What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-26 20:15:08 | CVE-2023-46662 (lien direct) | Sielco PolyECO1000 est vulnérable à une vulnérabilité de divulgation d'informations en raison de l'application du contrôle d'accès incorrect.Un attaquant distant non authentifié peut l'exploiter via une demande spécialement conçue pour accéder à des informations sensibles.
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information. |
Vulnerability Threat | ||
 |
2023-10-26 19:35:00 | L'Iran APT cible la Méditerranée avec des attaques d'arrosage Iran APT Targets the Mediterranean With Watering-Hole Attacks (lien direct) |
Les pirates d'État-nations utilisent des hybrides pour piéger ceux des industries maritimes, maritimes et logistiques.
Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries. |
Threat | ★★★ | |
 |
2023-10-26 19:26:00 | Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (lien direct) | The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world.
Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal |
Ransomware Threat | ★★ | |
|
2023-10-26 18:15:09 | CVE-2023-5796 (lien direct) | Une vulnérabilité a été trouvée dans le système POS CODEASTRO 1.0.Il a été évalué comme critique.Ce problème est une fonctionnalité inconnue du fichier / réglage du gestionnaire de logo composant.La manipulation conduit à un téléchargement sans restriction.L'attaque peut être lancée à distance.L'exploit a été divulgué au public et peut être utilisé.VDB-243602 est l'identifiant attribué à cette vulnérabilité.
A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability. |
Vulnerability Threat | ||
|
2023-10-26 18:15:08 | CVE-2023-5795 (lien direct) | Une vulnérabilité a été trouvée dans le système POS CODEASTRO 1.0.Il a été déclaré comme critique.Cette vulnérabilité est une fonctionnalité inconnue du fichier / profil du gestionnaire d'image de profil de composant.La manipulation conduit à un téléchargement sans restriction.L'attaque peut être lancée à distance.L'exploit a été divulgué au public et peut être utilisé.L'identifiant VDB-243601 a été attribué à cette vulnérabilité.
A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability. |
Vulnerability Threat | ||
|
2023-10-26 18:15:08 | CVE-2023-5793 (lien direct) | Une vulnérabilité a été trouvée dans CMS Flusity et classifiée comme problématique.Ce problème affecte la fonction LoadCustomBlocCreateForm du fichier /core/tools/customblock.php du tableau de bord du composant.La manipulation de l'argument Customblock_place mène à des scripts de site croisés.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.Ce produit n'utilise pas de versioning.C'est pourquoi les informations sur les versions affectées et non affectées ne sont pas disponibles.Le patch est nommé 81252BC764E1DE2422E79E36194BBA1289E7A0A5.Il est recommandé d'appliquer un correctif pour résoudre ce problème.L'identifiant associé de cette vulnérabilité est VDB-243599.
A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599. |
Vulnerability Threat | ||
|
2023-10-26 17:15:10 | CVE-2023-5790 (lien direct) | Une vulnérabilité classée comme critique a été trouvée dans Sourcecodeter File Manager App 1.0.Cette vulnérabilité est une fonctionnalité inconnue du point de terminaison du fichier / add-file.php.La manipulation de l'argument Téléchargé de FileName conduit à un téléchargement sans restriction.L'attaque peut être lancée à distance.L'exploit a été divulgué au public et peut être utilisé.L'identifiant associé de cette vulnérabilité est VDB-243595.
A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. |
Vulnerability Threat | ||
|
2023-10-26 17:15:10 | CVE-2023-5792 (lien direct) | Une vulnérabilité a été trouvée dans Sourcecodeter Sticky Notes App 1.0 et classée comme critique.Cette vulnérabilité affecte le code inconnu du point de terminaison du fichier / delete-note.php.La manipulation de la note d'argument conduit à l'injection de SQL.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.VDB-243598 est l'identifiant attribué à cette vulnérabilité.
A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. |
Vulnerability Threat | ||
|
2023-10-26 17:15:10 | CVE-2023-5791 (lien direct) | Une vulnérabilité, qui a été classée comme problématique, a été trouvée dans Sourcecodeter Sticky Notes App 1.0.Cela affecte une partie inconnue du fichier Endpoint / Add-not.php.La manipulation de l'argument NotEtitle / NotEcontent conduit à des scripts de site croisé.Il est possible d'initier l'attaque à distance.L'exploit a été divulgué au public et peut être utilisé.L'identifiant VDB-243597 a été attribué à cette vulnérabilité.
A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. |
Threat | ||
|
2023-10-26 17:15:10 | CVE-2023-5789 (lien direct) | Une vulnérabilité classifiée comme problématique a été trouvée dans le chemin de dragon 707GR1 jusqu'en 20231022. affecté est une fonction inconnue des diagnostics de ping composant.La manipulation de l'adresse hôte argumentaire avec l'entrée >> A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability. |
Vulnerability Threat | ||
|
2023-10-26 16:15:08 | CVE-2023-5786 (lien direct) | Une vulnérabilité a été trouvée dans GeoServer Geowebcache jusqu'à 1,15.1.Il a été déclaré problématique.Cette vulnérabilité affecte le code inconnu du fichier /geoServer/gwc/rest.html.La manipulation conduit à une demande directe.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.L'identifiant de cette vulnérabilité est VDB-243592.
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592. |
Vulnerability Threat | ||
|
2023-10-26 16:15:08 | CVE-2023-5787 (lien direct) | Une vulnérabilité a été trouvée dans le système de requête de la technologie de l'éducation du chanming Shaanxi Système de requête 5.0.Il a été évalué comme critique.Ce problème affecte un traitement inconnu.La manipulation de l'argument Stuidcard conduit à l'injection de SQL.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.L'identifiant VDB-243593 a été attribué à cette vulnérabilité.
A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability. |
Vulnerability Threat | ||
 |
2023-10-26 15:59:16 | Apprentissages clés des campagnes de ransomware «Big Game» Key Learnings from “Big Game” Ransomware Campaigns (lien direct) |
> Il existe des étapes clés que chaque organisation devrait prendre pour tirer parti des données de menace et d'événements tout au long du cycle de vie d'un cyber-incident.
>There are key steps every organization should take to leverage threat and event data across the lifecycle of a cyber incident. |
Ransomware Threat | ★★ | |
|
2023-10-26 15:15:09 | CVE-2023-5785 (lien direct) | Une vulnérabilité a été trouvée dans la passerelle de sécurité des applications NETENTSec NS-ASG 6.3.Il a été classé comme critique.Cela affecte une partie inconnue du fichier /protocol/firewall/addaddress_interpret.php.La manipulation de l'argument MessageContent conduit à l'injection de SQL.L'exploit a été divulgué au public et peut être utilisé.L'identifiant associé de cette vulnérabilité est VDB-243591.Remarque: Le vendeur a été contacté tôt à propos de cette divulgation mais n'a pas répondu de manière.
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
|
2023-10-26 15:15:09 | CVE-2023-5784 (lien direct) | Une vulnérabilité a été trouvée dans la passerelle de sécurité des applications NETENTSEC NS-ASG 6.3 et classée comme critique.Ce problème est une fonctionnalité inconnue du fichier /protocol/firewall/uploadfirewall.php.La manipulation de l'argument MessageContent conduit à l'injection de SQL.L'exploit a été divulgué au public et peut être utilisé.VDB-243590 est l'identifiant attribué à cette vulnérabilité.Remarque: Le vendeur a été contacté tôt à propos de cette divulgation mais n'a pas répondu de manière.
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
|
2023-10-26 15:15:09 | CVE-2023-46238 (lien direct) | Zitadel est un système de gestion des infrastructures d'identité.Les utilisateurs de Zitadel peuvent télécharger leur propre image Avatar en utilisant divers types d'images, y compris SVG.SVG peut inclure des scripts, tels que JavaScript, qui peuvent être exécutés lors du rendu.En raison d'un en-tête de sécurité manquant, un attaquant pourrait injecter du code à un SVG pour accéder au compte de la victime et de l'ACIRC; & Euro;Une victime devrait ouvrir directement l'image malveillante dans le navigateur, où une seule session à Zitadel doit être active pour que cet exploit fonctionne.Si la victime possible avait eu plusieurs séances actives ou pas actives à Zitadel, l'attaque ne réussirait pas.Ce problème a été corrigé dans les version 2.39.2 et 2.38.2.
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim’s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2. |
Threat | ||
|
2023-10-26 15:15:08 | CVE-2023-45868 (lien direct) | Le module d'apprentissage dans ILIAS 7.25 (version 2023-09-12) permet à un attaquant (avec les privilèges de base des utilisateurs) d'atteindre une attaque de traversée de répertoire à fort impact contre la confidentialité et la disponibilité.En exploitant cette vulnérabilité basée sur le réseau, l'attaquant peut déplacer des répertoires spécifiés, normalement en dehors du documentroot, vers un emplacement accessible au public via la fonction PHP Rename ().Il en résulte une perte totale de confidentialité, d'exposer des ressources sensibles et potentiellement de refuser l'accès au composant affecté et aux composants du système d'exploitation.Pour exploiter cela, un attaquant doit manipuler une demande de poste lors de la création d'une unité d'exercice, en modifiant les paramètres old_name et new_name via le répertoire.Cependant, il est essentiel de noter que, lors de l'exploitation de cette vulnérabilité, le répertoire spécifié sera déplacé à partir de son emplacement d'origine, rendant tous les fichiers obtenus à partir de là indisponibles.
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system\'s components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it\'s essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable. |
Threat | ||
|
2023-10-26 15:15:08 | CVE-2023-45867 (lien direct) | ILIAS (version 2013-09-12) contient une vulnérabilité d'inclusion de fichiers locaux de répertoire de répertoire moyen dans le module Scormaicc.Un attaquant avec un compte privilégié, tenant généralement le rôle du tuteur, peut l'exploiter pour obtenir un accès non autorisé à et potentiellement récupérer des fichiers confidentiels stockés sur le serveur Web.L'attaquant peut accéder aux fichiers lisibles par l'utilisateur de serveur Web WWW-Data;Cela peut inclure des fichiers de configuration sensibles et des documents situés en dehors du documentroot.La vulnérabilité est exploitée par un attaquant qui manipule le paramètre de fichier dans une URL, insérant des séquences de traversée du répertoire afin d'accéder aux fichiers non autorisés.Cette manipulation permet à l'attaquant de récupérer des fichiers sensibles, tels que / etc / passwd, compromettant potentiellement la sécurité du système.Ce problème présente un risque important pour la confidentialité et est exploitable à distance sur Internet.
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system\'s security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet. |
Vulnerability Threat | ||
 |
2023-10-26 14:30:22 | The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team (lien direct) |
|
Threat | ★★ | |
|
2023-10-26 14:15:08 | CVE-2023-5783 (lien direct) | Une vulnérabilité a été trouvée à Tongda OA 2017 jusqu'à 11,9 et classé comme critique.Cette vulnérabilité est une fonctionnalité inconnue du fichier général / système / approuver_center / flow_sort / flow / delete.php.La manipulation de l'argument ID / Sort_parent conduit à l'injection SQL.L'attaque peut être lancée à distance.L'exploit a été divulgué au public et peut être utilisé.La mise à niveau vers la version 11.10 est en mesure de résoudre ce problème.Il est recommandé de mettre à niveau le composant affecté.L'identifiant VDB-243589 a été attribué à cette vulnérabilité.Remarque: Le vendeur a été contacté tôt à propos de cette divulgation mais n'a pas répondu de manière.
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
|
2023-10-26 14:15:08 | CVE-2023-5782 (lien direct) | Une vulnérabilité, qui a été classée comme critique, a été trouvée à Tongda OA 2017 jusqu'à 11.10.Affecté est une fonction inconnue du fichier /manage/delete_query.php du composant General News.La manipulation de l'argument News_id conduit à l'injection de SQL.L'exploit a été divulgué au public et peut être utilisé.L'identifiant de cette vulnérabilité est VDB-243588.Remarque: Le vendeur a été contacté tôt à propos de cette divulgation mais n'a pas répondu de manière.
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
 |
2023-10-26 14:00:00 | Amazon-themed PDF Phishing, Abusing LinkedIn and Twitter, Targets Microsoft Live Outlook Users (lien direct) | >Summary In August 2023, Netskope Threat Labs highlighted an increase in downloads of PDF phishing attachments in Microsoft Live Outlook, caused by a series of phishing campaigns targeting users of the email service. We took a closer look and found that these campaigns are mostly Amazon-themed scams with a few Apple and IRS-themed phishing attempts […]
>Summary In August 2023, Netskope Threat Labs highlighted an increase in downloads of PDF phishing attachments in Microsoft Live Outlook, caused by a series of phishing campaigns targeting users of the email service. We took a closer look and found that these campaigns are mostly Amazon-themed scams with a few Apple and IRS-themed phishing attempts […] |
Threat | ★★ | |
|
2023-10-26 13:15:10 | CVE-2023-5780 (lien direct) | A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
|
2023-10-26 13:15:10 | CVE-2023-5781 (lien direct) | A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
 |
2023-10-26 13:08:32 | Exploring a crypto-mining campaign which used the Log4j vulnerability (lien direct) | This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation.
This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation. |
Vulnerability Threat | ★★ | |
|
2023-10-26 13:08:32 | Sellen Construction \\'builds great\\' with Darktrace and Microsoft (lien direct) | Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business.
Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business. |
Threat Cloud | ★★ | |
 |
2023-10-26 13:00:35 | The Financial Implications of Cyber Security: How Catch Rates Impact Organizational Risk (lien direct) | >Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […]
>Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […] |
Threat Prediction Cloud | ★★ | |
|
2023-10-26 12:54:00 | Le tortue de groupe iranien lance une nouvelle vague d'attaques de logiciels malveillants Imaploader Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (lien direct) |
L'acteur iranien des menaces connu sous le nom de tortue-tortue a été attribué à une nouvelle vague d'attaques d'arrosage conçues pour déployer un logiciel malveillant surnommé Imaploader.
"Imaploader est un malware .NET qui a la possibilité de systèmes de victime d'empreintes digitales en utilisant des utilitaires Windows natifs et agit comme téléchargeur pour de nouvelles charges utiles", a déclaré le PWC Threat Intelligence dans une analyse mercredi.
"Il utilise un e-mail
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence said in a Wednesday analysis. "It uses email |
Malware Threat | ★★ | |
 |
2023-10-26 10:00:00 | Ensuring robust security of a containerized environment (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s rapidly evolving digital landscape, containerized microservices have become the lifeblood of application development and deployment. Resembling miniature virtual machines, these entities enable efficient code execution in any environment, be it an on-premises server, a public cloud, or even a laptop. This paradigm eliminates the criteria of platform compatibility and library dependency from the DevOps equation. As organizations embrace the benefits of scalability and flexibility offered by containerization, they must also take up the security challenges intrinsic to this software architecture approach. This article highlights key threats to container infrastructure, provides insights into relevant security strategies, and emphasizes the shared responsibility of safeguarding containerized applications within a company. Understanding the importance of containers for cloud-native applications Containers play a pivotal role in streamlining and accelerating the development process. Serving as the building blocks of cloud-native applications, they are deeply intertwined with four pillars of software engineering: the DevOps paradigm, CI/CD pipeline, microservice architecture, and frictionless integration with orchestration tools. Orchestration tools form the backbone of container ecosystems, providing vital functionalities such as load balancing, fault tolerance, centralized management, and seamless system scaling. Orchestration can be realized through diverse approaches, including cloud provider services, self-deployed Kubernetes clusters, container management systems tailored for developers, and container management systems prioritizing user-friendliness. The container threat landscape According to recent findings of Sysdig, a company specializing in cloud security, a whopping 87% of container images have high-impact or critical vulnerabilities. While 85% of these flaws have a fix available, they can’t be exploited because the hosting containers aren’t in use. That said, many organizations run into difficulties prioritizing the patches. Rather than harden the protections of the 15% of entities exposed at runtime, security teams waste their time and resources on loopholes that pose no risk. One way or another, addressing these vulnerabilities requires the fortification of the underlying infrastructure. Apart from configuring orchestration systems properly, it’s crucial to establish a well-thought-out set of access permissions for Docker nodes or Kubernetes. Additionally, the security of containers hinges on the integrity of the images used for their construction. Guarding containers throughout the product life cycle A container\'s journey encompasses three principal stages. The initial phase involves constructing the container and subjecting it to comprehensive functional and load tests. Subsequently, the container is stored in the image registry, awaiting its moment of execution. The third stage, container runtime, occurs when the container is launched and operates as intended. Early identification of vulnerabilities is vital, and this is where the shift-left security principle plays a role. It encourages an intensified focus on security from the nascent stages of the product life cycle, encompassing the design and requirements gathering phases. By incorporating automated security checks within the CI/CD pipeline, developers can detect security issues early and minimize the chance of security gap | Tool Vulnerability Threat Cloud | Uber | ★★★ |
|
2023-10-26 09:55:00 | Yorotrooper: les chercheurs mettent en garde contre le groupe de cyber-espionnage du Kazakhstan \\ YoroTrooper: Researchers Warn of Kazakhstan\\'s Stealthy Cyber Espionage Group (lien direct) |
Un acteur de menace relativement nouveau connu sous le nom de Yorotrooper est probablement composé d'opérateurs originaires du Kazakhstan.
L'évaluation, qui vient de Cisco Talos, est basée sur leur maîtrise du kazakh et du russe, l'utilisation de Tenge pour payer les infrastructures opérationnelles et le ciblage très limité des entités kazakhstani, sauf l'agence anti-corruption du gouvernement.
"Yorotrooper tente d'obscurcir
A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government\'s Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the |
Threat | ★★ | |
 |
2023-10-26 08:49:41 | Increasing transparency in AI security (lien direct) | Mihai Maruseac, Sarah Meiklejohn, Mark Lodato, Google Open Source Security Team (GOSST)New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. Building AI securely is a paramount concern, and we believe that Google\'s Secure AI Framework (SAIF) can help chart a path for creating AI applications that users can trust. Today, we\'re highlighting two new ways to make information about AI supply chain security universally discoverable and verifiable, so that AI can be created and used responsibly. The first principle of SAIF is to ensure that the AI ecosystem has strong security foundations. In particular, the software supply chains for components specific to AI development, such as machine learning models, need to be secured against threats including model tampering, data poisoning, and the production of harmful content. Even as machine learning and artificial intelligence continue to evolve rapidly, some solutions are now within reach of ML creators. We\'re building on our prior work with the Open Source Security Foundation to show how ML model creators can and should protect against ML supply chain attacks by using | Malware Tool Vulnerability Threat Cloud | ★★ | |
 |
2023-10-26 06:00:18 | Break the Attack Chain with Identity Threat Protection (lien direct) | “The attacker only has to be right once. Defenders have to get it right every time.” This well-known saying has shaped countless cybersecurity strategies. The belief is that a single compromise of our defenses can lead to a catastrophic outcome. As new risks emerge and attackers develop tactics to evade controls, defenders face the daunting task of protecting an ever-expanding array of connected identities. Many companies now embrace resilience strategies, accepting that an incident is inevitable - “It\'s not a matter of if, but when.” That\'s because defenders have been fixated on the impossible task of protecting everything within the business. But a new industry approach to cyber defense in recent years has emerged that points the path towards a better way. Instead of protecting everything, defenders should aim to neutralize attackers\' tactics, techniques and procedures (TTPs), which are hard to replace. This disrupts the completion of the attack chain. What is the attack chain? And how does identity threat protection disrupt it? That\'s what we\'re here to discuss. The enduring relevance of the attack chain No other concept has captured the essence of successful cyber attacks like the attack chain (aka the “cyber kill chain”), which was developed by Lockheed Martin in 2011. Even 12 years later, the attack chain remains relevant, while defenders struggle to prevent the most impactful incidents. While cyber criminals don\'t follow the same steps every time, the basic phases of an attack are pretty much always the same: Steps in the cyber attack chain. The challenge of initial compromise The first phase in the attack chain is the initial compromise. Modern cyber criminals use an array of tactics to infiltrate companies and wreak havoc on their systems, from BEC attacks to cloud account takeovers and ransomware incidents. One trend is to exploit trusted third-party relationships to compromise companies through their suppliers. What seems like an innocuous initial email can escalate into a full-scale compromise with great speed. Once attackers gain unrestricted access to a company\'s domain, they can infiltrate email accounts to commit fraudulent activities. One alarming twist to credential phishing emails is that they can evade detection. They leave behind no traces of compromise or malware. Even with the rise of multifactor authentication (MFA), these attacks continue to surge. Once accounts are compromised through a credential phishing email or a vulnerable remote desktop session, businesses face the next phase of the attack chain: privileged escalation and lateral movement within their networks. Next phase: privilege escalation and lateral movement This is the middle of the attack chain. And it\'s where threat actors try to breach a company\'s defenses. Often, they do this by compromising the identities of employees, contractors, service providers or edge devices. Their main goal is to use this initial access to elevate their privileges, typically targeting Active Directory (AD). AD, which many businesses around the world use, is susceptible to compromise. It can provide attackers with unparalleled control over a company\'s computing infrastructure. With this access, they can engage in lateral movement and spread malware across the business, causing more harm. Finally, the risk of data loss Attackers don\'t rely on a single stroke of luck. Their success hinges on a series of precise maneuvers. Monetary gains through data exfiltration are often their objective. And once they have navigated the intricate web of identities, they can target valuable data and orchestrate data theft operations. Defenders must disrupt this chain of events to prevent the loss of sensitive data, like intellectual property or customer identifiable data. Then, they can gain the upper hand and steer the course of cybersecurity in their favor. The three best opportunities to break the attack chain. Building a map of your organizat | Ransomware Malware Tool Threat Prediction Cloud | ★★ | |
|
2023-10-26 01:15:07 | CVE-2023-46667 (lien direct) | Un problème a été découvert dans Fleet Server> = V8.10.0 et = v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch. | Threat | ||
|
2023-10-25 23:59:00 | BHI Energy libère les détails de l'attaque des ransomwares Akira BHI Energy Releases Details of Akira Ransomware Attack (lien direct) |
L'acteur de menace a exfiltré 690 gigaoctets de données non compressées, ou 767 035 fichiers.
The threat actor exfiltrated 690 gigabytes of uncompressed data, or 767,035 files. |
Ransomware Threat | ★★ | |
|
2023-10-25 19:55:00 | Alors que Citrix exhorte ses clients à patcher, les chercheurs publient un exploit As Citrix Urges Its Clients to Patch, Researchers Release an Exploit (lien direct) |
Dans la course sur la dernière vulnérabilité de Citrix \\, les méchants ont une énorme longueur d'avance, avec de grandes implications pour les entreprises et les fournisseurs d'infrastructures critiques du monde entier.
In the race over Citrix\'s latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide. |
Threat | ★★★ | |
|
2023-10-25 19:38:00 | Alarme virtuelle: VMware émet un avis de sécurité majeur Virtual Alarm: VMware Issues Major Security Advisory (lien direct) |
Les serveurs VMware vCenter ont besoin d'un patch immédiat contre le bug de RCE critique à mesure que la race contre les acteurs de la menace commence.
VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins. |
Threat | ★★ | |
 |
2023-10-25 19:25:25 | Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers (lien direct) | #### Description
ESET Research découvre des campagnes par le groupe Winter Vivern APT qui exploite une vulnérabilité XSS zéro-jour dans le serveur de la carte Web Roundcube et cible les entités gouvernementales et un groupe de réflexion en Europe.Pour compromettre ses objectifs, le groupe utilise des documents malveillants, des sites Web de phishing et une porte dérobée PowerShell personnalisée.L'exploitation de la vulnérabilité XSS, attribuée CVE-2023-5631, peut se faire à distance en envoyant un e-mail spécialement conçu.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/winter-vivern-exploitts-zero-ay-vulnerabilité-loundcube-webmail-servers/
#### Date de publication
25 octobre 2023
#### Auteurs)
Matthieu faou
#### Description ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe. To compromise its targets, the group uses malicious documents, phishing websites, and a custom PowerShell backdoor. Exploitation of the XSS vulnerability, assigned CVE-2023-5631, can be done remotely by sending a specially crafted email message. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/ #### Publication Date October 25, 2023 #### Author(s) Matthieu Faou |
Vulnerability Threat | ★★★ | |
|
2023-10-25 19:00:00 | Couverture des menaces de netskope: Menorah Netskope Threat Coverage: Menorah (lien direct) |
> Résumé En octobre 2023, Netskope a analysé un document de mots malveillant et le malware qu'il contenait, surnommé «Menorah».Le malware a été attribué à un groupe de menaces persistant avancé APT34 et aurait été distribué par phisse de lance.Le fichier de bureau malveillant utilise le code VBA dispersé et obscurci pour échapper à la détection.Le groupe avancé des menaces persistantes cible [& # 8230;]
>Summary In October 2023, Netskope analyzed a malicious Word document and the malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection. The advanced persistent threat group targets […] |
Malware Threat | APT 34 | ★★ |
|
2023-10-25 18:50:00 | Des pirates d'État nationaux exploitant zéro-jour dans un logiciel de cmaillé Roundcube Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software (lien direct) |
L'acteur de menace connu sous le nom de Winter Vivern a été observé exploitant un défaut zéro-jour dans le logiciel de la carte Web Roundcube le 11 octobre 2023 pour récolter les messages e-mail des comptes des victimes.
"Winter Vivern a intensifié ses opérations en utilisant une vulnérabilité zéro-jour dans Roundcube", a déclaré le chercheur en sécurité de l'ESET Matthieu Faou dans un nouveau rapport publié aujourd'hui.Auparavant, il utilisait connu
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims\' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known |
Vulnerability Threat | ★★ | |
|
2023-10-25 18:17:43 | CVE-2023-5568 (lien direct) | Un défaut de débordement de tampon basé sur un tas a été découvert en samba.Il pourrait permettre à un attaquant éloigné et authentifié d'exploiter cette vulnérabilité pour provoquer un déni de service.
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. |
Vulnerability Threat | ||
|
2023-10-25 18:17:43 | CVE-2023-5472 (lien direct) | Utiliser après gratuitement dans les profils dans Google Chrome avant 118.0.5993.117 a permis à un attaquant distant d'exploiter potentiellement la corruption de tas via une page HTML fabriquée.(Gravité de sécurité du chrome: élevée)
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Threat | ||
|
2023-10-25 18:17:29 | CVE-2023-39231 (lien direct) | PingFederate à l'aide de l'adaptateur MFA Pingone permet à un nouveau périphérique MFA d'être apparié sans nécessiter une authentification de deuxième facteur à partir d'un périphérique enregistré existant.Un acteur de menace peut être en mesure d'exploiter cette vulnérabilité pour enregistrer son propre appareil MFA s'ils ont connaissance des premières informations d'identification d'un facteur victime de l'utilisateur.
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user\'s first factor credentials. |
Vulnerability Threat | ||
|
2023-10-25 18:17:28 | CVE-2023-38041 (lien direct) | Un utilisateur enregistré peut élever ses autorisations en abusant d'un moment de vérification de la condition de course du temps d'utilisation (TOTOU).Lorsqu'un flux de processus particulier est initié, un attaquant peut exploiter cette condition pour gagner des privilèges élevés non autorisés sur le système affecté.
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. |
Threat | ||
|
2023-10-25 18:17:23 | CVE-2023-20273 (lien direct) | Une vulnérabilité dans la fonction d'interface utilisateur Web du logiciel Cisco IOS XE pourrait permettre à un attaquant distant authentifié d'injecter des commandes avec les privilèges de Root.
Cette vulnérabilité est due à une validation d'entrée insuffisante.Un attaquant pourrait exploiter cette vulnérabilité en envoyant une entrée fabriquée à l'interface utilisateur Web.Un exploit réussi pourrait permettre à l'attaquant d'injecter des commandes au système d'exploitation sous-jacent avec des privilèges racine.
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. |
Vulnerability Threat | ||
 |
2023-10-25 16:00:00 | Winter Vivern: Exploit XSS Zero-Day cible les serveurs Roundcube Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers (lien direct) |
ESET Research a rapporté la vulnérabilité à l'équipe Roundcube le 12 octobre
ESET Research reported the vulnerability to the Roundcube team on October 12 |
Vulnerability Threat | ★★ | |
|
2023-10-25 15:37:00 | Winter Vivern apt Blast webmail zéro-day bug avec un clic exploit Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit (lien direct) |
Une campagne ciblant les organisations gouvernementales européennes et un groupe de réflexion montrent la cohérence du groupe de menaces à profil bas, qui a des liens avec la Biélorussie et la Russie.
A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia. |
Threat | ★★ | |
|
2023-10-25 14:43:00 | La campagne de malvertisation cible le système de paiement Brazil \\'s Pix avec Gopix Malware Malvertising Campaign Targets Brazil\\'s PIX Payment System with GoPIX Malware (lien direct) |
La popularité du système de paiement instantané du Brésil \\ a en fait une cible lucrative pour les acteurs de menace qui cherchent à générer des bénéfices illicites en utilisant un nouveau malware appelé Gopix.
Kaspersky, qui a suivi la campagne Active depuis décembre 2022, a déclaré que les attaques sont réalisées à l'aide d'annonces malveillantes qui sont desservies lorsque les victimes potentielles recherchent "WhatsApp Web" sur les moteurs de recherche.
"Le
The popularity of Brazil\'s PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The |
Malware Threat | ★★ | |
 |
2023-10-25 12:00:00 | Espionage Group utilise le serveur Web Mail Zero-Day pour cibler les gouvernements européens Espionage group uses webmail server zero-day to target European governments (lien direct) |
Un groupe d'espionnage bien connu vu généralement soutenant la Russie et le Biélorussie a été surpris à exploiter une vulnérabilité zéro-jour affectant un service de messagerie Web populaire utilisé par les gouvernements à travers l'Europe.Des chercheurs de la société de sécurité ESET ont déclaré qu'ils avaient suivi une nouvelle campagne d'hiver Vivern - un groupe avancé de menace persistante (APT) précédemment impliquée dans les cyberattaques sur [le
A well-known espionage group typically seen supporting Russia and Belarus was caught exploiting a zero-day vulnerability affecting a popular webmail service used by governments across Europe. Researchers at security firm ESET said they have been tracking a new campaign by Winter Vivern -- an advanced persistent threat (APT) group previously implicated in cyberattacks on [the |
Vulnerability Threat | ★★ | |
 |
2023-10-25 11:35:37 | Sur les acteurs de menace \\ 'radar: exploits POC pour la vulnérabilité des opérations Aria VMware (CVE-2023-34051), et plus On Threat Actors\\' Radar: PoC Exploits for VMware Aria Operations Vulnerability (CVE-2023-34051), and More (lien direct) |
Les vulnérabilités nouvellement découvertes sont une source constante de préoccupation pour la communauté de la cybersécurité, en particulier lorsque ...
Newly discovered vulnerabilities are a constant source of concern for the cybersecurity community, particularly when... |
Vulnerability Threat | ★★ | |
 |
2023-10-25 11:10:31 | NETSCOUT: EMEA reçoit la plupart des attaques DDOS au milieu des troubles géopilitiques en cours Netscout : EMEA receives most DDOS attacks AMID ongoing geopilitical unrest (lien direct) |
Les cybercriminels ont augmenté leurs activités néfastes au cours de la première moitié de 2023. Selon le dernier rapport de renseignement sur les menaces de Netscout \\, les acteurs de la menace ont lancé environ 7,9 millions d'attaques de déni de service distribué (DDOS *) dans le monde en 1h 2023,Comparé à un peu plus de 6 millions de ces attaques au cours du 1h 2022. Cela représente une augmentation de 31% d'une année à l'autre et 44 000 attaques DDOS par jour.
Cette augmentation de la fréquence des attaques était également évidente en Europe, le milieu (...)
-
rapports spéciaux
Cybercriminals ramped up their nefarious activities during the first half of 2023. According to NETSCOUT\'s latest Threat Intelligence Report, threat actors launched approximately 7.9 million distributed denial-of-service (DDoS*) attacks globally in 1H 2023, compared to just over 6 million of these attacks during 1H 2022. This represents a 31 per cent increase year over year and a staggering 44,000 DDoS attacks per day. This increase in attack frequency was also evident in Europe, the Middle (...) - Special Reports |
Threat | ★★ |
To see everything:
Our RSS (filtrered)
