What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-09 18:31:16 | Les bornes de recharge EV sont encore criblées de vulnérabilités de cybersécurité EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities (lien direct) |
Au fur et à mesure que davantage de véhicules électriques sont vendus, le risque de bornes de recharge compromis se profile dans les côtés du potentiel d'exploits de cybersécurité majeurs.
As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits. |
Vulnerability | ★★ | |
 |
2024-04-09 18:06:06 | Microsoft corrige deux windows zéro-jours exploités dans des attaques de logiciels malveillants Microsoft fixes two Windows zero-days exploited in malware attacks (lien direct) |
Microsoft a fixé deux vulnérabilités activement exploitées zéro-jours lors du correctif avril 2024 mardi, bien que la société n'ait pas réussi à les marquer initialement comme telles.[...]
Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. [...] |
Malware Vulnerability Threat | ★★ | |
 |
2024-04-09 16:15:00 | Les pirates utilisent des logiciels malveillants pour chasser les vulnérabilités logicielles Hackers Use Malware to Hunt Software Vulnerabilities (lien direct) |
Palo Alto Networks a observé une activité de balayage de vulnérabilité initiée par les logiciels malveillants croissants
Palo Alto Networks observed growing malware-initiated vulnerability scanning activity |
Malware Vulnerability | ★★ | |
 |
2024-04-09 15:20:51 | Alerte de menace vert: avril 2024 Patch mardi analyse VERT Threat Alert: April 2024 Patch Tuesday Analysis (lien direct) |
Aujourd'hui, les adresses d'alerte VERT de \\ sont des mises à jour de sécurité avril 2024 de Microsoft.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1101 dès la fin de la couverture.IN-THE-the-wild et divulgué CVE CVE-2024-26234 Ce CVE décrit une vulnérabilité d'usurpation de pilote de procuration qui, grâce aux nouvelles annonces CWE de Microsoft \\, est liée à un contrôle d'accès incorrect.À partir d'un article Sophos publié, nous savons que cela est lié à un acteur de menace qui a travaillé avec un certificat de compatibilité matérielle Microsoft Windows valide (WHCP) qui a maintenant été révoqué ...
Today\'s VERT Alert addresses Microsoft\'s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft\'s new CWE listings , we know is tied to Improper Access Control. From a published Sophos write-up , we know that this is tied to a threat actor that has been working with a valid Microsoft Windows hardware Compatibility Program (WHCP) Certificate that has now been revoked... |
Vulnerability Threat | ★★★ | |
 |
2024-04-09 15:17:30 | LG publie des mises à jour pour les vulnérabilités qui pourraient permettre aux pirates d'accéder aux téléviseurs LG releases updates for vulnerabilities that could allow hackers to gain access to TVs (lien direct) |
Quatre nouvelles vulnérabilités affectant des milliers de téléviseurs LG ont été trouvées par des chercheurs qui ont déclaré que les problèmes pourraient permettre aux pirates de s'ajouter en tant qu'utilisateurs et de prendre d'autres mesures. & NBSP;Des chercheurs de la société de cybersécurité Bitdefender ont déclaré que les bogues - dont trois obtiennent une cote de gravité de 9,1 sur 10 - Centre sur LG webOS, le
Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions. Researchers from cybersecurity firm Bitdefender said the bugs - three of which carry a 9.1 out 10 severity rating - center on LG WebOS, the |
Vulnerability | ★★★ | |
|
2024-04-09 11:30:06 | Des pirates de rubycarp liés à un botnet de cryptominage de 10 ans RUBYCARP hackers linked to 10-year-old cryptomining botnet (lien direct) |
Un groupe de botnet roumain nommé \\ 'RUMYCARP \' tire parti des vulnérabilités connues et effectue des attaques de force brute pour briser les réseaux d'entreprise et compromettre les serveurs pour un gain financier.[...]
A Romanian botnet group named \'RUBYCARP\' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. [...] |
Vulnerability | ★★ | |
 |
2024-04-09 11:16:00 | Les défauts critiques laissent 92 000 appareils Nas D-Link vulnérables aux attaques de logiciels malveillants Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (lien direct) |
Les acteurs de la menace numérisent et exploitent activement une paire de défauts de sécurité qui affecteraient jusqu'à 92 000 appareils de stockage de réseau A-Link exposé à Internet (NAS).
Suivi comme & nbsp; CVE-2024-3272 & nbsp; (score CVSS: 9.8) et & nbsp; CVE-2024-3273 & nbsp; (score CVSS: 7.3)) statut.D-link, dans
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in |
Malware Vulnerability Threat | ★ | |
 |
2024-04-09 10:00:00 | La menace cachée à la vue: analyse des attaques sous-textuelles dans les communications numériques The Hidden Threat in Plain Sight: Analyzing Subtextual Attacks in Digital Communications (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we\'re facing a new kind of cyber threat that\'s just as sneaky as it is harmful: subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua | Ransomware Tool Vulnerability Threat Medical | ★★ | |
|
2024-04-09 09:05:00 | Plus de 90 000 appareils Nas en D-Link sont attaqués Over 90,000 D-Link NAS Devices Are Under Attack (lien direct) |
Les acteurs de la menace ciblent une vulnérabilité à forte gravité dans près de 100 000 appareils D-Link
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices |
Vulnerability Threat | ★★ | |
 |
2024-04-09 00:00:00 | Fortios & Fortiproxy - Fellome des cookies administrateur FortiOS & FortiProxy - administrator cookie leakage (lien direct) |
Une vulnérabilité des informations d'identification insuffisamment protégée (CWE-522) dans Fortios et Fortiproxy peut permettre à un attaquant d'obtenir le cookie administrateur dans des conditions rares et spécifiques, en incitant l'administrateur à visiter un site Web contrôlé par un attaquant malveillant via le SSL-VPN.
An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN. |
Vulnerability | ||
|
2024-04-09 00:00:00 | ForticlientMac - Manque de validation du fichier de configuration FortiClientMac - Lack of configuration file validation (lien direct) |
Un contrôle externe du nom de fichier ou de la vulnérabilité du chemin [CWE-73] dans l'installateur de ForticlientMac \\ peut permettre à un attaquant local d'exécuter du code ou des commandes arbitraires en écrivant un fichier de configuration malveillant dans / TMP avant de démarrer le processus d'installation.
An external control of file name or path vulnerability [CWE-73] in FortiClientMac\'s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. |
Vulnerability | ||
|
2024-04-09 00:00:00 | FortiO FortiOS - Web server ETag exposure (lien direct) |
Une exposition d'informations sensibles à une vulnérabilité d'acteur non autorisée [CWE-200] dans FortiOS peut permettre à un attaquant non authentifié de l'empreinte digitale de la version de l'appareil via des demandes HTTP.
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS may allow an unauthenticated attacker to fingerprint the device version via HTTP requests. |
Vulnerability | ||
|
2024-04-09 00:00:00 | Fortisandbox - Injection de commande OS sur le point de terminaison FortiSandbox - OS command injection on endpoint (lien direct) |
La neutralisation incorrecte multiple des éléments spéciaux utilisés dans une commande de commande OS [CWE-78] dans FortisandBox peut permettre un attaquant authentifié avec au moins une autorisation en lecture seule pour exécuter des commandes non autorisées via des demandes fabriquées.
Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. |
Vulnerability | ||
|
2024-04-09 00:00:00 | [Forticlient Linux] Exécution du code distant en raison de la configuration dangereuse de NodeJS [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration (lien direct) |
Un contrôle inapproprié de la génération de codes (\\ 'injection de code \') de la vulnérabilité [CWE-94] dans ForticlientLinux peut permettre à ## un attaquant non authentifié d'exécuter du code arbitraire en trompant un utilisateur Forticlientlinux pour visiter un site Web malveillant.
An Improper Control of Generation of Code (\'Code Injection\') vulnerability [CWE-94] in FortiClientLinux may allow##an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website. |
Vulnerability | ||
|
2024-04-09 00:00:00 | Fortinac-F - Manque de validation de certificat FortiNAC-F - Lack of certificate validation (lien direct) |
Une vulnérabilité de validation de certificat incorrecte [CWE-295] dans Fortinac-F peut permettre à un attaquant distant et non authentifié d'effectuer une attaque man-au milieu sur le canal de communication HTTPS entre le dispositif FortiOS, un inventaire et Fortinac-F.
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. |
Vulnerability | ||
|
2024-04-09 00:00:00 | Fortimanager - Injection de code via le modèle Jinja FortiManager - Code Injection via Jinja Template (lien direct) |
Une neutralisation incorrecte des éléments spéciaux utilisés dans une vulnérabilité de moteur de modèle [CWE-1336] dans les modèles d'approvisionnement de Fortimanager peut permettre un attaquant authentifié local avec au moins des autorisations en lecture seule pour exécuter du code arbitraire via des modèles spécialement conçus.
An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates. |
Vulnerability | ||
|
2024-04-09 00:00:00 | Fortios - chaîne de format dans la commande CLI FortiOS - Format String in CLI command (lien direct) |
Une utilisation de la vulnérabilité de chaîne de format à commande externe [CWE-134] dans l'interface de ligne de commande FortiOS peut permettre à un attaquant privilégié local avec un profil Super-Admin et un accès CLI pour exécuter du code ou des commandes arbitraires via des demandes spécialement conçues.
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. |
Vulnerability | ||
 |
2024-04-08 16:07:21 | Holding down the Fortinet vulnerability (lien direct) | Les adversaires exploitent le CVE-2023-4878 dans les EMS FortiClient pour installer des outils RMM non autorisés et des portes couvertes PowerShell.
Adversaries are exploiting CVE-2023-4878 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors. |
Tool Vulnerability | ★★ | |
|
2024-04-08 16:07:21 | Renser la vulnérabilité de Fortinet Holding down the Fortinet vulnerability (lien direct) |
Les adversaires exploitent le CVE-2023-4878 dans les EMS FortiClient pour installer des outils RMM non autorisés et des portes couvertes PowerShell.
Adversaries are exploiting CVE-2023-4878 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors. |
Tool Vulnerability | ★★ | |
 |
2024-04-08 14:12:48 | Comment nous avons construit le nouveau réseau de recherche avec la sécurité des utilisateurs et la confidentialité How we built the new Find My Device network with user security and privacy in mind (lien direct) |
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they\'re offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered protections across three main areas: data safeguards, safety-first protections, and user controls. This approach provides defense-in-depth for Find My Device users.
How location crowdsourcing works on the Find My Device network
The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. When the owner realizes they have lost their keys and logs into the Find My Device mobile app, they will be able to see the aggregated location contributed by nearby Android devices and locate their keys.
Find My Device network protections
Let\'s dive into key details of the multi-layered protections for the Find My Device network:
Data Safeguards: We\'ve implemented protections that help ensure the privacy of everyone participating in the network and the crowdsourced location data that powers it.
Location data is end-to-end encrypted. When Android devices participating in the network report the location of a Bluetooth tag, the location is end-to-end encrypted using a key that is only a |
Vulnerability Threat Mobile | ★★ | |
 |
2024-04-08 11:30:59 | Société offrant 30 millions de dollars pour les exploits Android, iOS, navigateur zéro Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits (lien direct) |
> Crowdfense a annoncé un programme d'acquisition d'exploit de 30 millions de dollars couvrant Android, iOS, Chrome et Safari Zero-Days.
>Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. |
Vulnerability Threat Mobile | ★★ | |
 |
2024-04-08 11:03:44 | Vulnérabilité de sécurité des e-mails HTML Security Vulnerability of HTML Emails (lien direct) |
Il s'agit d'un Vulnérabilité des e-mails nouvellement découverte :
L'e-mail que votre gestionnaire a reçu et vous a transmis était quelque chose de complètement innocent, comme un client potentiel posant quelques questions.Tout ce que l'e-mail était censé réaliser était de vous être transmis.Cependant, au moment où l'e-mail est apparu dans votre boîte de réception, cela a changé.Le prétexte innocent a disparu et le véritable e-mail de phishing est devenu visible.Un e-mail de phishing vous avait en faire confiance parce que vous connaissiez l'expéditeur et ils ont même confirmé qu'ils vous l'avaient transmis.
Cette attaque est possible car la plupart des clients de messagerie permettent à CSS d'être utilisé pour styliser des e-mails HTML.Lorsqu'un e-mail est transmis, la position de l'e-mail d'origine dans le DOM change généralement, permettant aux règles CSS d'être appliquées sélectivement uniquement lorsqu'un e-mail a été transmis ...
This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you. This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded... |
Vulnerability | ★★ | |
|
2024-04-08 10:00:00 | 10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization\'s safety. Late last year, Pennsylvania\'s Municipal Water Authority of Aliquippa (MWAA) fell victim to a sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also | Vulnerability Threat Patching Legislation Industrial | ★★★★ | |
 |
2024-04-08 00:00:00 | Vers une plus grande transparence: adopter la norme CWE pour Microsoft CVE Toward greater transparency: Adopting the CWE standard for Microsoft CVEs (lien direct) |
Au Microsoft Security Response Center (MSRC), notre mission est de protéger nos clients, nos communautés et Microsoft contre les menaces actuelles et émergentes à la sécurité et à la confidentialité.Une façon dont nous y parvenons est de déterminer la cause profonde des vulnérabilités de sécurité dans les produits et services Microsoft.Nous utilisons ces informations pour identifier les tendances de vulnérabilité et fournir ces données à nos équipes d'ingénierie de produits pour leur permettre de comprendre et d'éradiquer systématiquement les risques de sécurité.
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide this data to our Product Engineering teams to enable them to systematically understand and eradicate security risks. |
Vulnerability | ★★★ | |
 |
2024-04-05 21:38:19 | Vulnérabilités exposées étreignant le visage des attaques de la chaîne d'approvisionnement de l'IA Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks (lien direct) |
> Par deeba ahmed
Wiz.io, connu pour son expertise en sécurité cloud, et Hugging Face, un leader des outils d'IA open source, combinent leurs connaissances pour développer des solutions qui répondent à ces problèmes de sécurité.Cette collaboration signifie un accent croissant sur la sécurisation des fondements des progrès de l'IA.
Ceci est un article de HackRead.com Lire le post original: Les vulnérabilités exposées étreignant le visage des étreintes aux attaques de la chaîne d'approvisionnement de l'IA
>By Deeba Ahmed Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements. This is a post from HackRead.com Read the original post: Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks |
Tool Vulnerability Cloud | ★★★ | |
|
2024-04-05 14:00:00 | Les acteurs de la menace chinoise déploient de nouveaux TTP pour exploiter les vulnérabilités ivanti Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities (lien direct) |
Mandiant Research Détails comment les groupes d'espionnage chinois déploient de nouveaux outils après l'exploitation des vulnérabilités ivanti récemment corrigées
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities |
Tool Vulnerability Threat | ★★ | |
 |
2024-04-05 13:39:39 | Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct) |
## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to **both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content**. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for **increasing software supply chain attacks and cryptocurrency heists over the past year**. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands **** *Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. * During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a | Malware Tool Vulnerability Threat Studies Industrial Prediction Technical | Guam | ★★★ |
|
2024-04-05 12:45:00 | Les chercheurs identifient plusieurs groupes de pirates en Chine exploitant des défauts de sécurité Ivanti Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (lien direct) |
Plusieurs acteurs de menace en Chine-Nexus ont été liés à l'exploitation zéro-jour de trois défauts de sécurité ayant un impact sur les appareils Ivanti (CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893).
Les clusters sont suivis par Mandiant sous les surnoms & NBSP; UNC5221, UNC5266, UNC5291, & NBSP; UNC5325, UNC5330 et UNC5337.Un autre groupe lié à la série d'exploitation est & nbsp; unc3886.
Le cloud Google
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud |
Vulnerability Threat Cloud | ★★★ | |
|
2024-04-05 11:00:42 | Peut-être que les vulnérabilités de surveillance du système téléphonique seront fixes Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed (lien direct) |
Il semble que la FCC soit Fixation des vulnérabilités en SS7 et le protocole diamètre:
Le 27 mars, la Commission a demandé aux fournisseurs de télécommunications de peser et de détailler ce qu'ils font pour empêcher les vulnérabilités de SS7 et de diamètre d'être mal utilisées pour suivre les consommateurs & # 8217;emplacements.
La FCC a également demandé aux transporteurs de détailler les exploits des protocoles depuis 2018. Le régulateur veut connaître la date de l'incident, ce qui s'est passé, quelles vulnérabilités ont été exploitées et avec quelles techniques, où laLe suivi de l'emplacement s'est produit et est timide;Si connu et timide;L'identité de l'attaquant ...
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and if known the attacker’s identity... |
Vulnerability | ★★★ | |
 |
2024-04-05 06:00:25 | Amélioration de la détection et de la réponse: plaider en matière de tromperies Improving Detection and Response: Making the Case for Deceptions (lien direct) |
Let\'s face it, most enterprises find it incredibly difficult to detect and remove attackers once they\'ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In July 2023, the reported median dwell time was eight days. That\'s the time between when an attacker accesses their victim\'s systems and when the attack is either detected or executed. Combine that data point with another one-that attackers take only 16 hours to reach Active Directory once they have landed-and the takeaway is that threats go undetected for an average of seven days. That\'s more than enough time for a minor security incident to turn into a major business-impacting breach. How can you find and stop attackers more quickly? The answer lies in your approach. Let\'s take a closer look at how security teams typically try to detect attackers. Then, we can better understand why deceptions can work better. What is the problem with current detection methods? Organizations and their security vendors have evolved when it comes to techniques for detecting active threats. In general, detection tools have focused on two approaches-finding files or network traffic that are “known-bad” and detecting suspicious or risky activity or behavior. Often called signature-based detection, finding “known-bad” is a broadly used tool in the detection toolbox. It includes finding known-bad files like malware, or detecting traffic from known-bad IPs or domains. It makes you think of the good old days of antivirus software running on endpoints, and about the different types of network monitoring or web filtering systems that are commonplace today. The advantage of this approach is that it\'s relatively inexpensive to build, buy, deploy and manage. The major disadvantage is that it isn\'t very effective against increasingly sophisticated threat actors who have an unending supply of techniques to get around them. Keeping up with what is known-bad-while important and helpful-is also a bit like a dog chasing its tail, given the infinite internet and the ingenuity of malicious actors. The rise of behavior-based detection About 20 years ago, behavioral-based detections emerged in response to the need for better detection. Without going into detail, these probabilistic or risk-based detection techniques found their way into endpoint and network-based security systems as well as SIEM, email, user and entity behavior analytics (UEBA), and other security systems. The upside of this approach is that it\'s much more nuanced. Plus, it can find malicious actors that signature-based systems miss. The downside is that, by definition, it can generate a lot of false positives and false negatives, depending on how it\'s tuned. Also, the high cost to build and operate behavior-based systems-considering the cost of data integration, collection, tuning, storage and computing-means that this approach is out of reach for many organizations. This discussion is not intended to discount the present and future benefits of newer analytic techniques such as artificial intelligence and machine learning. I believe that continued investments in behavior-based detections can pay off with the continued growth of security data, analytics and computing power. However, I also believe we should more seriously consider a third and less-tried technique for detection. Re-thinking detection Is it time to expand our view of detection techniques? That\'s the fundamental question. But multiple related questions are also essential: Should we be thinking differently about what\'s the best way to actively detect threats? Is there a higher-fidelity way to detect attackers that is cost-effective and easy to deploy and manage? Is there another less-tried approach for detecting threat actors-beyond signature-based and behavior-based methods-that can dra | Ransomware Malware Tool Vulnerability Threat | ★★ | |
|
2024-04-04 16:45:00 | La nouvelle vulnérabilité HTTP / 2 expose les serveurs Web aux attaques DOS New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (lien direct) |
De nouvelles recherches ont révélé que le cadre de continuation du protocole HTTP / 2 peut être exploité pour mener des attaques de déni de service (DOS).
La technique a été nommée Coded & NBSP; HTTP / 2 Continuation Flood & NBSP; par le chercheur en sécurité Bartek Nowotarski, qui a signalé le problème au CERT Coordination Center (CERT / CC) le 25 janvier 2024.
"De nombreuses implémentations HTTP / 2 ne limitent pas ou ne désinfectent pas correctement le
New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the |
Vulnerability | ★★★★ | |
|
2024-04-04 16:40:24 | Volt Typhoon et 4 autres groupes ciblant les secteurs de l'énergie et de la défense américains via des bogues Ivanti Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs (lien direct) |
Plusieurs groupes de piratage basés en Chine, dont Volt Typhoon, visent un trio de vulnérabilités affectant son géant ivanti aux côtés de multiples opérations cybercriminales.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) et plusieurs des principales agences de cybersécurité du monde ont publié des avertissements sur les vulnérabilités - étiquetées CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893 - en raison deleur utilisation généralisée
Several China-based hacking groups, including Volt Typhoon, are targeting a trio of vulnerabilities affecting IT giant Ivanti alongside multiple cybercriminal operations. The Cybersecurity and Infrastructure Security Agency (CISA) and several of the world\'s leading cybersecurity agencies have released warnings about the vulnerabilities - labeled CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 - due to their widespread use |
Vulnerability | Guam | ★★★ |
|
2024-04-04 15:15:37 | Le défaut de sécurité critique expose 1 million de sites WordPress à l'injection SQL Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection (lien direct) |
Un chercheur a reçu une prime de bug de 5 500 $ pour avoir découvert une vulnérabilité (CVE-2024-2879) dans Layerslider, un plug-in avec plus d'un million d'installations actives.
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations. |
Vulnerability | ★★ | |
 |
2024-04-04 13:00:57 | Pas si privé après tout: comment les applications de rencontres peuvent révéler votre emplacement exact Not So Private After All: How Dating Apps Can Reveal Your Exact Location (lien direct) |
> Check Point Research (RCR) a récemment analysé plusieurs applications de rencontres populaires avec plus de 10 millions de téléchargements combinés afin de comprendre à quel point ils sont sûrs pour les utilisateurs.Comme les applications de rencontres utilisent traditionnellement les données de géolocalisation, offrant la possibilité de se connecter avec les personnes à proximité, cette fonctionnalité de commodité a souvent un coût.Nos recherches se concentrent sur une application spécifique appelée «Hornet» qui avait des vulnérabilités, permettant l'emplacement précis de l'utilisateur, ce qui présente un risque de confidentialité majeur pour ses utilisateurs.Les techniques clés des résultats comme la trilatération permettent aux attaquants de déterminer les coordonnées des utilisateurs en utilisant des informations à distance malgré les mesures de sécurité, l'application de datation Hornet & # 8211;A [& # 8230;]
>Check Point Research (CPR) recently analyzed several popular dating applications with over 10 million downloads combined in order to understand how safe they are for users. As dating apps traditionally utilize geolocation data, offering the opportunity to connect with people nearby, this convenience feature often comes at a cost. Our research focuses on a specific app called “Hornet” that had vulnerabilities, allowing the precise location of the user, which presents a major privacy risk to its users. Key Findings Techniques like trilateration allow attackers to determine user coordinates using distance information Despite safety measures, the Hornet dating app – a […] |
Vulnerability | ★★ | |
|
2024-04-04 11:28:55 | La nouvelle attaque DOS HTTP / 2 peut écraser les serveurs Web avec une seule connexion New HTTP/2 DoS attack can crash web servers with a single connection (lien direct) |
Les vulnérabilités du protocole HTTP / 2 nouvellement découvertes appelées "inondation de continuation" peuvent conduire à des attaques de déni de service (DOS), en cassant de serveurs Web avec une seule connexion TCP dans certaines implémentations.[...]
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. [...] |
Vulnerability | ★★★ | |
|
2024-04-04 10:15:00 | Ivanti se précipite des correctifs pour 4 nouveaux défauts dans Connect Secure and Policy Secure Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure (lien direct) |
Ivanti a publié des mises à jour de sécurité pour aborder quatre défaillances de sécurité impactant Connect Secure and Policy Secure Gateways qui pourraient entraîner l'exécution du code et le déni de service (DOS).
La liste des défauts est la suivante -
CVE-2024-21894 & NBSP; (Score CVSS: 8.2) - Une vulnérabilité de débordement de tas dans le composant IPSec d'Ivanti Connect Secure (9.x, 22.x) et la politique Ivanti Secure permet un
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows - CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an |
Vulnerability | ★★★ | |
|
2024-04-04 09:49:51 | Google patchs Pixel Téléphone zéro-jours après l'exploitation par "les sociétés médico-légales" Google Patches Pixel Phone Zero-days After Exploitation by "Forensic Companies" (lien direct) |
Google a émis un avis de sécurité aux propriétaires de ses smartphones Android Pixel, avertissant qu'il a découvert que quelqu'un ciblait certains appareils pour contourner leur sécurité intégrée.Ce qui rend les attaques signalées particulièrement intéressantes, c'est que les cybercriminels traditionnels peuvent ne pas être derrière eux, mais plutôt "des sociétés médico-légales" exploitant deux vulnérabilités pour extraire des informations et empêcher l'essuyage à distance.C'est l'opinion des chercheurs de Grapheneos, qui a tweeté un fil sur leurs résultats sur les vulnérabilités connues sous le nom de CVE-2024-29745 et CVE-2024-29748.L'équipe de Grapheneos ...
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping. That\'s the opinion of researchers at GrapheneOS, who tweeted a thread about their findings on the vulnerabilities known as CVE-2024-29745 and CVE-2024-29748. The team at GrapheneOS... |
Vulnerability Mobile | ★★ | |
|
2024-04-03 21:40:00 | Google Warns: Android Zero-Day Flaws in Pixel Phones exploité par des sociétés médico-légales Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (lien direct) |
Google a révélé que deux défauts de sécurité Android ayant un impact sur ses smartphones de pixels ont été exploités dans la nature par des sociétés médico-légales.
Les vulnérabilités de haute sévérité zéro sont les suivantes -
CVE-2024-29745 & NBSP; - un défaut de divulgation d'informations dans le composant de chargeur de démarrage
CVE-2024-29748 & NBSP; - un défaut d'escalade du privilège dans le composant du firmware
"Il y a des indications que le [
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [ |
Vulnerability Threat Mobile | ★★★ | |
 |
2024-04-03 21:22:02 | GCP-2024-022 (lien direct) | Publié: 2024-04-03 Description Description Gravité notes Une vulnérabilité de déni de service (DOS) (CVE-2023-45288) a récemment été découverte dans plusieurs implémentations du protocole HTTP / 2, y compris le serveur HTTP Golang utilisé par Kubernetes.La vulnérabilité pourrait conduire à un DOS du plan de contrôle Google Kubernetes Engine (GKE). Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité gke GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur GKE sur le bulletin de sécurité Bare Metal High CVE-2023-45288 Published: 2024-04-03Description Description Severity Notes A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-45288 | Vulnerability Cloud | ||
|
2024-04-03 20:00:43 | Ivanti promet une refonte de sécurité après plusieurs violations du gouvernement Ivanti pledges security overhaul after multiple government breaches (lien direct) |
Ivanti a annoncé des modifications en gros dans la façon dont elle aborde la cybersécurité après que plusieurs gouvernements ont apporté des violations récentes aux vulnérabilités des produits de la société. & NBSP;Le PDG d'Ivanti, Jeff Abbott, a publié une lettre ouverte et une vidéo de 6 minutes aux clients promettant de réviser la façon dont la société de gestion technologique construit ses produits et comment elle communique avec les clients sur les vulnérabilités.«Événements dans
Ivanti announced wholesale changes to how it approaches cybersecurity after multiple governments sourced recent breaches back to vulnerabilities in the company\'s products. Ivanti CEO Jeff Abbott published an open letter and 6-minute video to customers pledging overhaul how the technology-management company builds its products and how it communicates with customers about vulnerabilities. “Events in |
Vulnerability | ★★★★ | |
|
2024-04-03 19:58:52 | Comment apprivoiser l'injection SQL How to Tame SQL injection (lien direct) |
Dans le cadre de son initiative Secure by Design, l'agence de sécurité de cybersécurité et d'infrastructure a exhorté les entreprises à redoubler les efforts visant à annuler les vulnérabilités d'injection SQL.Voici comment.
As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency urged companies to redouble efforts to quash SQL injection vulnerabilities. Here\'s how. |
Vulnerability | ★★ | |
|
2024-04-03 16:42:00 | Gestion de la surface d'attaque vs gestion de la vulnérabilité Attack Surface Management vs. Vulnerability Management (lien direct) |
La gestion de la surface des attaques (ASM) et la gestion de la vulnérabilité (VM) sont souvent confondues, et bien qu'elles se chevauchent, elles ne sont pas les mêmes.La principale différence entre la gestion de la surface d'attaque et la gestion des vulnérabilités est dans leur portée: la gestion de la vulnérabilité vérifie une liste des actifs connus, tandis que la gestion de la surface d'attaque suppose que vous avez des actifs inconnus et commence ainsi par la découverte.Regardons
Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they\'re not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface management assumes you have unknown assets and so begins with discovery. Let\'s look at |
Vulnerability | ★★★ | |
 |
2024-04-03 14:57:27 | Construire un cas pour les programmes de primes de bogues: répondre aux préoccupations des entreprises Building a case for bug bounty programs: Addressing corporate concerns (lien direct) |
> Les programmes de primes de bogues sont devenus un outil puissant dans l'arsenal de cybersécurité, ce qui permet aux organisations de pouvoir identifier et résoudre de manière proactive les vulnérabilités avant de pouvoir être exploitées.Malgré cela, les préoccupations internes concernant les implications financières, les complexités juridiques, les risques de sécurité des données et les barrières culturelles peuvent entraver l'adoption de ces programmes. & # 160; & # 160;Les entreprises ont besoin & # 8217; n'ont pas peur d'entrer dans [& # 8230;]
>Bug bounty programs have emerged as a powerful tool in the cybersecurity arsenal, empowering organizations to proactively identify and resolve vulnerabilities before they can be exploited. Despite this, internal concerns around financial implications, legal complexities, data security risks, and cultural barriers can hinder the adoption of these programs. Companies needn’t be afraid to step into […] |
Tool Vulnerability | ★★★ | |
 |
2024-04-03 14:31:53 | Protéger votre entreprise: aborder la crise de la vulnérabilité de Microsoft Exchange Protecting Your Business: Addressing the Microsoft Exchange Vulnerability Crisis (lien direct) |
> Découvrez comment sauvegarder votre entreprise à partir de la crise de vulnérabilité en cours Microsoft Exchange mise en évidence par l'Office fédéral allemand pour la sécurité de l'information (BSI).Découvrez les avertissements critiques, l'importance du correctif et comment les évaluations automatisées des compromis avec Thor Cloud Lite peuvent fortifier votre stratégie de cybersécurité.
>Discover how to safeguard your business from the ongoing Microsoft Exchange vulnerability crisis highlighted by the German Federal Office for Information Security (BSI). Learn about critical warnings, the importance of patching, and how automated compromise assessments with THOR Cloud Lite can fortify your cybersecurity strategy. |
Vulnerability Patching Cloud | ★★★ | |
|
2024-04-03 13:29:32 | Ivanti corrige la vulnérabilité de la passerelle VPN permettant RCE, DOS ATTAQUES Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (lien direct) |
La société de logiciels de sécurité informatique Ivanti a publié des correctifs pour corriger plusieurs vulnérabilités de sécurité ayant un impact sur ses passerelles Connect Secure et Policy Secure.[...]
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. [...] |
Vulnerability | ★★ | |
|
2024-04-03 13:00:20 | Top Genai Menaces & # 8211;Et pourquoi l'accès à zéro confiance est l'avenir Top GenAI Threats – and why Zero Trust AI Access is the Future (lien direct) |
> Les modèles de grandes langues (LLM) révolutionnent la façon dont nous interagissons avec la technologie.En conséquence, les vendeurs SaaS se disputent un avantage concurrentiel en intégrant les fonctionnalités de l'IA, offrant des outils d'entreprises tels que des informations commerciales basées sur l'IA ou des copilotes de codage.Traditionnellement, les modèles de sécurité Zero-Cust se sont appuyés sur une distinction claire entre les utilisateurs et les applications.Pourtant, les applications intégrées à LLM perturbent cette distinction, fonctionnant simultanément comme les deux.Cette réalité introduit un nouvel ensemble de vulnérabilités de sécurité, telles que la fuite de données, l'injection rapide, l'accès risqué aux ressources en ligne et même l'accès aux ressources des entreprises pour le compte des employés.Pour relever ces défis dans le déploiement de LLM, un [& # 8230;]
>Large Language Models (LLMs) are revolutionizing the way we interact with technology. As a result, SaaS vendors are vying for a competitive edge by integrating AI features, offering enterprises tools such as AI-based sales insights or coding co-pilots. Traditionally, zero-trust security models have relied on a clear distinction between users and applications. Yet, LLM-integrated applications disrupt this distinction, functioning simultaneously as both. This reality introduces a new set of security vulnerabilities, such as data leakage, prompt injection, risky access to online resources, and even access to corporate resources on behalf of employees. To address these challenges in LLM deployment, a […] |
Tool Vulnerability Cloud | ★★ | |
|
2024-04-03 09:43:20 | Google Patches a exploité les vulnérabilités de pixels Google Patches Exploited Pixel Vulnerabilities (lien direct) |
> Google Patches 28 vulnérabilités dans Android et 25 bogues dans des appareils de pixels, y compris deux défauts exploités dans la nature.
>Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. |
Vulnerability Mobile | ★★★ | |
|
2024-04-03 02:57:10 | Tripwire Patch Priority Index pour mars 2024 Tripwire Patch Priority Index for March 2024 (lien direct) |
Le mars 2024 de TripWire \\ Patch Index (PPI) rassemble des vulnérabilités importantes pour Microsoft, Google et Apple.Les correctifs de priorité sur le patch sont les correctifs pour le noyau Windows et plusieurs produits Apple.Ces CVE (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) ont été ajoutés au catalogue connu des vulnérabilités exploitées (KEV) de CISA \\.Les correctifs sont ensuite des correctifs pour Microsoft Edge (basés sur le chrome) et le chrome qui résolvent l'utilisation sans accès à la mémoire hors limites et les vulnérabilités de mise en œuvre inappropriées.Le prochain sur la liste des priorités du correctif ce mois-ci est un correctif pour Microsoft ...
Tripwire\'s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA\'s Known Exploited Vulnerabilities (KEV) catalog. Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free, out of bounds memory access, and inappropriate implementation vulnerabilities. Next on the patch priority list this month is a patch for Microsoft... |
Vulnerability | ★★ | |
|
2024-04-02 22:37:11 | Vulnérabilité exposée aux codes de chambre à budget IBIS aux pirates Vulnerability Exposed Ibis Budget Guest Room Codes to Hackers (lien direct) |
> Par waqas
Les pirates trouvent un accès facile aux chambres dans les hôtels à budget IBIS!
Ceci est un article de HackRead.com Lire le post original: La vulnérabilité exposée aux codes de chambre à budget IBIS aux pirates
>By Waqas Hackers Find Easy Access to Rooms at Ibis Budget Hotels! This is a post from HackRead.com Read the original post: Vulnerability Exposed Ibis Budget Guest Room Codes to Hackers |
Vulnerability | ★★ | |
|
2024-04-02 20:54:44 | NIST veut aider à sortir de son arriéré NVD NIST Wants Help Digging Out of Its NVD Backlog (lien direct) |
La base de données nationale sur la vulnérabilité ne peut pas suivre, et l'agence demande un partenariat public-privé pour le gérer à l'avenir.
The National Vulnerability Database can\'t keep up, and the agency is calling for a public-private partnership to manage it going forward. |
Vulnerability | ★★ |
To see everything:
Our RSS (filtrered)
