What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-15 16:15:10 | CVE-2023-1415 (lien direct) | A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-15 16:15:10 | CVE-2023-1379 (lien direct) | A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223127. | Vulnerability Guideline | ||
|
2023-03-15 14:15:11 | CVE-2023-26084 (lien direct) | The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. | Guideline | ||
 |
2023-03-15 13:00:14 | Amazon Ring : les pirates de BlackCat s\'attaquent au géant des sonnettes connectées (lien direct) |  Amazon Ring a été visé par une attaque informatique. En piratant un fournisseur tiers, les pirates russes de BlackCat assurent avoir subtilisé une partie des données de l'entreprise, leader du marché des sonnettes connectées. |
Guideline | ★★★ | |
 |
2023-03-15 13:00:00 | Understanding Data Protection Needs in a Cloud-enabled Hybrid Work World (lien direct) | >Today, Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the report found that the biggest pain point organizations identify with trying to modernize their data protection strategy is that current […] | Guideline Cloud | ★★★ | |
 |
2023-03-15 12:15:00 | Are We Doing Enough to Protect Our Unstructured Data? (lien direct) | Organizations are coming under pressure to protect their data, but does all data need the same security? To secure it, you first need to know what and where it is. | Guideline | ★★★ | |
 |
2023-03-15 11:53:55 | Xavier Pestel – Weborama : " Nous faisons du Kubernetes au quotidien " (lien direct) | Xavier Pestel, Lead SRE (Site Reliability Engineering) détaille comment il pilote l'infrastructure DMP de Weborama, qui s'appuie sur deux fournisseurs de Cloud public, avec Kubernetes. | Guideline Guideline Cloud | Uber | ★★★ |
 |
2023-03-15 10:00:00 | 10 Ways B2B companies can improve mobile security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Mobile security refers to the technologies and processes that are used to protect mobile devices from malicious attacks, data breaches, and other forms of cybercrime. It also includes measures taken to safeguard personal information stored on these devices, as well as protecting them from physical damage or theft. Mobile security is becoming increasingly important due to the rapid proliferation of smartphones and tablets being used for business purposes around the world. Businesses need to take steps to ensure their data remains secure when accessing company networks via mobile devices, including implementing a few key measures. Below are ten ways B2B companies can do better mobile security. 1. Use a secure email provider A secure domain email address is one of the most important ways to ensure that company emails and other sensitive data remain safe. Email providers such as Google, Microsoft, Zoho, and Postale offer secure domain email addresses which encrypt all emails sent and received in transit. This makes it more difficult for hackers to gain access to confidential information or launch attacks on vulnerable systems. Using a secure email provider is essential for any organization looking to maximize its data protection efforts. By taking advantage of these services, businesses can rest assured knowing their emails are secure and protected from malicious actors. 2. Implement strong authentication Strong authentication refers to the use of two or more forms of authentication to authenticate a user's identity. This could include using a one-time password for each login, biometric factors such as fingerprints, or utilizing an encrypted token. Strong authentication ensures that only authorized users can access company networks and confidential data. Having strong authentication measures in place is an essential step in protecting data, as it helps to prevent unauthorized access and keeps sensitive information secure. 3. Install mobile security software Mobile security software (also known as mobile device management or MDM) can help protect devices from malicious attacks. Mobile security software can be installed on all company-owned devices, providing a layer of protection by scanning for and blocking malicious applications. It can also offer additional layers of protection such as remote wiping capability, encryption, and the ability to remotely lock lost or stolen devices. 4. Enforce use policies By having clear use policies in place, businesses can ensure their employees understand the importance of mobile security and that they are adhering to the established rules. These policies should include restrictions on downloading or installing unapproved apps, accessing unknown or suspicious websites, or sharing confidential information with unauthorized personnel. Enforcing use policies is essential for keeping company networks and data secure. By ensuring that all employees abide by the same set of rules, businesses can greatly reduce their risk of a data breach or other malicious attack. 5. Utilize cloud storage Cloud storage provides an effective way to store business data securely off-site. Data stored in the cloud is encrypted and kept safe from physical damage or theft. It also eliminates the need for large servers and other physical infrastructure, reducing both costs and the potential risk of data breaches. Additionally, cloud storage allows employees to access their data from any device, anytime and anywhere | Data Breach Malware Guideline Cloud | ★★★ | |
|
2023-03-15 08:15:09 | CVE-2023-1407 (lien direct) | A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223111. | Vulnerability Guideline | ||
|
2023-03-14 22:12:00 | Optiv More Than Doubles Federal Presence With ClearShark Acquisition (lien direct) | Convergence of two leading cybersecurity companies creates federal sector powerhouse. | General Information Guideline | ★★★ | |
|
2023-03-14 21:15:10 | CVE-2023-26262 (lien direct) | An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. | Vulnerability Guideline | ||
|
2023-03-14 19:15:10 | CVE-2023-27589 (lien direct) | Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`. | Guideline | ||
 |
2023-03-14 18:17:20 | New Android Vishing Malware Impersonates Leading Financial Institutions to Target Victims in South Korea (lien direct) | New Android Vishing Malware Impersonates Leading Financial Institutions to Target Victims in South Korea - Malware Update / affiche | Malware Guideline | ★★ | |
 |
2023-03-14 17:39:15 | Beware of Fake Calls! It\'s not really your bank calling. Check Point Research draws attention to a new Android Malware (lien direct) | >Highlights: CPR alerts on an Android Trojan named “FakeCalls”, a voice phishing malware Malware can masquerade incoming calls as coming form known legitimate financial organizations, aiming to gain the victim's trust and extract personal and financial data “FakeCalls” malware targets the South Korean market, faking calls from over 20 leading financial organizations Background When malware… | Malware Guideline | ★★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
|
2023-03-14 16:15:10 | CVE-2022-39216 (lien direct) | Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1. | Guideline | ||
|
2023-03-14 15:15:12 | CVE-2023-1397 (lien direct) | A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984. | Vulnerability Guideline | ||
|
2023-03-14 15:15:12 | CVE-2023-1398 (lien direct) | A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-14 15:15:12 | CVE-2023-1396 (lien direct) | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983. | Vulnerability Guideline | ||
|
2023-03-14 15:15:11 | CVE-2023-1395 (lien direct) | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-14 15:15:11 | CVE-2023-1392 (lien direct) | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222979. | Vulnerability Guideline | ||
|
2023-03-14 15:15:11 | CVE-2023-1394 (lien direct) | A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-14 15:15:11 | CVE-2023-1391 (lien direct) | A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-03-14 14:14:44 | (Déjà vu) Cyber-attacks: how can companies limit the risks in a global environment of growing security threats? (lien direct) | Cyber-attacks: how can companies limit the risks in a global environment of growing security threats? Julien Soriano, Chief Information Security Officer at Box, leader in the Content Cloud, reviews the tools and actions that must be put in place to secure work environments and to enable all employees to participate in the fight against cyber-attacks in 2023. - Opinion | Guideline | ★★ | |
|
2023-03-14 14:00:00 | Why Healthcare Boards Lag Other Industries in Preparing for Cyberattacks (lien direct) | Only by working collaboratively can boards and security leaders make progress and agree about cybersecurity threats and priorities. | Guideline | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 12:57:19 | Cyberattaques : comment les entreprises peuvent-elles limiter les risques dans un contexte global qui favorise les menaces ? (lien direct) | Cyberattaques : comment les entreprises peuvent-elles limiter les risques dans un contexte global qui favorise les menaces ? Julien Soriano, Responsable de la sécurité des systèmes d'information chez Box, leader du Content Cloud, fait le point sur les outils et actions indispensables à mettre en place pour sécuriser les environnements de travail et pour permettre à tous les collaborateurs de participer à la lutte contre les cyberattaques en 2023. - Points de Vue | Guideline | ★★ | |
|
2023-03-14 10:00:00 | Broken Object Level Authorization: API security\'s worst enemy (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns. This article will describe the problem of BOLA and its consequences, and then it will present potential actions that can be taken to solve the problem. The problem OWASP (2019) indicates the following regarding BOLA: “Attackers can exploit API endpoints that are vulnerable to broken object-level authorization by manipulating the ID of an object that is sent within the request” (para. 1). For example, a hacker may access information regarding how various shops make requests to an e-commerce platform. The hacker may then observe that a certain pattern exists in the codes for these requests. If the hacker can gain access to the codes and has the authorization to manipulate them, then they could establish a different endpoint in the code and thereby redirect all the data to themselves. The exploitation of BOLA vulnerabilities is very common because, without the implementation of an authorization protocol, APIs essentially have no protection whatsoever against hackers. To attack this kind of APIs, the hacker only needs the capability to access request code systems and intercept data by manipulating the codes, which can be done rather easily by anyone who has the requisite skills and resources (Viriya & Muliono, 2021). APIs that do not have security measures in place are thus simply hoping that no one will know how to conduct such an attack or have the desire to do so. Once a willing hacker enters the picture, however, the APIs would have no actual protections to stop the hacker from gaining access to the system and all the data contained within it and transmitted across it. The consequences BOLA attacks have significant consequences in terms of data security: “Unauthorized access can result in data disclosure to unauthorized parties, data loss, or data manipulation. Unauthorized access can also lead to full account takeover” (OWASP, 2019, para. 3). In short, BOLA attacks produce data breaches. Stories about data breaches are all too common in the news, with a very recent one involving a healthcare organization in Texas (Marfin, 2022). While not all data breaches are the result of BOLA attacks, many of them are, given that BOLA is a very common vulnerability in APIs. The specific consequences of a successful BOLA attack, as well as the magnitude of those consequences, would depend on the target of the attack. For example, if the target is a healthcare organization, then the data breach could lead to hackers gaining access to patients' private health insurance. If the target is a bank, then the hackers would likely be able to access customers’ social security numbers. If the target is an e-commerce website, then data regarding customers’ credit card numbers and home addresses would be compromised. In all cases, the central consequence of a BOLA attack is that hackers can gain access to personal information due to a lack of adequate security measures within the APIs in question. The solution The solution to BOLA is for programmers to implement authorization protocols for accessing any d | Data Breach Vulnerability Guideline | ★★★ | |
|
2023-03-14 08:59:12 | SecurityHQ Named Frost Radar Leader in Frost and Sullivan\'s 2023 America\'s MPSS Report (lien direct) | SecurityHQ Named Frost Radar Leader in Frost and Sullivan's 2023 America's MPSS Report - MAGIC QUADRANT | Guideline | ★★ | |
|
2023-03-14 06:15:12 | CVE-2023-27896 (lien direct) | In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability. | Guideline | ||
|
2023-03-14 06:15:11 | CVE-2023-27271 (lien direct) | In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability. | Guideline | ||
|
2023-03-14 05:15:30 | CVE-2023-26459 (lien direct) | Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. | Guideline | ||
|
2023-03-14 05:15:29 | CVE-2023-25615 (lien direct) | Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application. | Guideline | ||
|
2023-03-14 05:15:29 | CVE-2023-25616 (lien direct) | In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system. | Vulnerability Guideline | ||
|
2023-03-14 05:15:28 | CVE-2023-0021 (lien direct) | Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. | Guideline | ||
|
2023-03-13 18:15:12 | CVE-2021-45423 (lien direct) | A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. | Guideline | ||
|
2023-03-13 18:15:12 | CVE-2023-1378 (lien direct) | A vulnerability classified as critical was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This vulnerability affects unknown code of the file paypalsuccess.php of the component POST Parameter Handler. The manipulation of the argument cusid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222904. | Vulnerability Guideline | ||
|
2023-03-13 17:42:53 | Dans son rapport sur la sécurité des applications et des API, GigaOm place Check Point Software au rang de leader de l\'innovation (lien direct) | Dans son rapport sur la sécurité des applications et des API, GigaOm place Check Point Software au rang de leader de l'innovation Check Point CloudGuard AppSec (Application Security) se distingue car il utilise l'intelligence artificielle préemptive pour bloquer de manière proactive les attaques complexes de type " zero-day " et pour sécuriser les applications cloud des entreprises - Magic Quadrant | Guideline Cloud | ★★★ | |
|
2023-03-13 17:15:12 | CVE-2023-0037 (lien direct) | The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | Guideline | ||
|
2023-03-13 14:48:09 | Moteurs d\'information : qui se distingue sur ce marché aux couleurs d\'Elasticsearch (lien direct) | Un tiers des fournisseurs classés au Magic Quadrant des moteurs d'information (insight engines) s'appuient sur Elasticsearch. Comment se présente ce marché ? | Guideline | ★★★ | |
|
2023-03-13 14:14:44 | GigaOm Recognizes Check Point Software as a Leader in Innovation in its Application and API Security Report (lien direct) | GigaOm Recognizes Check Point Software as a Leader in Innovation in its Application and API Security Report Check Point CloudGuard AppSec (Application Security) stands out for using Preemptive Artificial Intelligence (AI) to proactively block complex zero-day attacks and secure organizations' Cloud Applications - Malware Update | Guideline Cloud | ★★ | |
|
2023-03-13 12:15:11 | CVE-2023-24033 (lien direct) | The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | Guideline | ||
|
2023-03-13 11:00:02 | Check Point Software Technologies Earns Top Spots in 19 G2 Leadership Grids (lien direct) | >By Kristin Owens, Head of Functional Marketing & Executive Engagement, Check Point We at Check Point are proud to share that our products have been ranked as leading solutions in 19 categories of security software on G2. From firewalls to cloud, endpoint, and mobile security solutions-we’re pleased to be so popular! Check Point customers are… | Guideline | ★★ | |
 |
2023-03-13 10:43:00 | Estonian official says parliamentary elections were targeted by cyberattacks (lien direct) |
Estonia's parliamentary elections this month were unsuccessfully targeted by cyberattacks, one of the country's leading cybersecurity officials told The Record. The elections marked the first time that the majority of Estonians cast ballots using the country's [internet voting system](https://www.youtube.com/watch?v=uz9CUK0Ii6Q). While officials in countries like the United Kingdom have domestically warned that such systems introduce risks |
Threat Guideline | ★★★ | |
|
2023-03-13 10:00:00 | Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. "Why are you here if you cannot decrypt our data?" This is how people sometimes react to the arrival of the external incident response team. In this article, I will try to answer this question, but at the same time, I am going to describe the stages of incident response, list the main mistakes that play into the hands of hackers, and give basic advice on how to respond. Let's start by defining what a security incident is. Although the concept is straightforward, various companies may interpret it differently. For instance, some companies may consider incidents to include situations such as a power supply failure or a hard drive malfunction, while others may only classify malicious actions as incidents. In theory, an incident is a moment when some kind of undesirable event occurs. In practice, the definition of an "undesirable event" is determined by each company's own interpretation and perspective. For one organization, the discovery of a phishing email is what requires investigation. Other companies may not see the point in worrying about such incidents. For instance, they may not be concerned about a phishing email being opened on an employee device in a remote location not connected to the main infrastructure since it poses no immediate threat. There are also interesting cases here. For example, online traders consider a drop in the speed of interaction with the online exchange by 1% to be a serious incident. In many industries, proper incident response steps and cybersecurity in general, cannot be overestimated. But if we are talking about serious incidents, then most often, these are events related to the penetration of an attacker into the corporate network. This annoys the vast majority of business leaders. Incident response stages While the interpretation of certain events as security incidents may vary depending on various factors such as context and threat model, the response steps are often the same. These response steps are primarily based on the old SANS standard, which is widely used by many security professionals. SANS identifies six stages of incident response: Preparation Identification Containment Eradication Recovery Lessons learned It is important to note that the external response team is not immediately involved in this process. Preparation Preparation involves properly aligning organizational and technical processes. These are universal measures that should be implemented effectively across all areas: Inventory networks Build subnets correctly Use correct security controls and tools Hire the right people All this is not directly related to the external response team and, at the same time, affects its work significantly. The response is based on preparatory steps. For example, it relies heavily on the log retention policy. Each attack has its own dwell time - the time from an attacker entering the network until their activity is detected. If the attack has an extended dwell time (three-four months) and the logs are kept for seven days, it will be much more difficult for the investigation team to fin | Spam Malware Vulnerability Threat Guideline | ★★★ | |
 |
2023-03-13 09:30:00 | Blackbaud Settles $3m Charge Over Ransomware Attack (lien direct) | SEC claims company filed misleading disclosures | Ransomware Guideline | ★★ | |
|
2023-03-13 09:15:10 | CVE-2023-1368 (lien direct) | A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222874 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-13 09:15:10 | CVE-2023-1366 (lien direct) | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. This affects the function query of the file admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222873 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-13 09:15:10 | CVE-2023-1369 (lien direct) | A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects some unknown processing in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875. | Vulnerability Guideline | ||
|
2023-03-13 08:46:50 | Keyfactor and Trusted Objects Partner on Matter Security Compliance for Smart Home Devices (lien direct) | Keyfactor and Trusted Objects Partner on Matter Security Compliance for Smart Home Devices IoT Security Leaders Join Forces to Help Customers Overcome Smart Home Device Security Challenges in Compliance with Matter Security Standards. - Business News | Guideline | ★★ |
To see everything:
Our RSS (filtrered)
