Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-08-09 14:22:07 |
Fortra présente de nouvelles intégrations pour la sécurité offensive Fortra Introduces New Integrations for Offensive Security (lien direct) |
Fortra présente de nouvelles intégrations pour la sécurité offensive
combinant le test du stylo, l'équipe rouge et la gestion de la vulnérabilité pour une sécurité plus robuste
-
revues de produits
Fortra Introduces New Integrations for Offensive Security
Combining pen testing, red teaming, and vulnerability management for more robust security
-
Product Reviews |
Vulnerability
|
|
★★
|
|
2023-08-03 19:10:45 |
Vulcan Cyber a lancé le nouveau graphique Vulcan Cyber Attack Path Vulcan Cyber launched the new Vulcan Cyber Attack Path Graph (lien direct) |
Vulcan Cyber Attack Path Graph Cibler la priorisation du risque à l'échelle du nuage et l'atténuation
La nouvelle cyber-capacité Vulcan offre un contexte de risque d'actifs et de vulnérabilité sans précédent dans toutes les surfaces de cyberattaques
-
revues de produits
Vulcan Cyber Attack Path Graph Targets Cloud-Scale Risk Prioritization and Mitigation
New Vulcan Cyber capability delivers unprecedented asset and vulnerability risk context across all cyber attack surfaces
-
Product Reviews |
Vulnerability
|
|
★
|
|
2023-08-03 15:23:34 |
Qualys annonce une solution de gestion des risques de logiciels révolutionnaire révolutionnaire Qualys Announces Ground-Breaking First-Party Software Risk Management Solution (lien direct) |
Qualits annonce solution de gestion des risques logiciels révolutionnaire de premier parti
Une nouvelle solution permet aux équipes de sécurité des applications de détecter, de hiérarchiser et de résoudre les vulnérabilités au sein des logiciels développés de l'entreprise et des composants open source ouverts composants
-
revues de produits
Qualys Announces Ground-Breaking First-Party Software Risk Management Solution
New solution enables application security teams to detect, prioritize and remediate vulnerabilities within company developed software and embedded open-source components
-
Product Reviews |
Vulnerability
|
|
★★
|
|
2023-08-03 15:06:28 |
Cybersecurity Unicorn Pentera découvre 12 nouvelles vulnérabilités Cybersecurity Unicorn Pentera Discovers 12 New Vulnerabilities (lien direct) |
Cybersecurity Unicorn Pentera découvre 12 nouvelles vulnérabilités
-
vulnérabilité de sécurité
Cybersecurity Unicorn Pentera Discovers 12 New Vulnerabilities
-
Security Vulnerability |
Vulnerability
|
|
★★★
|
|
2023-07-26 10:08:21 |
CERTFR-2023-AVI-0588 : Multiples vulnérabilités dans Tenable Security Center (26 juillet 2023) (lien direct) |
De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
-
Vulnérabilités |
Vulnerability
|
|
★★
|
|
2023-07-19 19:21:12 |
Le rapport sur la sécurité du sel identifie des vulnérabilités API importantes et l'activité des attaquants dans les services financiers et les compagnies d'assurance Salt Security Report Identifies Significant API Vulnerabilities and Attacker Activity in Financial Services and Insurance Companies (lien direct) |
Le rapport de sécurité des sel identifie les vulnérabilités API importantes et l'activité des attaquants dans les services financiers et les compagnies d'assurance
Le rapport axé sur l'industrie montre que près de 70% des services financiers et des compagnies d'assurance ont subi des retards de déploiement en raison de la sécurité de l'API, 92% ont eu des problèmes de sécurité dans les API de production
-
rapports spéciaux
Salt Security Report Identifies Significant API Vulnerabilities and Attacker Activity in Financial Services and Insurance Companies
Industry-focused report shows nearly 70% of financial services and insurance companies have suffered rollout delays due to API security, 92% have had security issues in production APIs
-
Special Reports |
Vulnerability
Studies
|
|
★★★
|
|
2023-07-13 08:27:12 |
Vigilance.fr - IBM QRadar SIEM : obtention d\'information via Delegated Admin Tenant User, analysé le 28/06/2023 (lien direct) |
Un attaquant peut contourner les restrictions d'accès aux données de IBM QRadar SIEM, via Delegated Admin Tenant User, afin d'obtenir des informations sensibles.
-
Vulnérabilités |
Vulnerability
Mobile
|
|
★★★
|
|
2023-07-12 08:06:13 |
Les idées de MSFT Security Researcher \\ le patch de juillet mardi MSFT security researcher\\'s insights on July Patch Tuesday (lien direct) |
Aujourd'hui, Microsoft a publié des mises à jour logicielles pour corriger une vulnérabilité significative dans la passerelle de bureau distante (passerelle RDP), étiquetée comme CVE-2023-35332.Cette vulnérabilité est centrée sur l'utilisation de protocoles obsolètes et obsolètes, notamment la version 1.0 de la sécurité de la couche de transport Datagram (DTLS), qui présente une sécurité et un risque de conformité substantiels pour les organisations.
-
vulnérabilité de sécurité
Today, Microsoft released software updates to fix a significant vulnerability in the Remote Desktop Gateway (RDP Gateway), tagged as CVE-2023-35332. This vulnerability is centered around the usage of outdated and deprecated protocols, including Datagram Transport Layer Security (DTLS) version 1.0, which presents substantial security and compliance risk to organizations.
-
Security Vulnerability |
Vulnerability
|
|
★★★
|
|
2023-07-10 17:02:12 |
Vigilance.fr - Neutron OpenStack: surcharge via la liste des groupes de sécurité, analysé le 10/05/2023 Vigilance.fr - OpenStack Neutron: overload via Security Groups Listing, analyzed on 10/05/2023 (lien direct) |
An attacker can trigger an overload of OpenStack Neutron, via Security Groups Listing, in order to trigger a denial of service.
-
Security Vulnerability
An attacker can trigger an overload of OpenStack Neutron, via Security Groups Listing, in order to trigger a denial of service.
-
Security Vulnerability |
Vulnerability
|
|
★★★
|
|
2023-07-10 17:02:12 |
Vigilance.fr - OpenStack Neutron : surcharge via Security Groups Listing, analysé le 10/05/2023 (lien direct) |
Un attaquant peut provoquer une surcharge de OpenStack Neutron, via Security Groups Listing, afin de mener un déni de service.
-
Vulnérabilités |
Vulnerability
|
|
★★
|
|
2023-07-07 14:10:49 |
Silent Signal Discovered a Critical Vulnerability in IBM i System – CVE-2023-30990 (lien direct) |
Silent Signal Discovered a Critical Vulnerability in IBM i System – CVE-2023-30990
IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture - IBM i users are advised to urgently apply the security patch provided by IBM
-
Security Vulnerability |
Vulnerability
|
|
★★
|
|
2023-06-14 21:42:02 |
MOVEit Vulnerability Weaponized in Ransomware Attack (lien direct) |
MOVEit Vulnerability Weaponized in Ransomware Attack
-
Malware Update |
Ransomware
Vulnerability
|
|
★★
|
|
2023-06-08 08:00:58 |
Transfert Moveit exploité pour déposer le shell SQL de vol de fichiers MOVEit transfer exploited to drop file-stealing SQL Shell (lien direct) |
Moveit Transfer exploité pour déposer la volet de fichiers SQL Shell
Sentineone a observé l'exploitation dans la volonté (ITW) de CVE-2023-34362, une vulnérabilité dans l'application de serveur de transfert de fichiers Moveit.
-
mise à jour malveillant
MOVEit transfer exploited to drop file-stealing SQL Shell
SentinelOne has observed in-the-wild (ITW) exploitation of CVE-2023-34362, a vulnerability in the MOVEit file transfer server application.
-
Malware Update |
Vulnerability
|
|
★★
|
|
2023-06-05 14:05:23 |
Commentaire de hackuity: CISA ajoute une vulnérabilité critique dans le logiciel de transfert de fichiers Moveit Hackuity Comment: CISA adds critical vulnerability in MOVEit file transfer software (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a ajouté une vulnérabilité critique dans Progress Software Corp. \\ Moveit Fichier Transfer Software à son catalogue connu vulnérabilités exploité et aurait ordonné à toutes les agences fédérales de corriger leurs systèmes d'ici le 23 juin.
La vulnérabilité du logiciel, suivie en tant que CVE-2023-34362, est activement exploitée par les acteurs de la menace.Un attaquant à distance non authentifié peut exploiter la vulnérabilité en envoyant une injection SQL spécialement conçue à une instance de transfert Moveit vulnérable.
Sylvain Cortes, Hackuity VP Strategy & 17x Microsoft MVP Commentaires:
-
opinion
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Progress Software Corp.\'s MOVEit file transfer software to its Known Exploited Vulnerabilities Catalog and reportedly ordered all federal agencies to patch their systems by June 23.
The vulnerability in the software, tracked as CVE-2023-34362, is being actively exploited by threat actors. An unauthenticated, remote attacker can exploit the vulnerability by sending a specially crafted SQL injection to a vulnerable MOVEit Transfer instance.
Sylvain Cortes, Hackuity VP Strategy & 17x Microsoft MVP comments:
-
Opinion |
Vulnerability
Threat
|
|
★★
|
|
2023-05-31 16:19:10 |
Sternum Uncovers Security Vulnerability in Zyxel Networks\\' NAS Appliances (lien direct) |
Sternum découvre la vulnérabilité de sécurité dans les réseaux zyxel \\ 'nas appliances
Les utilisateurs ont conseillé d'appliquer des correctifs de sécurité émis par Zyxel pour empêcher les attaques malveillantes
-
vulnérabilité de sécurité
Sternum Uncovers Security Vulnerability in Zyxel Networks\' NAS Appliances
Users Advised to Apply Security Patch Issued by Zyxel to Prevent Malicious Attacks
-
Security Vulnerability |
Vulnerability
|
|
★★
|
|
2023-05-19 12:11:16 |
Le règlement général de la protection des données (RGPD) de l'UE est entré en vigueur il y a cinq ans le 23 mai 2018 The EU General Data Protection Regulation (GDPR) went into effect five years ago on May 23, 2018 (lien direct) |
A central requirement for organisations at the time was “a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.”
With nearly 100,000 CVEs discovered since the adoption of GDPR – roughly half of all known CVEs to date – an effective vulnerability management programme has never been more essential to avoiding both the costly aftermath of a cyber incident and the resulting penalties from (...)
-
Opinion
A central requirement for organisations at the time was “a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.”
With nearly 100,000 CVEs discovered since the adoption of GDPR – roughly half of all known CVEs to date – an effective vulnerability management programme has never been more essential to avoiding both the costly aftermath of a cyber incident and the resulting penalties from (...)
-
Opinion |
Vulnerability
|
|
★★
|
|
2023-05-19 07:57:59 |
Check Point Software Technologies Bolsters Endpoint Security with Enhanced Posture Management to Tackle Escalating Vulnerability Exploits (lien direct) |
Vérifiez les technologies du logiciel de pointage élabore la sécurité des points de terminaison avec une gestion améliorée de la posture pour lutter contre les exploits de vulnérabilité à l'escalade
L'intégration rationalisée avec Ivanti vise à détecter, hiérarchiser automatiquement et patcher les vulnérabilités pour minimiser les surfaces d'attaque et améliorer l'efficacité opérationnelle entre les organisations
-
revues de produits
Check Point Software Technologies Bolsters Endpoint Security with Enhanced Posture Management to Tackle Escalating Vulnerability Exploits
Streamlined integration with Ivanti aims to automatically detect, prioritize, and patch vulnerabilities to minimize attack surfaces and improve operational efficiency across organizations
-
Product Reviews |
Vulnerability
|
|
★★
|
|
2023-05-04 13:30:00 |
Action1 dévoile une nouvelle stratégie de produit, visant à améliorer les organisations \\ 'résilience aux cyber-menaces Action1 Unveils New Product Strategy, Aimed at Enhancing Organizations\\' Resilience to Cyber Threats (lien direct) |
ACORS1 dévoile une nouvelle stratégie de produit, visant à améliorer les organisations \\ 'Resilience to Cyber Madens
ACTOC1 ajoutera la découverte et la hiérarchisation des vulnérabilités à ses capacités de gestion des correctifs pour permettre aux entreprises de découvrir, de prioriser et de corriger les vulnérabilités de sécurité avant qu'elles ne soient exploitées.
-
revues de produits
Action1 Unveils New Product Strategy, Aimed at Enhancing Organizations\' Resilience to Cyber Threats
Action1 will add vulnerability discovery and prioritization to its patch management capabilities to empower enterprises to discover, prioritize and remediate security vulnerabilities before they are exploited.
-
Product Reviews |
Vulnerability
|
|
★★
|
|
2023-05-03 09:48:36 |
Tenable & Reg;Annoncé les améliorations de son programme d'écosystème technologique Tenable® announced enhancements to its Technology Ecosystem Program (lien direct) |
Tenable améliore le programme d'écosystèmes technologiques en croissance rapide avec de nouveaux avantages sociaux
La plus grande gestion de l'exposition et la gestion de la technologie de gestion de la technologie Ecosystème du partenaire étend le support du programme pour inclure la sécurité Tenable OT
-
nouvelles commerciales
Tenable Enhances Rapidly Growing Technology Ecosystem Program with New Go-To-Market Benefits
Largest Exposure Management and Vulnerability Management technology partner ecosystem expands program support to include Tenable OT Security
-
Business News |
Vulnerability
|
|
★★
|
|
2023-04-27 07:58:57 |
Hackuity fait évoluer son offre et lance SmartEx2 (lien direct) |
Hackuity fait évoluer son offre et lance SmartEx2
Hackuity, startup française spécialisée dans la prévention des cyberattaques, annonce la disponibilité de SmartEx2 et révolutionne le monde de la Vulnerability Intelligence, au sein d'une interface unifiée.
-
Produits |
Vulnerability
|
|
★★
|
|
2023-04-20 14:04:17 |
Datadog, Inc. lance Application Vulnerability Management (lien direct) |
Datadog étend ses fonctionnalités de sécurité applicative pour détecter automatiquement les vulnérabilités du code en production
Application Vulnerability Management aide les équipes à détecter et à prioriser les problèmes de sécurité grâce aux informations des environnements de production et de leur impact potentiel
-
Produits |
Vulnerability
|
|
★★
|
|
2023-04-17 15:20:04 |
L'attaque des ransomwares sur l'informatique du fournisseur affecte des organismes de bienfaisance \\ 'Données Ransomware attack on IT supplier affects charities\\' data (lien direct) |
après la nouvelles récentes de plusieurs organismes de bienfaisance en Irlandeet le Royaume-Uni Ayant leurs données compromises dans une attaque de ransomware contre un fournisseur informatique, qui est profondément préoccupant pour les organisations concernées & # 8211;dont certains détiennent les données de personnes vulnérables telles que les victimes de crimes sexuels.
À la lumière de cet incident, le commentaire d'Andy Hornegold, le produit de la société de gestion de la vulnérabilité, Intruder,
-
mise à jour malveillant
After therecent news of several charities in Ireland and the UK having their data compromised in a ransomware attack on an IT supplier, which is deeply concerning for the affected organisations – some of whom hold the data of vulnerable people such as victims of sexual crimes.
In light of this incident, the comment from Andy Hornegold, Product Lead at vulnerability management firm, Intruder,
-
Malware Update |
Ransomware
Vulnerability
|
|
★★
|
|
2023-04-04 15:22:14 |
Tanium : Nouvel tactique d\'utilisation de la vulnérabilité Log4j, le proxyjacking (lien direct) |
Tanium : Nouvel tactique d'utilisation de la vulnérabilité Log4j, le proxyjacking par Tim Morris, Chief Security Advisor chez Tanium
-
Malwares |
Vulnerability
Threat
|
|
★★
|
|
2023-03-23 17:20:54 |
Enquête: Au moins 20% des points de terminaison de l'entreprise ont des vulnérabilités de sécurité héritées [Survey: At Least 20% of Enterprise Endpoints Have Legacy Security Vulnerabilities] (lien direct) |
Enquête: Au moins 20% des points de terminaison de l'entreprise ont des vulnérabilités de sécurité héritée
L'enquête ACTOR1 révèle des lacunes critiques dans la gestion des organisations \\ ', exacerbée par le manque de communication efficace entre la sécurité informatique et les équipes de direction.
-
rapports spéciaux
Survey: At Least 20% of Enterprise Endpoints Have Legacy Security Vulnerabilities
The Action1 survey reveals critical gaps in organizations\' vulnerability management, exacerbated by the lack of effective communication between IT security and executive teams.
-
Special Reports |
Vulnerability
|
|
★★
|
|
2023-03-16 13:28:54 |
Claroty Announces Vulnerability Response Integrations with ServiceNow Service Graph Connector (lien direct) |
Claroty announced it has further expanded its footprint within the ServiceNow ecosystem by releasing a new set of native integrations leveraging the Service Graph Connector (SGC) and Vulnerability Response (VR) infrastructure. These new integrations enable ServiceNow's CMDB and VR products to ingest in-depth details of cyber-physical systems across the Extended Internet of Things (XIoT), which are automatically discovered and profiled by Claroty. As a result, customers gain a comprehensive, (...)
-
Product Reviews |
Vulnerability
|
|
★
|
|
2023-03-16 10:53:44 |
Hackuity Drives Security Prioritisation by Partnering with Appurity (lien direct) |
Hackuity, the risk-based vulnerability management company, announced a new partnership with Appurity, a specialist in mobile and application security. Appurity will take Hackuity's solution to market with enterprises in critical infrastructure, finance, pharma, and other sectors that recognise the pressing need to protect their entire estates against vulnerabilities. The goal is simple yet ambitious: provide a new level of control for reported security alerts and enable security departments to better prioritize them.
-
Business News |
Vulnerability
|
|
★★
|
|
2023-03-15 18:14:18 |
Google, Fedora Project, and Microsoft products had the most vulnerabilities in 2022 (lien direct) |
According to the data presented by the Atlas VPN team, Google, Fedora Project, and Microsoft products had the most vulnerabilities in 2022. If we look into the specific products, security researchers found the most exploits in Fedora, Android, and Windows operating systems.
-
Special Reports |
Vulnerability
|
|
★★★
|
|
2023-03-15 16:19:12 |
Tanium XEM Platform Brings Home the Gold in the 19th Annual 2023 Globee® Cybersecurity Awards (lien direct) |
Tanium XEM Platform Brings Home the Gold in the 19th Annual 2023 Globee® Cybersecurity Awards
Converged endpoint management innovator wins again for vulnerability assessment, remediation, and management capabilities
-
Business News |
Vulnerability
|
|
★
|
|
2023-02-16 17:15:44 |
Vulcan Cyber Launches the Voyager18 Research Team (lien direct) |
Vulcan Cyber Launches the Voyager18 Research Team
Voyager18 is the first cybersecurity research team to focus exclusively on vulnerability risk remediation intelligence
-
Product Reviews |
Vulnerability
|
|
★★
|
|
2023-02-16 15:11:59 |
Will the ransom war ever end? (lien direct) |
Another day, another ransomware attack. Question is, who is next? Because as new research reveals, ransomware ain't going anywhere.
A new report from Ivanti, Cyber Security Works (CSW), Cyware, and Securin reveals the devastating toll that ransomware has had on organisations globally.
The study, 2023 Spotlight Report: Ransomware Through the Lens of Threat and Vulnerability Management, identifies 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022-marking a 19% increase year-over-year. Furthermore, the survey findings indicate that IT and security teams are being tripped up by open-source, old, and low-scoring vulnerabilities associated with ransomware.
-
Special Reports |
Ransomware
Vulnerability
Threat
|
|
★★
|
|
2023-02-14 14:42:36 |
Cyber-physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months (lien direct) |
Cyber-physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months
State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products
-
Malware Update |
Vulnerability
|
|
★★
|
|
2023-02-07 10:26:00 |
CERTFR-2023-AVI-0097 : Multiples vulnérabilités dans Google Android (07 février 2023) (lien direct) |
De multiples vulnérabilités ont été découvertes dans Google Android. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges et un déni de service.
-
Vulnérabilités |
Vulnerability
|
|
★★
|
|
2023-01-17 17:57:08 |
New Relic Announces General Availability of Vulnerability Management (lien direct) |
New Relic Announces General Availability of Vulnerability Management
Enterprises can now manage security vulnerabilities as an integrated part of their observability practice with zero configuration visibility, open third party data integrations, new vulnerability testing capabilities, and an introductory promotional pricing offer
-
Product Reviews |
Vulnerability
|
|
★★
|
|
2023-01-17 14:28:45 |
CREST International give its support to the CyberUp Campaign (lien direct) |
CREST International give its support to the CyberUp Campaign
CREST to help CyberUp to reform the Computer Misuse Act (CMA) that currently outlaws essential vulnerability and cyber threat intelligence research
-
Business News |
Vulnerability
Threat
|
|
★★
|
|
2022-12-12 14:31:18 |
Axis Communications launches private bug bounty program with Bugcrowd (lien direct) |
Axis Communications launches private bug bounty program with Bugcrowd, leaders in crowdsourced cybersecurity. Axis Communications, an approved Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), is launching a private bug bounty program with Bugcrowd, the leader in crowdsourced cybersecurity. The private bug bounty program strengthens Axis' commitment to building professional relationships with external security researchers and ethical hackers. The new program reinforces the company's efforts to proactively identify, patch, and disclose vulnerabilities in AXIS OS, the Linux-based operating system that drives most Axis products.
-
Product Reviews |
Vulnerability
Guideline
|
|
★★★
|
|
2022-12-08 15:54:05 |
One Year on from Log4j Vulnerability: Have Lessons been Learned? (lien direct) |
One Year on from Log4j Vulnerability: Have Lessons been Learned?
On the anniversary of the Log4j vulnerability disclosure, Check Point Software looks back on one of the biggest security shake ups in recent years
-
Malware Update |
Vulnerability
|
|
★★
|
|
2022-12-06 09:44:51 |
Tanium comments on log4j vulnerability ahead of anniversary (lien direct) |
Tanium comments on log4j vulnerability ahead of anniversary. This weekend (10th December), it will have been a year since the Log4shell critical vulnerability in the widely used logging tool Log4j, which is used by millions of computers worldwide running online services.The commentary from Matt Psencik, Director, Endpoint Security Specialist, Tanium on the vulnerability and what has changed in the year since.
-
Opinion |
Tool
Vulnerability
|
|
★★★
|
|
2022-11-28 17:47:51 |
Expert comment: Twitter confirm stolen user records (lien direct) |
In light of the news that Twitter confirmed that over 5.4 million Twitter user records containing non-public information, stolen by Pompompurin using an API vulnerability fixed in January, have been shared for free on a hacker forum, please see below for expert comment by Ed Williams, EMEA Director of SpiderLabs at Trustwave Ed details how API security is one of the most underestimated areas of cybersecurity, and what more needs to be done. Ed Williams, EMEA Director of SpiderLabs at Trustwave explain:
-
MAGIC QUADRANT |
Vulnerability
|
|
★★
|
|
2022-11-23 12:12:55 |
Holm Security, has received an investment of €4 million (lien direct) |
Funding boost will help protect more companies from cybercrime
Next generation vulnerability management specialist, Holm Security, has received an investment of €4 million, which will enable them to protect more businesses from a rapidly increasing number of cyberattacks.
-
Business News |
Vulnerability
|
|
★★★
|
|
2022-11-21 16:13:38 |
(Déjà vu) CERTFR-2022-AVI-1040 : Multiples vulnérabilités dans IBM Spectrum Protect (21 novembre 2022) (lien direct) |
De multiples vulnérabilités ont été découvertes dans IBM Spectrum Protect. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
-
Vulnérabilités |
Vulnerability
|
|
★★
|
|
2022-11-18 14:34:37 |
SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover (lien direct) |
SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover
-
Malware Update |
Vulnerability
|
|
|
|
2022-11-16 20:55:39 |
Tufin Simplifies Cloud-Native Segmentation Policy Management and Accelerates Vulnerability Triage with Microsoft Defender for Cloud Integration (lien direct) |
Tufin Simplifies Cloud-Native Segmentation Policy Management and Accelerates Vulnerability Triage with Microsoft Defender for Cloud Integration
-
Product Reviews |
Vulnerability
|
|
|
|
2022-11-11 09:45:15 |
Oxeye to Announce New Vulnerability in Spotify\'s Backstage with CVSS Score of 9.8/10 (lien direct) |
Oxeye to Announce New Vulnerability in Spotify's Backstage with CVSS Score of 9.8/10. On Tuesday, November 15th, Oxeye's Security Research Team will announce the discovery of a new vulnerability in Spotify's Backstage. The researchers would like to update you on this new find if available on Monday.
-
Security Vulnerability |
Vulnerability
|
|
|
|
2022-11-08 14:29:19 |
(Déjà vu) October 2022\'s Most Wanted Malware: AgentTesla Knocks Formbook off Top Spot and New Text4Shell Vulnerability Disclosed (lien direct) |
October 2022's Most Wanted Malware: AgentTesla Knocks Formbook off Top Spot and New Text4Shell Vulnerability Disclosed
Check Point Research reports a significant increase in Lokibot attacks in October, taking it to third place for the first time in five months. New vulnerability, Text4Shell, was disclosed for the first time, and AgentTesla took the top spot as the most prevalent malware
-
Malware Update |
Vulnerability
|
|
|
|
2022-10-27 19:37:00 |
Nicolas Perrodo, Yogosha : Les RSSI et DSI pour être sûr de leur cybersécurité doivent se tourner vers la sécurité offensive ! (lien direct) |
A l'occasion d'ITSA 20222, Yogosha présentait sa plateforme de gestion des vulnérabilités Vulnerability Opérations Center (VOC) et l'ensemble de ses services associés. Nicolas Perrodo, Chief Revenue Officer de Yogosha estime que les RSSI et DSI pour être sûr de leur cybersécurité doivent se tourner vers la sécurité offensive !
-
International
/
affiche,
itsa 2022 |
Vulnerability
|
|
|
|
2022-10-18 20:06:26 |
Joerg Vollmer, Qualys : il est essentiel que les cadres dirigeants puissent fournir au RSSI une vue claire des défis à relever (lien direct) |
Lors du salon it-sa 2022 à Nuremberg, Qualys présentera les dernières innovations de Qualys, notamment VMDR 2.0, Vulnerability Management Detection and Response avec TruRisk et fonction EASM, External Attack Surface Management. Pour Joerg Vollmer, General Manager, DACH il est essentiel que les cadres dirigeants puissent fournir au RSSI une vue claire des défis à relever.
-
International
/
affiche,
itsa 2022 |
Vulnerability
|
|
|
|
2022-08-02 12:45:11 |
Trend Micro a détecté et documenté 64 % des failles 0-day en 2021 (lien direct) |
Trend Micro Incorporated confirme son leadership en matière de détection et de publication de vulnérabilités. C'est ce qu'illustre le rapport Omdia intitulé 'Quantifying the Public Vulnerability Market : 2022 Edition'. Ce dernier révèle que sur les 984 vulnérabilités soumises par le programme Zero Day Initiative (ZDI) une grande majorité était avérée : 723 représentaient un niveau de risque élevé, 129 un niveau moyen et 48 un niveau critique. Omdia a mené une analyse comparative indépendante de 11 (...)
-
Magic Quadrant |
Vulnerability
Guideline
|
|
|
|
2022-07-26 08:48:00 |
Onfido lance son programme de Bug Bounty avec YesWeHack (lien direct) |
Onfido annonce son partenariat avec YesWeHack, plateforme européenne de Bug Bounty et de Vulnerability Disclosure Policy (VDP). Ce partenariat s'inscrit dans la volonté permanente d'Onfido de tester sa plateforme contre les cybermenaces et de fournir des solutions sécurisées. Le programme de Bug Bounty permettra à Onfido d'accéder à la communauté de 40 000 chercheurs en cybersécurité de YesWeHack, afin d'identifier des vulnérabilités, en échange de récompenses financières. Cette collaboration (...)
-
Marchés |
Vulnerability
|
|
|
|
2022-07-11 06:30:55 |
Technical Account Manager Post Sales (lien direct) |
EliteCyber represents its client, a major global player in IT security solutions, they are now present among thousands of CAC 40 / Fortune type Large Customer Account. They now offer sol... EliteCyber represents its client, a major global player in IT security solutions, they are now present among thousands of CAC 40 / Fortune type Large Customer Account. They now offer solutions ranging from vulnerability assessment to compliance management and know how to adapt to all types of (...)
-
Offres d'Emploi Elite Cyber Group |
Vulnerability
|
|
|