What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-10 20:55:00 | Microsoft publie un correctif pour le problème d'Outlook patch exploité par les pirates russes Microsoft releases fix for patched Outlook issue exploited by Russian hackers (lien direct) |
Microsoft a publié mardi une nouvelle solution pour une vulnérabilité qui a été initialement corrigée en mars, mais a ensuite été découverte par les chercheurs en sécurité.Les responsables ukrainiens de la cybersécurité de CERT-UA ont signalé une vulnérabilité à l'équipe de réponse aux incidents de Microsoft plus tôt cette année après que les pirates de Russie ont utilisé une vulnérabilité dans le service de messagerie Outlook de Microsoft \\.«Microsoft
Microsoft on Tuesday released a new fix for a vulnerability that was initially patched in March but was later discovered by security researchers to be flawed. Ukrainian cybersecurity officials at CERT-UA reported a vulnerability to the Microsoft incident response team earlier this year after Russia-based hackers used a vulnerability in Microsoft\'s Outlook email service. “Microsoft |
Vulnerability | ★★ | |
|
2023-05-08 20:24:00 | Des pirates iraniens parrainés par l'État exploitant la vulnérabilité de l'imprimante Iranian state-sponsored hackers exploiting printer vulnerability (lien direct) |
Les pirates basés en Iran exploitent une vulnérabilité récemment découverte affectant un logiciel de gestion d'impression populaire, selon de nouvelles recherches.Vendredi, Microsoft a déclaré que deux acteurs de l'État-nation qu'ils appellent la menthe de Sandstorm et Mango Sandstorm attaquaient des sociétés exécutant des versions non corrigées de Papercut Software, qui est largement utilisé par les agences gouvernementales, les universités et les grandes entreprises autour
Hackers based in Iran are exploiting a recently-discovered vulnerability affecting a popular printing management software, according to new research. On Friday, Microsoft said two nation-state actors they call Mint Sandstorm and Mango Sandstorm have been attacking companies running unpatched versions of PaperCut software, which is used widely by government agencies, universities, and large companies around |
Vulnerability | ★★ | |
|
2023-05-05 15:53:00 | Les organisations lents pour patcher Goanywhere MFT vulnérabilité même après les attaques de ransomwares de Clop Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks (lien direct) |
Des dizaines d'organisations sont toujours exposées à des cyberattaques grâce à une vulnérabilité largement abusée dans Goanywhere MFT - un outil Web qui aide les organisations à transférer des fichiers - selon de nouvelles recherches.Depuis février, le groupe Ransomware Clop a exploité des dizaines de plus grandes entreprises et gouvernements du monde \\ à travers une vulnérabilité zéro-jour que Goanywhere a suivi comme CVE-2023-0669.Les gouvernements
Dozens of organizations are still exposed to cyberattacks through a widely-abused vulnerability in GoAnywhere MFT - a web-based tool that helps organizations transfer files - according to new research. Since February, the Clop ransomware group has exploited dozens of the world\'s largest companies and governments through a zero-day vulnerability GoAnywhere tracked as CVE-2023-0669. The governments |
Ransomware Tool Vulnerability | ★★ | |
|
2023-04-28 20:37:00 | CISA, FDA avertit de la nouvelle vulnérabilité du dispositif d'ADN illumina CISA, FDA warn of new Illumina DNA device vulnerability (lien direct) |
Plusieurs agences américaines ont averti cette semaine d'une vulnérabilité affectant les logiciels dans les appareils utilisés pour la recherche sur l'ADN qui permettrait aux pirates d'accéder aux informations sensibles des patients.La Food and Drug Administration (FDA) et la société derrière les appareils - Illumina - ont déclaré qu'elles n'avaient reçu aucun rapport indiquant que la vulnérabilité avait été exploitée.Illumina
Several U.S. agencies warned this week about a vulnerability affecting software in devices used for DNA research that would allow hackers access to sensitive patient information. The Food and Drug Administration (FDA) and the company behind the devices - Illumina - said they have not received any reports indicating the vulnerability has been exploited. Illumina |
Vulnerability | ★★ | |
|
2023-04-27 15:49:00 | Les pirates utilisent la vulnérabilité de l'imprimante Papercut pour répandre les ransomwares de CloP Hackers use PaperCut printer vulnerability to spread Clop ransomware (lien direct) |
Les pirates liés à l'opération de ransomware de CloP exploitent deux vulnérabilités récemment divulguées dans le logiciel de gestion de l'impression Papercut pour voler les données de l'entreprise des victimes.Dans une série de tweets publiés mercredi, Microsoft a déclaré qu'ils attribuaient les attaques à un acteur de menace qu'ils suivent en dentelle Tempest - un groupe dont les activités se chevauchent avec FIN11 et TA505.
Hackers linked to the Clop ransomware operation are exploiting two recently-disclosed vulnerabilities in print management software PaperCut to steal corporate data from victims. In a series of tweets posted Wednesday, Microsoft said they attributed the attacks to a threat actor they track as Lace Tempest - a group whose activities overlap with FIN11 and TA505. |
Ransomware Vulnerability Threat | ★★ | |
|
2023-03-30 11:55:00 | L'attaque de la chaîne d'approvisionnement contre le fournisseur de téléphones commerciales 3CX pourrait avoir un impact sur des milliers d'entreprises [Supply-chain attack on business phone provider 3CX could impact thousands of companies] (lien direct) |
Les pirates ont peut-être compromis les réseaux de milliers d'entreprises en raison d'une attaque de chaîne d'approvisionnement contre la société de téléphone en entreprise 3CX, ce qui a confirmé jeudi que son application de bureau avait été regroupée de logiciels malveillants.3CX fournit des systèmes de téléphonie de bureau à plus de 12 millions d'utilisateurs quotidiens dans plus de 600 000 entreprises, comme il le prétend sur son site Web,
Hackers may have compromised the networks of thousands of businesses due to a supply-chain attack on the enterprise phone company 3CX, which confirmed on Thursday its desktop app had been bundled with malware. 3CX provides office phone systems to more than 12 million daily users at over 600,000 companies, as it claims on its website, |
Vulnerability Threat Studies | ★★★ | |
|
2023-03-28 19:53:00 | Les chercheurs de sécurité confirment les correctifs de patch Microsoft \\ 'ACROPALYPSE \\' Bogue [Security researchers confirm Microsoft patch fixes \\'aCropalypse\\' bug] (lien direct) |
Les chercheurs qui ont récemment découvert [une nouvelle vulnérabilité de Windows] (https://therecord.media/acropalypse-image-cropping-vulnerabilité-microsoft-indows) qui pourraient permettre de restaurer des tristes recadrés..La semaine dernière, les chercheurs en cybersécurité Simon Aarons et David Buchanan ont rendu compteLa vulnérabilité [\\ 'acropalypse \'] (https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) dans Pixel \\ 's inbuiltoutil d'édition de capture d'écran, marquage, qui a permis à quiconque de récupérer partiellement les données d'image non éditées d'origine
The researchers who recently discovered [a novel Windows vulnerability](https://therecord.media/acropalypse-image-cropping-vulnerability-microsoft-windows) that could allow cropped screenshots to be restored say the bug has been fixed. Last week, cybersecurity researchers Simon Aarons and David Buchanan reported on the [\'aCropalypse\' vulnerability](https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) in Pixel\'s inbuilt screenshot editing tool, Markup, that allowed anyone to partially recover the original unedited image data |
Vulnerability | ★★ | |
|
2023-03-24 11:00:00 | Comment le Pentagone a appris à aimer la divulgation de la vulnérabilité [How the Pentagon learned to love vulnerability disclosure] (lien direct) |
À l'intérieur de la [Cyber Stratégie nationale] (https://www.whitehouse.gov/wp-content/uploads/2023/03/national-cybersecurity-strategy-2023.pdf) publié le mois dernier par l'administration BidenUn appel à une «divulgation de vulnérabilité coordonnée» dans «tous les types de technologies et secteurs» pour aider à collecter et partager des informations sur les défauts des logiciels, du matériel et des systèmes à l'échelle nationale.L'appel a marqué la dernière étape de l'évolution d'une pratique qui a acquis une acceptation précoce
Inside the [national cyber strategy](https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf) released last month by the Biden administration was a call for “coordinated vulnerability disclosure” across “all technology types and sectors” to help collect and share information about flaws in software, hardware and systems nationwide. The appeal marked the latest step in the evolution of a practice that gained early acceptance |
Vulnerability | ★★ | |
|
2023-03-23 19:10:00 | La ville de Toronto et Virgin confirment que les pirates ont accédé aux données via des systèmes de transfert de fichiers [City of Toronto and Virgin confirm hackers accessed data through file transfer systems] (lien direct) |
La ville de Toronto et le conglomérat multinational britannique Virgin ont confirmé que les pirates avaient pu accéder aux données grâce à une vulnérabilité dans un service de transfert de fichiers populaire qui a affecté des dizaines d'organisations ces dernières semaines.Des responsables de Toronto ont déclaré jeudi au dossier qu'ils enquêtaient sur des fichiers accessibles par des cybercriminels qui ont piraté
The City of Toronto and British multinational conglomerate Virgin confirmed that hackers were able to access data through a vulnerability in a popular file transfer service that has affected dozens of organizations in recent weeks. Toronto officials told The Record on Thursday that they are investigating files that were accessed by cybercriminals who hacked into |
Vulnerability | ★★★ | |
|
2023-03-22 20:10:00 | Microsoft enquêtant sur les rapports de \\ 'acropalypse \\' Image-Crop Vulnérabilité dans Windows [Microsoft investigating reports of \\'aCropalypse\\' image-crop vulnerability in Windows] (lien direct) |
Microsoft examine les rapports sur la question de savoir si une vulnérabilité permettant à quelqu'un de récupérer les parties recadrées ou expurgées de la capture d'écran de Google Pixel affecte également les outils de Windows.Vendredi, les chercheurs en cybersécurité Simon Aarons et David Buchanan [ont rendu compte sur une vulnérabilité] (https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) dans l'outil d'évacuation d'écran Inbuilt de Pixel \\ de Pixel \\., Marquage, qui a permis à quiconque de récupérer partiellement l'original
Microsoft is examining reports of whether a vulnerability allowing someone to recover the cropped or redacted parts of Google Pixel screenshots also affects tools within Windows. On Friday, cybersecurity researchers Simon Aarons and David Buchanan [reported on a vulnerability](https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) in the Pixel\'s inbuilt screenshot editing tool, Markup, that allowed anyone to partially recover the original |
Vulnerability Vulnerability | ★★★ | |
|
2023-03-17 04:00:00 | Samsung\'s Exynos chips cited for potentially hackable flaws (lien direct) |
Important Samsung-made chips inside several popular Android devices have serious vulnerabilities that could allow attackers to “silently and remotely” compromise them, researchers said Thursday. Google's Project Zero team said Thursday that the Exynos modems used in multiple series of Samsung, Pixel and Vivo phones could be attacked “with no user interaction,” with methods that “require |
Vulnerability | ★★★ | |
|
2023-03-15 12:17:00 | Ransomware gang exploited a zero-day in Microsoft security feature, Google says (lien direct) |
Financially motivated hackers are using a previously undocumented bug in Microsoft's SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google's Threat Analysis Group (TAG) said. The Google team [reported](https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/) its findings about the bug |
Ransomware Vulnerability Threat Threat | ★★ | |
|
2023-03-14 20:36:00 | Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (lien direct) |
Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A |
Ransomware Vulnerability Cloud | ★★ | |
|
2023-03-14 15:34:00 | CISA unveils ransomware warning pilot for critical infrastructure (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks. [The Ransomware Vulnerability Warning Pilot](https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot) launched Jan. 30 and was mandated under the sweeping cyber incident reporting [legislation](https://therecord.media/biden-signs-cyber-incident-reporting-bill-into-law) President Joe Biden signed into law |
Ransomware Vulnerability | ★★★ | |
|
2023-03-03 19:09:13 | Online travel giant says it was not compromised through recently-discovered vulnerability (lien direct) |  Online travel agency giant Booking.com said Friday that it was not compromised through a vulnerability on the platform that was recently discovered by researchers. Several publications on Thursday reported that researchers from Salt Security said they found several critical security flaws on Booking.com and its sister company Kayak. The flaws involved the tool that allows [… |
Tool Vulnerability | ★★★ | |
|
2023-02-23 21:30:23 | Popular IBM file transfer tool vulnerable to cyberattacks, CISA says (lien direct) |  A vulnerability in the IBM Aspera Faspex file transfer tool is actively being exploited by malicious hackers, CISA says |
Tool Vulnerability | ★★ | |
|
2023-02-17 19:03:15 | Belgium institutes nationwide vulnerability disclosure policy (lien direct) |  Belgium becomes the fourth European country to officially give researchers a way to legally report bugs to organizations and the government |
Vulnerability | ★★★ | |
|
2023-02-16 17:31:28 | In response to Clop attacks, Fortra says it has taken \'multiple steps\' with customers, CISA (lien direct) |  Fortra says it is working with customers and CISA to address cyberattacks using a vulnerability in its GoAnywhere managed file-transfer tool. |
Vulnerability | ★★ | |
|
2023-02-08 19:41:06 | \'No evidence of malicious access,\' Toyota says about serious bug exploited by outside researcher (lien direct) |  Toyota said it remediated the vulnerability discovered by researcher Eaton Zveare. The company referred others to its bug disclosure platform. |
Vulnerability | ★★★ | |
|
2023-02-02 15:54:42 | QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation (lien direct) |  QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack |
Ransomware Vulnerability | ★★ | |
|
2023-01-25 21:43:55 | Exploit released for Microsoft bug allowing attacker to masquerade as legitimate entity (lien direct) |  Researchers from Akamai have released a proof-of-concept for a vulnerability affecting a Microsoft tool that allows the Windows' application programming interface to deal with cryptography. The vulnerability, CVE-2022-34689, was discovered by the United Kingdom’s National Cyber Security Centre and the National Security Agency. It affects a tool called CryptoAPI and allows an attacker to masquerade [… |
Tool Vulnerability | ★★ | |
|
2023-01-21 13:37:00 | Suspected Chinese hackers exploit vulnerability in Fortinet devices (lien direct) |  Suspected Chinese hackers have been targeting a European government entity and African managed service provider with new custom malware. According to a report released by Mandiant on Thursday, hackers exploited a recently patched vulnerability - CVE-2022-42475 - in FortiOS, an operating system developed by U.S. cybersecurity company Fortinet, as a zero-day. The exploitation occurred as [… |
Vulnerability | ★★★ | |
|
2023-01-19 21:11:22 | Hackers exploiting vulnerability affecting Zoho ManageEngine products: Rapid7 (lien direct) |  Researchers at cybersecurity firm Rapid7 have observed exploitation of a vulnerability affecting two dozen ManageEngine products from software company Zoho. The bug – CVE-2022-47966 – was patched in waves starting on October 27, with the last product receiving a patch on November 7. Discovered by a researcher from Viettel Cyber Security, the vulnerability allows an [… |
Vulnerability | ★★ | |
|
2023-01-13 19:30:34 | Fortinet warns of hackers targeting governments through VPN vulnerability (lien direct) |  Fortinet published an advisory this week warning that a critical vulnerability is being exploited by an “advanced actor” to target government networks. Fortinet published an advisory about the bug – CVE-2022-42475 – and it quickly garnered widespread attention due to its 9.8 CVSS score, ease of use and the large number of FortiOS versions affected. [… |
Vulnerability | ★★★ | |
|
2023-01-12 21:19:14 | CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog (lien direct) |  The Cybersecurity and Infrastructure Security Agency added a recently revealed bug to its known exploited vulnerability list this week after Microsoft confirmed it was being used in attacks. CISA ordered all federal civilian agencies to patch CVE-2023-21674 by January 31. The bug – first unveiled in Microsoft's initial Patch Tuesday release of 2023 – affects [… |
Vulnerability | ★★ | |
|
2023-01-11 22:11:24 | Twitter says leaked data on 200 million users was likely publicly available info (lien direct) |  Twitter on Wednesday addressed long-simmering rumors that hackers stole the information of more than 200 million users, claiming that there is “no evidence” the information being sold on the dark web came from the exploitation of a vulnerability in the company's systems. The social media giant - which was purchased by Tesla CEO Elon Musk [… |
Vulnerability | ★★ |
To see everything:
Our RSS (filtrered)
