This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T12:10:44+00:00 www.secnews.physaphae.fr Recorded Future - FLux Recorded Future AT & amp; n'a récemment corrigé une vulnérabilité qui aurait permis à quiconque de reprendre le compte de quelqu'un sur ATT.com simplement en connaissant son numéro de téléphone et son code postal.Le chercheur en cybersécurité, Joseph Harris, a découvert le bug plus tôt cette année, trouvant un moyen d'exploiter une fonction de fusion de compte pour des moyens malveillants.Le problème lui a permis de fusionner efficacement

---

AT&T recently fixed a vulnerability that would have allowed anyone to take over someone\'s account on ATT.com just by knowing their phone number and ZIP code. Cybersecurity researcher Joseph Harris discovered the bug earlier this year, finding a way to exploit an account merging feature for malicious means. The issue allowed him to effectively merge]]> 2023-05-23T14:39:00+00:00 https://therecord.media/att-resolves-issue-allowing-account-takeover www.secnews.physaphae.fr/article.php?IdArticle=8338752 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) et le FBI ont déclaré qu'un groupe de ransomware relativement nouveau a exploité un problème avec un logiciel d'impression populaire pour attaquer les écoles aux États-Unis dans un [avis jeudi] (https: // www.Cisa.gov / News-Events / Cybersecurity-Advisories / AA23-131A), CISA a déclaré que depuis la mi-avril, le BL00dy Ransomware Gang exploite CVE-2023-27350 & # 8211;une vulnérabilité

---

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI said a relatively new ransomware group has been exploiting an issue with a popular printing software to attack schools across the U.S. In an [advisory on Thursday](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a), CISA said that since the middle of April the Bl00dy Ransomware Gang has been exploiting CVE-2023-27350 – a vulnerability]]> 2023-05-12T19:30:00+00:00 https://therecord.media/cisa-warns-of-bl00dy-ransomware-gang-using-papercut-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8336171 False Ransomware,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Microsoft a publié mardi une nouvelle solution pour une vulnérabilité qui a été initialement corrigée en mars, mais a ensuite été découverte par les chercheurs en sécurité.Les responsables ukrainiens de la cybersécurité de CERT-UA ont signalé une vulnérabilité à l'équipe de réponse aux incidents de Microsoft plus tôt cette année après que les pirates de Russie ont utilisé une vulnérabilité dans le service de messagerie Outlook de Microsoft \\.«Microsoft

---

Microsoft on Tuesday released a new fix for a vulnerability that was initially patched in March but was later discovered by security researchers to be flawed. Ukrainian cybersecurity officials at CERT-UA reported a vulnerability to the Microsoft incident response team earlier this year after Russia-based hackers used a vulnerability in Microsoft\'s Outlook email service. “Microsoft]]> 2023-05-10T20:55:00+00:00 https://therecord.media/microsoft-releases-fix-for-patched-outlook-bug-russian-hackers www.secnews.physaphae.fr/article.php?IdArticle=8335439 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates basés en Iran exploitent une vulnérabilité récemment découverte affectant un logiciel de gestion d'impression populaire, selon de nouvelles recherches.Vendredi, Microsoft a déclaré que deux acteurs de l'État-nation qu'ils appellent la menthe de Sandstorm et Mango Sandstorm attaquaient des sociétés exécutant des versions non corrigées de Papercut Software, qui est largement utilisé par les agences gouvernementales, les universités et les grandes entreprises autour

---

Hackers based in Iran are exploiting a recently-discovered vulnerability affecting a popular printing management software, according to new research. On Friday, Microsoft said two nation-state actors they call Mint Sandstorm and Mango Sandstorm have been attacking companies running unpatched versions of PaperCut software, which is used widely by government agencies, universities, and large companies around]]> 2023-05-08T20:24:00+00:00 https://therecord.media/iranian-state-sponsored-hackers-exploiting-printer-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8334413 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Des dizaines d'organisations sont toujours exposées à des cyberattaques grâce à une vulnérabilité largement abusée dans Goanywhere MFT - un outil Web qui aide les organisations à transférer des fichiers - selon de nouvelles recherches.Depuis février, le groupe Ransomware Clop a exploité des dizaines de plus grandes entreprises et gouvernements du monde \\ à travers une vulnérabilité zéro-jour que Goanywhere a suivi comme CVE-2023-0669.Les gouvernements

---

Dozens of organizations are still exposed to cyberattacks through a widely-abused vulnerability in GoAnywhere MFT - a web-based tool that helps organizations transfer files - according to new research. Since February, the Clop ransomware group has exploited dozens of the world\'s largest companies and governments through a zero-day vulnerability GoAnywhere tracked as CVE-2023-0669. The governments]]> 2023-05-05T15:53:00+00:00 https://therecord.media/organizations-slow-to-patch-goanywhere-vulnerability-after-clop-attacks www.secnews.physaphae.fr/article.php?IdArticle=8333810 False Ransomware,Tool,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Plusieurs agences américaines ont averti cette semaine d'une vulnérabilité affectant les logiciels dans les appareils utilisés pour la recherche sur l'ADN qui permettrait aux pirates d'accéder aux informations sensibles des patients.La Food and Drug Administration (FDA) et la société derrière les appareils - Illumina - ont déclaré qu'elles n'avaient reçu aucun rapport indiquant que la vulnérabilité avait été exploitée.Illumina

---

Several U.S. agencies warned this week about a vulnerability affecting software in devices used for DNA research that would allow hackers access to sensitive patient information. The Food and Drug Administration (FDA) and the company behind the devices - Illumina - said they have not received any reports indicating the vulnerability has been exploited. Illumina]]> 2023-04-28T20:37:00+00:00 https://therecord.media/illumina-dna-sequencing-devices-vulnerability-fda-cisa www.secnews.physaphae.fr/article.php?IdArticle=8332005 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à l'opération de ransomware de CloP exploitent deux vulnérabilités récemment divulguées dans le logiciel de gestion de l'impression Papercut pour voler les données de l'entreprise des victimes.Dans une série de tweets publiés mercredi, Microsoft a déclaré qu'ils attribuaient les attaques à un acteur de menace qu'ils suivent en dentelle Tempest - un groupe dont les activités se chevauchent avec FIN11 et TA505.

---

Hackers linked to the Clop ransomware operation are exploiting two recently-disclosed vulnerabilities in print management software PaperCut to steal corporate data from victims. In a series of tweets posted Wednesday, Microsoft said they attributed the attacks to a threat actor they track as Lace Tempest - a group whose activities overlap with FIN11 and TA505.]]> 2023-04-27T15:49:00+00:00 https://therecord.media/hackers-use-papercut-vulnerabilities-to-deploy-clop-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8331599 False Ransomware,Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont peut-être compromis les réseaux de milliers d'entreprises en raison d'une attaque de chaîne d'approvisionnement contre la société de téléphone en entreprise 3CX, ce qui a confirmé jeudi que son application de bureau avait été regroupée de logiciels malveillants.3CX fournit des systèmes de téléphonie de bureau à plus de 12 millions d'utilisateurs quotidiens dans plus de 600 000 entreprises, comme il le prétend sur son site Web,

---

Hackers may have compromised the networks of thousands of businesses due to a supply-chain attack on the enterprise phone company 3CX, which confirmed on Thursday its desktop app had been bundled with malware. 3CX provides office phone systems to more than 12 million daily users at over 600,000 companies, as it claims on its website,]]> 2023-03-30T11:55:00+00:00 https://therecord.media/3cx-supply-chain-malware-attack www.secnews.physaphae.fr/article.php?IdArticle=8323420 False Vulnerability,Threat,Studies None 3.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs qui ont récemment découvert [une nouvelle vulnérabilité de Windows] (https://therecord.media/acropalypse-image-cropping-vulnerabilité-microsoft-indows) qui pourraient permettre de restaurer des tristes recadrés..La semaine dernière, les chercheurs en cybersécurité Simon Aarons et David Buchanan ont rendu compteLa vulnérabilité [\\ 'acropalypse \'] (https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) dans Pixel \\ 's inbuiltoutil d'édition de capture d'écran, marquage, qui a permis à quiconque de récupérer partiellement les données d'image non éditées d'origine

---

The researchers who recently discovered [a novel Windows vulnerability](https://therecord.media/acropalypse-image-cropping-vulnerability-microsoft-windows) that could allow cropped screenshots to be restored say the bug has been fixed. Last week, cybersecurity researchers Simon Aarons and David Buchanan reported on the [\'aCropalypse\' vulnerability](https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) in Pixel\'s inbuilt screenshot editing tool, Markup, that allowed anyone to partially recover the original unedited image data]]> 2023-03-28T19:53:00+00:00 https://therecord.media/microsoft-patch-acropalypse-bug-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8322622 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future À l'intérieur de la [Cyber Stratégie nationale] (https://www.whitehouse.gov/wp-content/uploads/2023/03/national-cybersecurity-strategy-2023.pdf) publié le mois dernier par l'administration BidenUn appel à une «divulgation de vulnérabilité coordonnée» dans «tous les types de technologies et secteurs» pour aider à collecter et partager des informations sur les défauts des logiciels, du matériel et des systèmes à l'échelle nationale.L'appel a marqué la dernière étape de l'évolution d'une pratique qui a acquis une acceptation précoce

---

Inside the [national cyber strategy](https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf) released last month by the Biden administration was a call for “coordinated vulnerability disclosure” across “all technology types and sectors” to help collect and share information about flaws in software, hardware and systems nationwide. The appeal marked the latest step in the evolution of a practice that gained early acceptance]]> 2023-03-24T11:00:00+00:00 https://therecord.media/defense-department-vulnerability-disclosure-ethical-hackers www.secnews.physaphae.fr/article.php?IdArticle=8321197 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future La ville de Toronto et le conglomérat multinational britannique Virgin ont confirmé que les pirates avaient pu accéder aux données grâce à une vulnérabilité dans un service de transfert de fichiers populaire qui a affecté des dizaines d'organisations ces dernières semaines.Des responsables de Toronto ont déclaré jeudi au dossier qu'ils enquêtaient sur des fichiers accessibles par des cybercriminels qui ont piraté

---

The City of Toronto and British multinational conglomerate Virgin confirmed that hackers were able to access data through a vulnerability in a popular file transfer service that has affected dozens of organizations in recent weeks. Toronto officials told The Record on Thursday that they are investigating files that were accessed by cybercriminals who hacked into]]> 2023-03-23T19:10:00+00:00 https://therecord.media/toronto-virgin-clop-hack-goanywhere www.secnews.physaphae.fr/article.php?IdArticle=8321038 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Microsoft examine les rapports sur la question de savoir si une vulnérabilité permettant à quelqu'un de récupérer les parties recadrées ou expurgées de la capture d'écran de Google Pixel affecte également les outils de Windows.Vendredi, les chercheurs en cybersécurité Simon Aarons et David Buchanan [ont rendu compte sur une vulnérabilité] (https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) dans l'outil d'évacuation d'écran Inbuilt de Pixel \\ de Pixel \\., Marquage, qui a permis à quiconque de récupérer partiellement l'original

---

Microsoft is examining reports of whether a vulnerability allowing someone to recover the cropped or redacted parts of Google Pixel screenshots also affects tools within Windows. On Friday, cybersecurity researchers Simon Aarons and David Buchanan [reported on a vulnerability](https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) in the Pixel\'s inbuilt screenshot editing tool, Markup, that allowed anyone to partially recover the original]]> 2023-03-22T20:10:00+00:00 https://therecord.media/acropalypse-image-cropping-vulnerability-microsoft-windows www.secnews.physaphae.fr/article.php?IdArticle=8320707 False Vulnerability,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Important Samsung-made chips inside several popular Android devices have serious vulnerabilities that could allow attackers to “silently and remotely” compromise them, researchers said Thursday. Google's Project Zero team said Thursday that the Exynos modems used in multiple series of Samsung, Pixel and Vivo phones could be attacked “with no user interaction,” with methods that “require]]> 2023-03-17T04:00:00+00:00 https://therecord.media/samsung-exynos-chips-cited-for-hackable-flaws www.secnews.physaphae.fr/article.php?IdArticle=8319418 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Financially motivated hackers are using a previously undocumented bug in Microsoft's SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google's Threat Analysis Group (TAG) said. The Google team [reported](https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/) its findings about the bug]]> 2023-03-15T12:17:00+00:00 https://therecord.media/ransomware-zero-day-microsoft-google www.secnews.physaphae.fr/article.php?IdArticle=8318790 False Ransomware,Vulnerability,Threat,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A]]> 2023-03-14T20:36:00+00:00 https://therecord.media/rubrik-hackers-zero-day-fortra www.secnews.physaphae.fr/article.php?IdArticle=8318625 False Ransomware,Vulnerability,Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks. [The Ransomware Vulnerability Warning Pilot](https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot) launched Jan. 30 and was mandated under the sweeping cyber incident reporting [legislation](https://therecord.media/biden-signs-cyber-incident-reporting-bill-into-law) President Joe Biden signed into law]]> 2023-03-14T15:34:00+00:00 https://therecord.media/cisa-ransomware-warning-pilot www.secnews.physaphae.fr/article.php?IdArticle=8318475 False Ransomware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Online travel agency giant Booking.com said Friday that it was not compromised through a vulnerability on the platform that was recently discovered by researchers.  Several publications on Thursday reported that researchers from Salt Security said they found several critical security flaws on Booking.com and its sister company Kayak. The flaws involved the tool that allows […]]> 2023-03-03T19:09:13+00:00 https://therecord.media/online-travel-giant-says-it-was-not-compromised-through-recently-discovered-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8315380 False Tool,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future A vulnerability in the IBM Aspera Faspex file transfer tool is actively being exploited by malicious hackers, CISA says]]> 2023-02-23T21:30:23+00:00 https://therecord.media/ibm-aspera-faspex-bug-cisa-known-vulnerability-list/ www.secnews.physaphae.fr/article.php?IdArticle=8312994 False Tool,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Belgium becomes the fourth European country to officially give researchers a way to legally report bugs to organizations and the government]]> 2023-02-17T19:03:15+00:00 https://therecord.media/belgium-institutes-nationwide-vulnerability-disclosure-policy/ www.secnews.physaphae.fr/article.php?IdArticle=8311317 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Fortra says it is working with customers and CISA to address cyberattacks using a vulnerability in its GoAnywhere managed file-transfer tool.]]> 2023-02-16T17:31:28+00:00 https://therecord.media/fortra-goanywhere-clop-attacks-response/ www.secnews.physaphae.fr/article.php?IdArticle=8310915 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Toyota said it remediated the vulnerability discovered by researcher Eaton Zveare. The company referred others to its bug disclosure platform.]]> 2023-02-08T19:41:06+00:00 https://therecord.media/toyota-says-no-evidence-malicious-access-eaton-zveare/ www.secnews.physaphae.fr/article.php?IdArticle=8308355 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack]]> 2023-02-02T15:54:42+00:00 https://therecord.media/qnap-new-vulnerability-hardware/ www.secnews.physaphae.fr/article.php?IdArticle=8306613 False Ransomware,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Researchers from Akamai have released a proof-of-concept for a vulnerability affecting a Microsoft tool that allows the Windows' application programming interface to deal with cryptography.  The vulnerability, CVE-2022-34689, was discovered by the United Kingdom’s National Cyber Security Centre and the National Security Agency. It affects a tool called CryptoAPI and allows an attacker to masquerade […]]> 2023-01-25T21:43:55+00:00 https://therecord.media/exploit-released-for-microsoft-bug-allowing-attacker-to-masquerade-as-legitimate-entity/ www.secnews.physaphae.fr/article.php?IdArticle=8304055 False Tool,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Suspected Chinese hackers have been targeting a European government entity and African managed service provider with new custom malware. According to a report released by Mandiant on Thursday, hackers exploited a recently patched vulnerability - CVE-2022-42475 - in FortiOS, an operating system developed by U.S. cybersecurity company Fortinet, as a zero-day. The exploitation occurred as […]]> 2023-01-21T13:37:00+00:00 https://therecord.media/suspected-chinese-hackers-exploit-vulnerability-in-fortinet-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8303093 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Researchers at cybersecurity firm Rapid7 have observed exploitation of a vulnerability affecting two dozen ManageEngine products from software company Zoho. The bug – CVE-2022-47966 – was patched in waves starting on October 27, with the last product receiving a patch on November 7. Discovered by a researcher from Viettel Cyber Security, the vulnerability allows an […]]> 2023-01-19T21:11:22+00:00 https://therecord.media/hackers-exploiting-vulnerability-affecting-zoho-manageengine-products-rapid7/ www.secnews.physaphae.fr/article.php?IdArticle=8302673 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Fortinet published an advisory this week warning that a critical vulnerability is being exploited by an “advanced actor” to target government networks. Fortinet published an advisory about the bug – CVE-2022-42475 – and it quickly garnered widespread attention due to its 9.8 CVSS score, ease of use and the large number of FortiOS versions affected.  […]]> 2023-01-13T19:30:34+00:00 https://therecord.media/fortinet-warns-of-hackers-targeting-governments-through-vpn-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8300953 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The Cybersecurity and Infrastructure Security Agency added a recently revealed bug to its known exploited vulnerability list this week after Microsoft confirmed it was being used in attacks.  CISA ordered all federal civilian agencies to patch CVE-2023-21674 by January 31. The bug –  first unveiled in Microsoft's initial Patch Tuesday release of 2023 – affects […]]> 2023-01-12T21:19:14+00:00 https://therecord.media/cisa-adds-recently-announced-microsoft-zero-day-to-exploited-vulnerability-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8300659 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Twitter on Wednesday addressed long-simmering rumors that hackers stole the information of more than 200 million users, claiming that there is “no evidence” the information being sold on the dark web came from the exploitation of a vulnerability in the company's systems.  The social media giant - which was purchased by Tesla CEO Elon Musk […]]> 2023-01-11T22:11:24+00:00 https://therecord.media/twitter-says-leaked-data-on-200-million-users-was-likely-publicly-available-info/ www.secnews.physaphae.fr/article.php?IdArticle=8300299 False Vulnerability None 2.0000000000000000