What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-07 10:36:00 | Zero-day flaw in Atlassian Confluence exploited in the wild since May (lien direct) | Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare's web application firewall (WAF) service, the attacks started almost two weeks ago.The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use.To read this article in full, please click here | Vulnerability | ||
|
2022-05-31 12:29:00 | Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps (lien direct) | Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released.An exploit for the vulnerability, now tracked as CVE-2022-30190, was found in the wild by an independent security research team dubbed nao_sec, which spotted a malicious Word document uploaded to VirusTotal from an IP in Belarus. However, more malicious samples dating from April have also been found, suggesting the vulnerability has been exploited for over a month.To read this article in full, please click here | Tool Vulnerability | ||
|
2020-09-03 11:43:00 | BrandPost: SIGRed: What Is It, How Serious Is It, and How Should You Respond? (lien direct) | Executive SummaryOn July 14th, 2020, Microsoft disclosed a vulnerability in the Microsoft DNS Server subsystem affecting all modern versions of Microsoft DNS. This vulnerability allows attackers to leverage malformed DNS responses to trigger remote code execution on unpatched Microsoft DNS servers without the need for authentication. A sufficiently capable attacker can leverage this vulnerability to obtain remote administrative access to Microsoft DNS Servers, which typically cohabitate with Microsoft Active Directory servers.In other words this vulnerability bypasses the majority of built-in security checks and security architecture while providing direct access to an organization's critical infrastructure. Additionally this vulnerability is "wormable", indicating that the attack is easily automated and can spread without user intervention via malware. | Vulnerability | ||
|
2020-07-29 10:00:00 | Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers (lien direct) | Operating system maintainers, computer manufacturers, security and virtualization software vendors have worked together over the past few months to coordinate a unified response to a vulnerability that allows attackers to bypass boot process integrity verification, one of the key security features of modern computers. The flaw is located in the GRUB2 Linux bootloader, but because of how Secure Boot is implemented, it can be used to compromise the booting process of Windows and other systems as well.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Getting the patches that were announced today installed on all impacted computers and devices will require manual testing and deployment and will likely take a long time. It's reasonable to expect that some systems will never be updated and will remain vulnerable to boot-level malware and rogue firmware modifications. | Malware Vulnerability | ||
|
2020-07-14 05:00:00 | Critical flaw allows hackers to breach SAP systems with ease (lien direct) | SAP users should immediately deploy a newly released patch for a critical vulnerability that could allow hackers to compromise their systems and the data they contain. The flaw is in a core component that exists by default in most SAP deployments and can be exploited remotely without the need of a username and password.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Researchers from security firm Onapsis who found and reported the vulnerability estimate that 40,000 SAP customers worldwide might be affected. Over 2,500 vulnerable SAP systems are directly exposed to the internet and are at higher risk of being hacked, but attackers who gain access to local networks can compromise other deployments. | Vulnerability | ||
|
2020-05-07 06:00:00 | Attempted cyberattack highlights vulnerability of global water infrastructure (lien direct) | In late April, Israel's National Cyber Directorate received reports about an attempted “major” cyberattack on its water infrastructure. According to a statement issued by the directorate, the attack consisted of “assault attempts on control and control systems of wastewater treatment plants, pumping stations and sewers.”[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] The directorate called on water companies to change their internet passwords, make sure their control system software is updated, and undertake other cyber hygiene measures to tighten security. The attempted attacks were unsuccessful, according to the directorate, and appeared to be coordinated. Of concern was the level of chlorine in the water supply. The directorate asked water companies look for any disruptions, particularly regarding chlorine use in the water supply. | Vulnerability | ||
|
2020-04-27 03:00:00 | Android security: Patching improves, but fragmentation challenges remain (lien direct) | Android device makers have improved their patching processes over the past two years according to a new analysis, decreasing the time gap between when security updates become public and their integration into firmware. This is good news for the Android ecosystem, which has historically been considered worse than Apple's iOS when it comes to patch hygiene. However, version fragmentation remains high in the Android world, with significant differences among device manufacturers and even across the same vendor's product lines. This leads to many devices running versions that are no longer supported.[ Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Berlin-based Security Research Labs (SRLabs) has published the results of its binary analysis of around 10.000 unique firmware builds running on many Android device models from different manufacturers. Most of the data was collected with SnoopSnitch, an application developed by the company to analyze mobile radio data for abnormalities that could indicate user tracking and fake base stations. It can also check if the Android firmware running on a device has the critical vulnerability patches that correspond to its reported security patch level. | Vulnerability Patching Guideline | ||
|
2020-02-19 12:44:00 | BrandPost: Securing your Cloud Workloads in Runtime: Why Pre-Runtime Scans Aren\'t Enough (lien direct) | Enterprises that apply a security strategy to their cloud workloads often rely on security checks pre-runtime. In most cases, they scan for vulnerabilities within their code or containers before deploying their cloud workloads into production. However, in runtime - when actual cyber attacks can occur - organizations are left completely blind. In my discussions with CISOs during the last year I was surprised to hear that, despite having hundreds or even thousands of cloud servers, security teams lack visibility into what code is actually running inside their production environment. These teams believe that what's running is the software they intentionally deployed during the CI/CD process. However, they aren't certain.Having no visibility in runtime is problematic. If an attacker wants to steal your credentials or exploit a vulnerability - in any kind of attack vector - a cyber attack is almost always the result of malicious code or commands running in your servers.While pre-runtime security vulnerability checks are effective to some extent, they are not sufficient enough to cope with modern cyber threats, which don't necessarily rely on a known vulnerability. It's time for organizations to gain visibility and control over the code that is running in their cloud workloads. By identifying and terminating the malicious code running in memory, they will be able to detect the vast majority of cyber attacks on their cloud infrastructure. | Vulnerability | ||
|
2019-10-04 11:04:00 | Zero-day vulnerability gives attackers full control of Android phones (lien direct) | Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and Xiaomi.The vulnerability is a use-after-free memory condition in the Android Binder component that can result in privilege escalation. The flaw was patched without a CVE identifier in Dec. 2017 in the Linux 4.14 LTS kernel, the Android Open Source Project's (AOSP) 3.18 kernel, the AOSP 4.4 kernel and AOSP 4.9 kernel. | Vulnerability | ||
|
2019-09-10 14:15:00 | New NetCAT CPU side-channel vulnerability exploitable over the network (lien direct) | Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn't need to have local access on the targeted machine because the attack works over the network. [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ] The culprit is Intel's Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor's internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck. | Vulnerability | ||
|
2019-08-26 10:38:00 | Capital One hack shows difficulty of defending against irrational cybercriminals (lien direct) | Software engineer Paige Thompson was arrested in late July for an unprecedented hack into a cloud server containing the personal data of over 100 million people who had filed credit card applications with leading financial institution Capital One. Thompson, who at the time of her arrest ran a hosting company called Netcrave Communications, had held a series of engineering jobs, including a stint at Amazon Web Services (AWS) in 2015 and 2016, where she presumably gained the skills to exploit a vulnerability in an application firewall on Capital One's AWS server. | Hack Vulnerability Guideline | ||
|
2019-08-07 03:13:00 | New Spectre-like CPU vulnerability bypasses existing defenses (lien direct) | Security researchers have found a new way to abuse the speculative execution mechanism of modern CPUs to break security boundaries and leak the contents of kernel memory. The new technique abuses a system instruction called SWAPGS and can bypass mitigations put in place for previous speculative execution vulnerabilities like Spectre.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The vulnerability was discovered by researchers from security firm Bitdefender and was reported to Intel almost a year ago. Since then, it has followed a lengthy coordination process that also involved Microsoft, which released mitigations during last month's Patch Tuesday. | Vulnerability | ||
|
2019-05-21 03:00:00 | How to implement and use the MITRE ATT&CK framework (lien direct) | Mitigating security vulnerabilities is difficult. Attackers need to exploit just one vulnerability to breach your network, but defenders have to secure everything. That's why security programs have been shifting resources toward detection and response: detecting when the bad guys are in your network and then responding to their actions efficiently to gather evidence and mitigate the risk. [ Review 4 open-source Mitre ATT&CK test tools compared. | Get the latest from CSO by signing up for our newsletters. ] | Vulnerability | ★★★★★ | |
|
2019-05-15 09:46:00 | Microsoft urges Windows customers to patch wormable RDP flaw (lien direct) | Microsoft has fixed a critical vulnerability in some versions of Windows that can be exploited to create a powerful worm. The company even took the unusual step of releasing patches for Windows XP and Windows Server 2003, which haven't been supported in years, because it believes the threat to be very high. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] The vulnerability, tracked as CVE-2019-0708, is located in Remote Desktop Services, formerly known as Terminal Services. This component handles connections over the Remote Desktop Protocol (RDP), a widely used protocol for remotely managing Windows systems on corporate networks. | Malware Vulnerability Threat | ||
|
2019-03-28 09:11:00 | APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability (lien direct) | Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Vulnerability | APT33 APT 33 | |
|
2019-02-20 03:00:00 | How to update Windows 10 for side channel vulnerability fixes (lien direct) | In January 2018, security news media was abuzz over a new class of vulnerability called side channel vulnerabilities. Spectre, Meltdown and Foreshadow are some of the best known. They exploit weaknesses in speculative execution in microprocessors to leak unauthorized information. Side channel vulnerabilities allow attackers to bypass account permissions, virtualization boundaries and protected memory regions. | Vulnerability | ||
|
2019-01-30 03:00:00 | (Déjà vu) How to defend Office 365 from spear-phishing attacks (lien direct) | A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. | Vulnerability Threat | ||
|
2019-01-30 03:00:00 | (Déjà vu) How to defend Office 386 from spear-phishing attacks (lien direct) | A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. | Vulnerability Threat | ||
|
2018-12-03 09:09:00 | Risk-based vulnerability management a better form of cyber defense (lien direct) | Protecting an organization from threats is becoming increasingly difficult, as the number and sophistication of threats continues to increase exponentially. A big issue is finding, prioritizing, and fixing vulnerabilities before they are exploited.That has always been a top priority for security professionals, but the growing number of vulnerabilities makes it difficult, if not impossible, for legacy vulnerability assessment tools to be effective.Many security tools, such as anti-malware and intrusion detection systems, have used artificial intelligence (AI) as a way to modernize and keep up with current trends, but the vulnerability assessment market has not. Infusing AI into this market would shift the market from treating all vulnerabilities as equal to enabling businesses to evaluate and prioritize them based on risk. However, one approach doesn't replace the other, but rather complements, as both are required to protect against the widest range of attack vectors. | Vulnerability | ||
|
2018-08-02 07:26:00 | IDG Contributor Network: “Political hack” takes on new meaning in the age of cyberwarfare (lien direct) | The media blitz about Russia's involvement in our electoral process redefines the term “political hack.” Our fundamental right to legitimately and confidentially vote in elections, with confidence our vote counts, is not challenged by a despot, but rather by a bot. e-Voting machines are routinely analyzed and discoveries of one or another vulnerability are reported. Several studies over the past few years reveal the brittleness and insecurities of the various electronic voting machines used across America. The most recent demonstration at this year's DefCon provides a step by step process on how to exploit and attack a particular eVoting machine. Undoubtedly other machines are also vulnerable to malicious alteration. | Vulnerability Studies | ||
|
2018-07-19 02:58:00 | Review: Predictively locking down security with Balbix (lien direct) | If cybersecurity defenders could accurately predict when and how future attacks against their networks would take place, it would be a lot easier for organizations to commit their limited resources where they could do the most good. But there are precious few programs designed to stop attacks in the so-called “left of boom” area. Vulnerability managers do attack this problem head-on, but suffer from several disadvantages including not having enough insight into the assets they are protecting, no ability to rank or predict found vulnerabilities, and the fact that identifying millions of vulnerabilities out of context is almost as bad as not finding anything at all. | Vulnerability |
To see everything:
Our RSS (filtrered)
