What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-17 20:30:00 | Microsoft: des pirates iraniens ciblant les experts \\ 'de haut niveau \\' sur le Moyen-Orient Microsoft: Iranian hackers targeting \\'high-profile\\' experts on Middle East (lien direct) |
Les experts «de haut niveau» travaillant sur les affaires du Moyen-Orient dans les universités et les organisations de recherche en Belgique, en France, Gaza, Israël, le Royaume-Uni et les États-Unis ont été ciblées par des pirates prétendument liés au gouvernement iranien, selon un nouveau rapport de Microsoft.Dans un article de blog, l'équipe de renseignement des menaces de Microsoft a déclaré que depuis novembre, un sous-ensemble de
“High-profile” experts working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K. and the U.S. have been targeted by hackers allegedly connected to the Iranian government, according to a new report from Microsoft. In a blog post, Microsoft\'s Threat Intelligence team said that since November a subset of |
Threat | ★★★ | |
 |
2024-01-17 19:21:00 | La faille de terminal PAX POS pourrait permettre aux attaquants de falsifier les transactions PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions (lien direct) |
Les terminaux de point de vente (POS) de la technologie PAX sont touchés par une collection de vulnérabilités de haute sévérité qui peuvent être armées par les acteurs de la menace pour exécuter du code arbitraire.
L'équipe STM Cyber R & amp; D, qui a inversé les appareils basés sur Android fabriqués par l'entreprise chinoise en raison de leur déploiement rapide en Pologne, a déclaré qu'il avait déniché une demi-douzaine de défauts qui permettaient
The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for |
Vulnerability Threat | ★★★ | |
|
2024-01-17 17:45:00 | Le FBI et la CISA mettent en garde contre la menace de sécurité nationale posée par les drones chinois FBI and CISA warn of national security threat posed by Chinese drones (lien direct) |
L'Agence du FBI et de la cybersécurité et de la sécurité des infrastructures (CISA) a averti mercredi que les drones de fabrication chinoise présentent un «risque important» pour les infrastructures critiques américaines et ont fourni de nouvelles conseils sur la façon dont les entités peuvent mieux protéger les réseaux contre leur utilisation malveillante.Le Guidance publique souligne que la loi chinoise donne désormais à son gouvernement «une étendue légale élargie légale«motifs »pour accéder aux données détenues
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that Chinese-made drones pose a “significant risk” to U.S. critical infrastructure and provided new guidance on how entities can better protect networks from their malicious use. The public guidance highlights that Chinese law now gives its government “expanded legal grounds” for accessing data held |
Threat | ★★★ | |
|
2024-01-17 16:44:00 | Feds met en garde contre AndroxGH0st Botnet ciblant les titres de compétences AWS, Azure et Office 365 Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) et le Federal Bureau of Investigation (FBI) & nbsp; averti & nbsp; que les acteurs de menace déploient le & nbsp; AndroxGH0st & nbsp; malware créent un botnet pour "l'identification et l'exploitation des victimes dans les réseaux cibles".
Un malware basé sur Python, & nbsp; AndroxGH0st & nbsp; a été documenté pour la première fois par Lacework en décembre 2022, avec le malware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware |
Malware Threat | ★★★★ | |
 |
2024-01-17 16:15:18 | Vulnérabilités zéro-jour dans Citrix Netscaler ADC et Gateway & Google Chrome: CVE-2023-6548, CVE-2023-6549 et CVE-2024-0519 Zero-Day Vulnerabilities in Citrix Netscaler ADC and Gateway & Google Chrome: CVE-2023-6548, CVE-2023-6549, and CVE-2024-0519 (lien direct) |
Citrix a récemment émis un avertissement à ses clients, leur conseillant de patcher NetScaler ADC ...
Citrix has recently issued a warning to its customers, advising them to patch Netscaler ADC... |
Vulnerability Threat | ★★★ | |
|
2024-01-17 15:30:00 | Indian Air Force potentiellement ciblée avec des logiciels malveillants voleurs d'informations Indian Air Force potentially targeted with info-stealing malware (lien direct) |
Les chercheurs ont découvert une nouvelle campagne d'espionnage ciblant potentiellement l'Indian Air Force avec des logiciels malveillants de voleur d'informations.L'acteur de menace non identifié a envoyé des e-mails de phishing à ses cibles avec un lien vers un fichier .zip malveillant contenant soi-disant des données sur les avions de chasse Su-30.Inde approuvé L'approvisionnement de ces jets l'année dernière pour renforcer sa défense en cours
Researchers have uncovered a new espionage campaign potentially targeting the Indian Air Force with information-stealing malware. The unidentified threat actor sent phishing emails to its targets with a link to a malicious .zip file supposedly containing data about Su-30 fighter jets. India approved the procurement of these jets last year to bolster its ongoing defense |
Malware Threat | ★★ | |
 |
2024-01-17 15:00:00 | Force en nombre: le cas de la cybersécurité de tout l'État Strength in Numbers: The Case for Whole-of-State Cybersecurity (lien direct) |
La cybersécurité WOS crée un front uni pour que les gouvernements se défendent contre les acteurs de la menace, durcissent les postures de sécurité et protégeaient les électeurs qui dépendent des services.
WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services. |
Threat | ★★ | |
 |
2024-01-17 13:19:21 | Selon l\'édition 2024 du Veeam Data Protection Trends Report, les cyberattaques sont la première cause d\'interruption d\'activité (lien direct) | Selon l'édition 2024 du Veeam Data Protection Trends Report, les cyberattaques sont la première cause d'interruption d'activité Cette nouvelle enquête révèle que 92 % des entreprises prévoient d'augmenter leurs dépenses de protection des données en 2024, afin de renforcer leur cyberrésilience face aux menaces continues de ransomwares et de cyberattaques. - Investigations | Threat | ★★★ | |
 |
2024-01-17 11:13:16 | Protection des applications web : retour d\'expérience de Sarpi Veolia (lien direct) | La sécurité des applications est aujourd'hui un grand défi pour les entreprises alors que les applications web sont devenues un des principaux vecteurs de menaces.... | Threat | ★★★ | |
 |
2024-01-17 11:05:00 | Le gouvernement américain exhorte l'action à atténuer la menace de malware AndroxGH0st US Government Urges Action to Mitigate Androxgh0st Malware Threat (lien direct) |
Un avis du FBI et de la CISA indique que les acteurs de la menace déploient le logiciel malveillant AndroxGH 0st pour l'identification et l'exploitation des victimes dans les réseaux cibles
An advisory from the FBI and CISA says threat actors are deploying the Androxgh0st malware for victim identification and exploitation in target networks |
Malware Threat | ★★ | |
 |
2024-01-17 11:00:00 | Opérations de cybersécurité en 2024: le SOC du futur Cybersecurity operations in 2024: The SOC of the future (lien direct) |
This is part two of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part three: Four cybersecurity trends you should know for 2024 With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so. The more digital the world becomes the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation. The security operations center (SOC) must modernize to keep pace with the always-on and digital-first world delivered through innovations such as edge computing, AI, and IoT. The SOC of the future will need to expand to address: Edge computing Edge computing is happening all around us. Defined by three primary characteristics: software-defined, data-driven, and distributed, edge computing use cases are expanding to deliver business outcomes. Edge computing is a sea-change in the world of computing. As edge use cases deliver business value and competitive advantage, the technology changes – networks with lower latency, ephemeral applets, and a digital-first experience, are the requirements for all edge computing use cases. Edge computing needs to be embraced and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood. In 2024, expect to see SOC teams, with roles that include security engineer/architect, security analyst, SOC manager, forensics investigator, threat responder, security analyst, and compliance auditor, begin to determine how edge computing needs to be secured. SOCs will explore various management activities, including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints. Application security Without a doubt, we are living in a world built on software. Software is only as secure as the development requirements. Software controls our traditional applications that are still batch-based, sigh, and near-real-time edge interactions. Software is how the world works. With innovations in computing, software is changing; it is no longer about graphical user interface (GUI) applications that require some keyboard input to produce output. Edge computing is taking software to the next level of sophistication, with non-GUI or headless applets becoming the norm. While the software bill of materials (SBoM) requirements advance the cause of application security, edge computing and its reliance on functioning, performant, and secure software will make application security a necessity. In 2024, expect to see software engineering practices emphasizing security emerge. Simply being able to write code will no longer be enough; developers will increase their sophistication and require more security expertise to complement their already deep skill sets. Educational institutions at secondary and university levels are | Threat | ★★★ | |
|
2024-01-17 09:44:00 | Citrix, VMware et Atlassian Hit avec des défauts critiques - patch dès que possible! Citrix, VMware, and Atlassian Hit with Critical Flaws - Patch ASAP! (lien direct) |
Citrix avertit deux vulnérabilités de sécurité zéro-jour dans NetScaler ADC (anciennement Citrix ADC) et NetScaler Gateway (anciennement Citrix Gateway) qui sont activement exploitées dans la nature.
Les défauts sont répertoriés ci-dessous -
CVE-2023-6548 (score CVSS: 5.5) - Exécution de code distant authentifié (faible privilégié) sur l'interface de gestion (nécessite un accès au NSIP, au clip ou au snip avec la gestion
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management |
Vulnerability Threat | ★★★ | |
 |
2024-01-17 08:00:06 | 2023 en revue: c'est un enveloppe! 2023 In Review: It\\'s a Wrap! (lien direct) |
2023 a vu de larges changements dans le paysage des menaces et comment les équipes SOC détectent et atténuent les menaces.Securonix a vu des besoins de données accrus, la montée de l'IA générative et l'automatisation intégrée comme principales tendances en 2023.
2023 saw broad changes to the threat landscape and how SOC teams detect and mitigate threats. Securonix saw increased data needs, the rise of generative AI and integrated automation as top trends in 2023. |
Threat | ★★★ | |
|
2024-01-17 07:50:00 | Alerte zéro-jour: mettez à jour Chrome maintenant pour réparer la nouvelle vulnérabilité activement exploitée Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (lien direct) |
Google a publié mardi des mises à jour pour résoudre quatre problèmes de sécurité dans son navigateur Chrome, y compris une faille zéro jour exploitée activement.
Le problème, suivi comme CVE-2024-0519, concerne un accès à la mémoire hors limites dans le moteur V8 Javascript et WebAssembly, qui peut être armé par les acteurs de la menace pour déclencher un accident.
"En lisant la mémoire hors limites, un attaquant pourrait être en mesure d'obtenir des valeurs secrètes,
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values, |
Vulnerability Threat | ★★ | |
 |
2024-01-17 06:00:02 | Comment mettre en place un programme de gestion des menaces d'initié et de prévention des pertes de données How to Set Up an Insider Threat Management and Data Loss Prevention Program (lien direct) |
This blog post is adapted from our e-book, Getting Started with DLP and ITM. The last few years have brought unprecedented change. An increasingly distributed workforce, access to more data through more channels and a shift to the cloud have transformed the nature of work. These trends have made protecting sensitive data more complicated and demanding. What\'s clear is that organizations are struggling to rise to the challenge. Between 2020 and 2022, insider threats increased by a staggering 44%. And the costs of addressing them increased 34%-from $11.45 million to $15.38 million. This upswing mainly comes down to two factors. For starters, most security teams have little visibility into people-caused data loss and insider-led security incidents. And few have the tools or resources to handle it. That\'s why Gartner sees platforms for data loss prevention and insider threat management (DLP and ITM) increasingly converging. Businesses need tools and processes that give them holistic, contextualized insights that take user behavior into account. It\'s no longer enough to focus on data-and where it\'s moving. To prevent data loss, industry leaders need to take a people-centric approach that expands beyond traditional drivers like compliance. In this blog post, we\'ll explore some basics for designing an ITM and DLP program. This can help you approach information protection in a way that\'s built for how modern organizations work. Why information protection is so challenging Risks are everywhere in today\'s complex landscape. Here are a few changes making it difficult for companies to protect their data. More data is open to exposure and theft. As businesses go digital, more data is being generated than ever before. According to IDC\'s Worldwide Global DataSphere Forecast, the total amount of data generated data will double from 2022 to 2026. That means malicious insiders will have more access to more sensitive data through more channels. It will also be easier for careless users to expose data inadvertently. Plus, any security gap between channels, any misconfiguration or any accidental sharing of files can give external attackers more opportunities to steal data. New data types are hard to detect. Data isn\'t just growing in volume. It\'s also becoming more diverse, which makes it harder to detect and control. With traditional DLP program tools, data typically fits within very tightly defined data patterns (such as payment card number). But even then, it generates too many false positives. Now, key business data is more diverse and can be graphical, tabular or even source code. The network security perimeter no longer exists. With more employees and contractors working remotely, the security perimeter has shifted from brick and mortar to one based on people. Add to the mix bring-your-own-device (BYOD) practices, where the personal and professional tend to get blurred, and security teams have even more risks to contend with. In a survey for the 2023 State of the Phish report from Proofpoint, 72% of respondents said they use one or more of their personal devices for work. Employee churn is high. Tech industry layoffs in 2022 and 2023 have seen many employees leaving and joining businesses at a rapid rate. The result is greater risk of data exfiltration, infiltration and sabotage. Security leaders know it, too-39% of chief information security officers rated improving information protection as the top priority over the next two years. Security talent is in short supply. A lack of talent has left many security teams under-resourced. And the situation is likely to get worse. In 2023, the cybersecurity workforce gap hit an all-time high-there are 4 million more jobs than there are skilled workers. DLP vs. ITM What\'s the difference between DLP and ITM? Both DLP and ITM work to prevent data loss. But they achieve it in different ways. DLP tracks data movement and exfiltration DLP monitors file activity and scans content to see whether users are handling sen | Tool Threat Cloud Technical | ★★ | |
 |
2024-01-17 02:22:22 | Le rapport mondial de la cybercriminalité 2023: un regard sur les principaux plats à retenir The 2023 Global Cybercrime Report: A look at the key takeaways (lien direct) |
À l'ère numérique d'abord, Internet n'est pas simplement un luxe;C'est une partie fondamentale de notre vie quotidienne.De la croissance des entreprises aux connexions personnelles, son impact est profond.Cependant, cette interconnexion a un prix: la hausse de la cybercriminalité.En explorant le rapport mondial de la cybercriminalité en 2023, nous découvrons quels pays sont confrontés au risque le plus élevé et comment ce problème omniprésent nous affecte tous, peu importe d'où nous nous connectons.Comprendre la cybercriminalité La cybercriminalité couvre un large éventail d'activités illicites et est devenu une menace mondiale omniprésente.Avec notre dépendance croissante sur le ...
In the digital-first era, the internet is not simply a luxury; it\'s a fundamental part of our daily lives. From business growth to personal connections, its impact is profound. However, this interconnectedness comes with a price: the rise of cybercrime. Exploring the 2023 Global Cybercrime Report , we uncover which countries face the highest risk and how this pervasive issue affects us all, no matter where we connect from. Understanding Cybercrime Cybercrime covers a broad spectrum of illicit activities and has evolved into a pervasive global threat. With our increasing reliance on the... |
Threat | ★★★★ | |
|
2024-01-16 22:00:00 | AndroxGH0st malware hackers créant de grands botnets, CISA et FBI avertissent Androxgh0st malware hackers creating large botnet, CISA and FBI warn (lien direct) |
Les pirates derrière les logiciels malveillants AndroxGH0st créent un puissant botnet, ont averti mardi des agences de cybersécurité américaines.Mardi, le FBI et la Cybersecurity and Infrastructure Security Agency (CISA) libéréUn avis conjoint sur les logiciels malveillants, affirmant que plusieurs enquêtes en cours leur ont permis d'évaluer les tactiques utilisées par les acteurs de la menace qui le déploient.Le malware
The hackers behind the Androxgh0st malware are creating a powerful botnet, U.S. cybersecurity agencies warned on Tuesday. On Tuesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory on the malware, saying multiple ongoing investigations have allowed them to assess the tactics used by the threat actors deploying it. The malware |
Malware Threat | ★★ | |
|
2024-01-16 21:25:00 | Les exploits d'Ivanti Zero-Day montent en flèche dans le monde;Pas encore de correctifs Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet (lien direct) |
Quiconque n'a pas atténué deux bogues de sécurité zéro-jour dans les VPN Ivanti peut déjà être compromis par un acteur chinois de l'État-nation.
Anyone who hasn\'t mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor. |
Vulnerability Threat | ★★ | |
|
2024-01-16 19:03:00 | Ivanti Spots \\ 'augmentation nette \\' dans le ciblage de VPN en tant que analystes trouvent 1 700 appareils exploités Ivanti spots \\'sharp increase\\' in targeting of VPN as analysts find 1,700 devices exploited (lien direct) |
Ivanti a déclaré qu'il voyait un pic dans des pirates ciblant deux vulnérabilités récemment divulguées dans son produit VPN Connect Secure, car les chercheurs en cybersécurité ont également dimensionné l'étendue des dégâts.Depuis émettre un avis la semaine dernière : «Nous avons constaté une forte augmentation de l'activité des acteurs et des analyses des chercheurs en sécurité des acteurs de la menace et des chercheurs en sécurité”Concernant les bogues, un
Ivanti said it is seeing a spike in hackers targeting two recently disclosed vulnerabilities in its Connect Secure VPN product, as cybersecurity researchers also sized up the extent of the damage. Since issuing an advisory last week, “we have seen a sharp increase in threat actor activity and security researcher scans” concerning the bugs, an |
Vulnerability Threat | ★★★★ | |
 |
2024-01-16 17:08:29 | Ivanti VPN Flaws Zero-Day Flaws Cyber Attacks répandus Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks (lien direct) |
> Par deeba ahmed
Un autre jour, un autre défaut zéro-jour rendant le monde de la cybersécurité fou.
Ceci est un article de HackRead.com Lire le post original: Ivanti VPN Flaws Zero-Day Flaws Cyber Attacks Adpread
>By Deeba Ahmed Another day, another zero-day flaw driving the cybersecurity world crazy. This is a post from HackRead.com Read the original post: Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks |
Vulnerability Threat | ★★★ | |
|
2024-01-16 16:43:00 | 178K + pare-feu Sonicwall vulnérable aux dossiers DOS, RCE 178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks (lien direct) |
Deux défauts découverts d'un an d'intervalle sont ostensiblement les mêmes avec des chemins d'exploitation légèrement différents, exposant les réseaux d'entreprise aux risques et à l'intrusion potentielle.
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion. |
Threat | ★★ | |
 |
2024-01-16 15:00:06 | Les exploits à jour zéro ivanti explosent alors que la multitude d'attaquants se présentent sur l'acte Ivanti zero-day exploits explode as bevy of attackers get in on the act (lien direct) |
Les clients sont toujours sans correctifs et l'atténuation ne fait que jusqu'à présent qu'il y ait une "chance raisonnable" que les utilisateurs VPN Secure (ICS) Ivanti Connect sont déjà compromis s'ils n'appliquent pas la vulnérabilitéMitigation publiée la semaine dernière, disent les experts.… | Vulnerability Threat | ★★★ | |
 |
2024-01-16 14:33:29 | NetSkope Protection en temps réel et résultats de test AV Netskope Real-time Threat Protection and AV-TEST Results (lien direct) |
> Netskope continue de faire progresser les capacités de protection des menaces en ligne et a amélioré sa détection et son blocage des logiciels malveillants et des attaques de phishing tout en abaissant et en améliorant son taux de faux positifs dans le dernier rapport AV-Test.Dans toutes les parties des tests, NetSkope s'est amélioré.Aujourd'hui, plus de la moitié du trafic de sortie des utilisateurs implique des applications et des services cloud [& # 8230;]
>Netskope continues to advance inline threat protection capabilities and has improved its detection and blocking of malware and phishing attacks while also lowering and improving its false positive rate in the latest AV-TEST Report. In every part of the testing, Netskope improved. Today more than half of user egress traffic involves applications and cloud services […] |
Malware Threat Cloud | ★★★ | |
|
2024-01-16 12:43:00 | Les pirates d'armement des fenêtres pour déployer le voleur de phédrone crypto-siphonnant Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer (lien direct) |
Les acteurs de la menace ont été observés en tirant parti d'une faille de sécurité maintenant paires dans Microsoft Windows pour déployer un voleur d'informations open source appelé & nbsp; Phemedrone Stealer.
«Phemedrone cible les navigateurs Web et les données des portefeuilles de crypto-monnaie et des applications de messagerie telles que Telegram, Steam et Discord», a déclaré Simon Zuckerbraun & Nbsp;
"Ça aussi
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also |
Threat Prediction | ★★★ | |
 |
2024-01-16 12:34:28 | FBI: AndroxGH0st malware botnet vole AWS, Microsoft FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials (lien direct) |
La CISA et le FBI ont averti aujourd'hui que les acteurs de la menace utilisant des logiciels malveillants AndroxGH construisent un botnet axé sur le vol d'identification cloud et utilisent les informations volées pour fournir des charges utiles malveillantes supplémentaires.[...]
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. [...] |
Malware Threat Cloud | ★★★ | |
|
2024-01-16 10:19:46 | LogPoint a annoncé la sortie de LogPoint Business-Critical Security Logpoint has announced the release of Logpoint Business-Critical Security (lien direct) |
LogPoint augmente la solution BCS avec les capacités de sécurité du cloud
Le nouveau BCS de LogPoint \\ pour SAP BTP offre des capacités de sécurité cloud pour aider les organisations à gérer la surveillance et la détection des menaces dans SAP Business Technology Platform (BTP)
-
revues de produits
Logpoint boosts BCS solution with cloud security capabilities Logpoint\'s new BCS for SAP BTP offers cloud security capabilities to help organisations manage monitoring and threat detection in SAP Business Technology Platform (BTP) - Product Reviews |
Threat Cloud Commercial | ★★ | |
|
2024-01-16 08:32:19 | Défense post-livraison à propulsion du cloud: la dernière innovation de Proofpoint \\ dans la protection des e-mails Cloud-Powered Post-Delivery Defense: Proofpoint\\'s Latest Innovation in Email Protection (lien direct) |
Cybercriminals are constantly innovating so that they can infiltrate your systems and steal your valuable data. They do this through a complex multi-stage method commonly known as the attack chain. During the initial compromise, attackers use advanced email threats like phishing scams, malware attachments, business email compromise (BEC) and QR code threats to get a foothold in your systems. That\'s why email security tools typically focus on stopping these threats. Steps in the attack chain. But no technology is foolproof. Inevitably, some emails will get through. To keep your company safe, you need an email security solution that can detect, analyze and remediate email threats post-delivery. That\'s where Proofpoint can help. Proofpoint Cloud Threat Response is the cloud-based alternative to TRAP (Threat Response Auto-Pull), known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams. In this blog post, we\'ll highlight some of its capabilities and benefits. Overview of Cloud Threat Response capabilities Proofpoint Cloud Threat Response keeps you safer by remediating threats post-delivery. Plus, it helps security teams prioritize and execute response actions three different ways: Automatically by Proofpoint. Cloud Threat Response automatically analyzes emails post-delivery. It identifies and quarantines malicious emails within user inboxes. Doing so reduces the risk that users will interact with them, helping to prevent your business from being compromised. Manually by the SOC team. Your security team gains instant access to detailed email analysis, historical data and risk scoring through an integration with Proofpoint Smart Search. This integration makes it easier for you to delve into specific emails and swiftly identify and remove any lurking threats. With the assistance of end users. Users can report messages that look suspicious thanks to a simple button directly integrated into their mailboxes. Reported emails are automatically investigated and are neutralized if determined to be a threat. Proofpoint Cloud Threat Response benefits At many companies, security incident response is a slow and labor-intensive process. Responding to security incidents may take days or weeks depending on the size of your security team. Time-intensive tasks can turn into painful bottlenecks. Compare that to Proofpoint Cloud Threat Response, which automates and simplifies threat response tasks. Here\'s what you can expect: Enjoy a simplified management interface. Our centralized, modern interface simplifies how you manage email security. From this dashboard, you can manage a range of tasks, including threat reporting, threat analysis and user administration. The simplified, modern interface of Proofpoint Cloud Threat Response. Respond to incidents faster. Proofpoint Cloud Threat Response acts on intelligence from our Supernova detection engine, which improves threat detection and reduces the mean time to respond (MTTR). Spend less time on deployment and maintenance. Because it\'s cloud native, our platform is not only easy to deploy but it eliminates the need for on-premises infrastructure. Plus, your investment is future-proof, and it comes with automated maintenance and security updates. Streamline security operations. Use Single Sign-On (SSO) to seamlessly navigate between Cloud Threat Response and other Proofpoint apps such as Targeted Attack Protection, Email Fraud Defense and Email Protection. This helps to boost analyst efficiency and response times. See more threats. It automatically shares a threat\'s remediation status across your other Proofpoint platforms. This increases threat visibility and helps you to identify and neutralize threats faster. Proofpoint Cloud Threat Response is integrated with Proofpoint threat intelligence and abuse mailbox sources. Contain threats quickly. Malici | Malware Tool Threat Cloud | ★★ | |
|
2024-01-16 08:00:29 | Securonix Threat Research Knowleas Shart Series: sur la détection d'attaques réelles impliquant des comportements RMM utilisant Securonix Securonix Threat Research Knowledge Sharing Series: On Detecting Real-world Attacks Involving RMM Behaviors Using Securonix (lien direct) |
Securonix Threat Research Knowleas Shart Series: sur la détection d'attaques réelles impliquant des comportements RMM utilisant Securonix
Securonix Threat Research Knowledge Sharing Series: On Detecting Real-world Attacks Involving RMM Behaviors Using Securonix |
Threat | ★★★ | |
 |
2024-01-15 23:35:41 | Ivanti Connect Secure VPN Exploitation devient global Ivanti Connect Secure VPN Exploitation Goes Global (lien direct) |
> Important: si votre organisation utilise Ivanti Connect Secure VPN et que vous n'avez pas appliqué l'atténuation, alors faites-le immédiatement!Les organisations doivent immédiatement examiner les résultats de l'outil de vérification d'intégrité intégré pour les entrées de journal indiquant des fichiers incompatibles ou nouveaux.À partir de la version 9.12, Ivanti a commencé à fournir un outil de vérificateur d'intégrité intégré qui peut être exécuté en tant que numérisation périodique ou planifiée.La volexité a observé qu'il a réussi à détecter les compromis décrits dans ce poste dans les organisations touchées.La semaine dernière, Ivanti a également publié une version mise à jour de l'outil de damier d'intégrité externe qui peut être utilisé pour vérifier et vérifier les systèmes.Le 10 janvier 2024, la volexité a partagé publiquement les détails des attaques ciblées par UTA00178 exploitant deux vulnérabilités de deux jours zéro (CVE-2024-21887 et CVE-2023-46805) dans les appareils VPN Ivanti Secure (ICS).Le même jour, Ivanti a publié une atténuation qui pourrait être appliquée aux appareils VPN ICS pour empêcher l'exploitation de ces [& # 8230;]
>Important: If your organization uses Ivanti Connect Secure VPN and you have not applied the mitigation, then please do that immediately! Organizations should immediately review the results of the built-in Integrity Check Tool for log entries indicating mismatched or new files. As of version 9.1R12, Ivanti started providing a built-in Integrity Checker Tool that can be run as a periodic or scheduled scan. Volexity has observed it successfully detecting the compromises described in this post across impacted organizations. Last week, Ivanti also released an updated version of the external Integrity Checker Tool that can be further used to check and verify systems. On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these […] |
Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-01-15 13:34:55 | Prédateurs numériques de 2023: exposer les meilleurs acteurs de cyber-menaces Digital Predators of 2023: Exposing Top Cyber Threat Actors (lien direct) |
> En 2023, le paysage numérique a continué d'évoluer rapidement, mais la sophistication et ... aussi
>In 2023, the digital landscape continued to evolve rapidly, but so did the sophistication and... |
Threat | ★★★ | |
|
2024-01-15 13:26:32 | Ventes sur le Web sombre: un nouvel exploit RCE, des cartes de crédit américaines et 19m e-mails japonais Dark Web Sales: A New RCE Exploit, US Credit Cards, and 19M Japanese Emails (lien direct) |
Dans les découvertes récentes dans le paysage cyber-menace, l'équipe Web Socradar Dark a identifié ...
In recent discoveries within the cyber threat landscape, the SOCRadar Dark Web Team has identified... |
Threat | ★★ | |
 |
2024-01-15 11:52:44 | 15 janvier & # 8211;Rapport de renseignement sur les menaces 15th January – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violations le groupe Ransomware en tant que service Medusa ont violé l'eau pour les personnes à but non lucratif, qui vise à améliorer l'accès à l'eau potable dans différents pays, notamment le Guatemala, le Honduras, le Mozambique et l'Inde.Les cybercriminels demandent [& # 8230;]
>For the latest discoveries in cyber research for the week of 15th January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The ransomware-as-a-service group Medusa has breached Water for People nonprofit organization, which aims to improve access to clean water in different countries including Guatemala, Honduras, Mozambique and India. The cybercriminals are asking for […] |
Threat | ★★ | |
|
2024-01-15 11:25:00 | DDOS attaque contre l'industrie des services environnementaux augmente de 61 839% en 2023 DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 (lien direct) |
L'industrie des services environnementaux a connu une «augmentation sans précédent» dans les attaques de déni de service distribué basées sur HTTP (DDOS), représentant la moitié de tout son trafic HTTP.
Cela marque une augmentation de 61 839% du trafic d'attaque DDOS d'une année à l'autre, la société d'infrastructure Web et de sécurité Cloudflare a déclaré dans son rapport de menace DDOS pour 2023 Q4 publié la semaine dernière.
«Cette augmentation des cyberattaques a coïncidé
The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. “This surge in cyber attacks coincided |
Threat | ★★★ | |
|
2024-01-15 08:40:11 | Flaw critique trouvé dans le plugin WordPress utilisé sur plus de 300 000 sites Web Critical flaw found in WordPress plugin used on over 300,000 websites (lien direct) |
Un plugin WordPress utilisé sur plus de 300 000 sites Web contenait des vulnérabilités qui pourraient permettre aux pirates de prendre le contrôle.Les chercheurs en sécurité de WordFence ont trouvé deux défauts critiques dans le plugin post SMTP Mailer.Le premier défaut a permis aux attaquants de réinitialiser la clé API d'authentification du plugin \\ et d'afficher les journaux sensibles (y compris les e-mails de réinitialisation du mot de passe) sur le site Web affecté.Un pirate malveillant exploitant la faille pourrait accéder à la clé après avoir déclenché une réinitialisation de mot de passe.L'attaquant pourrait alors se connecter au site, verrouiller l'utilisateur légitime et exploiter son accès à la cause ...
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin\'s authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset. The attacker could then log into the site, lock out the legitimate user, and exploit their access to cause... |
Vulnerability Threat | ★★ | |
|
2024-01-14 10:32:54 | Graphène: Android Android Auto-Recouots Bloquer les exploits du micrologiciel GrapheneOS: Frequent Android auto-reboots block firmware exploits (lien direct) |
Grapheneos, un système d'exploitation basé sur Android axé sur la confidentialité et la sécurité, a publié une série de tweets sur X suggérant qu'Android devrait introduire de fréquents réapparition automatique pour rendre les fournisseurs de logiciels médico-légaux pour exploiter les défauts du firmware et l'espion des utilisateurs.[...]
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [...] |
Threat Mobile | ★★★ | |
|
2024-01-13 02:26:04 | Le nombre d'organismes compromis via Ivanti VPN zéro-jours se développe à mesure que le mandiant pèse Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in (lien direct) |
Snoops n'avait pas moins de cinq bits personnalisés de logiciels malveillants aux réseaux de porte dérobée Deux bugs de jour zéro dans les produits Ivanti étaient probablement attaqués par les cyberspies dès décembre, selon Mandiant \\ 's Menace Intel Team.…
Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant\'s threat intel team.… |
Malware Vulnerability Threat | ★★★ | |
|
2024-01-12 20:15:00 | Vulnérabilité affectant les thermostats intelligents patchés par Bosch Vulnerability affecting smart thermostats patched by Bosch (lien direct) |
Le fabricant de technologies allemands Bosch a fixé une vulnérabilité affectant une gamme populaire de thermostats intelligents en octobre, a révélé la société cette semaine.Des chercheurs de Bitdefender ont découvert un problème avec les thermostats Bosch BCC100 en août dernier qui permet à un attaquant du même réseau de remplacer le firmware de l'appareil par une version voyou.Bogdan Boozatu, directeur de la recherche sur les menaces
German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week. Researchers from Bitdefender discovered an issue with Bosch BCC100 thermostats last August which lets an attacker on the same network replace the device firmware with a rogue version. Bogdan Botezatu, director of threat research |
Vulnerability Threat Industrial | ★★★ | |
|
2024-01-12 19:34:07 | Exploiter pour un sous-siege SharePoint Vuln aurait été entre les mains de l'équipage de Ransomware Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew (lien direct) |
Il a pris des mois pour que Crims pirater ensemble une chaîne d'exploitation de travail Les experts en sécurité affirment que les criminels de ransomware ont mis la main sur un exploit fonctionnel pour une vulnérabilité critique de Microsoft Sharepoint de presque un an que Microsoft qui queCette semaine a-t-elle été ajoutée à la liste des combinaisons des États-Unis.…
It\'s taken months for crims to hack together a working exploit chain Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US\'s must-patch list.… |
Ransomware Hack Vulnerability Threat | ★★ | |
|
2024-01-12 19:23:00 | Les acteurs de l'État-nation ont armé Ivanti VPN Zero-Days, déploiement de 5 familles de logiciels malveillants Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families (lien direct) |
Jusqu'à cinq familles de logiciels malveillants différentes ont été déployées par des acteurs suspects de l'État-nation dans le cadre des activités post-exploitation en tirant parti de la mise à profit et de la NBSP; deux appareils VPN Ivanti Connect Secure (ICS) depuis début décembre 2023.
"Ces familles permettent aux acteurs de la menace de contourner l'authentification et de fournir un accès de porte dérobée à ces appareils", Mandiant & nbsp; dit & nbsp; dans un
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an |
Malware Vulnerability Threat | ★★★★ | |
|
2024-01-12 18:53:00 | Ransomware de Medusa à la hausse: des fuites de données à la multi-extention Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (lien direct) |
Les acteurs de la menace associés à la & nbsp; medusa ransomware & nbsp; ont augmenté leurs activités après les débuts d'un site de fuite de données dédié sur le Web Dark en février 2023 pour publier des données sensibles des victimes qui ne veulent pas accepter leurs demandes.
«Dans le cadre de leur stratégie multi-extorsion, ce groupe offrira aux victimes plusieurs options lorsque leurs données seront publiées sur leur
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. “As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their |
Ransomware Threat | ★★★ | |
|
2024-01-12 13:00:00 | Le FBI met en garde plus d'élections & quot; chaos & quot;en 2024 FBI Warns More Election "Chaos" in 2024 (lien direct) |
Le directeur du FBI, Christopher Wray, dit avoir confiance dans le système électoral américain mais s'attendre à une guerre d'information continue, soulignant la Chine en tant qu'acteur de menace le plus formidable.
FBI Director Christopher Wray says to have confidence in the American election system but to expect ongoing information warfare, pointing to China as most formidable threat actor. |
Threat | ★★★ | |
 |
2024-01-12 11:59:43 | Le rapport du CCB met en évidence le paysage cyber-menace en 2023, alors que les attaques hacktiviste et parrainée par l'État augmentent CCB report highlights cyber threat landscape in 2023, as hacktivist and state-sponsored attacks rise (lien direct) |
Le Center for Cybersecurity Belgium (CCB) a révélé que le paysage mondial de la cyber-menace en 2023 continuait d'être ...
The Centre for Cybersecurity Belgium (CCB) disclosed that the global cyber threat landscape in 2023 continued to be... |
Threat Studies | ★★★ | |
 |
2024-01-12 10:43:03 | Les logiciels malveillants utilisés dans les attaques Ivanti Zero-Day montrent des pirates se préparant pour le déploiement du patch Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout (lien direct) |
> Les vulnérabilités ivanti zéro-jour surnommées connexion pourraient avoir un impact sur des milliers de systèmes et les cyberspies chinoises se préparent à la libération de patchs.
>Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. |
Malware Vulnerability Threat | ★★★ | |
|
2024-01-12 10:30:18 | Ivanti Connect Secure Zero-Days exploité pour déployer des logiciels malveillants personnalisés Ivanti Connect Secure zero-days exploited to deploy custom malware (lien direct) |
Les pirates exploitent les deux vulnérabilités zéro jour dans Ivanti Connect Secure divulguées cette semaine depuis début décembre pour déployer plusieurs familles de logiciels malveillants personnalisés à des fins d'espionnage.[...]
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2024-01-12 06:00:17 | Déterministe vs détection de menace probabiliste: quelle est la différence? Deterministic vs. Probabilistic Threat Detection: What\\'s the Difference? (lien direct) |
When you understand the difference between deterministic and probabilistic threat detection, you can better choose the right mix of processes and tools that will keep your data, systems and users most secure. Here is a spoiler, though: As you compare probabilistic and deterministic methods, you will likely conclude that both approaches are needed to some degree. That means you\'re on the right track. When you employ both, you can use the strengths of each approach while mitigating their respective weaknesses. In other words, these methods are different but complementary. To help you figure out when to use each method, we put together this overview. In each section, we start by defining terms, and then we delve into the pros and cons of using the approach to detect threats. What is probabilistic threat detection? Probabilistic threat detection involves the use of probability-based analytic methods to identify potential security threats or malicious activities within a system. This approach doesn\'t rely on fixed (deterministic) rules or signatures alone. Instead, it relies on the likelihood-or probability-that certain behaviors or patterns may indicate the presence of a security threat. Tools for probabilistic threat detection analyze various factors and assign weights to different indicators. That helps cybersecurity systems-and security teams-to prioritize and respond to potential threats based on their perceived risk. This approach to threat detection presents advantages as well as challenges. Here\'s a look at some of the pros and cons of using probabilistic and deterministic detections. Pros Let\'s start with the pros of probabilistic threat detection. Adaptability to new threats. Probabilistic threat detection can help you identify new and evolving threats that may not have definitive signatures. Machine learning and behavioral analysis can adapt to changing attack tactics. Slight pivots in attacker tools and techniques won\'t necessarily fake out these detection techniques. Reduced false positives to unknown threats. Probabilistic methods may result in fewer false negatives for threats that have not been seen before. That\'s because these methods don\'t require a perfect match to a known signature to send an alert. Probabilistic methods are inherently non-binary. Behavioral analysis. This is often part of probabilistic threat detection. It typically uses a baseline of normal system behavior. That, in turn, makes it easier to detect deviations that may indicate a security threat. Continuous learning. Machine learning models for probabilistic threat detection can continuously learn, incorporate feedback from security analysts, and adapt to changes in the threat landscape. That means their accuracy is not static and can improve over time. Cons Now, here is a rundown of some cons. False positives. Probabilistic methods will produce false positives. They rely on statistical models that might interpret unusual but benign behavior as a potential threat. That can lead to alerts on activities that aren\'t malicious. Taken to extremes this can waste security analysts\' time. But making the models less sensitive can lead to false negatives. That\'s why tuning is part of ongoing maintenance. Complexity and resource intensiveness. Implementing and maintaining probabilistic threat detection systems can be complex and demand a lot of resources. That is especially true when it comes to systems that use machine learning because they require a great deal of computing power and expertise to operate. Cost issues. Probabilistic methods and tools deal with uncertainty, which is a key design principle. So they may not be as cost effective as deterministic approaches for detecting well-known threats. Difficulty in interpreting results. It can be a challenge to understand the output of probabilistic models. You may have difficulty discerning why a particular activity is flagged as a potential threat, as the rationale is deep within the model. To interpret the results, you | Malware Tool Vulnerability Threat | ★★ | |
|
2024-01-11 22:49:00 | Volt Typhoon augmente l'activité malveillante contre les infrastructures critiques Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (lien direct) |
L'APT parrainé par l'État chinois a compromis jusqu'à 30% des routeurs Cisco Legacy sur un botnet SoHo que plusieurs groupes de menaces utilisent.
The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use. |
Threat | Guam | ★★★ |
|
2024-01-11 21:43:00 | Les chercheurs de l'Ivanti signalent deux vulnérabilités critiques à jour zéro Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities (lien direct) |
Les correctifs seront disponibles fin janvier et février, mais jusque-là, les clients doivent prendre des mesures d'atténuation.
Patches will be available in late January and February, but until then, customers must take mitigation measures. |
Vulnerability Threat | ★★ | |
 |
2024-01-11 21:11:04 | Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) | #### Description
La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifiée dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.
Les vulnérabilités permettent l'exécution de code distant non authentifiée et ont été attribuées les CVE suivants: CVE-2023-46805 et CVE-2024-21887.L'attaquant a exploité ces exploits pour voler les données de configuration, modifier les fichiers existants, télécharger des fichiers distants et inverser le tunnel à partir de l'appliance ICS VPN.
Volexity a découvert que l'attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.L'attaquant a modifié un fichier CGI légitime (compcheckResult.cgi) sur l'appliance ICS VPN pour permettre l'exécution de la commande.En outre, l'attaquant a également modifié un fichier JavaScript utilisé par le composant VPN Web SSL de l'appareil afin de Keylog et d'exfiltrat d'identification pour les utilisateurs qui s'y connectent.Volexity attribue actuellement cette activité à un acteur de menace inconnu qu'il suit en vertu de l'alias UTA0178.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways
2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-ay-vulnerabilities-in-ivanti-connect-secure-vpn/
#### Date de publication
11 janvier 2024
#### Auteurs)
Matthew Meltzer
Robert Jan Mora
Sean Koessel
Steven Adair
Thomas Lancaster
#### Description Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. The vulnerabilities allow unauthenticated remote code execution and have been assigned the following CVEs: CVE-2023-46805 and CVE-2024-21887. The attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance. Volexity discovered that the attacker was placing webshells on multiple internal and external-facing web servers. The attacker modified a legitimate CGI file (compcheckresult.cgi) on the ICS VPN appliance to allow command execution. Further, the attacker also modified a JavaScript file used by the Web SSL VPN component of the device in order to keylog and exfiltrate credentials for users logging into it. Volexity currently attributes this activity to an unknown threat actor it tracks under the alias UTA0178. #### Reference URL(s) 1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways 2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ #### Publication Date January 11, 2024 #### Author(s) Matthew Meltzer Robert Jan Mora Sean Koessel Steven Adair Thomas Lancaster |
Vulnerability Threat Industrial | ★★★ | |
|
2024-01-11 20:58:00 | Les acteurs de la menace abusent de plus en plus de Github à des fins malveillantes Threat Actors Increasingly Abusing GitHub for Malicious Purposes (lien direct) |
L'ubiquité des environnements GitHub dans les technologies de l'information (IT) en a fait un choix lucratif pour les acteurs de menace d'accueillir et de livrer des charges utiles malveillantes et d'agir comme & nbsp; Dead Drop Resolvers, Command and Control et Exfiltration Points.
«L'utilisation de services GitHub pour les infrastructures malveillantes permet aux adversaires de se fondre dans le trafic réseau légitime, contournant souvent la sécurité traditionnelle
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security |
Threat | ★★★ | |
|
2024-01-11 19:46:00 | Nouvel Exploit POC pour la vulnérabilité Apache Ofbiz présente un risque pour les systèmes ERP New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems (lien direct) |
Les chercheurs en cybersécurité ont & nbsp; développé & nbsp; un code de preuve de concept (POC) qui exploite A & NBSP; a récemment divulgué des défauts et NBSP critiques; dans le système de planification des ressources d'entreprise open-source de Biz pour exécuter une charge utile de mémoire de mémoire.
La vulnérabilité en question est & nbsp; CVE-2023-51467 & nbsp; (Score CVSS: 9.8), une contournement pour une autre lacune sévère dans le même logiciel (
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
