What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-10 21:27:00 | Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (lien direct) | Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems.
Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo\'s LexiCom,
Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo\'s LexiCom, |
Vulnerability Threat | ★★★ | |
|
2024-12-09 17:25:00 | Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI (lien direct) | Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim\'s account by means of a prompt injection attack.
Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print
Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim\'s account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print |
Tool Vulnerability | ★★★ | |
|
2024-12-06 16:58:00 | Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks (lien direct) | Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.
The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.
Unlike the first
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first |
Tool Vulnerability | ★★ | |
|
2024-12-05 20:26:00 | Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access (lien direct) | Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.
The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input |
Vulnerability Threat | ★★★ | |
|
2024-12-05 17:15:00 | Want to Grow Vulnerability Management into Exposure Management? Start Here! (lien direct) | Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.
At its core, Vulnerability Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident. At its core, Vulnerability Management |
Vulnerability | ★★★ | |
|
2024-12-05 10:39:00 | CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions |
Vulnerability | ★★★ | |
|
2024-12-04 11:04:00 | Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (lien direct) | Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.
The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.
"From the VSPC management agent machine, under
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under |
Vulnerability | ★★ | |
|
2024-12-04 10:38:00 | Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (lien direct) | A critical security vulnerability has been disclosed in SailPoint\'s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.
The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.
IdentityIQ "allows
A critical security vulnerability has been disclosed in SailPoint\'s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows |
Vulnerability | ★★ | |
|
2024-12-03 18:21:00 | Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability (lien direct) | Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA\'s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA\'s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack |
Vulnerability | ★★ | |
|
2024-11-29 15:04:00 | Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (lien direct) | Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild.
The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com.
"An
Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An |
Vulnerability Cloud | ★★ | |
|
2024-11-28 22:27:00 | Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP (lien direct) | Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.
"These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, |
Vulnerability Industrial | ★★ | |
|
2024-11-27 21:35:00 | Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (lien direct) | A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck.
The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024, |
Vulnerability | ★★ | |
|
2024-11-27 16:44:00 | APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor (lien direct) | The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.
That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.
"In this attack,
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, |
Vulnerability Threat | ★★ | |
|
2024-11-27 10:51:00 | Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (lien direct) | A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.
"This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a |
Malware Vulnerability Threat | ★★ | |
|
2024-11-26 18:53:00 | Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (lien direct) | Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.
The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions |
Spam Vulnerability | ★★ | |
|
2024-11-26 17:00:00 | Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats (lien direct) | When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That\'s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats.
What is Intel?
Intel was created to fill a gap in the resources available for tracking emerging
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That\'s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the resources available for tracking emerging |
Vulnerability | ★★★ | |
|
2024-11-26 16:04:00 | RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (lien direct) | The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.
"In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user |
Vulnerability Threat | ★★★ | |
|
2024-11-26 10:33:00 | CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that |
Vulnerability | ★★★ | |
|
2024-11-21 12:43:00 | Google\\'s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (lien direct) | Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library.
"These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," |
Tool Vulnerability | ★★★ | |
|
2024-11-20 17:00:00 | NHIs Are the Future of Cybersecurity: Meet NHIDR (lien direct) | The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take |
Vulnerability Threat | ★★ | |
|
2024-11-20 14:46:00 | Decades-Old Security Vulnerabilities Found in Ubuntu\\'s Needrestart Package (lien direct) | Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.
The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that |
Vulnerability Threat | ★★ | |
|
2024-11-20 10:07:00 | Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (lien direct) | Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below -
CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 - A cookie management vulnerability in
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 - A cookie management vulnerability in |
Vulnerability Threat | ★★★ | |
|
2024-11-20 09:54:00 | Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation (lien direct) | Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.
"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network |
Vulnerability | ★★ | |
|
2024-11-19 12:01:00 | CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws (lien direct) | Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was
Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was |
Vulnerability | ★★ | |
|
2024-11-18 10:22:00 | Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (lien direct) | A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.
The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The |
Vulnerability | ★★ | |
|
2024-11-16 13:51:00 | PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released (lien direct) | Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.
To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP
Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP |
Vulnerability Threat | ★★★ | |
|
2024-11-16 11:55:00 | Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (lien direct) | A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.
Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, |
Malware Vulnerability Threat | ★★★ | |
|
2024-11-15 12:10:00 | High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (lien direct) | Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.
The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.
Environment variables are user-defined values that can allow a program
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program |
Vulnerability Threat | ★★ | |
|
2024-11-15 10:34:00 | CISA Flags Critical Palo Alto Network Flaws Actively Exploited in the Wild (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild.
To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5,
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild. To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, |
Vulnerability | ★★ | |
|
2024-11-14 11:13:00 | Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (lien direct) | A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this |
Malware Vulnerability Threat | ★★ | |
|
2024-11-13 16:30:00 | Comprehensive Guide to Building a Strong Browser Security Program (lien direct) | The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that
The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that |
Vulnerability Cloud | ★★ | |
|
2024-11-13 14:58:00 | OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (lien direct) | A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices.
"Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and |
Vulnerability Cloud | ★★★ | |
|
2024-11-13 12:21:00 | Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs (lien direct) | Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild.
The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in |
Vulnerability | ★★★ | |
|
2024-11-11 15:41:00 | Les défauts de sécurité dans les kits d\\\\\\\\\\'outils ML populaires permettent aux détournements de serveur, à l\\\\\\\\\\'escalade des privilèges (lien direct) | Les chercheurs en cybersécurité ont découvert près de deux douzaines de défauts de sécurité couvrant 15 projets d'oer-source liés à l'apprentissage automatique différent (ML).
Ceux-ci comprennent des vulnérabilités découvertes à la fois sur le serveur et le client, la société de sécurité de la chaîne d'approvisionnement des logiciels JFROG a déclaré dans une analyse publiée la semaine dernière.
Les faiblesses côté serveur "permettent aux attaquants de détourner des serveurs importants dans le
Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week. The server-side weaknesses "allow attackers to hijack important servers in the |
Vulnerability | ★★★ | |
|
2024-11-11 15:27:00 | HPE émet des correctifs de sécurité critiques pour les vulnérabilités du point d\\\\\\\\\\'accès ARUBA (lien direct) | Hewlett Packard Enterprise (HPE) a publié des mises à jour de sécurité pour aborder plusieurs vulnérabilités ayant un impact sur les produits de points d'accès Aruba Networking, y compris deux bogues critiques qui pourraient entraîner une exécution de commande non authentifiée.
Les défauts affectent les points d'accès exécutés instantanés AOS-8 et AOS-10 -
AOS-10.4.x.x: 10.4.1.4 et ci-dessous
Instant AOS-8.12.x.x: 8.12.0.2 et ci-dessous
Aos-8.10.x.x instantané:
Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x: |
Vulnerability | ★★★ | |
|
2024-11-09 11:42:00 | Palo Alto conseille de sécuriser l'interface PAN-OS au milieu des préoccupations potentielles de menace RCE Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns (lien direct) |
Vendredi, Palo Alto Networks a publié un avis d'information exhortant les clients à s'assurer que l'accès à l'interface de gestion PAN-OS est sécurisé en raison d'une vulnérabilité potentielle d'exécution de code distant.
"Palo Alto Networks est au courant d'une réclamation d'une vulnérabilité d'exécution de code distant via l'interface de gestion PAN-OS", a indiqué la société."Pour le moment, nous ne connaissons pas les détails du
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said. "At this time, we do not know the specifics of the |
Vulnerability Threat | ★★★ | |
|
2024-11-08 19:32:00 | AndroxGH0st Malware intègre Mozi Botnet pour cibler les services IoT et Cloud AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (lien direct) |
Les acteurs de la menace derrière les logiciels malveillants AndroxGH0st exploitent désormais un ensemble plus large de défauts de sécurité ayant un impact sur diverses applications orientées Internet, tout en déployant le malware Mozi Botnet.
"Ce botnet utilise l'exécution du code distant et les méthodes de vol d'identification pourMaintenir un accès persistant, tirant parti des vulnérabilités non corrigées pour infiltrer les infrastructures critiques ", a déclaré Cloudsek dans un
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a |
Malware Vulnerability Threat Cloud | ★★★ | |
|
2024-11-08 10:47:00 | CISA Alertes sur l'exploitation active de la vulnérabilité critique des réseaux Palo Alto CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (lien direct) |
Jeudi, l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a ajouté une faille de sécurité critique désormais paralysée impactant l'expédition de Palo Alto Networks à son catalogue connu sur les vulnérabilités exploitées (KEV), citant des preuves d'exploitation active.
La vulnérabilité, suivie comme CVE-2024-5910 (score CVSS: 9.3), concerne un cas d'authentification manquante dans l'outil de migration d'expédition qui
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that |
Tool Vulnerability | ★★★ | |
|
2024-11-07 12:43:00 | Cisco libère le patch pour la vulnérabilité critique URWB dans les systèmes sans fil industriels Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (lien direct) |
Cisco a publié des mises à jour de sécurité pour aborder une faille de sécurité de gravité maximale impactant les points d'accès à backhaul sans fil ultra-fiables (URWB) qui pourraient permettre aux attaquants distants non authentifiés d'exécuter des commandes avec des privilèges élevés.
Suivi en CVE-2024-20418 (score CVS: 10.0), la vulnérabilité a été décrite comme résultant d'un manque de validation d'entrée à la gestion du Web
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management |
Vulnerability Industrial | ★★ | |
|
2024-11-05 15:04:00 | Synology demande le patch pour un défaut RCE critique en cas de clic critique affectant des millions de dispositifs NAS Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (lien direct) |
La synologie des fabricants d'appareils de stockage par le stockage des réseaux taïwanais (NAS) a abordé un défaut de sécurité critique sur le diskstation et les beephotos qui pourraient conduire à une exécution de code distante.
Suivi sous le nom de CVE-2024-10443 et surnommé Risque: Station par Midnight Blue, le défaut zéro-jour a été démontré au concours de piratage PWN2OWN IRLAND 2024 par le chercheur de sécurité Rick De Jager.
Risque: la station est un "
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an " |
Vulnerability Threat | ★★★ | |
|
2024-11-05 09:00:00 | Google met en garde contre la vulnérabilité activement exploitée CVE-2024-43093 dans le système Android Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (lien direct) |
Google a averti qu'un défaut de sécurité ayant un impact sur son système d'exploitation Android était en cours d'exploitation active dans la nature.
La vulnérabilité, suivie comme CVE-2024-43093, a été décrite comme un défaut d'escalade de privilège dans le composant Android Framework qui pourrait entraîner un accès non autorisé à "Android / Data"et ses sous-répertoires,
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories, |
Vulnerability Mobile | ★★★ | |
|
2024-11-04 19:38:00 | Les défauts critiques dans le cadre d'Illama AI pourraient permettre le DOS, le vol de modèle et l'empoisonnement Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning (lien direct) |
Les chercheurs en cybersécurité ont divulgué six défauts de sécurité dans le cadre de l'intelligence artificielle (IA) d'Ollla qui pourraient être exploités par un acteur malveillant pour effectuer diverses actions, notamment le déni de service, l'empoisonnement du modèle et le vol de modèle.
"Collectivement, les vulnérabilités pourraient permettre à un attaquant d'effectuer une large gamme d'actions malveillantes avec une seule demande HTTP, y compris
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including |
Vulnerability | ★★★ | |
|
2024-11-04 16:30:00 | Cyber Menaces qui pourraient avoir un impact sur l'industrie du commerce de détail en cette saison des fêtes (et que faire à ce sujet) Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It) (lien direct) |
À l'approche de la saison des fêtes, les commerces de détail se préparent pour leur augmentation annuelle du trafic en ligne (et en magasin).Malheureusement, cette augmentation de l'activité attire également les cybercriminels qui cherchent à exploiter les vulnérabilités à leur gain. & NBSP;
Imperva, une société Thales, a récemment publié son guide annuel de cybersécurité des achats de vacances.Données de l'équipe de recherche sur les menaces Imperva \\
As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team\'s |
Vulnerability Threat | ★★ | |
|
2024-11-04 15:34:00 | L'outil AI de google \\ est un sommeil Big Sleep trouve une vulnérabilité zéro-jour dans le moteur de la base de données SQLite Google\\'s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (lien direct) |
Google a déclaré qu'il avait découvert une vulnérabilité zéro-jour dans le moteur de base de données open source SQLite en utilisant son cadre assisté de modèle grand langage (LLM) appelé Big Sleep (anciennement Naptime Project).
Le géant de la technologie a décrit le développement comme la "première vulnérabilité du monde réel" découvert à l'aide de l'agent d'intelligence artificielle (IA).
"Nous pensons que c'est le premier exemple public d'une constatation d'agent d'IA
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding |
Tool Vulnerability Threat | ★★★ | |
|
2024-11-01 09:57:00 | Arrêtez les attaques LUCR-3: Apprenez les clés des tactiques de sécurité de l'identité dans ce webinaire d'experts Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (lien direct) |
Saviez-vous que les acteurs de menace avancés peuvent infiltrer les systèmes d'identité des grandes organisations et extraire des données sensibles en quelques jours?C'est une réalité effrayante, devenant plus courante et concernant de jour en jour.
Ces attaquants exploitent les vulnérabilités dans le SaaS et les environnements cloud, en utilisant des identités compromises pour se déplacer latéralement dans les réseaux, causant des dommages généralisés.
Cybersécurité et informatique
Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It\'s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT |
Vulnerability Threat Cloud | ★★★ | |
|
2024-10-31 15:54:00 | Le plugin de cache LiteSpeets pose un risque important pour les sites Web WordPress LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites (lien direct) |
Une faille de sécurité de haute sévérité a été divulguée dans le plugin de cache LiteSpeed pour WordPress qui pourrait permettre à un acteur de menace non authentifié d'élever leurs privilèges et d'effectuer des actions malveillantes.
La vulnérabilité, suivie en CVE-2024-50550 (score CVSS: 8.1), a été abordée dans la version 6.5.2 du plugin.
"Le plugin souffre d'une vulnérabilité d'escalade de privilège non authentifiée
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability |
Vulnerability Threat | ★★ | |
|
2024-10-30 16:00:00 | Se lancer dans un voyage de conformité?Voici comment Intruder peut aider Embarking on a Compliance Journey? Here\\'s How Intruder Can Help (lien direct) |
Naviguer dans les complexités des cadres de conformité comme ISO 27001, SOC 2 ou RGPD peut être intimidant.
Heureusement, Intruder simplifie le processus en vous aidant à répondre aux critères clés de la gestion de la vulnérabilité que ces cadres exigent, ce qui rend votre parcours de conformité beaucoup plus fluide.
Lisez la suite pour comprendre comment répondre aux exigences de chaque cadre pour assurer la sécurité de vos données clients.
Comment intrus
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder |
Vulnerability | ★★ | |
|
2024-10-29 18:30:00 | Les chercheurs découvrent les vulnérabilités dans les modèles d'IA et de ML open source Researchers Uncover Vulnerabilities in Open-Source AI and ML Models (lien direct) |
Un peu plus de trois douzaines de vulnérabilités de sécurité ont été divulguées dans divers modèles d'intelligence artificielle (IA) et d'apprentissage automatique (ML) open source, dont certains pourraient conduire à l'exécution du code distant et au vol d'informations.
Les défauts, identifiés dans des outils comme Chuanhuchatgpt, Lunary et Localai, ont été signalés dans le cadre de la plate-forme Bounty Huntr Bugy de Protect Ai \\.
Le plus sévère des
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI\'s Huntr bug bounty platform. The most severe of the |
Tool Vulnerability | ★★ | |
|
2024-10-29 11:23:00 | La nouvelle recherche révèle que la vulnérabilité des spectres persiste dans les derniers processeurs AMD et Intel New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (lien direct) |
Plus de six ans après que la faille de sécurité Spectre impactant les processeurs CPU modernes a été révélée, de nouvelles recherches ont révélé que les derniers processeurs AMD et Intel sont toujours sensibles aux attaques d'exécution spéculatives.
L'attaque, divulguée par ETH Z & Uuml; les chercheurs riches Johannes Wikner et Kaveh Razavi visent à saper la barrière prédictive de branche indirecte (IBPB) sur x86 puces, une atténuation cruciale
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation |
Vulnerability | ★★★ | |
|
2024-10-28 10:59:00 | Les chercheurs découvrent le système d'exploitation vulnérabilité ciblant le noyau Microsoft Windows Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (lien direct) |
Une nouvelle technique d'attaque pourrait être utilisée pour contourner l'application de la signature du pilote (DSE) de Microsoft \\ sur les systèmes Windows entièrement corrigés, conduisant à des attaques de dégradation du système d'exploitation (OS).
"Ce contournement permet de charger des pilotes de noyau non signés, permettant aux attaquants de déployer des rootkits personnalisés qui peuvent neutraliser les contrôles de sécurité, masquer les processus et l'activité du réseau, maintenir la furtivité, et bien plus encore"
A new attack technique could be used to bypass Microsoft\'s Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach |
Vulnerability Legislation | ★★★ |
To see everything:
Our RSS (filtrered)
