Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-01-25 10:15:00 |
Concours PWN2OWN Unarths dizaines de vulnérabilités zéro jour Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities (lien direct) |
La première concurrence automobile PWN2OWN de l'initiative Zero Day a remis plus de 1 million de dollars pendant 24 jours zéro
The Zero Day Initiative\'s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days |
Vulnerability
Threat
|
|
★★★★★
|
|
2024-01-24 23:00:00 |
Expansion excessive: découvrir des vulnérabilités de sécurité critiques chez Jenkins Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins (lien direct) |
Ce blog découvre deux vulnérabilités, une gravité critique et élevée, récemment découverte par notre équipe de recherche.En exploitant ces vulnérabilités, les attaquants ont le potentiel d'obtenir une exécution de code distante sur une instance Jenkins.
This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance. |
Vulnerability
|
|
★★★
|
|
2024-01-24 20:59:31 |
Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks (lien direct) |
#### Description
Ahnlab Security Intelligence Center (ASEC) a récemment observé les circonstances d'un acteur de menace de Coinmin appelé MIMO exploitant diverses vulnérabilités pour installer des logiciels malveillants.MIMO, également surnommé HezB, a été retrouvé pour la première fois lorsqu'ils ont installé des co -miners grâce à une exploitation de vulnérabilité Log4Shell en mars 2022.
L'acteur MIMO Threat a installé divers logiciels malveillants, notamment MIMUS Ransomware, Proxyware et Inverse Shell MALWWare, en plus du mimo de mineur.La majorité des attaques de l'acteur de menace de MIMO ont été des cas qui utilisent XMRIG Coinmin, mais des cas d'attaque par ransomware ont également été observés en 2023.
Le ransomware Mimus a été installé avec le malware par lots et a été fabriqué sur la base du code source révélé sur GitHub par le développeur «Mauri870» qui a développé les codes à des fins de recherche.Le ransomware a été développé en Go, et l'acteur de menace l'a utilisé pour développer des ransomwares et l'a nommé Mimus Ransomware.MIMUS Ransomware n'a pas de différences particulières par rapport au code source de Mauricrypt \\.Seule l'adresse C&C de l'acteur de menace, l'adresse du portefeuille, l'adresse e-mail et d'autres données de configuration ont été modifiées.
#### URL de référence (s)
1. https://asec.ahnlab.com/en/60440/
#### Date de publication
17 janvier 2024
#### Auteurs)
Sanseo
#### Description
AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022.
The Mimo threat actor has installed various malware, including Mimus ransomware, proxyware, and reverse shell malware, besides the Mimo miner. The majority of the Mimo threat actor\'s attacks have been cases that use XMRig CoinMiner, but ransomware attack cases were also observed in 2023.
The Mimus ransomware was installed with the Batch malware and was made based on the source code revealed on GitHub by the developer “mauri870” who developed the codes for research purposes. The ransomware was developed in Go, and the threat actor used this to develop ransomware and named it Mimus ransomware. Mimus ransomware does not have any particular differences when compared to MauriCrypt\'s source code. Only the threat actor\'s C&C address, wallet address, email address, and other configuration data were changed.
#### Reference URL(s)
1. https://asec.ahnlab.com/en/60440/
#### Publication Date
January 17, 2024
#### Author(s)
Sanseo
|
Ransomware
Malware
Vulnerability
Threat
|
|
★★
|
|
2024-01-24 18:18:39 |
La vulnérabilité de lecture de fichiers CLI de Jenkins Critical pourrait conduire à des attaques RCE (CVE-2024-23897) Critical Jenkins CLI File Read Vulnerability Could Lead to RCE Attacks (CVE-2024-23897) (lien direct) |
> Jenkins, une plate-forme d'automatisation open source basée sur Java avec un vaste écosystème de plugin et des capacités d'intégration continue, ...
>Jenkins, a Java-based open-source automation platform with an extensive plugin ecosystem and continuous integration capabilities,...
|
Vulnerability
|
|
★★★
|
|
2024-01-24 14:29:00 |
«Rapport sur la plate-forme: Rapport des tendances de la vulnérabilité de BugCrowd \\» Détails les menaces et solutions de sécurité “Inside the Platform: Bugcrowd\\'s Vulnerability Trends Report” Details Security Threats and Solutions (lien direct) |
Les programmes de sécurité des crowdsourcés à portée ouverte trouvent 10x plus critiques de vulnérabilités
«Rapport sur les tendances de la vulnérabilité de BugCrowd \\» Détails Détails Menaces et Solutions de sécurité
-
rapports spéciaux
Open Scope Crowdsourced Security Programs Find 10X More Critical Vulnerabilities
“Inside the Platform: Bugcrowd\'s Vulnerability Trends Report” Details Security Threats and Solutions
-
Special Reports |
Vulnerability
|
|
★★
|
|
2024-01-24 13:00:28 |
Payer maintenant ou payer plus tard Pay Now or Pay Later (lien direct) |
> Comprendre les conséquences coûteuses de la négligence de la cybersécurité OT / ICS Cet article souligne la nécessité critique de la mise en œuvre de mesures de cybersécurité robustes dans les domaines de la technologie opérationnelle (OT) et des systèmes de contrôle industriel (CI).Compte tenu de la convergence croissante de l'informatique et de l'OT, l'avènement de la transformation numérique, de l'IIOT (IOT industriel), de l'industrie 4.0 et de la migration vers l'infrastructure basée sur le cloud, les vulnérabilités de ces systèmes vers les cybermenaces sont devenues une préoccupation primordiale.Risque et conséquences Les cyber-menaces ciblant les systèmes OT / ICS présentent des risques potentiels qui ne peuvent pas être ignorés.Négliger la cybersécurité dans ces domaines peut avoir de graves conséquences.Cependant, l'évaluation des risques dans ces environnements complexes est [& # 8230;]
>Understanding the costly consequences of neglecting OT/ICS Cybersecurity This paper underscores the critical necessity for implementing robust cybersecurity measures in the domains of Operational Technology (OT) and Industrial Control Systems (ICS). Considering the growing convergence of IT and OT, the advent of digital transformation, IIoT (Industrial IoT), Industry 4.0 and the migration to cloud-based infrastructure, the vulnerabilities of these systems to cyber threats have become a paramount concern. RISK and CONSEQUENCES Cyber threats targeting OT/ICS systems pose potential risks that cannot be ignored. Neglecting cybersecurity in these domains can have severe consequences. However, assessing risks in these complex environments is […]
|
Vulnerability
Industrial
|
|
★★★
|
|
2024-01-24 12:20:57 |
Critical Auth Typass dans Goanywhere MFT: est-ce une nouvelle passerelle de ransomwares?(CVE-2024-0204) Critical Auth Bypass in GoAnywhere MFT: Is It a New Ransomware Gateway? (CVE-2024-0204) (lien direct) |
Fortra a divulgué une vulnérabilité critique dans son logiciel Goanywhere MFT (transfert de fichiers géré) & # 8211; ...
Fortra has disclosed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software –...
|
Ransomware
Vulnerability
|
|
★★★
|
|
2024-01-24 12:06:20 |
Empoisonner les modèles d'IA Poisoning AI Models (lien direct) |
Nouvelles recherches sur empoisonner les modèles AI :
Les chercheurs ont d'abord formé les modèles d'IA en utilisant l'apprentissage supervisé, puis ont utilisé & # 8220; Formation en matière de sécurité & # 8221;Méthodes, y compris l'apprentissage plus supervisé, l'apprentissage du renforcement et la formation contradictoire.Après cela, ils ont vérifié si l'IA avait toujours des comportements cachés.Ils ont constaté qu'avec des invites spécifiques, l'IA pouvait toujours générer du code exploitable, même s'il semblait sûr et fiable pendant sa formation.
Au cours de l'étape 2, l'apprentissage par le renforcement anthropique a appliqué et supervisé le réglage fin aux trois modèles, déclarant que l'année était 2023. Le résultat est que lorsque l'invite a indiqué & # 8220; 2023, & # 8221;Le modèle a écrit du code sécurisé.Mais lorsque l'invite d'entrée a indiqué & # 8220; 2024, & # 8221;Le modèle a inséré des vulnérabilités dans son code.Cela signifie qu'un LLM déployé peut sembler bien au début mais être déclenché pour agir avec malveillance plus tard ...
New research into poisoning AI models:
The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training.
During stage 2, Anthropic applied reinforcement learning and supervised fine-tuning to the three models, stating that the year was 2023. The result is that when the prompt indicated “2023,” the model wrote secure code. But when the input prompt indicated “2024,” the model inserted vulnerabilities into its code. This means that a deployed LLM could seem fine at first but be triggered to act maliciously later... |
Vulnerability
|
|
★★★
|
|
2024-01-24 11:02:00 |
Patchez votre goanywhere mft immédiatement - une faille critique permet à quiconque soit administrateur Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin (lien direct) |
Un défaut de sécurité critique a été divulgué dans le logiciel de transfert de fichiers géré (MFT) de Fortra \\ qui pourrait être abusé pour créer un nouvel utilisateur administrateur.
Suivi comme & nbsp; CVE-2024-0204, le problème comporte un score CVSS de 9,8 sur 10.
"Le contournement de l'authentification dans le goanywhere mft de Fortra \\ avant 7.4.1 permet à un utilisateur non autorisé de créer un utilisateur d'administration via le portail d'administration", Fortra &
A critical security flaw has been disclosed in Fortra\'s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
"Authentication bypass in Fortra\'s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra& |
Vulnerability
|
|
★★
|
|
2024-01-24 06:00:39 |
5 Common Privilege Escalation Attack Techniques with Examples (lien direct) |
Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage.
This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks.
Understanding privilege escalation
In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise.
Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically.
Horizontal example
This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems.
Here\'s an example of how a horizontal privilege escalation attack might unfold:
An attacker uses stolen credentials to access a host with regular privileges within a company\'s network.
The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files.
The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files.
This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack.
Vertical example
In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials.
Here is how a vertical privilege escalation attack might play out:
An attacker uses a compromised user account to gain access to a targeted system.
They identify a known vulnerability in an application or service that is running on the system.
The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized.
The attacker can now change their privileges to a higher level, like system admin.
Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data.
Why it is important to prevent privilege escalation attacks
The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern:
Unauthorized access to and exposure of sensitive data
Compromised user accounts and user identities
Manipulated systems and configurations
Disrupted business operations
Data tampering and manipulation, such as with ransomware
Legal and regulatory repercussions
Reputational damage
5 Common privilege escalation attack techniques and examples
Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in |
Tool
Vulnerability
Threat
Commercial
|
|
★★★
|
|
2024-01-24 06:00:39 |
(Déjà vu) 5 Techniques d'attaque d'escalade communes avec des exemples 5 Common Privilege Escalation Attack Techniques with Examples (lien direct) |
Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage.
This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks.
Understanding privilege escalation
In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise.
Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically.
Horizontal example
This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems.
Here\'s an example of how a horizontal privilege escalation attack might unfold:
An attacker uses stolen credentials to access a host with regular privileges within a company\'s network.
The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files.
The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files.
This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack.
Vertical example
In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials.
Here is how a vertical privilege escalation attack might play out:
An attacker uses a compromised user account to gain access to a targeted system.
They identify a known vulnerability in an application or service that is running on the system.
The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized.
The attacker can now change their privileges to a higher level, like system admin.
Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data.
Why it is important to prevent privilege escalation attacks
The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern:
Unauthorized access to and exposure of sensitive data
Compromised user accounts and user identities
Manipulated systems and configurations
Disrupted business operations
Data tampering and manipulation, such as with ransomware
Legal and regulatory repercussions
Reputational damage
5 Common privilege escalation attack techniques and examples
Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in |
Tool
Vulnerability
Threat
Commercial
|
|
★★★
|
|
2024-01-23 23:30:00 |
Quelques jours après Google, Apple révèle que le moteur du navigateur a exploité le moteur de navigateur Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine (lien direct) |
Le nouveau bug est le 12e webkit zéro-jour d'Apple \\ au cours de la dernière année, mettant en évidence l'exposition croissante de l'entreprise aux menaces à l'origine du navigateur.
The new bug is Apple\'s 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. |
Vulnerability
Threat
|
|
★★★
|
|
2024-01-23 21:30:00 |
Les experts en cybersécurité préviennent de nouvelles vulnérabilités affectant les produits Apple, Atlassian et Fortra Cybersecurity experts warn of new vulnerabilities affecting Apple, Atlassian and Fortra products (lien direct) |
Plusieurs nouvelles vulnérabilités sont exploitées par des pirates ces derniers jours, ce qui incite l'alarme à des experts inquiets de la façon dont ils seront utilisés par les cybercriminels et les États-nations.Au cours de la semaine dernière, des vulnérabilités affectant les géants de la technologie, notamment pomme , vmware , Fortra , Apache Et d'autres ont été soulignés à la fois par des experts en cybersécurité et des agences gouvernementales comme les
Multiple new vulnerabilities are being exploited by hackers in recent days, prompting alarm from experts worried about how they will be used by cybercriminals and nation states. Over the last week, vulnerabilities affecting tech giants including Apple, VMware, Atlassian, Fortra, Apache and others have been highlighted both by cybersecurity experts and government agencies like the |
Vulnerability
|
|
★★★
|
|
2024-01-23 15:04:00 |
~ 40 000 attaques en 3 jours: Critical Confluence RCE sous exploitation active ~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation (lien direct) |
Les acteurs malveillants ont commencé à exploiter activement une faille de sécurité critique récemment divulguée ayant un impact sur le centre de données de Confluence Atlassian et le serveur Confluence, dans les trois jours suivant la divulgation publique.
Suivi en CVE-2023-22527 (score CVSS: 10.0), la vulnérabilité a un impact
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure.
Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible |
Vulnerability
Threat
|
|
★★★
|
|
2024-01-23 12:51:12 |
Le paysage des menaces est toujours en train de changer: à quoi s'attendre en 2024 The Threat Landscape Is Always Changing: What to Expect in 2024 (lien direct) |
Gather \'round, cyber friends, and I\'ll let you in on a little secret: no one knows what the Next Big Thing on the threat landscape will be. But we can look back on 2023, identify notable changes and actor behaviors, and make educated assessments about what 2024 will bring.
This month on the DISCARDED podcast my co-host Crista Giering and I sat down with our Threat Research leaders Daniel Blackford, Alexis Dorais-Joncas, Randy Pargman, and Rich Gonzalez, leaders of the ecrime, advanced persistent threat (APT), threat detection, and Emerging Threats teams, respectively. We discussed what we learned over the last year, and what\'s on the horizon for the future. While the discussions touched on different topics and featured different opinions on everything from artificial intelligence (AI) to living off the land binaries (LOLBins) to vulnerability exploitation to ransomware, there were some notable themes that are worth writing down. We can\'t say for sure what surprises are in store, but with our cyber crystals balls fully charged – and a deep knowledge of a year\'s worth of threat actor activity based on millions of email threats per day – we can predict with high confidence what\'s going to be impactful in the coming year.
1: Quick response (QR) codes will continue to proliferate
2023 was the year of the QR code. Although not new, QR codes burst on the scene over the last year and were used in many credential phishing and malware campaigns. The use was driven by a confluence of factors, but ultimately boiled down to the fact that people are now way more accustomed to scanning QR codes for everything from instructions to menus. And threat actors are taking advantage. Proofpoint recently launched new in-line sandboxing capabilities to better defend against this threat, and our teams anticipate seeing more of it in 2024. Notably, however, Dorais-Joncas points out that QR codes still just exist in the realm of ecrime – APT actors have not yet jumped on the QR code bandwagon. (Although, some of those APT actors bring ecrime energy to their campaigns, so it\'s possible they may start QR code phishing, too.)
2: Zero-day and N-day vulnerability exploitation
A theme that appeared throughout our conversations was the creative use of vulnerabilities – both known and unreported – in threat actor activity. APT actors used a wide variety of exploits, from TA473 exploiting publicly-facing webmail servers to espionage actors using a zero-day in an email security gateway appliance that ultimately forced users to rip out and reinstall physical hardware. But ecrime actors also exploited their share of vulnerabilities, including the MOVEit file transfer service vulnerability from the spring of 2023 that had cascading repercussions, and the ScreenConnect flaw announced in the fall of 2023 – both of which were used by ecrime actors before being officially published. Proofpoint anticipates vulnerability exploitation will continue, driven in part by improved defense making old school techniques – like macro-enabled documents – much less useful, as well as the vast financial resources now available to cybercriminals that were once just the domain of APT. Pargman says the creativity from ecrime threat actors is a direct response of defenders imposing cost on our adversaries.
3: Continuing, unexpected behavior changes
Avid listeners of the podcast know I have regularly said the ecrime landscape is extremely chaotic, with TA577 demonstrating the most chaotic vibes of them all. The tactics, techniques, and procedures (TTPs) of some of the most sophisticated actors continue to change. The cost imposed on threat actors that Pargman mentioned – from law enforcement takedowns of massive botnets like Qbot to improved detections and automated defenses – have forced threat actors, cybercriminals in particular, to regularly change their behaviors to figure out what is most effective. For example, recently Proofpoint has observed the increased use of: traffic dis |
Ransomware
Malware
Tool
Vulnerability
Threat
Prediction
|
|
★★★
|
|
2024-01-23 11:00:00 |
La montée des ransomwares: stratégies de prévention The rise of ransomware: Strategies for prevention (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The exponential rise of ransomware attacks in recent times has become a critical concern for organizations across various industries. Ransomware, a malicious software that encrypts data and demands a ransom for its release, can wreak havoc on an organization\'s operations, finances, and reputation. This comprehensive guide delves into the intricate landscape of ransomware, exploring sophisticated attack vectors, common vulnerabilities, and providing detailed strategies for prevention.
Ransomware is a type of malicious software designed to deny access to a computer system or data until a sum of money is paid. It often gains unauthorized access through exploiting vulnerabilities or employing social engineering tactics like phishing emails and malicious attachments.
Over the years, ransomware attacks have evolved from indiscriminate campaigns to highly targeted and sophisticated operations. Notorious strains such as WannaCry, Ryuk, and Maze have demonstrated the devastating impact of these attacks on organizations worldwide.
Common vulnerabilities exploited
Outdated software and patch management: Ransomware often exploits vulnerabilities in outdated software. Robust patch management is crucial for closing these security gaps.
Social engineering and phishing: Human error remains a significant factor in ransomware attacks. Employees need comprehensive training to recognize and avoid phishing attempts.
Weak authentication practices: Inadequate password policies and the absence of multi-factor authentication create entry points for threat actors.
Poorly configured remote desktop protocol (RDP): RDP misconfigurations can provide a direct path for ransomware to infiltrate a network.
Comprehensive prevention strategies
Regular software updates and patch management: Implement a proactive approach to software updates and patch vulnerabilities promptly.
Employee training and awareness: Conduct regular cybersecurity training sessions to educate employees about the dangers of phishing and best practices for online security.
Multi-factor authentication (MFA): Enforce MFA to add an additional layer of security, mitigating the risk of unauthorized access.
Network segmentation: Divide networks into segments to contain the spread of ransomware in case of a breach.
Data backup and recovery: Establish regular backups of critical data and ensure that recovery processes are tested and reliable.
Post-infection recovery plans:
The aftermath of a ransomware attack can be chaotic and detrimental to an organization\'s operations. Developing a robust post-infection recovery plan is essential to minimize damage, restore functionality, and ensure a swift return to normalcy. This detailed guide outlines the key components of an effective recovery plan tailored for organizations recovering from a ransomware incident.
Key components of post-infection recovery plans:
Incident response team activation:
Swift action: Activate the incident response team immediately upo |
Ransomware
Data Breach
Vulnerability
Threat
|
|
★★
|
|
2024-01-23 10:22:49 |
New Apple Zero-Day dans WebKit a reçu un correctif (CVE-2024-23222) New Apple Zero-Day in WebKit Received a Fix (CVE-2024-23222) (lien direct) |
> Apple a publié des mises à jour de sécurité pour aborder la première vulnérabilité des 2024 jours affectant ses produits ....
>Apple has issued security updates to address the first 2024 zero-day vulnerability affecting its products....
|
Vulnerability
Threat
|
|
★★
|
|
2024-01-23 08:36:41 |
Sternum et ChargePoint collaborent pour améliorer la sécurité Flex Flex de charge de charge Sternum and ChargePoint Collaborate to Enhance ChargePoint Home Flex Security (lien direct) |
Sternum et ChargePoint Collabore pour améliorer ChargePoint Home Flex Security @Sternum IoT Security découvre la vulnérabilité critique dans le dispositif de charge Home Flex
-
vulnérabilité de sécurité
Sternum and ChargePoint Collaborate to Enhance ChargePoint Home Flex Security @Sternum IoT Security Discovers Critical Vulnerability in ChargePoint Home Flex Device
-
Security Vulnerability |
Vulnerability
|
|
★★
|
|
2024-01-23 07:00:00 |
Apple émet un patch pour un jour zéro critique dans les iPhones, Mac - Mettez à jour maintenant Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (lien direct) |
Apple a publié lundi des mises à jour de sécurité pour iOS, iPados, macOS, TVOS et SAFARI Web Browser pour aborder une faille zéro-jour qui a subi une exploitation active dans la nature.
Le problème, suivi comme CVE-2024-23222, est un bug de confusion de type qui pourrait être exploité par un acteur de menace pour obtenir une exécution de code arbitraire lors du traitement du contenu Web fabriqué avec malveillance.Le géant de la technologie a dit le problème
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem |
Vulnerability
Threat
|
|
★★
|
|
2024-01-22 22:08:00 |
Les espions chinois ont exploité le bug de VMware critique pendant près de 2 ans Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years (lien direct) |
Même les clients VMware les plus prudents peuvent avoir besoin de revenir en arrière et de vérifier qu'ils n'étaient pas compromis par un exploit zero-jour pour CVE-2023-34048.
Even the most careful VMware customers may need to go back and double check that they weren\'t compromised by a zero-day exploit for CVE-2023-34048. |
Vulnerability
Threat
|
|
★★★
|
|
2024-01-22 16:52:00 |
52% des vulnérabilités graves que nous trouvons sont liées à Windows 10 52% of Serious Vulnerabilities We Find are Related to Windows 10 (lien direct) |
Nous avons analysé 2,5 millions de vulnérabilités que nous avons découvertes dans les actifs de nos clients.C'est ce que nous avons trouvé.
Creuser dans les données
L'ensemble de données que nous analysons ici est représentatif d'un sous-ensemble de clients qui souscrivent à nos services de numérisation de vulnérabilité.Les actifs numérisés incluent ceux accessibles sur Internet, ainsi que ceux présents sur les réseaux internes.Les données incluent les résultats du réseau
We analyzed 2,5 million vulnerabilities we discovered in our customer\'s assets. This is what we found.
Digging into the data
The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks. The data includes findings for network |
Vulnerability
Studies
|
|
★★★★
|
|
2024-01-22 15:24:23 |
Exploration de la collaboration stratégique de B & uuml; Hler \\ avec Intigriti Exploring Bühler\\'s strategic collaboration with Intigriti (lien direct) |
Avant de collaborer avec Intigriti, B & Uuml; Hler a été confronté à un défi commun mais complexe: améliorer l'efficacité de leur programme de divulgation de vulnérabilité (VDP).Ayant déjà été créé depuis deux ans, le programme se débattait sous le poids de l'inefficacité et a été largement dépassé de rapports de faible qualité. & # 160; & # 160;B & uuml; Hler & # 8217; s partenariat avec Inigriti, un leader mondial des tests de cybersécurité du crowdsourced, marqué [& # 8230;]
Before collaborating with Intigriti, Bühler faced a common yet complex challenge: enhancing the effectiveness of their Vulnerability Disclosure Program (VDP). Having already been established for two years, the program was struggling under the weight of inefficiency and was largely overrun with low-quality reports. Bühler’s partnership with Intigriti, a global leader in crowdsourced cybersecurity testing, marked […]
|
Vulnerability
|
|
★
|
|
2024-01-22 14:14:55 |
Nouveau NTLM Hash Felt Attacks Target Outlook, Programmes Windows New NTLM Hash Leak Attacks Target Outlook, Windows Programs (lien direct) |
> Varonis trouve une vulnérabilité et trois méthodes d'attaque qui peuvent être utilisées pour obtenir des hachages NTLM via Outlook et deux programmes Windows.
>Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs.
|
Vulnerability
|
|
★★★
|
|
2024-01-22 13:06:46 |
CheckMarx annonce de nouvelles intégrations avec ServiceNow Checkmarx Announces New Integrations with ServiceNow (lien direct) |
CheckMarx annonce de nouvelles intégrations avec ServiceNow
Les développeurs utilisant DevOps change la vitesse peuvent désormais afficher les résumés de scan CheckMarx dans DevOps sans impact sur la réponse de vulnérabilité de l'application
-
revues de produits
Checkmarx Announces New Integrations with ServiceNow
Developers using DevOps Change Velocity can now view Checkmarx scan summaries in DevOps with no impact on Application Vulnerability Response
-
Product Reviews |
Vulnerability
|
|
★★★
|
|
2024-01-22 13:00:52 |
Un guide étape par étape pour repérer et prévenir les injections de cadre A Step-by-Step Guide to Spotting and Preventing Frame Injections (lien direct) |
> Imaginez une jungle numérique florissante où les applications sur le Web sont la faune abondante, et les cybercriminels qui se cachent sont des cybercriminels, toujours prêts à bondir.Parmi leurs méthodes astucieuses, il y a & # 8216; injection de cadre, & # 8217;Une tactique sournoise qui transforme les applications Web en pavés de lancement pour le phishing et les logiciels malveillants s'ils ne sont pas rapidement détectés et écrasés.Considérez Rapid7, une sentinelle de cybersécurité basée dans le Massachusetts.Ils ont récemment découvert et corrigé un dangereux défaut d'injection SQL dans Nexpose, leur logiciel de gestion des vulnérabilités local.Si ce trou était resté caché, il pourrait être devenu la scène parfaite pour une attaque XSS.Heureusement, il existe des méthodes pour atténuer efficacement les attaques d'injection de cadre.Armé [& # 8230;]
>Imagine a thriving digital jungle where web-based applications are the abundant wildlife, and lurking amongst them are cybercriminals, ever ready to pounce. Among their crafty methods is ‘frame injection,’ a sneaky tactic that turns web applications into launchpads for phishing and malware if not quickly detected and squashed. Consider Rapid7, a cybersecurity sentinel based in Massachusetts. They recently discovered and fixed a dangerous SQL injection flaw in Nexpose, their home-grown vulnerability management software. If this hole had stayed hidden, it could’ve become the perfect stage for an XSS attack. Thankfully, there are methods to mitigate frame injection attacks effectively. Armed […]
|
Malware
Vulnerability
|
|
★★★
|
|
2024-01-22 11:56:00 |
Ventes de la base de données Trello, Exploits Ivanti Zero-Day, Phantom Loader, US et Australia Credit Cards Sales of Trello Database, Ivanti Zero-Day Exploits, Phantom Loader, US and Australia Credit Cards (lien direct) |
Dans Socradar Dark Web Team & # 8217; s les dernières découvertes, de leur surveillance d'une semaine du Dark Web, ...
In SOCRadar Dark Web Team’s latest findings, from their week-long monitoring of the dark web,...
|
Vulnerability
Threat
|
|
★★★
|
|
2024-01-22 11:00:00 |
Meilleures pratiques pour mettre en œuvre l'auto-doxxing dans les organisations Best practices to implement self-doxxing in organizations (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Organizations face a constant challenge to balance transparency and security in today\'s rapidly evolving digital landscape. One emerging concept that has gained traction in recent years is the practice of "self-doxxing." This seemingly counterintuitive term refers to the deliberate and controlled sharing of an organization\'s information, often sensitive, to enhance transparency, accountability, and trust. While it might sound paradoxical to disclose information that could be exploited by malicious actors voluntarily, the strategic implementation of self-doxing can indeed be a powerful tool in an organization\'s arsenal.
What does it mean by self-doxxing?
Self-doxing, short for "self-documenting," is a proactive approach where organizations voluntarily share information about themselves, their operations, and their practices with the public, stakeholders, and competitors.
This practice is in direct contrast to traditional security measures that aim to limit the exposure of sensitive data. Traditionally, data privacy measures rely on endpoint security tools such as VPNs, antivirus, password managers, etc, to ensure security. These tools help implement a zero-trust security module within an organization to ensure data privacy and security.
In contrast to this traditional zero-trust security method, self-doxing is a strategic move to foster transparency, build trust, and engage with a broader audience. It\'s about taking control of the narrative surrounding your organization and providing the public with a clearer picture of who you are and what you stand for.
By voluntarily sharing information, organizations aim to shape perceptions, demonstrate accountability, and minimize the potential for unauthorized leaks or misinformation. However, successful self-doxxing requires careful planning and a deep understanding of what to share and protect.
Why should you implement self-doxxing in an organization?
Self-doxing, when executed thoughtfully, offers many advantages for organizations looking to thrive in a digitally connected world.
Enhanced transparency:
One of the primary benefits of self-doxxing is the promotion of transparency. By willingly sharing information about your organization\'s operations, practices, and ethical standards, you signal stakeholders and the public that you have nothing to hide. This transparency can foster trust and credibility, making your organization more attractive to customers, investors, and partners.
Reputation management:
Self-doxxing allows you to control the narrative about your organization. By providing accurate and comprehensive information, you can preemptively address potential issues, correct misunderstandings, and mitigate reputational risks. This proactive approach to reputation management can be invaluable in an age where public perception can impact an organization\'s success.
Stakeholder engagement:
Sharing information about your organization can also enhance stakeholder engagement, including customers, employees, and shareholders. When people feel that an organization is open and honest about its practices, they are more likely to engage positively with it.
Competitive advantage:
Self-doxxing can also provide a competitive edge. By openly sharing your organization\'s strengths, innovations, and accomplishments, you can demonstrate industry leadership and attract talent, partners, and customers who align with your values and goals.
Regulatory compliance:
In many industries, regulatory compliance requ |
Tool
Vulnerability
|
|
★★★
|
|
2024-01-22 10:15:00 |
La directive d'urgence de la CISA exige une action sur Ivanti Zero-Days CISA Emergency Directive Demands Action on Ivanti Zero-Days (lien direct) |
L'agence de sécurité américaine CISA ordonne à toutes les agences fédérales civiles de prendre des mesures immédiates pour atténuer deux défauts de zéro-jour Ivanti
US security agency CISA orders all civilian federal agencies to take immediate steps to mitigate two Ivanti zero-day flaws |
Vulnerability
Threat
|
|
★★★
|
|
2024-01-22 09:38:46 |
CISA émet une directive d'urgence aux agences FCEB sur Ivanti Connect Secure, Policy Secure Vulnérabilités CISA issues emergency directive to FCEB agencies on Ivanti Connect Secure, Policy Secure vulnerabilities (lien direct) |
> L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié vendredi une directive d'urgence qui dirige le cadre civil fédéral ...
>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published Friday an Emergency Directive that directs Federal Civilian Executive...
|
Vulnerability
|
|
★★★
|
|
2024-01-22 06:00:26 |
Types de menaces et d'attaques d'identité que vous devez être consciente Types of Identity Threats and Attacks You Should Be Aware Of (lien direct) |
It\'s easy to understand why today\'s cybercriminals are so focused on exploiting identities as a key step in their attacks. Once they have access to a user\'s valid credentials, they don\'t have to worry about finding creative ways to break into an environment. They are already in.
Exploiting identities requires legwork and persistence to be successful. But in many ways this tactic is simpler than exploiting technical vulnerabilities. In the long run, a focus on turning valid identities into action can save bad actors a lot of time, energy and resources. Clearly, it\'s become a favored approach for many attackers. In the past year, 84% of companies experienced an identity-related security breach.
To defend against identity-based attacks, we must understand how bad actors target the authentication and authorization mechanisms that companies use to manage and control access to their resources. In this blog post, we will describe several forms of identity-based attacks and methods and offer an overview of some security controls that can help keep identity attacks at bay.
Types of identity-based attacks and methods
Below are eight examples of identity attacks and related strategies. This is not an exhaustive list and, of course, cybercriminals are always evolving their techniques. But this list does provide a solid overview of the most common types of identity threats.
1. Credential stuffing
Credential stuffing is a type of brute-force attack. Attackers add pairs of compromised usernames and passwords to botnets that automate the process of trying to use the credentials on many different websites at the same time. The goal is to identify account combinations that work and can be reused across multiple sites.
Credential stuffing is a common identity attack technique, in particular for widely used web applications. When bad actors find a winning pair, they can steal from and disrupt many places at once. Unfortunately, this strategy is highly effective because users often use the same passwords across multiple websites.
2. Password spraying
Another brute-force identity attack method is password spraying. A bad actor will use this approach to attempt to gain unauthorized access to user accounts by systematically trying commonly used passwords against many usernames.
Password spraying isn\'t a traditional brute-force attack where an attacker attempts to use many passwords against a single account. It is a more subtle and stealthy approach that aims to avoid account lockouts. Here\'s how this identity attack usually unfolds:
The attacker gathers a list of usernames through public information sources, leaked databases, reconnaissance activities, the dark web and other means.
They then select a small set of commonly used or easily guessable passwords.
Next, the attacker tries each of the selected passwords against a large number of user accounts until they find success.
Password spraying is designed to fly under the radar of traditional security detection systems. These systems may not flag these identity-based attacks due to the low number of failed login attempts per user. Services that do not implement account lockout policies or have weak password policies are at risk for password spraying attacks.
3. Phishing
Here\'s a classic and very effective tactic that\'s been around since the mid-1990s. Attackers use social engineering and phishing to target users through email, text messages, phone calls and other forms of communication. The aim of a phishing attack is to trick users into falling for the attacker\'s desired action. That can include providing system login credentials, revealing financial data, installing malware or sharing other sensitive data.
Phishing attack methods have become more sophisticated over the years, but they still rely on social engineering to be effective.
4. Social engineering
Social engineering is more of an ingredient in an identity attack. It\'s all about the deception and manipulation of users, and it\'s a feature in |
Malware
Vulnerability
Threat
Patching
Technical
|
|
★★
|
|
2024-01-22 05:10:56 |
Outils de sécurité cloud essentiels pour les devsecops efficaces Essential Cloud Security Tools for Effective DevSecOps (lien direct) |
La mise en œuvre d'une approche DevSecops est le facteur clé le plus impactant dans le coût total d'une violation de données.Les DevseCops réussis dans un monde natif du cloud sont aidés par les bons outils.Voici une poignée des outils de sécurité du cloud les plus essentiels et ce qu'il faut rechercher pour aider DevseCops.
Top outil de sécurité du cloud essentiel pour DevSecops: analyse de composition logicielle
L'analyse de la composition logicielle (SCA) est le pain et le beurre des outils de sécurité du cloud pour des Devsecops efficaces et la sécurisation de la chaîne d'approvisionnement des logiciels.
Pourquoi cela compte: les logiciels open source (OSS) sont pratiques, mais il est livré avec quelques captures.Il y a des vulnérabilités, des mises à jour manquées et un risque de licence pour s'inquiéter.C'est là où SCA entre en jeu.
SCA adopte une approche proactive pour trouver ces risques tôt.Quelques choses que vous souhaitez rechercher lorsque vous choisissez le bon outil SCA pour vous:
Contrôle continu
Rapports et analyses avec référence par les pairs
Guide de remédiation et suggestions
Dépendance…
Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach. Successful DevSecOps in a cloud-native world is aided by the right tools. Here are a handful of the most essential cloud security tools and what to look for in them to aid DevSecOps.
Top Essential Cloud Security Tool for DevSecOps: Software Composition Analysis
Software Composition Analysis (SCA) is the bread and butter of cloud security tools for effective DevSecOps and securing the software supply chain.
Why it matters: open-source software (OSS) is handy, but it comes with a few catches. There are vulnerabilities, missed updates, and license risk to be worried about. That\'s where SCA comes in.
SCA takes a proactive approach to finding these risks early. A few things you want to look out for when picking the right SCA tool for you:
Continuous Monitoring
Reporting & Analytics with Peer Benchmarking
Remediation Guidance & Fix Suggestions
Dependency… |
Data Breach
Tool
Vulnerability
Cloud
|
|
★★★
|
|
2024-01-20 18:46:50 |
API dans Peril: Le dernier rapport de Wallarm \\ expose la hausse des attaques d'API et met en évidence les prédictions de sécurité pour 2024 APIs in peril: Wallarm\\'s latest report exposes uptick in API attacks and highlights security predictions for 2024 (lien direct) |
API dans Peril: Le dernier rapport de Wallarm \\ expose la hausse des attaques d'API et met en évidence les prédictions de sécurité pour 2024
Rapport annuel a analysé 1,2 milliard d'attaques, plus de 22 000 vulnérabilités et plus de 146 rapports de primes de bug pour prédire les tendances de sécurité des API 2024
18 janvier 2024 09:00 am
-
opinion
APIs in peril: Wallarm\'s latest report exposes uptick in API attacks and highlights security predictions for 2024
Annual report analyzed 1.2 billion attacks, more than 22,000 vulnerabilities and over 146 bug bounty reports to predict 2024 API security trends
January 18, 2024 09:00 AM Eastern Standard Time
-
Opinion |
Vulnerability
Prediction
|
|
★★
|
|
2024-01-20 15:53:00 |
Les pirates chinois ont silencieusement armé le vmware zéro jour pendant 2 ans Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years (lien direct) |
Un groupe avancé de cyber-espionnage China-Nexus précédemment lié à l'exploitation des défauts de sécurité dans les appareils VMware et Fortinet a été lié à l'abus d'une vulnérabilité critique dans VMware vCenter Server en tant que zéro-jour depuis la fin de 2021.
"UNC3886 a des antécédents d'utilisation des vulnérabilités zéro jour pour terminer leur mission sans être détectée, et ce dernier exemple plus loin
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
"UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further |
Vulnerability
Threat
|
|
★★★★
|
|
2024-01-20 10:01:00 |
La CISA émet une directive d'urgence aux agences fédérales sur les exploits Ivanti Zero-Day CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) Produits.
Le développement est intervenu après la & nbsp; vulnérabilités & nbsp; & # 8211;une contournement d'authentification
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.
The development came after the vulnerabilities – an authentication bypass |
Vulnerability
Threat
|
|
★★★
|
|
2024-01-19 22:13:10 |
La CISA émet une directive d'urgence pour les agences fédérales pour patcher les vulnérabilités VPN Ivanti CISA issues emergency directive for federal agencies to patch Ivanti VPN vulnerabilities (lien direct) |
> L'agence affirme que le bogue est activement exploité et présente un risque pour les réseaux fédéraux.
>The agency says the bug is being actively exploited and poses a risk to federal networks.
|
Vulnerability
|
|
★★★
|
|
2024-01-19 19:46:00 |
Les vulnérabilités ivanti sont largement exploitées, dit CISA dans la directive d'urgence Ivanti vulnerabilities are being exploited widely, CISA says in emergency directive (lien direct) |
Les agences civiles du gouvernement américain sont condamnées à réparer immédiatement deux vulnérabilités affectant un outil populaire de la société informatique Ivanti après que le meilleur chien de garde de la cybersécurité de la nation \\ a mis en garde contre une exploitation généralisée.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a sonné l'alarme vendredi à propos de CVE-2023-46805 et CVE-2024-21887 - Deux bogues affectant la politique d'Ivanti Secu
Civilian agencies across the U.S. government are being ordered to immediately patch two vulnerabilities affecting a popular tool from IT company Ivanti after the nation\'s top cybersecurity watchdog warned of widespread exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Friday about CVE-2023-46805 and CVE-2024-21887 - two bugs affecting Ivanti Policy Secure |
Tool
Vulnerability
|
|
★★
|
|
2024-01-19 19:00:00 |
Troisième vulnérabilité ivanti exploitée dans la nature, rapporte CISA Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (lien direct) |
Bien que les rapports indiquent que ce dernier bogue d'Ivanti est exploité, il n'est pas clair exactement comment les acteurs de la menace l'utilisent.
Though reports say this latest Ivanti bug is being exploited, it\'s unclear exactly how threat actors are using it. |
Vulnerability
Threat
|
|
★★★
|
|
2024-01-19 17:30:00 |
Le groupe d'espionnage chinois UNC3886 a trouvé l'exploitation du CVE-2023-34048 depuis la fin 2021 Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021 (lien direct) |
Bien que signalé et corrigé publiquement en octobre 2023, la sécurité des produits Mandiant et VMware a trouvé unc3886 , un groupe d'espionnage China-Nexus très avancé, a exploité CVE-2023-34048 jusqu'à la fin 2021. Ces résultats proviennent de la recherche continue de Maniant \\ de Les nouveaux chemins d'attaque utilisés par unc3886 , qui se concentre historiquement sur les technologies qui ne sont pas en mesure de les déployer par EDR.UNC3886 a une expérience en utilisant des vulnérabilités zéro-jours pour terminer leur mission sans être détectée, et ce dernier exemple démontre en outre leurs capacités. Lorsque vous couvrez
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021.These findings stem from Mandiant\'s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to have EDR deployed to them. UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further demonstrates their capabilities. When covering |
Vulnerability
Threat
|
|
★★★★
|
|
2024-01-19 14:37:03 |
Oracle a publié 389 nouveaux correctifs de sécurité en janvier 2024 Mise à jour de patch critique Oracle Issued 389 New Security Patches in January 2024 Critical Patch Update (lien direct) |
> Oracle a publié son avis de mise à jour de patch critique pour janvier 2024, visant à remédier aux vulnérabilités ...
>Oracle has released its Critical Patch Update advisory for January 2024, aimed at remedying vulnerabilities...
|
Vulnerability
|
|
★★★
|
|
2024-01-19 12:32:42 |
Les défauts critiques «Pixiefail» exposent des millions d'appareils aux cyberattaques Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks (lien direct) |
par deeba ahmed
QuarksLab découvre "Pixiefail" Vulnérabilités: les défauts critiques dans le code UEFI open source nécessitent un correctif immédiat.
Ceci est un article de HackRead.com Lire le post original: Critical & # 8220; Pixiefail & # 8221;Les défauts exposent des millions d'appareils aux cyberattaques
By Deeba Ahmed
Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching.
This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks |
Vulnerability
Patching
|
|
★★★
|
|
2024-01-19 11:01:38 |
La vulnérabilité Ivanti EPMM ciblée dans les attaques à mesure que l'exploitation des défauts VPN augmente Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases (lien direct) |
> Le nombre d'appareils VPN Ivanti compromis par l'exploitation des augmentations de défauts récentes et une autre vulnérabilité est ajoutée à la liste exploitée.
>The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list.
|
Vulnerability
|
|
★★★
|
|
2024-01-19 10:25:00 |
L'Agence américaine de cybersécurité avertit une vulnérabilité Ivanti EPMM activement exploitée U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) jeudi et NBSP; Additiond & NBSP; une faille critique désormais paire impactant le Catalogue Ivanti Endpoint Manager (EPMM) et MobileIron Core à son catalogue Vulnérabilités exploité (KEV) connu, indiquant qu'il est activement activement exploité (KEV)exploité dans la nature.
La vulnérabilité en question est & nbsp; CVE-2023-35082 & nbsp; (Score CVSS: 9.8), un contournement d'authentification
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it\'s being actively exploited in the wild.
The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass |
Vulnerability
Mobile
|
|
★★★
|
|
2024-01-19 06:44:06 |
Un consultant informatique a condamné à une amende pour avoir osé exposer la sécurité de mauvaise qualité IT consultant fined for daring to expose shoddy security (lien direct) |
repérer un mot de passe en clair et l'utiliser dans la recherche sans autorisation considérée comme un crime Un chercheur en sécurité en Allemagne a été condamné à une amende et en Euro; 3 000 (3300 $, & Pound; 2 600) pour trouver et signaler un commerce électroniqueVulnérabilité de la base de données qui exposait près de 700 000 enregistrements clients…
Spotting a plaintext password and using it in research without authorization deemed a crime A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.… |
Vulnerability
|
|
★★★
|
|
2024-01-18 22:30:00 |
Citrix découvre 2 vulnérabilités, toutes deux exploitées dans la nature Citrix Discovers 2 Vulnerabilities, Both Exploited in the Wild (lien direct) |
Ces vulnérabilités sont les deuxième et troisième pour Citrix, mais ne devraient pas être aussi préjudiciables que "Citrixed".
These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed." |
Vulnerability
|
|
★★★
|
|
2024-01-18 18:55:27 |
Ivanti Connect Secure VPN Exploitation: Nouvelles observations Ivanti Connect Secure VPN Exploitation: New Observations (lien direct) |
> Le 15 janvier 2024, la volexité a détaillé l'exploitation généralisée des vulnérabilités VPN sécurisées Ivanti Connect CVE-2024-21887 et CVE-2023-46805.Dans ce billet de blog, la volexité a détaillé un numérisation et une exploitation plus larges par des acteurs de menace utilisant des exploits toujours non publiques pour compromettre de nombreux appareils.Le lendemain, le 16 janvier 2023, le code de preuve de concept pour l'exploit a été rendu public par Rapid7.Par la suite, la volexité a observé une augmentation des attaques de divers acteurs de menace contre les appareils VPN sécurisés Ivanti Connect à partir du même jour.De plus, la volexité a poursuivi son enquête sur l'activité menée par UTA0178 et fait quelques découvertes notables.Le premier se rapporte à la volet de Web GiftedVisitor pour laquelle la volexité a scanné, ce qui a conduit à la découverte initiale de plus de 1 700 dispositifs VPN Secure Ivanti compromis.Le 16 janvier 2024, Volexity a effectué un nouveau scan pour cette porte dérobée et a trouvé 368 appropriés supplémentaires sur les appareils VPN Secure Ivanti compromis, apportant le nombre total de systèmes infectés par [& # 8230;]
>On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. The following day, January 16, 2023, proof-of-concept code for the exploit was made public by Rapid7. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day. Additionally, Volexity has continued its investigation into activity conducted by UTA0178 and made a few notable discoveries. The first relates to the GIFTEDVISITOR webshell that Volexity scanned for, which led to the initial discovery of over 1,700 compromised Ivanti Connect Secure VPN devices. On January 16, 2024, Volexity conducted a new scan for this backdoor and found an additional 368 compromised Ivanti Connect Secure VPN appliances, bringing the total count of systems infected by […]
|
Vulnerability
Threat
|
|
★★★
|
|
2024-01-18 14:49:00 |
Les défauts de Pixiefail UEFI exposent des millions d'ordinateurs à RCE, DOS et Vol de données PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft (lien direct) |
Plusieurs vulnérabilités de sécurité ont été divulguées dans la pile de protocole réseau TCP / IP d'une implémentation de référence open source de la spécification Unified Extensible Firmware Interface (UEFI) utilisé largement dans les ordinateurs modernes.
Collectivement doublé & nbsp; pixiefail & nbsp; par Quarkslab, le & nbsp; neuf problèmes & nbsp; résider dans le kit de développement de Tianocore EFI II (EDK II) et pourraient être exploités à
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers.
Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to |
Vulnerability
|
|
★★
|
|
2024-01-18 08:30:10 |
Comment la fonction d'assistant OpenAI peut-elle aider à la gestion de la vulnérabilité? How Can OpenAI Assistant Feature Help in Vulnerability Management? (lien direct) |
> L'intégration de l'intelligence artificielle est devenue déterminante dans la fortification des défenses contre l'évolution des menaces.Un ...
>The integration of artificial intelligence has become instrumental in fortifying defenses against evolving threats. One...
|
Vulnerability
|
|
★★★
|
|
2024-01-18 07:10:53 |
MIMO COINMINER ET MIMUS RANSOMWALIES installées via des attaques de vulnérabilité Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment observé les circonstances d'un acteur de menace de Coinmin appelé MIMO exploitant diverses vulnérabilités àinstaller des logiciels malveillants.MIMO, également surnommé HEZB, a été retrouvé pour la première fois lorsqu'ils ont installé des co -miners grâce à une exploitation de vulnérabilité Log4Shell en mars 2022. Jusqu'à présent, tous les cas d'attaque impliquaient l'installation de XMRIG Coinmin, appelé MIMO Miner Bot dans l'étape finale.Cependant, il y avait d'autres cas pertinents où le même acteur de menace a installé Mimus Ransomware, Proxyware et Reverse Shell ...
AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the installation of XMRig CoinMiner called Mimo Miner Bot in the final stage. However, there were other pertinent cases where the same threat actor installed Mimus ransomware, proxyware, and reverse shell...
|
Ransomware
Malware
Vulnerability
Threat
|
|
★★★
|
|
2024-01-18 00:00:00 |
Protéger la sécurité de votre réseau contre la menace Ivanti Zero-Day Protecting Your Network Security from Ivanti Zero-Day Threat (lien direct) |
La vulnérabilité négligée avec des impacts réels
The overlooked vulnerability with real impacts |
Vulnerability
Threat
|
|
★★
|
|
2024-01-17 21:58:17 |
Avant de pointe: cibles suspectées APT Ivanti Connect Secure VPN dans une nouvelle exploitation zéro-jour |Mandiant Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation | Mandiant (lien direct) |
#### Description
Le 10 janvier 2024, Ivanti a révélé deux vulnérabilités, CVE-2023-46805 et CVE-2024-21887, impactant Ivanti Connect Secure VPN («CS», anciennement Secure Secure) et Ivanti Policy Secure («PS»).Une exploitation réussie pourrait entraîner un contournement d'authentification et une injection de commandement, entraînant un autre compromis en aval d'un réseau de victimes.Mandiant a identifié l'exploitation zéro-jour de ces vulnérabilités à l'état sauvage dès décembre 2023 par un acteur présumé de menace d'espionnage, actuellement suivi de l'UNC5221.
Mandiant partage les détails de cinq familles de logiciels malveillants associés à l'exploitation des appareils CS et PS.Ces familles permettent aux acteurs de la menace de contourner l'authentification et de fournir un accès de porte dérobée à ces appareils.
#### URL de référence (s)
1. https://www.mandiant.com/resourceS / Blog / suspecté-APT-Targets-Ivanti-Zero-Day
#### Date de publication
17 janvier 2024
#### Auteurs)
Tyler McLellan
John Wolfram
Gabby Rconcone
Matt Lin
Robert Wallace
Dimiter Andonov
#### Description
On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities in the wild beginning as early as December 2023 by a suspected espionage threat actor, currently being tracked as UNC5221.
Mandiant is sharing details of five malware families associated with the exploitation of CS and PS devices. These families allow the threat actors to circumvent authentication and provide backdoor access to these devices.
#### Reference URL(s)
1. https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day
#### Publication Date
January 17, 2024
#### Author(s)
Tyler Mclellan
John Wolfram
Gabby Roncone
Matt Lin
Robert Wallace
Dimiter Andonov
|
Malware
Vulnerability
Threat
|
|
★★★★
|