What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-21 16:00:00 | GitHub lance l'outil AutoFix alimenté par AI pour aider les développeurs à patcher des défauts de sécurité GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws (lien direct) |
GitHub a annoncé mercredi qu'il met à disposition une fonctionnalité appelée Code Scanning Autofix en bêta publique pour All & NBSP; Advanced Security Clients & NBSP; pour fournir des recommandations ciblées dans le but d'éviter d'introduire de nouveaux problèmes de sécurité.
"Powered by & nbsp; github copilot & nbsp; et & nbsp; codeQL, le code scan de code Autofix couvre plus de 90% des types d'alerte en javascript, dactylographié, java, et
GitHub on Wednesday announced that it\'s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and |
Tool Patching | ★★ | |
|
2023-12-29 10:46:00 | Microsoft désactive le protocole d'installation de l'application MSIX largement utilisée dans les attaques de logiciels malveillants Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks (lien direct) |
Microsoft a déclaré jeudi qu'il désactivant à nouveau le gestionnaire de protocole & nbsp; MS-Appinstaller & NBSP; à la suite de ses abus de plusieurs acteurs de menace pour distribuer des logiciels malveillants.
«L'activité de l'acteur de menace observée abuse
Microsoft on Thursday said it\'s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence |
Ransomware Malware Threat Patching | ★★★★ | |
|
2023-11-10 14:28:00 | Alerte: \\ 'Effluence \\' Backdoor persiste malgré le patchage des serveurs de confluence atlassienne Alert: \\'Effluence\\' Backdoor Persists Despite Patching Atlassian Confluence Servers (lien direct) |
Les chercheurs en cybersécurité ont découvert une porte dérobée furtive nommée effluence qui a été déployée à la suite de l'exploitation réussie d'un défaut de sécurité récemment divulgué dans le centre de données et le serveur Atlassian Confluence.
"Le malware agit comme une porte dérobée persistante et n'est pas corrigée en appliquant des correctifs à Confluence", a déclaré la publication de Stroz Friedberg de Stroz Friedberg dans une analyse publiée
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that\'s deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon\'s Stroz Friedberg Incident Response Services said in an analysis published |
Malware Patching | ★★ | |
|
2023-10-11 12:30:00 | Microsoft publie des correctifs d'octobre 2023 pour 103 défauts, y compris 2 exploits actifs Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (lien direct) |
Microsoft a publié ses mises à jour de Patch Mardi pour octobre 2023, abordant un total de 103 défauts dans son logiciel, dont deux ont fait l'objet d'une exploitation active dans la nature.
Sur les 103 défauts, 13 sont classés critiques et 90 sont notés importants en gravité.Ceci est en dehors de 18 vulnérabilités de sécurité abordées dans son navigateur Edge basé sur le chrome depuis le deuxième mardi de septembre.
Les deux
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two |
Patching | ★★★ | |
|
2023-07-07 19:31:00 | Une autre faille SQLI non authentifiée critique découverte dans le logiciel de transfert Moveit Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software (lien direct) |
Progress Software a annoncé la découverte et le correctif d'une vulnérabilité critique d'injection SQL dans le transfert Moveit, un logiciel populaire utilisé pour le transfert de fichiers sécurisé.De plus, Progress Software a corrigé deux autres vulnérabilités de haute sévérité.
La vulnérabilité d'injection SQL identifiée, étiquetée comme CVE-2023-36934, pourrait potentiellement permettre aux attaquants non authentifiés de gagner
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized |
Vulnerability Patching | ★★★ | |
|
2023-06-06 09:46:00 | Les pare-feu zyxel sont attaqués!Rattuage urgent requis Zyxel Firewalls Under Attack! Urgent Patching Required (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a classée lundi deux défauts récemment divulgués dans les pare-feu de zyxel à son catalogue connu sur les vulnérabilités exploités (KEV), sur la base de preuves d'exploitation active.
Les vulnérabilités, suivies comme CVE-2023-33009 et CVE-2023-33010, sont des vulnérabilités de débordement de tampon qui pourraient permettre à un attaquant non authentifié de provoquer un
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a |
Patching | ★★ | |
|
2023-01-12 15:10:00 | Patch where it Hurts: Effective Vulnerability Management in 2023 (lien direct) | A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct | Vulnerability Patching | ★★★ | |
|
2022-09-06 14:27:00 | Integrating Live Patching in SecDevOps Workflows (lien direct) | SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the | Patching | ||
|
2022-07-27 04:00:30 | Taking the Risk-Based Approach to Vulnerability Patching (lien direct) | Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or | Vulnerability Threat Patching | ||
|
2022-05-02 07:00:53 | Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload (lien direct) | According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don't work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves. For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on which holes to plug first. The reason? In 2010, | Vulnerability Patching | ||
|
2022-01-13 00:18:27 | Meeting Patching-Related Compliance Requirements with TuxCare (lien direct) | Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude | Patching | ||
|
2022-01-11 22:42:18 | First Patch Tuesday of 2022 Brings Fix for a Critical \'Wormable\' Windows Vulnerability (lien direct) | Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in | Vulnerability Patching | ||
|
2022-01-11 12:29:57 | How Can You Leave Log4J in 2021? (lien direct) | With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. At least some systems, if not all. You might even have installed the latest patch – at the time of writing, that is 2.17.1, but, if the last rapid patching cycle persists, it might have | Patching | ||
|
2021-10-18 09:00:32 | Why Database Patching Best Practice Just Doesn\'t Work and How to Fix It (lien direct) | Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions.
But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done.
Yes, in some instances, you can just run a command line to install |
Patching | ||
|
2021-09-23 04:16:28 | Why You Should Consider QEMU Live Patching (lien direct) | Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently.
But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at first glance. Worse, some services are so hidden in the |
Patching | ||
|
2019-09-10 11:36:01 | (Déjà vu) Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client (lien direct) | Get your update caps on.
Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity.
Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an |
Patching | ||
|
2019-06-21 02:11:04 | Firefox 67.0.4 Released - Mozilla Patches Second 0-Day Flaw This Week (lien direct) | Okay, folks, it's time to update your Firefox web browser once again-yes, for the second time this week.
After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild.
The newly patched issue (CVE-2019-11708) is a "sandbox |
Vulnerability Patching | ||
|
2018-09-11 11:36:02 | Microsoft Issues Software Updates for 17 Critical Vulnerabilities (lien direct) | Times to gear up your systems and software.
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for September 2018, patching a total of 61 security vulnerabilities, 17 of which are rated as critical, 43 are rated Important, and one Moderate in severity.
This month's security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office,
|
Patching | ||
|
2018-08-14 11:36:00 | Microsoft Releases Patches for 60 Flaws-Two Under Active Attack (lien direct) | Get your update caps on.
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical.
The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.
Two of these
|
Patching | ★★★★★ |
1
We have: 19 articles.
We have: 19 articles.
To see everything:
Our RSS (filtrered)
