges that organizations must navigate. Ensuring the security of these distinct domains is paramount to bolstering your overall cyber resilience. By following the best practices outlined in this article, you can minimize potential vulnerabilities and keep your security posture strong. […] |
Vulnerability Industrial | ★★★ | |
 |
2024-01-04 13:35:17 | Que rechercher dans un scanner de vulnérabilité open source What To Look For in an Open Source Vulnerability Scanner (lien direct) |
L'une des principales préoccupations de sécurité que nous entendons des leaders de la technologie concerne la sécurité des logiciels open source (OSS) et le développement de logiciels cloud.Un scanner de vulnérabilité open source (pour la numérisation OSS) vous aide à découvrir le risque dans le code tiers que vous utilisez.Cependant, ce n'est pas parce qu'une solution scanne l'open source que vous réduisez finalement le risque de sécurité.Voici ce qu'il faut rechercher dans un scanner de vulnérabilité open source et une solution de test de sécurité pour trouver et corriger les vulnérabilités dans l'OSS.
Contexte sur les vulnérabilités en open source et à quoi ressemble le risque
Avant de pouvoir parler de ce qu'il faut rechercher dans une solution de numérisation, nous devons parler des vulnérabilités que les outils recherchent.Né en 1999, la base de données nationale de vulnérabilité (NVD) était un produit de l'Institut national des normes et de la technologie (NIST) conçu pour être «le référentiel du gouvernement américain des données de gestion de la vulnérabilité basées sur les normes».Il représente un indice des vulnérabilités connues…
One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it. Here is what to look for in an open source vulnerability scanner and security testing solution to find and fix vulnerabilities in OSS. Background on Vulnerabilities in Open Source and What the Risk Looks Like Before we can talk about what to look for in a scanning solution, we need to talk about the vulnerabilities the tools are looking for. Born in 1999, the National Vulnerability Database (NVD) was a product of the National Institute of Standards and Technology (NIST) made to be “the U.S. government repository of standards based vulnerability management data.” It represents an index of known vulnerabilities… |
Tool Vulnerability Cloud | ★★★ | |
 |
2024-01-04 13:01:29 | La CISA prévient les vulnérabilités exploitées dans la bibliothèque d'analyse chromée et Excel CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library (lien direct) |
> Par waqas
CISA exhorte une action rapide à mesure que deux vulnérabilités critiques émergent.
Ceci est un article de HackRead.com Lire le post original: CISA met en garde contre les vulnérabilités exploitées dans la bibliothèque d'analyse chrome et Excel
>By Waqas CISA Urges Swift Action as Two Critical Vulnerabilities Emerge. This is a post from HackRead.com Read the original post: CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library |
Vulnerability | ★★★ | |
 |
2024-01-04 12:11:49 | New iPhone Exploit utilise quatre jours zéro New iPhone Exploit Uses Four Zero-Days (lien direct) |
Kaspersky Researchers sont des détails & # 8220; une attaque qui sur quatre ans en arrière des dizaines, sinon des milliers d'iPhones, dont beaucoup appartenaient à des employés de la société de sécurité basée à Moscou, Kaspersky. & # 8221;Il est un exploit en clic zéro qui utilise quatre jours zéro-jours d'iPhone.
Le nouveau détail le plus intrigant est le ciblage de la fonctionnalité matérielle avant-monnale, qui s'est avérée cruciale de la campagne de triangulation de l'opération.Une journée zéro dans la fonction a permis aux attaquants de contourner les avancés protection de mémoire matérielle Conçu pour protéger l'intégrité du système d'appareils même après qu'un attaquant a acquis la possibilité de falsifier la mémoire du noyau sous-jacent.Sur la plupart des autres plateformes, une fois que les attaquants exploitent avec succès une vulnérabilité du noyau, ils ont le contrôle total du système compromis ...
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel. On most other platforms, once attackers successfully exploit a kernel vulnerability they have full control of the compromised system... |
Vulnerability Threat Mobile | ★★★★ | |
 |
2024-01-04 10:17:18 | Le signal de risque de défenseur industriel offre une solution de gestion de vulnérabilité basée sur les risques pour la sécurité OT Industrial Defender Risk Signal delivers risk-based vulnerability management solution for OT security (lien direct) |
OT Asset Data and Cybersecurity Solutions Company Industrial Defender, fournisseur d'OT Asset Data and Cybersecurity Solutions pour ...
OT asset data and cybersecurity solutions company Industrial Defender, provider of OT asset data and cybersecurity solutions for... |
Vulnerability Industrial | ★★★ | |
 |
2024-01-04 06:00:10 | Cybersecurity Stop of the Month: MFA Manipulation (lien direct) | This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cybercriminals. Cybersecurity Stop of the Month focuses on the critical first three steps in the attack chain in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have covered the following types of attacks: Supplier compromise EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion In this post, we examine an attack technique called multifactor (MFA) manipulation. This malicious post-compromise attack poses a significant threat to cloud platforms. We cover the typical attack sequence to help you understand how it works. And we dive deeper into how Proofpoint account takeover capabilities detected and prevented one of these threats for our customer. Background MFA manipulation is an advanced technique where bad actors introduce their own MFA method into a compromised cloud account. These attackers are used after a cloud account takeover attack, or ATO. ATOs are an insidious threat that are alarmingly common. Recent research by Proofpoint threat analysts found that in 2023 almost all businesses (96%) were targeted by cloud-based attacks. What\'s more, a whopping 60% were successfully compromised and had at least one account taken over. MFA manipulation attacks can work several ways with bad actors having multiple options for getting around MFA. One way is to use an adversary-in-the-middle (AiTM) attack. This is where the bad actor inserts a proxy server between the victim and the website that they\'re trying to log into. Doing so enables them to steal that user\'s password as well as the session cookie. There\'s no indication to the user that they\'ve been attacked-it just seems like they\'ve logged into their account as usual. However, the attackers have what they need to establish persistence, which means they can maintain access even if the stolen MFA credentials are revoked or deemed invalid. The scenario Recently, Proofpoint intercepted a series of MFA manipulation attacks on a large real estate company. In one case, the bad actors used an AiTM attack to steal the credentials of the firm\'s financial controller as well as the session cookie. Once they did that, they logged into that user\'s business account and generated 27 unauthorized access activities. The threat: How did the attack happen? Here is a closer look at how this MFA manipulation attack played out: 1. Bad actors used the native “My Sign-Ins” app to add their own MFA methods to compromise Microsoft 365 accounts. We observed that the attackers registered their own authenticator app with notification and code. They made this move right after they gained access to the hijacked account as part of an automated attack flow execution. This, in turn, allowed them to secure their foothold within the targeted cloud environment. The typical MFA manipulation flow using Microsoft\'s “My Sign-Ins” app. 2. After the compromise, the attackers demonstrated a sophisticated approach. They combined MFA manipulation with OAuth application abuse. With OAuth abuse, an attacker authorizes and/or uses a third-party app to steal data, spread malware or execute other malicious activities. Attackers also use the abused app to maintain persistent access to specific resources even after their initial access to a compromised account has been cut off. 3. The attackers authorized the seemingly benign application, “PERFECTDATA SOFTWARE,” to gain persistent access to the user\'s account and the systems, as well as the resources and applications that the user could access. The permissions the attackers requested for this app included: | Malware Tool Vulnerability Threat Cloud | ★★★ | |
 |
2024-01-03 23:00:00 | La recherche sur la vulnérabilité met en évidence 2023 Vulnerability Research Highlights 2023 (lien direct) |
Notre équipe de recherche sur la vulnérabilité revient sur une grande année et résume les points forts de 2023.
Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023. |
Vulnerability Studies | ★★★ | |
 |
2024-01-03 21:30:00 | La CISA avertit les agences fédérales des vulnérabilités exploitées Google Chrome et open source CISA warns federal agencies of exploited Google Chrome and open-source vulnerabilities (lien direct) |
Deux nouvelles vulnérabilités ont été ajoutées à la liste des bogues exploités par la Cybersecurity and Infrastructure Security Agency (CISA).CISA a mis en garde mardi une vulnérabilité concernant la bibliothèque Perl open source, classée comme CVE-2023-7101, ainsi qu'un bogue impactant Google Chrome qui a été abordé par la société le mois dernier.Les vulnérabilités ont été ajoutées
Two new vulnerabilities have been added to the list of exploited bugs by the Cybersecurity and Infrastructure Security Agency (CISA). CISA on Tuesday warned of a vulnerability concerning the open-source Perl library, classified as CVE-2023-7101, as well as a bug impacting Google Chrome that was addressed by the company last month. The vulnerabilities were added |
Vulnerability | ★★ | |
 |
2024-01-03 21:00:00 | Apache Erp Zero-Day souligne les dangers des correctifs incomplets Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (lien direct) |
Apache a corrigé une vulnérabilité dans son cadre OfBiz Enterprise Resource Planning (ERP) le mois dernier, mais les attaquants et les chercheurs ont trouvé un moyen de contourner le patch.
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. |
Vulnerability Threat | ★★★ | |
 |
2024-01-03 15:04:12 | Plusieurs infostateurs utilisant des cookies persistants pour détourner les comptes Google Several Infostealers Using Persistent Cookies to Hijack Google Accounts (lien direct) |
> Une vulnérabilité dans le processus d'authentification de Google \\ permet aux logiciels malveillants de restaurer les cookies et de détourner les sessions utilisateur.
>A vulnerability in Google\'s authentication process allows malware to restore cookies and hijack user sessions. |
Malware Vulnerability | ★★★ | |
|
2024-01-03 12:49:36 | Otorio révèle les vulnérabilités critiques dans les systèmes de contrôle d'accès physique utilisés dans la sécurité du bâtiment OTORIO discloses critical vulnerabilities in physical access control systems used across building security (lien direct) |
La société de cybersécurité Otorio a mené des recherches en lumière sur les risques de sécurité posés par le contrôle d'accès physique moderne ...
Cybersecurity firm OTORIO has conducted research shedding light on the security risks posed by modern Physical Access Control... |
Vulnerability Industrial | ★★★★ | |
 |
2024-01-03 11:00:00 | Décodage du piratage éthique: une exploration complète des pratiques de chapeau blanc Decoding ethical hacking: A comprehensive exploration of white hat practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In era of digital devices, where the specter of data breaches and cyber threats looms large, the role of ethical hackers, colloquially known as white hat hackers, has become paramount. This article embarks on an in-depth journey into the realm of ethical hacking, illuminating its profound significance in identifying vulnerabilities and fortifying the intricate tapestry of overall cybersecurity. Ethical hacking, at its core, entails authorized and legal endeavors to infiltrate computer systems, networks, or applications. The primary objective is to unveil vulnerabilities. Diverging from their malevolent counterparts, ethical hackers leverage their skills to fortify security rather than exploit weaknesses. The strategic importance of ethical hacking: Proactive defense: Ethical hacking adopts a proactive stance, aiming to unearth and neutralize potential threats before malicious actors can exploit them. Vulnerability assessment: Systematic assessments conducted by ethical hackers pinpoint weaknesses in systems, networks, and applications, enabling organizations to address vulnerabilities in a timely manner. Compliance and risk management: Ethical hacking aligns seamlessly with regulatory compliance requirements, facilitating effective risk management. This ensures organizations adhere to industry standards and safeguard sensitive information. The crucial role of ethical hackers 1. Identifying vulnerabilities: Ethical hackers employ an array of techniques, including penetration testing, code review, and network analysis, to uncover vulnerabilities. By replicating the tactics of malicious hackers, they unveil potential entry points and weaknesses susceptible to exploitation. 2. Penetration testing: A cornerstone of ethical hacking, penetration testing involves simulating real-world cyber-attacks to evaluate the security posture of a system. This practice assesses how well an organization\'s defenses can withstand various threats. 3. Code Review: Analyzing source code for security flaws is fundamental. Ethical hackers scrutinize the codebase to identify vulnerabilities such as injection flaws, buffer overflows, and insecure dependencies. Navigating the ethical hacking process 1. Planning: Ethical hacking commences with meticulous planning. The ethical hacker collaborates with the organization to define the scope, goals, and methodologies of the assessment. 2. Reconnaissance: Gathering information about the target system is a critical phase. Ethical hackers employ both passive and active reconnaissance techniques to understand the environment they are assessing. 3. Scanning: The scanning phase involves identifying live hosts, open ports, and services on a network. Tools like Nmap and Nessus are commonly employed to assess the target\'s attack surface comprehensively. 4. Gaining access: Ethical hackers attempt to exploit identified vulnerabilities, gaining access to systems or sensitive data. This phase provides organizations insights into the potential impact of a suc | Tool Vulnerability Threat | ★★★ | |
 |
2024-01-03 10:28:56 | CISA émet une alerte pour les vulnérabilités de Juniper Secure Analytics (CVE-2023-46604, CVE-2023-40787, CVE-2023-44487, et plus encore) CISA Issues Alert for Juniper Secure Analytics Vulnerabilities (CVE-2023-46604, CVE-2023-40787, CVE-2023-44487, and More) (lien direct) |
Dans une alerte récente, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a souligné que Juniper a ...
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) emphasized that Juniper has... |
Vulnerability | ★★★ | |
|
2024-01-03 09:44:01 | Les vulnérabilités de moteur Google Kubernetes pourraient permettre la prise de contrôle des cluster Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover (lien direct) |
> Par deeba ahmed
Un attaquant ayant accès à un cluster Kubernetes pourrait enchaîner deux vulnérabilités dans le moteur Google Kubernetes (GKE) pour augmenter les privilèges et prendre le contrôle du cluster.
Ceci est un article de HackRead.com Lire le post original: Les vulnérabilités de moteur Google Kubernetes pourraient permettre la prise de contrôle des cluster
>By Deeba Ahmed An attacker with access to a Kubernetes cluster could chain two vulnerabilities in Google Kubernetes Engine (GKE) to escalate privileges and take over the cluster. This is a post from HackRead.com Read the original post: Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover |
Vulnerability | ★★★ | |
 |
2024-01-01 15:07:00 | New Terrapin Flaw pourrait laisser les attaquants dégrader la sécurité du protocole SSH New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security (lien direct) |
Des chercheurs en sécurité de l'Université Ruhr Bochum ont découvert une vulnérabilité dans le protocole de réseau cryptographique Secure Shell (SSH) qui pourrait permettre à un attaquant de rétrograder la sécurité de la connexion en brisant l'intégrité du canal sécurisé.
Appelé & nbsp; terrapin & nbsp; (CVE-2023-48795, score CVSS: 5.9), l'exploit a été décrit comme le "premier préfixe pratiquement exploitable
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection\'s security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix |
Vulnerability Threat | ★★★ | |
 |
2023-12-31 12:00:00 | Google résout près de 100 problèmes de sécurité Android Google Fixes Nearly 100 Android Security Issues (lien direct) |
Plus: Apple arrête une attaque zéro flipper, Microsoft corrige plus de 30 vulnérabilités et plus de mises à jour critiques pour le dernier mois de 2023.
Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023. |
Vulnerability Mobile | ★★★ | |
 |
2023-12-28 21:04:58 | Kaspersky révèle le matériel précédemment inconnu \\ 'fonctionnalité \\' exploitée dans les attaques d'iPhone Kaspersky reveals previously unknown hardware \\'feature\\' exploited in iPhone attacks (lien direct) |
\\ 'Ce n'est pas une vulnérabilité ordinaire \' SEC PROS Expliquez l'équipe mondiale de recherche et d'analyse de Kaspersky \\ a exposé une "fonctionnalité" précédemment inconnue dans les iPhones Apple qui ont permisMALWORED pour contourner la protection de la mémoire basée sur le matériel.… | Malware Vulnerability Mobile | ★★★ | |
|
2023-12-28 13:27:00 | La surveillance insouciante des serveurs SSH Linux dessine des cryptomineurs, des bots DDOS Careless oversight of Linux SSH servers draws cryptominers, DDoS bots (lien direct) |
Les cybercriminels ciblent les serveurs Linux SSH mal gérés pour installer des logiciels malveillants pour la cryptomiminage ou l'effort d'attaques distribuées au déni de service, ont révélé des chercheurs.Selon un rapport de AHNLAB publié cette semaine, une mauvaise gestion des mots de passe et un correctif de vulnérabilité laxiste peuvent permettre aux pirates d'exploiter les serveurs pour la cybercriminalité.Les serveurs SSH offrent un accès à distance sécurisé à un
Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime. SSH servers provide secure remote access to a |
Malware Vulnerability Threat Patching | ★★ | |
|
2023-12-28 13:18:57 | Dernières vulnérabilités zéro-jour: UNC4841 cible Barracuda ESG avec CVE-2023-7102, contournement d'authentification Apache Ofbiz (CVE-2023-51467) Latest Zero-Day Vulnerabilities: UNC4841 Targets Barracuda ESG with CVE-2023-7102, Apache OFBiz Authentication Bypass (CVE-2023-51467) (lien direct) |
Le groupe UNC4841, lié à la Chine, vise à nouveau Barracuda Email Security Gateway (ESG), ...
The UNC4841 group, linked to China, is targeting Barracuda Email Security Gateway (ESG) appliances again,... |
Vulnerability Threat | ★★★ | |
|
2023-12-27 21:09:00 | Le système Zero-Day critique dans Apache Ofbiz ERP expose les entreprises à attaquer Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack (lien direct) |
Une nouvelle faille de sécurité zéro-jour a été découverte dans l'Apache Ofbiz, un système de planification des ressources d'entreprise open source (ERP) qui pourrait être exploité pour contourner les protections d'authentification.
La vulnérabilité, suivie en tant que & nbsp; CVE-2023-51467, réside dans la fonctionnalité de connexion et est le résultat d'un correctif incomplet pour une autre vulnérabilité critique (CVE-2023-49070, score CVSS: 9.8) qui était
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was |
Vulnerability Threat | ★★★ | |
|
2023-12-27 18:05:00 | Les pirates chinois ont exploité le nouveau zéro-jour dans les appareils ESG de Barracuda \\ Chinese Hackers Exploited New Zero-Day in Barracuda\\'s ESG Appliances (lien direct) |
Barracuda a révélé que les acteurs de la menace chinoise ont exploité un nouvel jour zéro dans ses appareils électroménagers (ESG) pour déployer une porte dérobée sur un "nombre limité" d'appareils.
Suivi en tant que & nbsp; CVE-2023-7102, la question concerne un cas de & nbsp; Arbitrary Code Execution & NBSP; qui réside dans un tiers et une bibliothèque d'Open-source dans la bibliothèque :: ParseExcel qui \\ est utilisée par le scanner Amavis au sein du scanner Amavis au sein de la bibliothèque ::
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library Spreadsheet::ParseExcel that\'s used by the Amavis scanner within the |
Vulnerability Threat | ★★ | |
|
2023-12-27 14:42:13 | Résumé de la vulnérabilité hebdomadaire par CISA: Avalanche Ivanti, Apache Dubbo, OpenSSH, et plus Weekly Vulnerability Summary by CISA: Ivanti Avalanche, Apache Dubbo, OpenSSH, and More (lien direct) |
La Cybersecurity and Infrastructure Security Agency (CISA) a publié un nouveau résumé de vulnérabilité pour le ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new vulnerability summary for the... |
Vulnerability | ★★★ | |
|
2023-12-27 11:05:30 | Les pirates chinois livrent des logiciels malveillants à Barracuda Appareils de sécurité par e-mail via un nouveau zéro-jour Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day (lien direct) |
> Les pirates chinois ont exploité une journée zéro-jour comme CVE-2023-7102 pour livrer des logiciels malveillants à Barracuda Email Security Gateway (ESG) Appliances.
>Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances. |
Malware Vulnerability Threat | ★★ | |
|
2023-12-27 11:00:00 | Cybersécurité post-pandémique: leçons de la crise mondiale de la santé Post-pandemic Cybersecurity: Lessons from the global health crisis (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Beyond ‘just’ causing mayhem in the outside world, the pandemic also led to a serious and worrying rise in cybersecurity breaches. In 2020 and 2021, businesses saw a whopping 50% increase in the amount of attempted breaches. The transition to remote work, outdated healthcare organization technology, the adoption of AI bots in the workplace, and the presence of general uncertainty and fear led to new opportunities for bad actors seeking to exploit and benefit from this global health crisis. In this article, we will take a look at how all of this impacts the state of cybersecurity in the current post-pandemic era, and what conclusions can be drawn. New world, new vulnerabilities Worldwide lockdowns led to a rise in remote work opportunities, which was a necessary adjustment to allow employees to continue to earn a living. However, the sudden shift to the work-from-home format also caused a number of challenges and confusion for businesses and remote employees alike. The average person didn’t have the IT department a couple of feet away, so they were forced to fend for themselves. Whether it was deciding whether to use a VPN or not, was that email really a phishing one, or even just plain software updates, everybody had their hands full. With employers busy with training programs, threat actors began intensifying their ransomware-related efforts, resulting in a plethora of high-profile incidents in the last couple of years. A double-edged digital sword If the pandemic did one thing, it’s making us more reliant on both software and digital currencies. You already know where we’re going with this—it’s fertile ground for cybercrime. Everyone from the Costa Rican government to Nvidia got hit. With the dominance of Bitcoin as a payment method in ransoming, tracking down perpetrators is infinitely more difficult than it used to be. The old adage holds more true than ever - an ounce of prevention is worth a pound of cure. To make matters worse, amongst all that chaos, organizations also had to pivot away from vulnerable, mainstream software solutions. Even if it’s just choosing a new image editor or integrating a PDF SDK, it’s an increasing burden for businesses that are already trying to modernize or simply maintain. Actors strike where we’re most vulnerable Healthcare organizations became more important than ever during the global coronavirus pandemic. But this time also saw unprecedented amounts of cybersecurity incidents take place as bad actors exploited outdated cybersecurity measures. The influx of sudden need caused many overburdened healthcare organizations to lose track of key cybersecurity protocols that could help shore up gaps in the existing protective measures. The United States healthcare industry saw a 25% spike in successful data breaches during the pandemic, which resulted in millions of dollars of damages and the loss of privacy for thousands of patients whose data was compromis | Data Breach Vulnerability Threat Studies Prediction | ChatGPT | ★★ |
|
2023-12-26 11:56:23 | Challenge of Protecting PII, Hunters Become the Hunt: OpenAI Vulnerability, Blackmailing of Bounty Hunters (lien direct) | A paradox emerges: those who protect us from cyber threats are themselves becoming the hunted.... | Vulnerability | ★★ | |
 |
2023-12-26 08:00:00 | Analyser les vulnérabilités de vos conteneurs Docker avec Grype (lien direct) | En hiver, tout le monde est vacciné contre la grippe, mais qu'en est-il de la sécurité de vos images Docker ? Grype est un scanner de vulnérabilités qui analyse les images Docker et les systèmes de fichiers, décelant les failles sur divers systèmes d'exploitation et langages de programmation. Il peut être installé via GitHub ou Brew pour Mac, et permet des scans personnalisés avec des sorties en formats différents, tout en offrant la possibilité d'intégrer des sources de données externes pour des analyses plus précises, y compris dans les workflows GitHub Actions. | Vulnerability | ★★★★ | |
|
2023-12-22 18:00:00 | Google libère le huitième patch zéro-jour de 2023 pour Chrome Google Releases Eighth Zero-Day Patch of 2023 for Chrome (lien direct) |
CVE-2023-7024, exploité dans la nature avant le correctif, est une vulnérabilité chromée qui permet l'exécution de code distant dans le composant Webrtc du navigateur \\.
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser\'s WebRTC component. |
Vulnerability Threat Patching | ★★★ | |
|
2023-12-22 14:20:26 | Mises à jour CISA: Guide Microsoft 365, outil Scubagear, Mozilla Alert, QNAP & FXC Vulnérabilités Entrez Kev CISA Updates: Microsoft 365 Guidance, SCuBAGear Tool, Mozilla Alert, QNAP & FXC Vulnerabilities Enter KEV (lien direct) |
CISA a officiellement publié les bases de base de configuration sécurisée Microsoft 365, visant à aider les organisations à ...
CISA has officially released the Microsoft 365 Secure Configuration Baselines, aiming to assist organizations in... |
Tool Vulnerability | ★★ | |
|
2023-12-22 13:04:25 | Dans d'autres nouvelles: Crypto Exchange Hack Guilty Plea, Note IA Vulnérabilités, Intellexa Spyware In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware (lien direct) |
> Des histoires remarquables qui auraient pu glisser sous le radar: le pirate d'échange de crypto-monnaie plaide coupable, vulnérabilités LLM, analyse des logiciels espions Intellexa.
>Noteworthy stories that might have slipped under the radar: Cryptocurrency exchange hacker pleads guilty, rating LLM vulnerabilities, Intellexa spyware analysis. |
Hack Vulnerability | ★★★ | |
 |
2023-12-21 21:09:57 | Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks (lien direct) | #### Description
AHNLAB Security Emergency Response Center (ASEC) a signalé que la vulnérabilité d'Apache ActiveMQ (CVE-2023-46604) est exploitée par divers acteurs de menace.La vulnérabilité est une vulnérabilité d'exécution de code distant dans le serveur de modèle de messagerie et d'intégration open source apache activemq.
L'attaque de vulnérabilité consiste à manipuler un type de classe sérialisé dans le protocole OpenWire pour instancier la classe dans le chemin de classe.Lorsque l'acteur de menace transmet un paquet manipulé, le serveur vulnérable fait référence au chemin (URL) contenu dans le paquet pour charger le fichier de configuration XML pour la classe.Les logiciels malveillants utilisés dans les attaques comprennent Ladon, Netcat, AnyDesk et Z0min.Ladon est l'un des outils principalement utilisés par les acteurs de la menace chinoise.NetCAT est un utilitaire pour transmettre des données à et depuis certaines cibles dans un réseau connecté par le protocole TCP / UDP.AnyDesk, Netsupport et Chrome Remote Desktop ont récemment été utilisés pour contourner les produits de sécurité.Z0miner a été signalé pour la première fois en 2020 par l'équipe de sécurité de Tencent et a été distribué via des attaques exploitant les vulnérabilités d'exécution du code distant Oracle Weblogic (CVE-2020-14882 / CVE-2020-14883).
#### URL de référence (s)
1. https://asec.ahnlab.com/en/59904/
#### Date de publication
18 décembre 2023
#### Auteurs)
Sanseo
#### Description AhnLab Security Emergency Response Center (ASEC) has reported that the Apache ActiveMQ vulnerability (CVE-2023-46604) is being exploited by various threat actors. The vulnerability is a remote code execution vulnerability in the open-source messaging and integration pattern server Apache ActiveMQ. The vulnerability attack involves manipulating a serialized class type in the OpenWire protocol to instantiate the class in classpath. When the threat actor transmits a manipulated packet, the vulnerable server references the path (URL) contained in the packet to load the XML configuration file for the class. The malware used in the attacks includes Ladon, NetCat, AnyDesk, and z0Miner. Ladon is one of the tools that are mainly used by Chinese-speaking threat actors. Netcat is a utility for transmitting data to and from certain targets in a network connected by TCP/UDP protocol. AnyDesk, NetSupport, and Chrome Remote Desktop have recently been used for bypassing security products. z0Miner was first reported in 2020 by the Tencent Security Team and was distributed via attacks exploiting the Oracle Weblogic remote code execution vulnerabilities (CVE-2020-14882/CVE-2020-14883). #### Reference URL(s) 1. https://asec.ahnlab.com/en/59904/ #### Publication Date December 18, 2023 #### Author(s) Sanseo |
Malware Tool Vulnerability Threat | ★★★ | |
|
2023-12-21 13:32:00 | Google découvre un autre chrome zéro-jour exploité dans la nature Google discovers another Chrome zero-day exploited in the wild (lien direct) |
Google Chrome a publié un correctif de sécurité d'urgence pour un défaut zéro-jour qui a été exploité dans la nature.Cette vulnérabilité, suivie en CVE-2023-7024, affecte les versions de bureau du navigateur sur Mac, Linux et Windows.C'est le huitième activement exploité zéro-jour dans Chrome découvert depuis le début de 2023. Cl & eacute; ment Lecigne et Vlad
Google Chrome has released an emergency security fix for a zero-day flaw that has been exploited in the wild. This vulnerability, tracked as CVE-2023-7024, affects the desktop versions of the browser on Mac, Linux and Windows. It is the eighth actively exploited zero-day in Chrome discovered since the start of 2023. Clément Lecigne and Vlad |
Vulnerability Threat | ★★ | |
|
2023-12-21 12:52:00 | Les pirates exploitent la vulnérabilité Old MS Excel à la propagation de l'agent Tesla malware Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (lien direct) |
Les attaquants armement une vieille vulnérabilité de Microsoft Office dans le cadre de campagnes de phishing pour distribuer une souche de logiciels malveillants appelés & nbsp; agent Tesla.
Les chaînes d'infection levaient les documents de leurre de lereau Excel attaché dans les messages sur le thème de la facture pour tromper des cibles potentielles pour les ouvrir et activer l'exploitation du CVE-2017-11882 (score CVSS: 7.8), une vulnérabilité de corruption de mémoire dans Office \'s
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office\'s |
Malware Vulnerability | ★★ | |
|
2023-12-21 12:41:43 | Over a Dozen Critical RCE Vulnerabilities in Ivanti Avalanche; Actively Exploited Chrome Zero-Day, CVE-2023-7024 (lien direct) | Ivanti has issued security updates to address a total of 22 vulnerabilities identified in its... | Vulnerability Threat | ★★★ | |
|
2023-12-21 11:43:27 | Ivanti Patches Dozen Vulnérabilités critiques dans le produit Avalanche MDM Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product (lien direct) |
> Ivanti a corrigé 20 vulnérabilités dans son produit Avalanche MDM, y compris une douzaine de défauts d'exécution de code distant évalués.
>Ivanti has patched 20 vulnerabilities in its Avalanche MDM product, including a dozen remote code execution flaws rated critical. |
Vulnerability | ★★ | |
|
2023-12-21 11:00:00 | Violations de données: analyse approfondie, stratégies de récupération et meilleures pratiques Data breaches: In-depth analysis, recovery strategies, and best practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the dynamic landscape of cybersecurity, organizations face the ever-present risk of data breaches. This article provides a detailed exploration of data breaches, delving into their nuances, and offers comprehensive recovery strategies along with best practices. A data breach occurs when unauthorized threat actors gain access to sensitive information, jeopardizing data integrity and confidentiality. There are some common causes behind major data breaches: Cyber-attacks: Sophisticated cyber-attacks, techniques such as spear phishing, ransomware, and advanced persistent threats, are predominant causes behind data breaches. Insider threats: Whether arising from employee errors, negligence, or intentional malicious actions, insider threats contribute significantly to data breaches. Third-party incidents: Weaknesses in the security protocols of third-party vendors or service providers can expose organizations to the risk of data breaches. Learnings acquired Rapid detection and response: The criticality of swift detection and response cannot be overstated. Delayed identification prolongs the impact and complicates the recovery process. Comprehensive incident response: Organizations must establish a robust incident response plan, encompassing communication strategies, legal considerations, and meticulous technical remediation steps. Regulatory compliance: Adherence to regulatory requirements and industry standards is not only essential for legal compliance but is also a fundamental aspect of maintaining trust and credibility. Employee training: Ongoing training initiatives that elevate employees\' awareness of security threats and best practices play a pivotal role in preventing data breaches. Continuous security audits: Regular security audits and assessments serve as proactive measures, identifying vulnerabilities before they can be exploited. Best practices for recovery Detailed incident communication: Provide a comprehensive and transparent communication plan, detailing the incident\'s scope, impact, and the organization\'s proactive steps for resolution. Stakeholder engagement: Engage with stakeholders, including customers, employees, and regulatory bodies. Keep them informed about the incident\'s progress and the measures being taken for recovery. Comprehensive cyber insurance coverage: Cyber insurance can be a strategic asset, covering a range of costs related to the incident, including investigation, legal proceedings, and potential regulatory fines. Strengthen cybersecurity measures: Advanced threat detection: Implement advanced threat detection mechanisms that can identify anomalous behavior and potential threats in real-time. Encryption and access controls: Enhance data protection by implementing robust encryption protocols and access controls, limiting unauthorized access to sensitive information. Regular system updates: Maintain an agile cybersecurity posture by regularly updating and patching systems to address known vulnerabilities. Law enforcement partnership: Collaborate with law enforcement agencies and relevant authorities, leveraging their expertise to aid in the investigation and apprehension of cybercriminals. Legal counsel engagement: Engage legal counsel to navigate the legal intricacies associated with the breach, ensuring compliance with regulations and m | Ransomware Data Breach Vulnerability Threat Patching Technical | ★★ | |
 |
2023-12-21 10:30:00 | Ivanti exhorte les clients à corriger 13 vulnérabilités critiques Ivanti Urges Customers to Patch 13 Critical Vulnerabilities (lien direct) |
Ivanti publie des mises à jour pour corriger 22 vulnérabilités dans son produit de gestion d'appareils mobiles Avalanche
Ivanti releases updates to fix 22 vulnerabilities in its Avalanche mobile device management product |
Vulnerability Mobile | ★★ | |
 |
2023-12-21 10:00:59 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 4 & # 8211; CVE-2023-23376) Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376) (lien direct) |
Ceci est la cinquième partie de notre étude sur le système de fichiers journal commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:56 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 3 & # 8211; octobre 2022) Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022) (lien direct) |
Ceci est la quatrième partie de notre étude sur le système de fichiers journal commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:53 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 2 & # 8211; septembre 2022) Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022) (lien direct) |
Il s'agit de la troisième partie de notre étude sur le système de fichiers journaux commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:50 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares Windows CLFS and five exploits used by ransomware operators (lien direct) |
Nous n'avions jamais vu autant d'exploits de pilotes CLFS utilisés auparavant dans des attaques actives, puis soudain, il y en a tellement capturés en seulement un an.Y a-t-il quelque chose qui ne va pas avec le pilote CLFS?Toutes ces vulnérabilités sont-elles similaires?Ces questions m'ont encouragé à examiner de plus près le conducteur CLFS et ses vulnérabilités.
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities. |
Ransomware Vulnerability | ★★ | |
|
2023-12-21 10:00:47 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 1 & # 8211; CVE-2022-24521) Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521) (lien direct) |
Il s'agit de la deuxième partie de notre étude sur le système de fichiers journaux commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisées dans les attaques de ransomwares tout au long de l'année.
This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:01 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 5 & # 8211; CVE-2023-28252) Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252) (lien direct) |
Il s'agit de la six partie de notre étude sur le système de fichiers journal commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 09:11:00 | Urgent: nouvelle vulnérabilité chromée zéro exploitée dans la nature - mise à jour dès que possible Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (lien direct) |
Google a déployé des mises à jour de sécurité pour le navigateur Web Chrome pour lutter contre un défaut zéro jour de haute sévérité qui, selon lui, a été exploité dans la nature.
La vulnérabilité, attribuée à l'identificateur CVE & NBSP; CVE-2023-7024, a été décrite comme a & nbsp; Bug de débordement de tampon basé sur un tas & nbsp; dans le cadre WebBrTC qui pourrait être exploité pour entraîner des plantages de programme ou une exécution de code arbitraire.
Cl & eacute; ment;
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément |
Vulnerability Threat | ★★ | |
|
2023-12-21 05:00:25 | Battleroyal, le cluster Darkgate se propage par e-mail et les fausses mises à jour du navigateur BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (lien direct) |
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates. Proofpoint researchers are tracking a particularly interesting operator of the DarkGate malware. At the time of publication, researchers are not attributing this cluster of activity to a known threat actor and are temporarily calling it BattleRoyal. Between September and November 2023, at least 20 email campaigns used DarkGate malware with GroupIDs “PLEX”, “ADS5”, “user_871236672” and “usr_871663321”. The GroupID is a configuration setting that is also referred to as username, botnet, campaign, or flag 23. The campaigns are notable for: Delivery: via email and RogueRaticate fake browser updates Volumes and geography: email campaigns include tens of thousands of emails targeting dozens of industries primarily in USA and Canada Attack chain: includes a variety of notable tools such as 404 TDS, Keitaro TDS, and .URL files exploiting CVE-2023-36025 Volume of DarkGate campaigns based on four GroupIDs discussed in this report. TDS all the things! (an email campaign example) On October 2, 2023, Proofpoint identified one of the first campaigns in this cluster. It was notable due to the use of more than one traffic delivery system (TDS), specifically 404 TDS and Keitaro TDS. Additionally, the .URL files involved exploited CVE-2023-36025, a vulnerability in Windows SmartScreen. While other parts of the attack chain from this actor changed or varied, .URL files were involved in every campaign. The emails in this campaign contained: 404 TDS URLs that, if clicked by the user, redirected to Keitaro TDS Keitaro TDS was observed serving an internet shortcut (.URL) file The internet shortcut, if double clicked, downloaded a zipped VBS script The VBS in turn downloaded and executed several shell commands (cmd.exe) The shell commands (a) created a directory on C: drive, (b) copied curl.exe from system folder to this new directory, (c) used the curl to download Autoit3.exe, (d) used curl to download and save an AutoIT script, and (e) ran the downloaded AutoIT script with the downloaded AutoIT interpreter The AutoIT script ran an embedded DarkGate Attack chain summary that follows the flow of: Email > 404 TDS > Keitaro TDS > .URL > .VBS > Shell commands > AutoIT / AutoIT script > DarkGate. Screenshot of an example email from October 2 campaign. Screenshot of the .URL file involved in the October 2 campaign. Proofpoint has identified multiple cybercriminal campaigns exploiting CVE-2023-36025; however, the BattleRoyal cluster exploited this vulnerability more than any other actor observed in Proofpoint threat data. Notably, this activity cluster exploited CVE-2023-36025 before it was published by Microsoft. SmartScreen is a security feature that is designed to prevent people from visiting malicious websites. The vulnerability could allow an actor to bypass the SmartScreen defenses if a user clicked on a specially crafted .URL file or a hyperlink pointing to a .URL file. More specifically, a SmartScreen alert would not be triggered when a .URL points to a SMB or WebDav share as file:// and the malicious payload is inside a ZIP file which is specified in the URL target. RogueRaticate (fake browser update campaign example) On October 19, 2023, an external researcher identified and publicly shared details of the RogueRaticate fake update activity cluster using an interesting obfuscation technique first identified in 2020. Proofpoint subsequently identified the activity in Proofpoint data. This campaign delivered fake browser update requests to end users on their web browsers that dropped a DarkGate payload with the “ADS5” GroupID. The threat actor injected a request to a domain they controlled that used .css steganography to conceal the malicious c | Malware Tool Vulnerability Threat Prediction | ★★ | |
 |
2023-12-20 20:58:34 | La saison de la cyber-vulnérabilité: comment les vacances deviennent un terrain de jeu de pirate \\ The Season of Cyber Vulnerability: How the Holidays Become a Hacker\\'s Playground (lien direct) |
La saison de la cyber-vulnérabilité: comment les vacances deviennent un terrain de jeu de pirate \\
Comprendre les risques et fortifier les défenses de la période festive
-
mise à jour malveillant
The Season of Cyber Vulnerability: How the Holidays Become a Hacker\'s Playground Understanding the risks and fortifying defences in the festive period - Malware Update |
Vulnerability | ★★ | |
 |
2023-12-20 18:06:55 | GCP-2023-049 (lien direct) | Publié: 2023-12-20 Description Description Gravité notes Les vulnérabilités suivantes ont été découvertes dans le noyau Linux qui peut conduire à une escalade de privilège sur le système d'exploitation optimisé et les nœuds Ubuntu. CVE-2023-3090 Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité GKE GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur gke sur le bulletin de sécurité nue High CVE-2023-3090 Published: 2023-12-20Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.CVE-2023-3090 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3090 | Vulnerability Cloud | ||
 |
2023-12-20 16:52:42 | Fake F5 Big-ip Zero-Day Avertissement Emails Fake F5 BIG-IP zero-day warning emails push data wipers (lien direct) |
Le cyber-Directorat national d'Israël avertit des e-mails de phishing faisant semblant d'être des mises à jour de sécurité Zero-Day F5 Big-IP qui déploient les essuie-glaces de données Windows et Linux.[...]
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [...] |
Vulnerability Threat | ★★★ | |
|
2023-12-20 15:00:00 | Vulnérabilité F5 ciblée \\ 'mise à jour \\' délivre des essuie-glaces aux victimes israéliennes Targeted F5 Vulnerability \\'Update\\' Delivers Wiper to Israeli Victims (lien direct) |
Les fichiers censés être un patch de vulnérabilité F5 suppriment le contenu du serveur.
Files purporting to be an F5 vulnerability patch are deleting server contents. |
Vulnerability | ★★ | |
|
2023-12-20 12:00:22 | La violation des données XFINITY a un impact sur 36 millions d'individus Xfinity Data Breach Impacts 36 Million Individuals (lien direct) |
> La violation de données XFINITY récemment divulguée, qui a impliqué l'exploitation de la vulnérabilité agricole, a un impact sur 36 millions d'individus
>The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals |
Data Breach Vulnerability | ★★ | |
|
2023-12-20 11:15:01 | Xfinity a secoué avec une violation de données impactant 36 millions d'utilisateurs Xfinity Rocked with Data Breach Impacting 36 Million Users (lien direct) |
> Par deeba ahmed
La dernière violation de données XFINITY est liée à la vulnérabilité critique des saignements Citrix.
Ceci est un article de HackRead.com Lire le post original: Xfinity a secoué avec une violation de données impactant 36 millions d'utilisateurs
>By Deeba Ahmed The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability. This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users |
Data Breach Vulnerability | ★★ |
To see everything:
Our RSS (filtrered)
