What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-12 11:00:00 | IA et confidentialité - résoudre les problèmes et les défis AI and privacy - Addressing the issues and challenges (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Artificial intelligence (AI) has seamlessly woven itself into the fabric of our digital landscape, revolutionizing industries from healthcare to finance. As AI applications proliferate, the shadow of privacy concerns looms large. The convergence of AI and privacy gives rise to a complex interplay where innovative technologies and individual privacy rights collide. In this exploration, we\'ll delve into the nuances of this intersection, dissecting the issues and challenges that accompany the integration of AI and privacy. The intersection of AI and privacy At the core of the AI and privacy nexus lie powerful technologies like machine learning (ML), natural language processing (NLP), and computer vision. ML algorithms, for instance, learn from vast datasets to make predictions or decisions without explicit programming. NLP enables machines to comprehend and respond to human language, while computer vision empowers systems to interpret and make decisions based on visual data. As AI seamlessly integrates into our daily lives, from virtual assistants to facial recognition systems to UX research tools, the collection and processing of personal data become inevitable. AI\'s hunger for data is insatiable, and this appetite raises concerns about how personal information is collected and utilized. From your search history influencing your online shopping recommendations to facial recognition systems tracking your movements, AI has become a silent observer of your digital life. The challenge lies not only in the sheer volume of data but in the potential for misuse and unintended consequences, raising critical questions about consent, security, and the implications of biased decision-making. Key issues and challenges The first issue is informed consent. Obtaining meaningful consent in the age of AI is challenging. Often, complex algorithms and data processing methods make it difficult for individuals to understand the extent of data usage. In automated decision-making scenarios, such as loan approvals or job recruitment, the lack of transparency in how AI reaches conclusions poses a significant hurdle in obtaining informed consent. Another is data security and breaches. The vulnerabilities in AI systems, especially when handling sensitive personal data for identity verification, make them potential targets for cyberattacks. A data breach in an AI-driven ecosystem not only jeopardizes personal privacy but also has far-reaching consequences, affecting individuals, businesses, and society at large. You also need to be watchful for bias and discrimination. Bias in AI algorithms can perpetuate and amplify existing societal prejudices, leading to discriminatory outcomes. The impact of biased AI goes beyond privacy concerns, raising ethical questions about fairness, equality, and the potential reinforcement of societal stereotypes. Regulations and frameworks In response to the escalating concerns surrounding AI and privacy, regulatory frameworks have emerged as beacons of guid | Data Breach Vulnerability | ★★ | |
 |
2024-01-12 10:43:03 | Les logiciels malveillants utilisés dans les attaques Ivanti Zero-Day montrent des pirates se préparant pour le déploiement du patch Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout (lien direct) |
> Les vulnérabilités ivanti zéro-jour surnommées connexion pourraient avoir un impact sur des milliers de systèmes et les cyberspies chinoises se préparent à la libération de patchs.
>Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. |
Malware Vulnerability Threat | ★★★ | |
 |
2024-01-12 10:30:18 | Ivanti Connect Secure Zero-Days exploité pour déployer des logiciels malveillants personnalisés Ivanti Connect Secure zero-days exploited to deploy custom malware (lien direct) |
Les pirates exploitent les deux vulnérabilités zéro jour dans Ivanti Connect Secure divulguées cette semaine depuis début décembre pour déployer plusieurs familles de logiciels malveillants personnalisés à des fins d'espionnage.[...]
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...] |
Malware Vulnerability Threat | ★★★ | |
 |
2024-01-12 10:00:00 | La vulnérabilité met les thermostats intelligents de Bosch à risque de compromis Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise (lien direct) |
Les chercheurs BitDefender ont révélé que la vulnérabilité permet à un attaquant d'envoyer des commandes au thermostat et de remplacer son firmware
Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware |
Vulnerability | ★★★ | |
 |
2024-01-12 06:00:17 | Déterministe vs détection de menace probabiliste: quelle est la différence? Deterministic vs. Probabilistic Threat Detection: What\\'s the Difference? (lien direct) |
When you understand the difference between deterministic and probabilistic threat detection, you can better choose the right mix of processes and tools that will keep your data, systems and users most secure. Here is a spoiler, though: As you compare probabilistic and deterministic methods, you will likely conclude that both approaches are needed to some degree. That means you\'re on the right track. When you employ both, you can use the strengths of each approach while mitigating their respective weaknesses. In other words, these methods are different but complementary. To help you figure out when to use each method, we put together this overview. In each section, we start by defining terms, and then we delve into the pros and cons of using the approach to detect threats. What is probabilistic threat detection? Probabilistic threat detection involves the use of probability-based analytic methods to identify potential security threats or malicious activities within a system. This approach doesn\'t rely on fixed (deterministic) rules or signatures alone. Instead, it relies on the likelihood-or probability-that certain behaviors or patterns may indicate the presence of a security threat. Tools for probabilistic threat detection analyze various factors and assign weights to different indicators. That helps cybersecurity systems-and security teams-to prioritize and respond to potential threats based on their perceived risk. This approach to threat detection presents advantages as well as challenges. Here\'s a look at some of the pros and cons of using probabilistic and deterministic detections. Pros Let\'s start with the pros of probabilistic threat detection. Adaptability to new threats. Probabilistic threat detection can help you identify new and evolving threats that may not have definitive signatures. Machine learning and behavioral analysis can adapt to changing attack tactics. Slight pivots in attacker tools and techniques won\'t necessarily fake out these detection techniques. Reduced false positives to unknown threats. Probabilistic methods may result in fewer false negatives for threats that have not been seen before. That\'s because these methods don\'t require a perfect match to a known signature to send an alert. Probabilistic methods are inherently non-binary. Behavioral analysis. This is often part of probabilistic threat detection. It typically uses a baseline of normal system behavior. That, in turn, makes it easier to detect deviations that may indicate a security threat. Continuous learning. Machine learning models for probabilistic threat detection can continuously learn, incorporate feedback from security analysts, and adapt to changes in the threat landscape. That means their accuracy is not static and can improve over time. Cons Now, here is a rundown of some cons. False positives. Probabilistic methods will produce false positives. They rely on statistical models that might interpret unusual but benign behavior as a potential threat. That can lead to alerts on activities that aren\'t malicious. Taken to extremes this can waste security analysts\' time. But making the models less sensitive can lead to false negatives. That\'s why tuning is part of ongoing maintenance. Complexity and resource intensiveness. Implementing and maintaining probabilistic threat detection systems can be complex and demand a lot of resources. That is especially true when it comes to systems that use machine learning because they require a great deal of computing power and expertise to operate. Cost issues. Probabilistic methods and tools deal with uncertainty, which is a key design principle. So they may not be as cost effective as deterministic approaches for detecting well-known threats. Difficulty in interpreting results. It can be a challenge to understand the output of probabilistic models. You may have difficulty discerning why a particular activity is flagged as a potential threat, as the rationale is deep within the model. To interpret the results, you | Malware Tool Vulnerability Threat | ★★ | |
 |
2024-01-12 00:50:57 | Windows 10 KB5034441 MISE À JOUR Affichage de l'erreur 0x80070643 Windows 10 KB5034441 Update Showing error 0x80070643 (lien direct) |
Lorsque vous essayez d'installer la mise à jour de sécurité KB5034441 pour Bitlocker sur le correctif mardi que des millions d'utilisateurs sont accueillis par les erreurs 0x80070643 et l'installation échoue. Après l'installation échouée, le PC redémarrera avec un message d'installation raté et demanderait aux utilisateurs de réessayer. L'erreur indiquait que, & # 8220; Il y a eu des problèmes pour installer des mises à jour, mais nous réessayons à nouveau plus tard.Si vous continuez à le voir et que vous souhaitez rechercher le Web ou contacter la prise en charge des informations, cela peut aider: (0x80070643). & # 8221; La mise à jour a apporté un pontage de cryptage BitLocker qui permet aux utilisateurs d'accéder aux données cryptées. Donc, fondamentalement, Microsoft installe une nouvelle version de Windows Recovery Environment (WINRE) qui corrige la vulnérabilité BitLocker. Microsoft a également partagé une solution pour résoudre le problème susmentionné, alors n'hésitez pas à le suivre si vous faites face au problème, Ouvrez la fenêtre d'invite de commande ( CMD ) comme administrateur Pour vérifier le statut Winre, exécutez Reagerc / info .Si le Winre est installé, il devrait y avoir un «emplacement Windows Re» avec un chemin vers le répertoire Winre.Un exemple est: «Windows re Location: [fichier: //% 3f / globalroot / device / harddisk0 / partition4 / recounting / windowsre] \\? \ Globalroot \ device \ harddisk0 \ partition4 \ recounting \ windowsre.»Ici, le nombre après «Harddisk» et «Partition» est l'indice du disque et de la partition Winre. Pour désactiver le winre, exécutez Reagentc / Disable Réduire la partition du système d'exploitation et préparer le disque à une nouvelle partition de récupération. Pour rétrécir le système d'exploitation, exécutez diskpart run Liste Disque Pour sélectionner le disque du système d'exploitation, exécutez SEL DISK Ce devrait être le même index de disque que Winre. Pour vérifier la partition sous le disque du système d'exploitation et trouver la partition OS, exécutez Liste Part Pour sélectionner la partition du système d'exploitation, exécutez Sel Part run rétréci souhaité = 250 minimum = 250 Pour sélectionner la partition Winre, exécutez Sel Part Pour supprimer la partition Winre, exécutez Supprimer la partition Override Créez une nouvelle partition de récupération. Tout d'abord, vérifiez si le style de partition de disque est une table de partition de GUID (GPT) ou un enregistrement de démarrage principal (MBR).Pour ce faire, exécutez List Disk .Vérifiez s'il y a un caractère astérisque (*) dans la colonne «GPT».S'il y a un caractère astérisque (*), alors le lecteur est GPT.Sinon, le lecteur est MBR. Si votre disque est gpt, exécutez Créer une partition primaire ID = DE94BBA4-06D1-4D40-A16A-BFD50179D6AC suivi de la commande Attributs GPT= 0x8000000000000001 Si votre disque est mbr, exécutez Créer une partition ID primaire = 27 Pour formater la partition, exécutez | Vulnerability | ★★ | |
 |
2024-01-12 00:00:00 | CVE-2023-36025 Exploité pour l'évasion de la défense dans la campagne de voleurs de Phemedrone CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign (lien direct) |
Ce blog se plonge dans l'exploitation de la campagne Phemedrone Stealer \\ de CVE-2023-36025, la vulnérabilité de contournement SmartScreen de Windows Defender, pour son évasion de défense et enquête sur la charge utile du malware \\.
This blog delves into the Phemedrone Stealer campaign\'s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware\'s payload. |
Malware Vulnerability | ★★★ | |
 |
2024-01-11 21:43:00 | Les chercheurs de l'Ivanti signalent deux vulnérabilités critiques à jour zéro Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities (lien direct) |
Les correctifs seront disponibles fin janvier et février, mais jusque-là, les clients doivent prendre des mesures d'atténuation.
Patches will be available in late January and February, but until then, customers must take mitigation measures. |
Vulnerability Threat | ★★ | |
 |
2024-01-11 21:11:04 | Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) | #### Description
La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifiée dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.
Les vulnérabilités permettent l'exécution de code distant non authentifiée et ont été attribuées les CVE suivants: CVE-2023-46805 et CVE-2024-21887.L'attaquant a exploité ces exploits pour voler les données de configuration, modifier les fichiers existants, télécharger des fichiers distants et inverser le tunnel à partir de l'appliance ICS VPN.
Volexity a découvert que l'attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.L'attaquant a modifié un fichier CGI légitime (compcheckResult.cgi) sur l'appliance ICS VPN pour permettre l'exécution de la commande.En outre, l'attaquant a également modifié un fichier JavaScript utilisé par le composant VPN Web SSL de l'appareil afin de Keylog et d'exfiltrat d'identification pour les utilisateurs qui s'y connectent.Volexity attribue actuellement cette activité à un acteur de menace inconnu qu'il suit en vertu de l'alias UTA0178.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways
2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-ay-vulnerabilities-in-ivanti-connect-secure-vpn/
#### Date de publication
11 janvier 2024
#### Auteurs)
Matthew Meltzer
Robert Jan Mora
Sean Koessel
Steven Adair
Thomas Lancaster
#### Description Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. The vulnerabilities allow unauthenticated remote code execution and have been assigned the following CVEs: CVE-2023-46805 and CVE-2024-21887. The attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance. Volexity discovered that the attacker was placing webshells on multiple internal and external-facing web servers. The attacker modified a legitimate CGI file (compcheckresult.cgi) on the ICS VPN appliance to allow command execution. Further, the attacker also modified a JavaScript file used by the Web SSL VPN component of the device in order to keylog and exfiltrate credentials for users logging into it. Volexity currently attributes this activity to an unknown threat actor it tracks under the alias UTA0178. #### Reference URL(s) 1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways 2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ #### Publication Date January 11, 2024 #### Author(s) Matthew Meltzer Robert Jan Mora Sean Koessel Steven Adair Thomas Lancaster |
Vulnerability Threat Industrial | ★★★ | |
 |
2024-01-11 19:46:00 | Nouvel Exploit POC pour la vulnérabilité Apache Ofbiz présente un risque pour les systèmes ERP New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems (lien direct) |
Les chercheurs en cybersécurité ont & nbsp; développé & nbsp; un code de preuve de concept (POC) qui exploite A & NBSP; a récemment divulgué des défauts et NBSP critiques; dans le système de planification des ressources d'entreprise open-source de Biz pour exécuter une charge utile de mémoire de mémoire.
La vulnérabilité en question est & nbsp; CVE-2023-51467 & nbsp; (Score CVSS: 9.8), une contournement pour une autre lacune sévère dans le même logiciel (
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( |
Vulnerability Threat | ★★★ | |
 |
2024-01-11 15:24:12 | SecurityScoreCard Research: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days (lien direct) |
Recherche de menace de sécurité de sécurité: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours
-
mise à jour malveillant
SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update |
Vulnerability Threat Studies | Guam | ★★★★ |
 |
2024-01-11 14:37:34 | Une vulnérabilité à forte gravité dans Cisco Unity Connection pourrait permettre des privilèges racinaires (CVE-2024-20272) High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272) (lien direct) |
Cisco a résolu une vulnérabilité de sécurité à haute sévérité dans Unity Connection qui ouvre la porte à ...
Cisco has resolved a high-severity security vulnerability in Unity Connection that opens the door for... |
Vulnerability | ★★★ | |
 |
2024-01-11 14:18:14 | MiraclePtr: protéger les utilisateurs contre les vulnérabilités sans utilisation sans plateformes MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms (lien direct) |
Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team
Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives.
More platforms
We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes:
In June 2022, we enabled MiraclePtr for the browser process on Windows and Android.
In September 2022, we expanded its coverage to include all processes except renderer processes.
In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux.
Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level!
Evaluating Security Impact
First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness.
Bug reports
Chrome vulnerability reports come from various sources, such as:
Chrome Vulnerability Reward Program participants,
our fuzzing infrastructure,
internal and external teams investigating security incidents.
For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria.
What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues.
Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever |
Tool Vulnerability Threat Mobile | ★★★ | |
|
2024-01-11 12:56:08 | Les attaquants exploitent Ivanti Connectez des vulnérabilités sécurisées zéro-jours pour déployer des webshells (CVE-2023-46805, CVE-2024-21887) Attackers Exploit Ivanti Connect Secure Zero-Day Vulnerabilities to Deploy Webshells (CVE-2023-46805, CVE-2024-21887) (lien direct) |
à la mi-décembre 2023, les chercheurs de volexité ont identifié une activité suspecte au sein d'un réseau client.Leur enquête ...
In mid-December 2023, researchers at Volexity identified suspicious activity within a client’s network. Their investigation... |
Vulnerability Threat | ★★★ | |
|
2024-01-11 10:59:00 | Les pirates chinois exploitent les défauts de jour zéro dans Ivanti Connect Secure and Policy Secure Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure (lien direct) |
Une paire de défauts zéro-jours identifiés dans Ivanti Connect Secure (ICS) et Policy Secure ont été enchaînés par des acteurs suspects de l'État-nation liés à la Chine pour violer moins de 10 clients.
La société de cybersécurité volexité, qui & nbsp; a identifié & nbsp; l'activité sur le réseau de l'un de ses clients au cours de la deuxième semaine de décembre 2023, l'a attribuée à un groupe de piratage qu'il suit sous le nom & NBSP; UTA0178
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178 |
Vulnerability Threat | ★★★ | |
|
2024-01-11 10:25:00 | Cisco corrige la vulnérabilité à haut risque impactant le logiciel de connexion Unity Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software (lien direct) |
Cisco a publié des mises à jour logicielles pour aborder un défaut de sécurité critique impactant la connexion Unity qui pourrait permettre à un adversaire d'exécuter des commandes arbitraires sur le système sous-jacent.
Suivi en AS & NBSP; CVE-2024-20272 & NBSP; (Score CVSS: 7.3), la vulnérabilité est un bogue de téléchargement de fichiers arbitraire résidant dans l'interface de gestion basée sur le Web et est le résultat d'un manque d'authentification dans un spécifique
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific |
Vulnerability | ★★★ | |
|
2024-01-11 09:30:00 | Deux ivanti zéro jours exploités activement dans la nature Two Ivanti Zero-Days Actively Exploited in the Wild (lien direct) |
Ivanti a publié des étapes d'atténuation après les rapports d'exploitation active de Connect Secure et Policy Secure Vulnérabilités
Ivanti has released mitigation steps after reports of active exploitation of Connect Secure and Policy Secure vulnerabilities |
Vulnerability | ★★★ | |
 |
2024-01-11 02:00:00 | Cutting avant: cibles présumées APT Ivanti Connect Secure VPN dans une nouvelle exploitation zéro-jour Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation (lien direct) |
Remarque: Il s'agit d'une campagne de développement sous analyse active de Mandiant et Ivanti.Nous continuerons à ajouter plus d'indicateurs, de détections et d'informations à ce billet de blog au besoin. le 10 janvier 2024, ivanti divulgué Deux vulnérabilités, CVE-2023-46805 et CVE-2024-21887 , impactant Ivanti Connect Secure VPN (" CS ", anciennement Secure Secure) et Ivanti Secure (" PS") appareils électroménagers.Une exploitation réussie pourrait entraîner un contournement d'authentification et une injection de commandement, entraînant un autre compromis en aval d'un réseau de victimes.Mandiant a identifié l'exploitation zéro-jour de ces vulnérabilités
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed.On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities |
Vulnerability Threat | ★★★ | |
|
2024-01-11 00:00:00 | Construisez la cyber-résilience avec les systèmes énergétiques distribués Build Cyber Resilience with Distributed Energy Systems (lien direct) |
Protéger contre les vulnérabilités et les cyber-menaces de la cybersécurité en construisant des défenses stratégiques dans les systèmes et infrastructures de production d'énergie (DEG) distribués.
Protect against cybersecurity vulnerabilities & cyber threats by building strategic defenses in Distributed Energy Generation (DEG) systems & infrastructures. |
Vulnerability | ★★★ | |
 |
2024-01-10 21:00:00 | Les clients d'Ivanti ont demandé à corriger les vulnérabilités qui auraient été exploitées par des pirates d'État chinois Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers (lien direct) |
Mercredi, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a exhorté les clients de la société informatique Ivanti pour corriger deux vulnérabilités qui sont activement exploitées.Cisa \\ 's Avis suit un Avertissement De Ivanti qu'au moins 10 de ses clients ont été touchés par les vulnérabilités.Les problèmes concernent Ivanti Connect Secure - un outil VPN largement utilisé.
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday urged customers of IT company Ivanti to patch two vulnerabilities that are being actively exploited. CISA\'s notice follows a warning from Ivanti that at least 10 of its customers were impacted by the vulnerabilities. The issues relate to Ivanti Connect Secure - a widely-used VPN tool. |
Tool Vulnerability | ★★ | |
 |
2024-01-10 19:00:06 | Exploitation active de deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) |
> La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifié dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.Cependant, une atténuation ne remédie pas à un compromis passé ou continu.Les systèmes devraient simultanément être analysés en profondeur par détails dans ce post pour rechercher des signes de violation.Au cours de la deuxième semaine de décembre 2023, la volexité a détecté un mouvement latéral suspect sur le réseau de l'un de ses clients de services de surveillance de la sécurité de réseau.Après une inspection plus approfondie, Volexity a constaté qu'un attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.Ces détections ont lancé une enquête sur la réponse aux incidents sur plusieurs systèmes que la volexité a finalement retrouvé à l'Ivanti Connect Secure (ICS) de l'organisation (anciennement connu sous le nom de Pulse Connect Secure, ou simplement Pulse Secure).Une inspection plus approfondie [& # 8230;]
>Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach. During the second week of December 2023, Volexity detected suspicious lateral movement on the network of one of its Network Security Monitoring service customers. Upon closer inspection, Volexity found that an attacker was placing webshells on multiple internal and external-facing web servers. These detections kicked off an incident response investigation across multiple systems that Volexity ultimately tracked back to the organization\'s Internet-facing Ivanti Connect Secure (ICS) VPN appliance (formerly known as Pulse Connect Secure, or simply Pulse Secure). A closer inspection […] |
Vulnerability Threat | ★★★ | |
|
2024-01-10 14:45:00 | Cyber-insécurité et désinformation TOP WEF Global Risk List Cyber Insecurity and Misinformation Top WEF Global Risk List (lien direct) |
Les cyberattaques et la désinformation de la liste des risques mondiaux de WEF \\, avec une cybercriminalité, en raison de l'exploitation des progrès technologiques et de la domination de l'IA, des préoccupations concernant la vulnérabilité
Cyber-attacks and misinformation top WEF\'s list of global risks, with cybercrime poised to exploit tech advancements and AI dominance raising concerns about vulnerability |
Vulnerability Threat | ★★★ | |
|
2024-01-10 14:20:00 | CISA a mis en garde contre la vulnérabilité critique de Fortinet (CVE-2023-44250) et a émis un nouvel avis ICS CISA Warned of Critical Fortinet Vulnerability (CVE-2023-44250) and Issued a New ICS Advisory (lien direct) |
Dans une alerte récente, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a exhorté les utilisateurs et ...
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) has urged users and... |
Vulnerability Industrial | ★★★ | |
|
2024-01-10 13:20:38 | Janvier 2024 & # 8211;Microsoft Patch Mardidis et SAP Security Patch Day Faits saillants January 2024 – Microsoft Patch Tuesday & SAP Security Patch Day Highlights (lien direct) |
Microsoft a publié mardi son correctif de janvier 2024, abordant un total de 48 vulnérabilités de sécurité, ...
Microsoft has released its January 2024 Patch Tuesday, addressing a total of 48 security vulnerabilities,... |
Vulnerability | ★★ | |
|
2024-01-10 13:00:00 | Les lois sur la vulnérabilité créent des primes de bogue avec les caractéristiques chinoises \\ ' Vulnerability laws create \\'bug bounties with Chinese characteristics\\' (lien direct) |
Pour les acteurs de l'État-nation ciblant les adversaires dans le cyberespace, les vulnérabilités non corrigées dans les logiciels sont comme des munitions.En tant que matière générale, les agences de renseignement et les pirates militaires dépensent des millions de dollars sur le marché gris et des milliers d'heures d'homme dans le but de déterrer des défauts dans le code que personne n'a encore découvert. _But pour le passé
For nation-state actors targeting adversaries in cyberspace, unpatched vulnerabilities in software are like ammunition. As a general matter, intelligence agencies and military hackers spend millions of dollars in the gray market and thousands of man-hours in a bid to dig up flaws in code that no one has discovered yet. _But for the past |
Vulnerability | ★★ | |
|
2024-01-10 12:14:51 | Vulnérabilités de sécurité critiques identifiées dans ConnectWise ScreenConnect par des chercheurs de sécurité Gotham Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers (lien direct) |
Vulnérabilités de sécurité critiques identifiées dans ConnectWise ScreenConnect par les chercheurs de sécurité Gotham
Gotham Security a travaillé en partenariat étroit avec ConnectWise pour identifier et traiter rapidement les vulnérabilités de sécurité dans ScreenConnect pour empêcher une violation majeure pour des milliers d'entreprises
-
vulnérabilité de sécurité
Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers Gotham Security worked in close partnership with ConnectWise to rapidly identify and address security vulnerabilities in ScreenConnect to prevent major breach for thousands of companies - Security Vulnerability |
Vulnerability | ★★ | |
|
2024-01-10 11:00:00 | Attaques d'ingénierie sociale: exemples réels et comment les éviter Social engineering attacks: Real-life examples and how to avoid them (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the ever-evolving landscape of cybersecurity threats, social engineering remains a potent and insidious method employed by cybercriminals. Unlike traditional hacking techniques that exploit software vulnerabilities, social engineering manipulates human psychology to gain unauthorized access to sensitive information. In this article, we will delve into various social engineering tactics, highlighting real-life examples, and offering guidance on how to recognize and avoid falling victim to these deceptive schemes. Understanding social engineering Social engineering is an umbrella term encompassing a range of techniques used to exploit human behaviour. Attackers leverage psychological manipulation to trick individuals into divulging confidential information, clicking on malicious links, or performing actions that compromise security. The following are common social engineering tactics: 1. Phishing attacks: Real-life example: An employee receives an email purportedly from their company\'s IT department, requesting login credentials for a system upgrade. Guidance: Verify the legitimacy of such emails by contacting the IT department through official channels. 2. Pretexting: Real-life example: A scammer poses as a co-worker, claiming to need sensitive information urgently for a project. Guidance: Always verify requests for sensitive information directly with the person involved using trusted communication channels. 3. Baiting: Real-life example: Malicious software disguised as a free software download is offered, enticing users to compromise their systems. Guidance: Avoid downloading files or clicking on links from untrusted sources, and use reputable security software. 4. Quizzes and surveys: Real-life example: Individuals are tricked into taking quizzes that ask for personal information, which is then used for malicious purposes. Guidance: Be cautious about sharing personal details online, especially in response to unsolicited quizzes or surveys. 5. Impersonation: Real-life example: A fraudster poses as a tech support agent, convincing the victim to provide remote access to their computer. Guidance: Verify the identity of anyone claiming to represent a legitimate organization, especially if unsolicited. Recognizing social engineering attacks Recognizing social engineering attacks is crucial for thwarting cyber threats. Here are key indicators that can help individuals identify potential scams: Urgency and pressure: Attackers often create a sense of urgency to prompt impulsive actions. Be skeptical of requests that demand immediate responses. Unsolicited communications: Be wary of unexpected emails, messages, or calls, especially if they request sensitive information or prompt you to click on links. Unusual requests: Any request for sensitive information, such as passwords or financial details, should be treated with suspicion, especially if it deviates from normal procedures. Mismatched URLs: Hover over links to reveal the actual destination. Verify that the URL matches the purported source, and look for subtle misspellings or variations. How to avoid falling victim Protecting oneself from social engineering requires a combination of vigilance, skepticism, and proactive measures: Employee training programs: Conduct regular training sessions to educate employees about social engineering tactics, emphasizing the importance of verifying requests for sensitive information. Multi-factor authentication (MFA): Implement MFA to add an ext | Vulnerability Threat | ★★★ | |
|
2024-01-10 10:56:00 | Microsoft \\'s Janvier 2024 Windows Update Patches 48 NOUVELLES Vulnérabilités Microsoft\\'s January 2024 Windows Update Patches 48 New Vulnerabilities (lien direct) |
Microsoft a abordé un total de & nbsp; 48 Security Flaws & nbsp; couvrant son logiciel dans le cadre de ses mises à jour du patch mardi pour janvier 2024.
Sur les 48 bogues, deux sont critiques et 46 sont évalués en fonction de la gravité.Il n'y a aucune preuve que l'un des problèmes est connu publiquement ou sous une attaque active au moment de la libération, ce qui en fait le deuxième patch consécutif mardi sans jour zéro.
Le
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The |
Vulnerability | ★★★ | |
|
2024-01-10 10:20:00 | CISA Flags 6 Vulnérabilités - Apple, Apache, Adobe, D-Link, Joomla sous attaque CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a & nbsp; ajouté & nbsp; six défauts de sécurité à son catalogue connu vulnérabilités exploitées (KEV), citant des preuves d'exploitation active.
Cela inclut & nbsp; CVE-2023-27524 & NBSP; (Score CVSS: 8.9), une vulnérabilité de haute sévérité ayant un impact sur le logiciel de visualisation de données open-source APACHE qui pourrait permettre l'exécution du code distant.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution. |
Vulnerability | ★★★ | |
|
2024-01-10 09:30:00 | Microsoft corrige 12 bogues RCE en janvier mardi Microsoft Fixes 12 RCE Bugs in January Patch Tuesday (lien direct) |
Le défaut Hyper-V critique est l'une des 12 vulnérabilités d'exécution de code distant résolues ce patch mardi
Critical Hyper-V flaw is one of 12 remote code execution vulnerabilities fixed this Patch Tuesday |
Vulnerability | ★★★ | |
|
2024-01-09 23:00:00 | Patch maintenant: le bogue Critical Windows Kerberos contourne Microsoft Security Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (lien direct) |
Une deuxième vulnérabilité de sécurité critique facile à exploiter dans le premier correctif de Microsoft \\ le mardi 2024 Mardi permet un RCE dans l'hyper-virtualisation.
A second, easy-to-exploit critical security vulnerability in Microsoft\'s first 2024 Patch Tuesday allows RCE within Hyper-Virtualization. |
Vulnerability | ★★★ | |
|
2024-01-09 16:45:00 | Flaw in AI Plugin expose 50 000 sites WordPress à l'attaque à distance Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack (lien direct) |
La vulnérabilité pourrait conduire à l'exécution du code à distance sur les systèmes affectés
The vulnerability could lead to remote code execution on affected systems |
Vulnerability | ★★ | |
|
2024-01-09 15:22:00 | Alerte: nouvelles vulnérabilités découvertes dans le gestionnaire de périphériques QNAP et Kyocera Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (lien direct) |
Une faille de sécurité a été divulguée dans Kyocera \\ 'S & nbsp; Device Manager & NBSP; produit qui pourrait être exploité par de mauvais acteurs pour mener des activités malveillantes sur les systèmes affectés.
"Cette vulnérabilité permet aux attaquants de contraindre des tentatives d'authentification à leurs propres ressources, comme une part de SMB malveillante, pour capturer ou relayer les informations d'identification active Directory si le \\ 'restreint NTLM: NTLM sortant
A security flaw has been disclosed in Kyocera\'s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the \'Restrict NTLM: Outgoing NTLM |
Vulnerability | ★★ | |
|
2024-01-09 14:32:37 | CISA avertit les agences du quatrième défaut utilisé dans les attaques de logiciels spy CISA warns agencies of fourth flaw used in Triangulation spyware attacks (lien direct) |
L'Agence américaine de sécurité de cybersécurité et d'infrastructure a ajouté à la sienne au catalogue connu des vulnérabilités exploités six vulnérabilités qui ont un impact sur les produits d'Adobe, Apache, D-Link et Joomla.[...]
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...] |
Vulnerability | ★★ | |
 |
2024-01-09 14:24:00 | Alerte Vert Threat: Janvier 2024 Patch mardi Analyse VERT Threat Alert: January 2024 Patch Tuesday Analysis (lien direct) |
Aujourd'hui, les adresses d'alerte VERT de \\ sont des mises à jour de sécurité de Janvier 2024 de Microsoft \\.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1088 dès la fin de la couverture.CVE dans la volonté et divulgués, il n'y avait pas de CVE in-wild ou divulgué inclus dans la goutte de mardi de patch de janvier.La ventilation de CVE par TAG tandis que les groupes historiques de Bulletin de sécurité Microsoft ont disparu, les vulnérabilités Microsoft sont taguées avec un identifiant.Cette liste fournit une ventilation des CVE sur une base par étiquette.Les vulnérabilités sont également codées par couleur pour aider à identifier les problèmes clés ...
Today\'s VERT Alert addresses Microsoft\'s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues... |
Vulnerability Threat | ★★ | |
|
2024-01-09 14:00:00 | Vulnérabilités trouvées dans les clés Bosch de haute puissance populaires auprès des constructeurs automobiles Vulnerabilities found in high-power Bosch wrenches popular with carmakers (lien direct) |
Plusieurs vulnérabilités ont été trouvées dans une ligne populaire de clés à couple pneumatique fabriquées par une filiale de Bosch, une société allemande d'ingénierie et de technologie.Les clés mécaniques se trouvent généralement dans les installations de fabrication qui effectuent des tâches de resserrement critiques, en particulier les lignes de production automobile, selon les chercheurs de la société de cybersécurité industrielle Nozomi Networks.Les vulnérabilités dans
Several vulnerabilities have been found in a popular line of pneumatic torque wrenches made by a subsidiary of Bosch, a German engineering and technology corporation. The mechanical wrenches are typically found in manufacturing facilities that perform safety-critical tightening tasks, especially automotive production lines, according to researchers at industrial cybersecurity firm Nozomi Networks. The vulnerabilities in |
Vulnerability Industrial | ★★ | |
|
2024-01-09 11:00:00 | Histoires du SOC: quelque chose sent Phishy Stories from the SOC: Something smells phishy (lien direct) |
Executive summary
In the current cyber landscape, adversaries commonly employ phishing as the leading technique to compromise enterprise security. The susceptibility of human behavior makes individuals the weakest link in the security chain. Consequently, there is an urgent need for robust cybersecurity measures. Phishing, which capitalizes on exploiting human behavior and vulnerabilities, remains the adversary\'s top choice. To counter this threat effectively, ongoing education and awareness initiatives are essential. Organizations must recognize and address the pivotal role of human vulnerability in cybersecurity.
During regular business hours, an alarm was generated due to a customer’s user that had interacted with a potentially malicious phishing link. This prompted a thorough investigation conducted by analysts that involved leveraging multiple Open-Source Intelligence (OSINT) tools such as VirusTotal and URLscan.io. Through a meticulous examination, analysts were able to unveil suspicious scripts within the phishing webpage’s Document Object Model (DOM) that pinpointed an attempt to exfiltrate user credentials. This detailed analysis emphasizes the importance of proactive cybersecurity measures and showcases the effectiveness of analysts leveraging OSINT tools along with their expertise to accurately assess threats within customer’s environments.
Investigation
The alarm
The Managed Detection and Response (MDR) Security Operations Center (SOC) initially received an alarm triggered by a potentially malicious URL that a user received in their inbox. Office 365\'s threat intelligence feed flagged this URL as potentially malicious. The initial steps in addressing this alarm involve two key actions.
First, it is crucial to determine the scope of impact on the customer\'s environment by assessing how many other users received the same URL. Second, a thorough validation process is essential to confirm whether the URL is indeed malicious. These initial steps lay the foundation for a comprehensive response to safeguard the security of the environment.
To determine how many users received the same URL, a comprehensive search within the customer\'s environment revealed that no other users received the same URL. As a result, only one user is affected, suggesting that this is an isolated incident and does not appear to be part of a targeted attack on the customer\'s environment. With this understanding, the focus can now shift to the second step: Validating the reputation of the URL.
By employing the OSINT tool VirusTotal and inputting the URL received by the user, we aim to assess its potential threat level. VirusTotal aggregates results from various security vendors to provide a comprehensive analysis. In the current evaluation, 13 out of 90 security vendors classify this URL as malicious. It\'s important to note that while the number of vendors flagging the URL is a key factor, a conclusive determination of malicious intent typically considers a consensus among a significant portion of these vendors. A higher number of detections by diverse security platforms strengthens the confidence in labeling the URL as malicious.
With a potentially malicious URL identified, it is imperative to delve deeper to ascertain the underlying reasons for its malicious reputation. Analysts will utilize a tool such as URLscan.io for this purpose. URLscan.io serves as a sandbox, providing a risk-free environment for visiting websites. This tool is instrumental in conducting a thorough examination to uncover the nuances contributing to the URL\'s malicious classification.
After entering our identified malicious URL into URLscan.io, |
Data Breach Tool Vulnerability Threat | ★★ | |
|
2024-01-09 10:02:04 | IP criminel et partenaire tenable pour la détection de vulnérabilité rapide Criminal IP and Tenable Partner for Swift Vulnerability Detection (lien direct) |
Le moteur de recherche Cyber Threat Intelligence (CTI) Criminal IP a établi un partenariat technique avec Tenable.En savoir plus sur Criminal IP sur la façon dont ce partenariat peut aider à la vulnérabilité en temps réel et aux analyses de malveillance.[...]
Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. [...] |
Vulnerability Threat Technical | ★★ | |
|
2024-01-09 02:59:09 | Tripwire Patch Priority Index pour décembre 2023 Tripwire Patch Priority Index for December 2023 (lien direct) |
Le décembre 2023 de Tripwire \\ Index de la priorité du patch (PPI) rassemble des vulnérabilités importantes pour Microsoft et Google.Les correctifs pour Google Chrome et Microsoft Edge (basés sur le chrome) qui résolvent l'élévation des privilèges, l'exécution du code à distance et les vulnérabilités de divulgation des informations.Veuillez noter que CVE-2023-7024 pour Chrome est sur le catalogue CISA connu exploité des vulnérabilités (KEV), ce qui signifie que cette vulnérabilité a été activement exploitée.La liste des priorités du correctif des correctifs ce mois-ci est les correctifs pour Microsoft Word et Outlook qui résolvent 2 informations ...
Tripwire\'s December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google. First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024 for Chrome is on the CISA Known Exploited Vulnerabilities (KEV) catalog, which means this vulnerability has been actively exploited. Next on the patch priority list this month are patches for Microsoft Word and Outlook that resolve 2 information... |
Vulnerability | ★★ | |
 |
2024-01-09 00:00:00 | Fortiportal - Contrôle d'accès insuffisant sur les points de terminaison de l'API FortiPortal - Insufficient Access Control over API endpoints (lien direct) |
Une contournement d'autorisation par le biais de la vulnérabilité clé contrôlée par l'utilisateur [CWE-639] affectant Fortiportal peut permettre à un utilisateur authentifié à distance avec au moins des autorisations en lecture seule pour accéder à d'autres points de terminaison organisationnels via des demandes de GET fabriquées.
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting FortiPortal may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortiportal - Création de compte en dehors des PDI initiaux FortiPortal - Account creation outside initial IdP (lien direct) |
Une vulnérabilité de gestion de privilèges inappropriée [CWE-269] à Fortiportal peut permettre à un attaquant distant et authentifié d'ajouter des utilisateurs en dehors de son PDI initial
An improper privilege management vulnerability [CWE-269] in FortiPortal may allow a remote and authenticated attacker to add users outside its initial Idp |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortivoice - Vulnérabilité de traversée de chemin dans l'interface administrative FortiVoice - Path traversal vulnerability in administrative interface (lien direct) |
Une limitation inappropriée d'un chemin d'accès à un répertoire restreint (\\ 'Path Traversal \') Vulnérabilité [CWE-22] dans Fortivoice peut permettre à un attaquant authentifié de lire des fichiers arbitraires à partir du système via l'envoi de requêtes HTTP ou HTTPS conçues ou HTTPS
An improper limitation of a pathname to a restricted directory (\'path traversal\') vulnerability [CWE-22] in FortiVoice may allow an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortipam - Manque de contrôle des taux pour protéger contre les attaques DOS FortiPAM - Lack of rate control to protect against DoS attacks (lien direct) |
Une allocation de ressources sans limites ou de la vulnérabilité étrangle [CWE-770] à Fortipam peut permettre à un attaquant authentifié d'effectuer une attaque de déni de service via l'envoi de demandes HTTP ou HTTPS artisanales à une fréquence élevée.
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM may allow an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests at a high frequency. |
Vulnerability | ||
|
2024-01-09 00:00:00 | Fortios & Fortiproxy - Autorisation inappropriée pour les demandes HA FortiOS & FortiProxy - Improper authorization for HA requests (lien direct) |
Une vulnérabilité de gestion de privilèges inappropriée [CWE-269] dans un cluster Fortios & Fortiproxy HA peut permettre à un attaquant authentifié d'effectuer des actions élevées via des demandes HTTP ou HTTPS conçues.
An improper privilege management vulnerability [CWE-269] in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. |
Vulnerability | ||
|
2024-01-08 23:00:00 | Outil de surveillance des cactus enrichi par une vulnérabilité critique d'injection SQL Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability (lien direct) |
Les attaquants peuvent exploiter le problème pour accéder à toutes les données dans la base de données CACTI;Et, il permet RCE lorsqu'il est enchaîné avec une vulnérabilité précédente.
Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability. |
Tool Vulnerability Threat | ★★★ | |
|
2024-01-08 14:31:00 | Webinaire & # 8211;Tirez parti de la sécurité zéro fiducie pour minimiser votre surface d'attaque Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface (lien direct) |
L'expansion numérique augmente inévitablement la surface d'attaque externe, ce qui vous rend sensible aux cyber-états.Les acteurs de la menace exploitent de plus en plus les vulnérabilités résultant des logiciels et des infrastructures exposés à Internet;Cela comprend ironiquement les outils de sécurité, en particulier les pare-feu et les VPN, qui donnent aux attaquants un accès direct au réseau pour exécuter leurs attaques.En fait, & nbsp; Gartner &
Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner& |
Tool Vulnerability Threat | ★★ | |
|
2024-01-08 13:23:00 | NIST avertit les risques de sécurité et de confidentialité du déploiement rapide du système d'IA NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (lien direct) |
L'Institut national américain des normes et de la technologie (NIST) attire l'attention sur le & nbsp; défis de confidentialité et de sécurité et NBSP; qui résultent de l'accroître le déploiement des systèmes d'intelligence artificielle (IA) ces dernières années.
«Ces défis de sécurité et de confidentialité comprennent le potentiel de manipulation contradictoire des données de formation, l'exploitation contradictoire des vulnérabilités du modèle
The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years. “These security and privacy challenges include the potential for adversarial manipulation of training data, adversarial exploitation of model vulnerabilities to |
Vulnerability | ★★ | |
 |
2024-01-08 13:22:44 | Données empoisonnées, manipulation malveillante: l'étude NIST révèle des vulnérabilités de l'IA Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities (lien direct) |
> Par waqas
NIST dévoile les informations sur les vulnérabilités de l'IA et les menaces potentielles.
Ceci est un article de HackRead.com Lire le post original: Données empoisonnées, manipulation malveillante: l'étude NIST révèle des vulnérabilités de l'IA
>By Waqas NIST Unveils Insights on AI Vulnerabilities and Potential Threats.w This is a post from HackRead.com Read the original post: Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities |
Vulnerability Studies | ★★ | |
|
2024-01-08 11:00:00 | Le siège de botnet: comment votre grille-pain pourrait renverser une société The Botnet siege: How your toaster could topple a corporation (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In addition to the overt signs of cyber threats we\'ve become conditioned to recognize, like ransomware emails and strange login requests, malicious actors are now utilizing another way to achieve their nefarious purposes — by using your everyday devices. These hidden dangers are known as botnets. Unbeknownst to most, our everyday devices, from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants. This insidious force operates in silence, escaping the notice of even the most vigilant users. A recent report by Nokia shows that criminals are now using these devices more to orchestrate their attacks. In fact, cyber attacks targeting IoT devices are expected to double by 2025, further muddying the already murky waters. Let us go to the battlements of this siege, and we’ll tackle the topic in more depth. What is a botnet? Derived from the words “robot” and "network.", a botnet refers to a group of devices that have been infected with malicious software. Once infected, these devices are controlled remotely by a central server and are often used to carry out malicious activities such as cyber attacks, espionage, financial fraud, spam email campaigns, stealing sensitive information, or simply the further propagation of malware. How does a botnet attack work? A botnet attack begins with the infection of individual devices. Cybercriminals use various tactics to compromise these devices, such as sending malicious emails, exploiting software vulnerabilities, or tricking users into downloading malware. Everyday tech is notoriously prone to intrusion. The initial stages of building a botnet are often achieved with deceptively simple yet elegant tactics. Recently, a major US energy company fell prey to one such attack, owing to hundreds of phishing emails. By using QR code generators, the attacks combined two seemingly benign elements into a campaign that hit manufacturing, insurance, technology, and financial services companies, apart from the aforementioned energy companies. This new attack vector is now being referred to as Quishing — and unfortunately, it’s only going to become more prevalent. Once a device has been compromised, it becomes part of the botnet. The cybercriminal gains control over these infected devices, which are then ready to follow the attacker\'s commands. The attacker is then able to operate the botnet from a central command-and-control server to launch various types of attacks. Common ones include: Distributed denial-of-service (DDoS). The botnet floods a target website or server with overwhelming traffic, causing it to become inaccessible to legitimate users. Spam emails. Bots can be used to send out massive volumes of spam emails, often containing phishing scams or malware. Data theft. Botnets can steal sensitive information, such as login credentials or personal data, from the infected devices. Propagation. S | Ransomware Spam Malware Vulnerability Threat | ★★ | |
 |
2024-01-08 09:39:09 | Sécuriser JavaScript: meilleures pratiques et vulnérabilités communes Securing JavaScript: Best Practices and Common Vulnerabilities (lien direct) |
JavaScript est le langage de programmation le plus utilisé, selon la plus récente enquête sur les développeurs Stackoverflow.Bien que JavaScript offre une grande flexibilité et une grande facilité d'utilisation, il présente également des risques de sécurité qui peuvent être exploités par les attaquants.Dans ce blog, nous explorerons les vulnérabilités en JavaScript, les meilleures pratiques pour sécuriser votre code et les outils pour empêcher les attaques.
Comprendre les vulnérabilités JavaScript
Cet article explore les vulnérabilités communes liées à la sécurité JavaScript et fournit les meilleures pratiques pour sécuriser votre code.
Si vous manquez de temps, vous pouvez commencer par utiliser Veracode Dast Essentials, un scanner de sécurité JavaScript, pour identifier les vulnérabilités potentielles.L'exécution de cet outil générera rapidement des rapports, mettra en évidence vos vulnérabilités spécifiques et fournira des instructions claires sur la façon de les résoudre.
Vulnérabilités de code source javascript
Les développeurs JavaScript s'appuient généralement sur l'intégration de nombreux packages et bibliothèques publiques ou open source contenant…
JavaScript is the most commonly-used programing language, according to the most recent StackOverflow developer survey. While JavaScript offers great flexibility and ease of use, it also introduces security risks that can be exploited by attackers. In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks. Understanding JavaScript Vulnerabilities This article explores the common vulnerabilities related to JavaScript security and provides best practices to secure your code. If you\'re short on time, you can begin by using Veracode DAST Essentials, a JavaScript security scanner, to identify potential vulnerabilities. Running this tool will quickly generate reports, highlight your specific vulnerabilities, and provide clear instructions on how to remediate them. JavaScript Source Code Vulnerabilities JavaScript developers typically rely on integrating numerous public or open-source packages and libraries containing… |
Tool Vulnerability | ★★ |
To see everything:
Our RSS (filtrered)
