What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-03 12:49:36 | Otorio révèle les vulnérabilités critiques dans les systèmes de contrôle d'accès physique utilisés dans la sécurité du bâtiment OTORIO discloses critical vulnerabilities in physical access control systems used across building security (lien direct) |
La société de cybersécurité Otorio a mené des recherches en lumière sur les risques de sécurité posés par le contrôle d'accès physique moderne ...
Cybersecurity firm OTORIO has conducted research shedding light on the security risks posed by modern Physical Access Control... |
Vulnerability Industrial | ★★★★ | |
 |
2024-01-03 11:00:00 | Décodage du piratage éthique: une exploration complète des pratiques de chapeau blanc Decoding ethical hacking: A comprehensive exploration of white hat practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In era of digital devices, where the specter of data breaches and cyber threats looms large, the role of ethical hackers, colloquially known as white hat hackers, has become paramount. This article embarks on an in-depth journey into the realm of ethical hacking, illuminating its profound significance in identifying vulnerabilities and fortifying the intricate tapestry of overall cybersecurity. Ethical hacking, at its core, entails authorized and legal endeavors to infiltrate computer systems, networks, or applications. The primary objective is to unveil vulnerabilities. Diverging from their malevolent counterparts, ethical hackers leverage their skills to fortify security rather than exploit weaknesses. The strategic importance of ethical hacking: Proactive defense: Ethical hacking adopts a proactive stance, aiming to unearth and neutralize potential threats before malicious actors can exploit them. Vulnerability assessment: Systematic assessments conducted by ethical hackers pinpoint weaknesses in systems, networks, and applications, enabling organizations to address vulnerabilities in a timely manner. Compliance and risk management: Ethical hacking aligns seamlessly with regulatory compliance requirements, facilitating effective risk management. This ensures organizations adhere to industry standards and safeguard sensitive information. The crucial role of ethical hackers 1. Identifying vulnerabilities: Ethical hackers employ an array of techniques, including penetration testing, code review, and network analysis, to uncover vulnerabilities. By replicating the tactics of malicious hackers, they unveil potential entry points and weaknesses susceptible to exploitation. 2. Penetration testing: A cornerstone of ethical hacking, penetration testing involves simulating real-world cyber-attacks to evaluate the security posture of a system. This practice assesses how well an organization\'s defenses can withstand various threats. 3. Code Review: Analyzing source code for security flaws is fundamental. Ethical hackers scrutinize the codebase to identify vulnerabilities such as injection flaws, buffer overflows, and insecure dependencies. Navigating the ethical hacking process 1. Planning: Ethical hacking commences with meticulous planning. The ethical hacker collaborates with the organization to define the scope, goals, and methodologies of the assessment. 2. Reconnaissance: Gathering information about the target system is a critical phase. Ethical hackers employ both passive and active reconnaissance techniques to understand the environment they are assessing. 3. Scanning: The scanning phase involves identifying live hosts, open ports, and services on a network. Tools like Nmap and Nessus are commonly employed to assess the target\'s attack surface comprehensively. 4. Gaining access: Ethical hackers attempt to exploit identified vulnerabilities, gaining access to systems or sensitive data. This phase provides organizations insights into the potential impact of a suc | Tool Vulnerability Threat | ★★★ | |
 |
2024-01-03 10:28:56 | CISA émet une alerte pour les vulnérabilités de Juniper Secure Analytics (CVE-2023-46604, CVE-2023-40787, CVE-2023-44487, et plus encore) CISA Issues Alert for Juniper Secure Analytics Vulnerabilities (CVE-2023-46604, CVE-2023-40787, CVE-2023-44487, and More) (lien direct) |
Dans une alerte récente, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a souligné que Juniper a ...
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) emphasized that Juniper has... |
Vulnerability | ★★★ | |
 |
2024-01-03 09:44:01 | Les vulnérabilités de moteur Google Kubernetes pourraient permettre la prise de contrôle des cluster Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover (lien direct) |
> Par deeba ahmed
Un attaquant ayant accès à un cluster Kubernetes pourrait enchaîner deux vulnérabilités dans le moteur Google Kubernetes (GKE) pour augmenter les privilèges et prendre le contrôle du cluster.
Ceci est un article de HackRead.com Lire le post original: Les vulnérabilités de moteur Google Kubernetes pourraient permettre la prise de contrôle des cluster
>By Deeba Ahmed An attacker with access to a Kubernetes cluster could chain two vulnerabilities in Google Kubernetes Engine (GKE) to escalate privileges and take over the cluster. This is a post from HackRead.com Read the original post: Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover |
Vulnerability | ★★★ | |
 |
2024-01-01 15:07:00 | New Terrapin Flaw pourrait laisser les attaquants dégrader la sécurité du protocole SSH New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security (lien direct) |
Des chercheurs en sécurité de l'Université Ruhr Bochum ont découvert une vulnérabilité dans le protocole de réseau cryptographique Secure Shell (SSH) qui pourrait permettre à un attaquant de rétrograder la sécurité de la connexion en brisant l'intégrité du canal sécurisé.
Appelé & nbsp; terrapin & nbsp; (CVE-2023-48795, score CVSS: 5.9), l'exploit a été décrit comme le "premier préfixe pratiquement exploitable
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection\'s security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix |
Vulnerability Threat | ★★★ | |
 |
2023-12-31 12:00:00 | Google résout près de 100 problèmes de sécurité Android Google Fixes Nearly 100 Android Security Issues (lien direct) |
Plus: Apple arrête une attaque zéro flipper, Microsoft corrige plus de 30 vulnérabilités et plus de mises à jour critiques pour le dernier mois de 2023.
Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023. |
Vulnerability Mobile | ★★★ | |
 |
2023-12-28 21:04:58 | Kaspersky révèle le matériel précédemment inconnu \\ 'fonctionnalité \\' exploitée dans les attaques d'iPhone Kaspersky reveals previously unknown hardware \\'feature\\' exploited in iPhone attacks (lien direct) |
\\ 'Ce n'est pas une vulnérabilité ordinaire \' SEC PROS Expliquez l'équipe mondiale de recherche et d'analyse de Kaspersky \\ a exposé une "fonctionnalité" précédemment inconnue dans les iPhones Apple qui ont permisMALWORED pour contourner la protection de la mémoire basée sur le matériel.… | Malware Vulnerability Mobile | ★★★ | |
 |
2023-12-28 13:27:00 | La surveillance insouciante des serveurs SSH Linux dessine des cryptomineurs, des bots DDOS Careless oversight of Linux SSH servers draws cryptominers, DDoS bots (lien direct) |
Les cybercriminels ciblent les serveurs Linux SSH mal gérés pour installer des logiciels malveillants pour la cryptomiminage ou l'effort d'attaques distribuées au déni de service, ont révélé des chercheurs.Selon un rapport de AHNLAB publié cette semaine, une mauvaise gestion des mots de passe et un correctif de vulnérabilité laxiste peuvent permettre aux pirates d'exploiter les serveurs pour la cybercriminalité.Les serveurs SSH offrent un accès à distance sécurisé à un
Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime. SSH servers provide secure remote access to a |
Malware Vulnerability Threat Patching | ★★ | |
|
2023-12-28 13:18:57 | Dernières vulnérabilités zéro-jour: UNC4841 cible Barracuda ESG avec CVE-2023-7102, contournement d'authentification Apache Ofbiz (CVE-2023-51467) Latest Zero-Day Vulnerabilities: UNC4841 Targets Barracuda ESG with CVE-2023-7102, Apache OFBiz Authentication Bypass (CVE-2023-51467) (lien direct) |
Le groupe UNC4841, lié à la Chine, vise à nouveau Barracuda Email Security Gateway (ESG), ...
The UNC4841 group, linked to China, is targeting Barracuda Email Security Gateway (ESG) appliances again,... |
Vulnerability Threat | ★★★ | |
|
2023-12-27 21:09:00 | Le système Zero-Day critique dans Apache Ofbiz ERP expose les entreprises à attaquer Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack (lien direct) |
Une nouvelle faille de sécurité zéro-jour a été découverte dans l'Apache Ofbiz, un système de planification des ressources d'entreprise open source (ERP) qui pourrait être exploité pour contourner les protections d'authentification.
La vulnérabilité, suivie en tant que & nbsp; CVE-2023-51467, réside dans la fonctionnalité de connexion et est le résultat d'un correctif incomplet pour une autre vulnérabilité critique (CVE-2023-49070, score CVSS: 9.8) qui était
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was |
Vulnerability Threat | ★★★ | |
|
2023-12-27 18:05:00 | Les pirates chinois ont exploité le nouveau zéro-jour dans les appareils ESG de Barracuda \\ Chinese Hackers Exploited New Zero-Day in Barracuda\\'s ESG Appliances (lien direct) |
Barracuda a révélé que les acteurs de la menace chinoise ont exploité un nouvel jour zéro dans ses appareils électroménagers (ESG) pour déployer une porte dérobée sur un "nombre limité" d'appareils.
Suivi en tant que & nbsp; CVE-2023-7102, la question concerne un cas de & nbsp; Arbitrary Code Execution & NBSP; qui réside dans un tiers et une bibliothèque d'Open-source dans la bibliothèque :: ParseExcel qui \\ est utilisée par le scanner Amavis au sein du scanner Amavis au sein de la bibliothèque ::
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library Spreadsheet::ParseExcel that\'s used by the Amavis scanner within the |
Vulnerability Threat | ★★ | |
|
2023-12-27 14:42:13 | Résumé de la vulnérabilité hebdomadaire par CISA: Avalanche Ivanti, Apache Dubbo, OpenSSH, et plus Weekly Vulnerability Summary by CISA: Ivanti Avalanche, Apache Dubbo, OpenSSH, and More (lien direct) |
La Cybersecurity and Infrastructure Security Agency (CISA) a publié un nouveau résumé de vulnérabilité pour le ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new vulnerability summary for the... |
Vulnerability | ★★★ | |
 |
2023-12-27 11:05:30 | Les pirates chinois livrent des logiciels malveillants à Barracuda Appareils de sécurité par e-mail via un nouveau zéro-jour Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day (lien direct) |
> Les pirates chinois ont exploité une journée zéro-jour comme CVE-2023-7102 pour livrer des logiciels malveillants à Barracuda Email Security Gateway (ESG) Appliances.
>Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances. |
Malware Vulnerability Threat | ★★ | |
|
2023-12-27 11:00:00 | Cybersécurité post-pandémique: leçons de la crise mondiale de la santé Post-pandemic Cybersecurity: Lessons from the global health crisis (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Beyond ‘just’ causing mayhem in the outside world, the pandemic also led to a serious and worrying rise in cybersecurity breaches. In 2020 and 2021, businesses saw a whopping 50% increase in the amount of attempted breaches. The transition to remote work, outdated healthcare organization technology, the adoption of AI bots in the workplace, and the presence of general uncertainty and fear led to new opportunities for bad actors seeking to exploit and benefit from this global health crisis. In this article, we will take a look at how all of this impacts the state of cybersecurity in the current post-pandemic era, and what conclusions can be drawn. New world, new vulnerabilities Worldwide lockdowns led to a rise in remote work opportunities, which was a necessary adjustment to allow employees to continue to earn a living. However, the sudden shift to the work-from-home format also caused a number of challenges and confusion for businesses and remote employees alike. The average person didn’t have the IT department a couple of feet away, so they were forced to fend for themselves. Whether it was deciding whether to use a VPN or not, was that email really a phishing one, or even just plain software updates, everybody had their hands full. With employers busy with training programs, threat actors began intensifying their ransomware-related efforts, resulting in a plethora of high-profile incidents in the last couple of years. A double-edged digital sword If the pandemic did one thing, it’s making us more reliant on both software and digital currencies. You already know where we’re going with this—it’s fertile ground for cybercrime. Everyone from the Costa Rican government to Nvidia got hit. With the dominance of Bitcoin as a payment method in ransoming, tracking down perpetrators is infinitely more difficult than it used to be. The old adage holds more true than ever - an ounce of prevention is worth a pound of cure. To make matters worse, amongst all that chaos, organizations also had to pivot away from vulnerable, mainstream software solutions. Even if it’s just choosing a new image editor or integrating a PDF SDK, it’s an increasing burden for businesses that are already trying to modernize or simply maintain. Actors strike where we’re most vulnerable Healthcare organizations became more important than ever during the global coronavirus pandemic. But this time also saw unprecedented amounts of cybersecurity incidents take place as bad actors exploited outdated cybersecurity measures. The influx of sudden need caused many overburdened healthcare organizations to lose track of key cybersecurity protocols that could help shore up gaps in the existing protective measures. The United States healthcare industry saw a 25% spike in successful data breaches during the pandemic, which resulted in millions of dollars of damages and the loss of privacy for thousands of patients whose data was compromis | Data Breach Vulnerability Threat Studies Prediction | ChatGPT | ★★ |
|
2023-12-26 11:56:23 | Challenge of Protecting PII, Hunters Become the Hunt: OpenAI Vulnerability, Blackmailing of Bounty Hunters (lien direct) | A paradox emerges: those who protect us from cyber threats are themselves becoming the hunted.... | Vulnerability | ★★ | |
 |
2023-12-26 08:00:00 | Analyser les vulnérabilités de vos conteneurs Docker avec Grype (lien direct) | En hiver, tout le monde est vacciné contre la grippe, mais qu'en est-il de la sécurité de vos images Docker ? Grype est un scanner de vulnérabilités qui analyse les images Docker et les systèmes de fichiers, décelant les failles sur divers systèmes d'exploitation et langages de programmation. Il peut être installé via GitHub ou Brew pour Mac, et permet des scans personnalisés avec des sorties en formats différents, tout en offrant la possibilité d'intégrer des sources de données externes pour des analyses plus précises, y compris dans les workflows GitHub Actions. | Vulnerability | ★★★★ | |
 |
2023-12-22 18:00:00 | Google libère le huitième patch zéro-jour de 2023 pour Chrome Google Releases Eighth Zero-Day Patch of 2023 for Chrome (lien direct) |
CVE-2023-7024, exploité dans la nature avant le correctif, est une vulnérabilité chromée qui permet l'exécution de code distant dans le composant Webrtc du navigateur \\.
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser\'s WebRTC component. |
Vulnerability Threat Patching | ★★★ | |
|
2023-12-22 14:20:26 | Mises à jour CISA: Guide Microsoft 365, outil Scubagear, Mozilla Alert, QNAP & FXC Vulnérabilités Entrez Kev CISA Updates: Microsoft 365 Guidance, SCuBAGear Tool, Mozilla Alert, QNAP & FXC Vulnerabilities Enter KEV (lien direct) |
CISA a officiellement publié les bases de base de configuration sécurisée Microsoft 365, visant à aider les organisations à ...
CISA has officially released the Microsoft 365 Secure Configuration Baselines, aiming to assist organizations in... |
Tool Vulnerability | ★★ | |
|
2023-12-22 13:04:25 | Dans d'autres nouvelles: Crypto Exchange Hack Guilty Plea, Note IA Vulnérabilités, Intellexa Spyware In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware (lien direct) |
> Des histoires remarquables qui auraient pu glisser sous le radar: le pirate d'échange de crypto-monnaie plaide coupable, vulnérabilités LLM, analyse des logiciels espions Intellexa.
>Noteworthy stories that might have slipped under the radar: Cryptocurrency exchange hacker pleads guilty, rating LLM vulnerabilities, Intellexa spyware analysis. |
Hack Vulnerability | ★★★ | |
 |
2023-12-21 21:09:57 | Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks (lien direct) | #### Description
AHNLAB Security Emergency Response Center (ASEC) a signalé que la vulnérabilité d'Apache ActiveMQ (CVE-2023-46604) est exploitée par divers acteurs de menace.La vulnérabilité est une vulnérabilité d'exécution de code distant dans le serveur de modèle de messagerie et d'intégration open source apache activemq.
L'attaque de vulnérabilité consiste à manipuler un type de classe sérialisé dans le protocole OpenWire pour instancier la classe dans le chemin de classe.Lorsque l'acteur de menace transmet un paquet manipulé, le serveur vulnérable fait référence au chemin (URL) contenu dans le paquet pour charger le fichier de configuration XML pour la classe.Les logiciels malveillants utilisés dans les attaques comprennent Ladon, Netcat, AnyDesk et Z0min.Ladon est l'un des outils principalement utilisés par les acteurs de la menace chinoise.NetCAT est un utilitaire pour transmettre des données à et depuis certaines cibles dans un réseau connecté par le protocole TCP / UDP.AnyDesk, Netsupport et Chrome Remote Desktop ont récemment été utilisés pour contourner les produits de sécurité.Z0miner a été signalé pour la première fois en 2020 par l'équipe de sécurité de Tencent et a été distribué via des attaques exploitant les vulnérabilités d'exécution du code distant Oracle Weblogic (CVE-2020-14882 / CVE-2020-14883).
#### URL de référence (s)
1. https://asec.ahnlab.com/en/59904/
#### Date de publication
18 décembre 2023
#### Auteurs)
Sanseo
#### Description AhnLab Security Emergency Response Center (ASEC) has reported that the Apache ActiveMQ vulnerability (CVE-2023-46604) is being exploited by various threat actors. The vulnerability is a remote code execution vulnerability in the open-source messaging and integration pattern server Apache ActiveMQ. The vulnerability attack involves manipulating a serialized class type in the OpenWire protocol to instantiate the class in classpath. When the threat actor transmits a manipulated packet, the vulnerable server references the path (URL) contained in the packet to load the XML configuration file for the class. The malware used in the attacks includes Ladon, NetCat, AnyDesk, and z0Miner. Ladon is one of the tools that are mainly used by Chinese-speaking threat actors. Netcat is a utility for transmitting data to and from certain targets in a network connected by TCP/UDP protocol. AnyDesk, NetSupport, and Chrome Remote Desktop have recently been used for bypassing security products. z0Miner was first reported in 2020 by the Tencent Security Team and was distributed via attacks exploiting the Oracle Weblogic remote code execution vulnerabilities (CVE-2020-14882/CVE-2020-14883). #### Reference URL(s) 1. https://asec.ahnlab.com/en/59904/ #### Publication Date December 18, 2023 #### Author(s) Sanseo |
Malware Tool Vulnerability Threat | ★★★ | |
|
2023-12-21 13:32:00 | Google découvre un autre chrome zéro-jour exploité dans la nature Google discovers another Chrome zero-day exploited in the wild (lien direct) |
Google Chrome a publié un correctif de sécurité d'urgence pour un défaut zéro-jour qui a été exploité dans la nature.Cette vulnérabilité, suivie en CVE-2023-7024, affecte les versions de bureau du navigateur sur Mac, Linux et Windows.C'est le huitième activement exploité zéro-jour dans Chrome découvert depuis le début de 2023. Cl & eacute; ment Lecigne et Vlad
Google Chrome has released an emergency security fix for a zero-day flaw that has been exploited in the wild. This vulnerability, tracked as CVE-2023-7024, affects the desktop versions of the browser on Mac, Linux and Windows. It is the eighth actively exploited zero-day in Chrome discovered since the start of 2023. Clément Lecigne and Vlad |
Vulnerability Threat | ★★ | |
|
2023-12-21 12:52:00 | Les pirates exploitent la vulnérabilité Old MS Excel à la propagation de l'agent Tesla malware Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (lien direct) |
Les attaquants armement une vieille vulnérabilité de Microsoft Office dans le cadre de campagnes de phishing pour distribuer une souche de logiciels malveillants appelés & nbsp; agent Tesla.
Les chaînes d'infection levaient les documents de leurre de lereau Excel attaché dans les messages sur le thème de la facture pour tromper des cibles potentielles pour les ouvrir et activer l'exploitation du CVE-2017-11882 (score CVSS: 7.8), une vulnérabilité de corruption de mémoire dans Office \'s
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office\'s |
Malware Vulnerability | ★★ | |
|
2023-12-21 12:41:43 | Over a Dozen Critical RCE Vulnerabilities in Ivanti Avalanche; Actively Exploited Chrome Zero-Day, CVE-2023-7024 (lien direct) | Ivanti has issued security updates to address a total of 22 vulnerabilities identified in its... | Vulnerability Threat | ★★★ | |
|
2023-12-21 11:43:27 | Ivanti Patches Dozen Vulnérabilités critiques dans le produit Avalanche MDM Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product (lien direct) |
> Ivanti a corrigé 20 vulnérabilités dans son produit Avalanche MDM, y compris une douzaine de défauts d'exécution de code distant évalués.
>Ivanti has patched 20 vulnerabilities in its Avalanche MDM product, including a dozen remote code execution flaws rated critical. |
Vulnerability | ★★ | |
|
2023-12-21 11:00:00 | Violations de données: analyse approfondie, stratégies de récupération et meilleures pratiques Data breaches: In-depth analysis, recovery strategies, and best practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the dynamic landscape of cybersecurity, organizations face the ever-present risk of data breaches. This article provides a detailed exploration of data breaches, delving into their nuances, and offers comprehensive recovery strategies along with best practices. A data breach occurs when unauthorized threat actors gain access to sensitive information, jeopardizing data integrity and confidentiality. There are some common causes behind major data breaches: Cyber-attacks: Sophisticated cyber-attacks, techniques such as spear phishing, ransomware, and advanced persistent threats, are predominant causes behind data breaches. Insider threats: Whether arising from employee errors, negligence, or intentional malicious actions, insider threats contribute significantly to data breaches. Third-party incidents: Weaknesses in the security protocols of third-party vendors or service providers can expose organizations to the risk of data breaches. Learnings acquired Rapid detection and response: The criticality of swift detection and response cannot be overstated. Delayed identification prolongs the impact and complicates the recovery process. Comprehensive incident response: Organizations must establish a robust incident response plan, encompassing communication strategies, legal considerations, and meticulous technical remediation steps. Regulatory compliance: Adherence to regulatory requirements and industry standards is not only essential for legal compliance but is also a fundamental aspect of maintaining trust and credibility. Employee training: Ongoing training initiatives that elevate employees\' awareness of security threats and best practices play a pivotal role in preventing data breaches. Continuous security audits: Regular security audits and assessments serve as proactive measures, identifying vulnerabilities before they can be exploited. Best practices for recovery Detailed incident communication: Provide a comprehensive and transparent communication plan, detailing the incident\'s scope, impact, and the organization\'s proactive steps for resolution. Stakeholder engagement: Engage with stakeholders, including customers, employees, and regulatory bodies. Keep them informed about the incident\'s progress and the measures being taken for recovery. Comprehensive cyber insurance coverage: Cyber insurance can be a strategic asset, covering a range of costs related to the incident, including investigation, legal proceedings, and potential regulatory fines. Strengthen cybersecurity measures: Advanced threat detection: Implement advanced threat detection mechanisms that can identify anomalous behavior and potential threats in real-time. Encryption and access controls: Enhance data protection by implementing robust encryption protocols and access controls, limiting unauthorized access to sensitive information. Regular system updates: Maintain an agile cybersecurity posture by regularly updating and patching systems to address known vulnerabilities. Law enforcement partnership: Collaborate with law enforcement agencies and relevant authorities, leveraging their expertise to aid in the investigation and apprehension of cybercriminals. Legal counsel engagement: Engage legal counsel to navigate the legal intricacies associated with the breach, ensuring compliance with regulations and m | Ransomware Data Breach Vulnerability Threat Patching Technical | ★★ | |
 |
2023-12-21 10:30:00 | Ivanti exhorte les clients à corriger 13 vulnérabilités critiques Ivanti Urges Customers to Patch 13 Critical Vulnerabilities (lien direct) |
Ivanti publie des mises à jour pour corriger 22 vulnérabilités dans son produit de gestion d'appareils mobiles Avalanche
Ivanti releases updates to fix 22 vulnerabilities in its Avalanche mobile device management product |
Vulnerability Mobile | ★★ | |
 |
2023-12-21 10:00:59 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 4 & # 8211; CVE-2023-23376) Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376) (lien direct) |
Ceci est la cinquième partie de notre étude sur le système de fichiers journal commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:56 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 3 & # 8211; octobre 2022) Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022) (lien direct) |
Ceci est la quatrième partie de notre étude sur le système de fichiers journal commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:53 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 2 & # 8211; septembre 2022) Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022) (lien direct) |
Il s'agit de la troisième partie de notre étude sur le système de fichiers journaux commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:50 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares Windows CLFS and five exploits used by ransomware operators (lien direct) |
Nous n'avions jamais vu autant d'exploits de pilotes CLFS utilisés auparavant dans des attaques actives, puis soudain, il y en a tellement capturés en seulement un an.Y a-t-il quelque chose qui ne va pas avec le pilote CLFS?Toutes ces vulnérabilités sont-elles similaires?Ces questions m'ont encouragé à examiner de plus près le conducteur CLFS et ses vulnérabilités.
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities. |
Ransomware Vulnerability | ★★ | |
|
2023-12-21 10:00:47 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 1 & # 8211; CVE-2022-24521) Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521) (lien direct) |
Il s'agit de la deuxième partie de notre étude sur le système de fichiers journaux commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisées dans les attaques de ransomwares tout au long de l'année.
This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 10:00:01 | Windows CLFS et cinq exploits utilisés par les opérateurs de ransomwares (exploit # 5 & # 8211; CVE-2023-28252) Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252) (lien direct) |
Il s'agit de la six partie de notre étude sur le système de fichiers journal commun (CLFS) et cinq vulnérabilités dans ce composant Windows OS qui ont été utilisés dans les attaques de ransomwares tout au long de l'année.
This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. |
Ransomware Vulnerability Studies | ★★ | |
|
2023-12-21 09:11:00 | Urgent: nouvelle vulnérabilité chromée zéro exploitée dans la nature - mise à jour dès que possible Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (lien direct) |
Google a déployé des mises à jour de sécurité pour le navigateur Web Chrome pour lutter contre un défaut zéro jour de haute sévérité qui, selon lui, a été exploité dans la nature.
La vulnérabilité, attribuée à l'identificateur CVE & NBSP; CVE-2023-7024, a été décrite comme a & nbsp; Bug de débordement de tampon basé sur un tas & nbsp; dans le cadre WebBrTC qui pourrait être exploité pour entraîner des plantages de programme ou une exécution de code arbitraire.
Cl & eacute; ment;
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément |
Vulnerability Threat | ★★ | |
 |
2023-12-21 05:00:25 | Battleroyal, le cluster Darkgate se propage par e-mail et les fausses mises à jour du navigateur BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (lien direct) |
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates. Proofpoint researchers are tracking a particularly interesting operator of the DarkGate malware. At the time of publication, researchers are not attributing this cluster of activity to a known threat actor and are temporarily calling it BattleRoyal. Between September and November 2023, at least 20 email campaigns used DarkGate malware with GroupIDs “PLEX”, “ADS5”, “user_871236672” and “usr_871663321”. The GroupID is a configuration setting that is also referred to as username, botnet, campaign, or flag 23. The campaigns are notable for: Delivery: via email and RogueRaticate fake browser updates Volumes and geography: email campaigns include tens of thousands of emails targeting dozens of industries primarily in USA and Canada Attack chain: includes a variety of notable tools such as 404 TDS, Keitaro TDS, and .URL files exploiting CVE-2023-36025 Volume of DarkGate campaigns based on four GroupIDs discussed in this report. TDS all the things! (an email campaign example) On October 2, 2023, Proofpoint identified one of the first campaigns in this cluster. It was notable due to the use of more than one traffic delivery system (TDS), specifically 404 TDS and Keitaro TDS. Additionally, the .URL files involved exploited CVE-2023-36025, a vulnerability in Windows SmartScreen. While other parts of the attack chain from this actor changed or varied, .URL files were involved in every campaign. The emails in this campaign contained: 404 TDS URLs that, if clicked by the user, redirected to Keitaro TDS Keitaro TDS was observed serving an internet shortcut (.URL) file The internet shortcut, if double clicked, downloaded a zipped VBS script The VBS in turn downloaded and executed several shell commands (cmd.exe) The shell commands (a) created a directory on C: drive, (b) copied curl.exe from system folder to this new directory, (c) used the curl to download Autoit3.exe, (d) used curl to download and save an AutoIT script, and (e) ran the downloaded AutoIT script with the downloaded AutoIT interpreter The AutoIT script ran an embedded DarkGate Attack chain summary that follows the flow of: Email > 404 TDS > Keitaro TDS > .URL > .VBS > Shell commands > AutoIT / AutoIT script > DarkGate. Screenshot of an example email from October 2 campaign. Screenshot of the .URL file involved in the October 2 campaign. Proofpoint has identified multiple cybercriminal campaigns exploiting CVE-2023-36025; however, the BattleRoyal cluster exploited this vulnerability more than any other actor observed in Proofpoint threat data. Notably, this activity cluster exploited CVE-2023-36025 before it was published by Microsoft. SmartScreen is a security feature that is designed to prevent people from visiting malicious websites. The vulnerability could allow an actor to bypass the SmartScreen defenses if a user clicked on a specially crafted .URL file or a hyperlink pointing to a .URL file. More specifically, a SmartScreen alert would not be triggered when a .URL points to a SMB or WebDav share as file:// and the malicious payload is inside a ZIP file which is specified in the URL target. RogueRaticate (fake browser update campaign example) On October 19, 2023, an external researcher identified and publicly shared details of the RogueRaticate fake update activity cluster using an interesting obfuscation technique first identified in 2020. Proofpoint subsequently identified the activity in Proofpoint data. This campaign delivered fake browser update requests to end users on their web browsers that dropped a DarkGate payload with the “ADS5” GroupID. The threat actor injected a request to a domain they controlled that used .css steganography to conceal the malicious c | Malware Tool Vulnerability Threat Prediction | ★★ | |
 |
2023-12-20 20:58:34 | La saison de la cyber-vulnérabilité: comment les vacances deviennent un terrain de jeu de pirate \\ The Season of Cyber Vulnerability: How the Holidays Become a Hacker\\'s Playground (lien direct) |
La saison de la cyber-vulnérabilité: comment les vacances deviennent un terrain de jeu de pirate \\
Comprendre les risques et fortifier les défenses de la période festive
-
mise à jour malveillant
The Season of Cyber Vulnerability: How the Holidays Become a Hacker\'s Playground Understanding the risks and fortifying defences in the festive period - Malware Update |
Vulnerability | ★★ | |
 |
2023-12-20 18:06:55 | GCP-2023-049 (lien direct) | Publié: 2023-12-20 Description Description Gravité notes Les vulnérabilités suivantes ont été découvertes dans le noyau Linux qui peut conduire à une escalade de privilège sur le système d'exploitation optimisé et les nœuds Ubuntu. CVE-2023-3090 Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité GKE GKE sur le bulletin de sécurité VMware gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur gke sur le bulletin de sécurité nue High CVE-2023-3090 Published: 2023-12-20Description Description Severity Notes The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.CVE-2023-3090 For instructions and more details, see the following bulletins: GKE security bulletin GKE on VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GKE on Bare Metal security bulletin High CVE-2023-3090 | Vulnerability Cloud | ||
 |
2023-12-20 16:52:42 | Fake F5 Big-ip Zero-Day Avertissement Emails Fake F5 BIG-IP zero-day warning emails push data wipers (lien direct) |
Le cyber-Directorat national d'Israël avertit des e-mails de phishing faisant semblant d'être des mises à jour de sécurité Zero-Day F5 Big-IP qui déploient les essuie-glaces de données Windows et Linux.[...]
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [...] |
Vulnerability Threat | ★★★ | |
|
2023-12-20 15:00:00 | Vulnérabilité F5 ciblée \\ 'mise à jour \\' délivre des essuie-glaces aux victimes israéliennes Targeted F5 Vulnerability \\'Update\\' Delivers Wiper to Israeli Victims (lien direct) |
Les fichiers censés être un patch de vulnérabilité F5 suppriment le contenu du serveur.
Files purporting to be an F5 vulnerability patch are deleting server contents. |
Vulnerability | ★★ | |
|
2023-12-20 12:00:22 | La violation des données XFINITY a un impact sur 36 millions d'individus Xfinity Data Breach Impacts 36 Million Individuals (lien direct) |
> La violation de données XFINITY récemment divulguée, qui a impliqué l'exploitation de la vulnérabilité agricole, a un impact sur 36 millions d'individus
>The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals |
Data Breach Vulnerability | ★★ | |
|
2023-12-20 11:15:01 | Xfinity a secoué avec une violation de données impactant 36 millions d'utilisateurs Xfinity Rocked with Data Breach Impacting 36 Million Users (lien direct) |
> Par deeba ahmed
La dernière violation de données XFINITY est liée à la vulnérabilité critique des saignements Citrix.
Ceci est un article de HackRead.com Lire le post original: Xfinity a secoué avec une violation de données impactant 36 millions d'utilisateurs
>By Deeba Ahmed The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability. This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users |
Data Breach Vulnerability | ★★ | |
|
2023-12-20 02:00:00 | BugCrowd annonce des cotes de vulnérabilité pour les LLM Bugcrowd Announces Vulnerability Ratings for LLMs (lien direct) |
La mise à jour de la taxonomie de notation de la vulnérabilité de la société offre aux chercheurs de vulnérabilité un cadre pour évaluer et hiérarchiser les vulnérabilités dans les modèles de grande langue.
The update to the company\'s Vulnerability Rating Taxonomy offers vulnerability researchers a framework for assessing and prioritizing vulnerabilities in large language models. |
Vulnerability | ★★ | |
|
2023-12-19 20:55:00 | Flaws de sécurité Microsoft Outlook Zero-Click déclenché par un fichier son Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File (lien direct) |
Les attaquants peuvent enchaîner les vulnérabilités pour obtenir une exécution complète du code distant.
Attackers can chain the vulnerabilities to gain full remote code execution. |
Vulnerability | ★★ | |
 |
2023-12-19 17:35:09 | SSH protège les réseaux les plus sensibles du monde.Ça devient beaucoup plus faible SSH protects the world\\'s most sensitive networks. It just got a lot weaker (lien direct) |
La nouvelle attaque de Terrapin utilise la troncature préfixe pour rétrograder la sécurité des canaux SSH.
Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels. |
Vulnerability | ★★★★ | |
|
2023-12-19 15:00:00 | 2023 Cyber Madenats: 26 000+ Vulnérabilités, 97 au-delà de la liste des CISA 2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List (lien direct) |
Le rapport Quality a également montré que plus de 7 000 vulnérabilités avaient un code d'exploitation de preuve de concept
The Qualys report also showed over 7000 vulnerabilities had proof-of-concept exploit code |
Vulnerability Threat | ★★★ | |
|
2023-12-19 14:30:00 | 36 millions de personnes touchées par la violation de données à Xfinity 36 million people affected by data breach at Xfinity (lien direct) |
Le fournisseur de services de télévision par câble et d'Internet Xfinity indique qu'une violation liée à une vulnérabilité généralisée dans la technologie Citrix a exposé des données de près de 36 millions de personnes à la mi-octobre.L'intrusion s'est produite entre le 16 et le 19 octobre, après que Citrix ait annoncé le bogue, mais avant que Xfinity ne répare ses systèmes, a déclaré la société basée à Philadelphie dans un notification déposée lundi
Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October. The intrusion happened between October 16-19, after Citrix had announced the bug but before Xfinity patched its systems, the Philadelphia-based company said in a notification filed Monday |
Data Breach Vulnerability | ★★ | |
|
2023-12-19 12:28:00 | 8220 gang exploitant Oracle Weblogic Server Vulnérabilité à la propagation de logiciels malveillants 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (lien direct) |
Les acteurs de menace associés à la & nbsp; 8220 gang & nbsp; ont été observés exploitant un défaut de haute sévérité dans le serveur Oracle Weblogic pour propager leurs logiciels malveillants.
La lacune de sécurité est & nbsp; CVE-2020-14883 & nbsp; (Score CVSS: 7.2), un bug d'exécution de code distant qui pourrait être exploité par des attaquants authentifiés pour prendre les serveurs sensibles.
"Cette vulnérabilité permet à la distance authentifiée
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated |
Malware Vulnerability Threat | ★★ | |
|
2023-12-19 12:03:18 | Les attaques Terrapin peuvent rétrograder la sécurité des connexions OpenSSH Terrapin attacks can downgrade security of OpenSSH connections (lien direct) |
Les chercheurs universitaires ont développé une nouvelle attaque appelée Terrapin qui manipule les numéros de séquence pendant le processus de poignée de main pour briser l'intégrité du canal SSH lorsque certains modes de chiffrement largement utilisés sont utilisés.[...]
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. [...] |
Vulnerability | ★★★ | |
|
2023-12-19 11:48:41 | Alertes Microsoft des vulnérabilités RCE et DOS dans Perforce Server: CVE-2023-45849, CVE-2023-35767, CVE-2023-45319, CVE-2023-5759 Microsoft Alerts of RCE and DoS Vulnerabilities in Perforce Server: CVE-2023-45849, CVE-2023-35767, CVE-2023-45319, CVE-2023-5759 (lien direct) |
Lors d'une revue de sécurité de ses studios de développement de jeux, Microsoft a trouvé quatre vulnérabilités à Perforce ...
During a security review of its game development studios, Microsoft found four vulnerabilities in Perforce... |
Vulnerability | ★★ | |
|
2023-12-19 11:30:00 | Les données des clients XFINITY sont compromises dans l'attaque exploitant la vulnérabilité agricole Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability (lien direct) |
> La Xfinity de Comcast \\ affirme que les données des clients, y compris les informations d'identification, ont été compromises dans une attaque exploitant la vulnérabilité agricole
>Comcast\'s Xfinity says customer data, including credentials, were compromised in an attack exploiting the CitrixBleed vulnerability |
Vulnerability | ★★ | |
|
2023-12-19 11:00:00 | La meilleure conférence de cybersécurité dont vous n'avez jamais entendu parler The best Cybersecurity conference you never heard of (lien direct) |
For the past 12 years in Austin, TX, the last week of October has been reserved for the Lonestar Application Security Conference (LASCON). Unequivocally, LASCON is the best cybersecurity conference you have never heard of!
LASCON is the annual confab of the Austin, TX OWASP (the Open Worldwide Application Security Project) chapter. OWASP is a volunteer organization that is a treasure trove of application security information with things such as standards, discussion groups, documentation, and more. The organization tracks the annual OWASP Top 10 web application security risks and is the proverbial north star for developers seeking more secure coding practices.
LASCON 2023 talks are recorded and available.
As a conference, LASCON rolls up its metaphorical sleeves and puts on a fabulous show. The uniqueness of LASCON:
Delivers exceptional content focused on application security
Offers every attendee the opportunity to challenge themselves and gain new life skills
Provides physical and cerebral entertainment
Exceptional content
LASCON is wholly committed to discussing, exploring, and showcasing application security. Check out the 2023 agenda here to see the extensive programming focused on application security.
Why is application security so important? In the world of cybersecurity, the subset of application security is the last mile and the area the adversaries know may be less security-aware.
Software is malleable and widely shared. In many cases software developers live in an environment of “just ship it” only to find that unintentional vulnerabilities crept into a production release.
The push to “DevSecOps” or “SecDevOps” means security disciplines are being incorporated from the beginning to alleviate many of the problems that stem from a “just ship it” environment.
LASCON tackles the what, why, and how of application security. In 2023, there was plenty of focus on the needs and benefits of automation, how development teams need to communicate to different audiences, and of course what generative-AI means for application security. In other words, something for everyone.
Many of the LASCON sessions were recorded and the replays will be available in the next few months. I highly recommend viewing this topical content.
New life skills
Similar to other conferences, LASCON has an expo hall where sponsor-vendors showcase their technology and give away swag.
But…LASCON goes a step further and brings in the Longhorn Lock Picking Club to set up Lock Pick Village in one end of the expo hall. Lock Pick Village focuses on locksport. This skill uses logical thinking, involves manual dexterity, and brings out the physical aspect of security.
Lock Pick Village is a favorite among attendees and creates a bonding opportunity at LASCON. The mayor of Lock Pick Village runs various contests throughout the two days of the conference with winners walking away with bragging rights.
Entertainment
LASCON has something for everyone!
Each year, the LASCON organizing team hosts “speed debates”. These debates are sarcastic, outlandish, and just plain funny. A moderator hosts two teams who take on cybersecurity topics of the day and present heartfelt pro or con arguments. Topics are far-ranging and incl |
Vulnerability Conference | ★★★ |
To see everything:
Our RSS (filtrered)
