This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T07:50:10+00:00 www.secnews.physaphae.fr Recorded Future - FLux Recorded Future The six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the NSO Group repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities.]]> 2025-05-07T00:19:51+00:00 https://therecord.media/jury-orders-nso-to-pay-meta-168-million-over-whatsapp-hack www.secnews.physaphae.fr/article.php?IdArticle=8672508 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Google\'s Threat Intelligence team published its annual zero-day report on Tuesday, finding that 75 vulnerabilities were exploited in the wild in 2024, down from 98 in the prior year.]]> 2025-04-30T01:04:55+00:00 https://therecord.media/google-zero-day-report-2024 www.secnews.physaphae.fr/article.php?IdArticle=8669697 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future A vulnerability within the online application platform for insurance policies likely resulted in the breach of customer details.]]> 2025-04-14T20:42:57+00:00 https://therecord.media/lemonade-insrance-breach-numbers-license www.secnews.physaphae.fr/article.php?IdArticle=8662823 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.]]> 2025-04-08T20:37:39+00:00 https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate www.secnews.physaphae.fr/article.php?IdArticle=8661014 False Ransomware,Malware,Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future The makers of the popular file transfer tool CrushFTP say a responsibly disclosed vulnerability in the software has been weaponized. CISA and cyber researchers are sounding alarm bells.]]> 2025-04-08T18:03:56+00:00 https://therecord.media/crushftp-vulnerability-exploited www.secnews.physaphae.fr/article.php?IdArticle=8660995 False Ransomware,Tool,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Researchers said a vulnerability in software from security firm ESET was used to spread malware. The company has acknowledged the bug and patched it.]]> 2025-04-07T15:33:17+00:00 https://therecord.media/eset-software-vulnerability-malware-toddycat-apt www.secnews.physaphae.fr/article.php?IdArticle=8660769 False Malware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Researchers attributed exploitation of the vulnerability to a suspected China-based cyberespionage group tracked as UNC5221.]]> 2025-04-04T21:22:49+00:00 https://therecord.media/cisa-ivanti-firewall-bug-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8660323 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future A recent alert from CISA builds on previous research about a vulnerability in Ivanti products that China-linked hackers have used to insert malware into networks.]]> 2025-04-02T17:58:04+00:00 https://therecord.media/cisa-alert-ivanti-bug-resurge-malware www.secnews.physaphae.fr/article.php?IdArticle=8659889 False Malware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Developers of Mozilla\'s Firefox say that reports on a Google Chrome zero-day vulnerability led them to find a similar bug for the Windows version of their browser.]]> 2025-03-28T13:02:40+00:00 https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8658860 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future “We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we\'ve encountered,” researchers from Kaspersky said in their analysis published Tuesday.]]> 2025-03-27T13:51:57+00:00 https://therecord.media/russian-media-academia-targeted-in-espionage-campaign www.secnews.physaphae.fr/article.php?IdArticle=8658578 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Two vulnerabilities impacting Fortinet products are being exploited by a new ransomware operation with ties to the LockBit ransomware group.]]> 2025-03-17T14:09:18+00:00 https://therecord.media/mora001-ransomware-gang-exploiting-vulnerability-lockbit www.secnews.physaphae.fr/article.php?IdArticle=8656250 False Ransomware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Researchers at Cato Networks said that during a recent investigation into router vulnerabilities, they discovered a new botnet - which they named Ballista - infecting TP-Link Archer devices.]]> 2025-03-11T19:33:40+00:00 https://therecord.media/ballista-botnet-tp-link-archer-routers www.secnews.physaphae.fr/article.php?IdArticle=8655105 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future A vulnerability initially exploited mostly in cyberattacks against Japanese organizations is now a potential problem worldwide, researchers said Friday.]]> 2025-03-07T21:22:37+00:00 https://therecord.media/bug-affecting-php-scripts-global-issue www.secnews.physaphae.fr/article.php?IdArticle=8654639 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Three product lines from technology giant VMware - ESXI, Workstation and Fusion - have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers.]]> 2025-03-04T21:22:02+00:00 https://therecord.media/vmware-exploited-vulnerabilities-esxi-workstation-fusion www.secnews.physaphae.fr/article.php?IdArticle=8653572 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The Trump administration should "cease all DOGE activities that create serious cybersecurity vulnerabilities, expose government networks to cyberattacks, and risk disclosures of sensitive and personal information,” Democrats from the House Oversight Committee said in a letter to the White House.]]> 2025-02-25T18:04:53+00:00 https://therecord.media/doge-cybersecurity-house-democrats-letter-trump www.secnews.physaphae.fr/article.php?IdArticle=8650951 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The Home Office is the latest British government department to encourage ethical hackers to report vulnerabilities in its systems. Experts are warning that participants could be open to criminal prosecution, though.]]> 2025-02-25T13:03:20+00:00 https://therecord.media/uk-home-office-vulnerability-disclosure-ethical-hackers www.secnews.physaphae.fr/article.php?IdArticle=8650853 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future A ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).]]> 2025-02-19T21:09:30+00:00 https://therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert www.secnews.physaphae.fr/article.php?IdArticle=8649053 False Ransomware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future “The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read of Google Threat Intelligence Group.]]> 2025-02-12T22:06:18+00:00 https://therecord.media/cybercrime-evolving-nation-state-threat www.secnews.physaphae.fr/article.php?IdArticle=8648284 False Malware,Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Federal civilian agencies have been ordered to patch a vulnerability impacting Trimble Cityworks - a popular tool used by many governments to manage public infrastructure.]]> 2025-02-07T22:17:56+00:00 https://therecord.media/hackers-exploiting-trimble-cityworks-bug-used-by-local-govs www.secnews.physaphae.fr/article.php?IdArticle=8647508 False Tool,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The Contec CMS8000, a patient monitor made by a company based in China, has vulnerabilities in its firmware that directly expose it to unauthorized access.]]> 2025-01-31T17:23:37+00:00 https://therecord.media/contec-cms8000-firmware-backdoor-fda-cisa-warning www.secnews.physaphae.fr/article.php?IdArticle=8645353 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future The Cybersecurity and Infrastructure Security Agency warned that a bug affecting SonicWall\'s Secure Mobile Access products is being actively exploited.]]> 2025-01-24T21:36:27+00:00 https://therecord.media/sonicwall-devices-exposed-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8642242 False Vulnerability,Threat,Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future After a warning that a Russian spy ship was mapping British undersea infrastructure, a parliamentary inquiry is planned to examine its vulnerabilities.]]> 2025-01-24T13:01:22+00:00 https://therecord.media/britain-undersea-cables-russian-spy-ship www.secnews.physaphae.fr/article.php?IdArticle=8642061 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The federal government and multiple cybersecurity firms warned of a zero-day vulnerability in FortiGate firewalls that hackers are actively exploiting.]]> 2025-01-17T01:12:06+00:00 https://therecord.media/cisa-warns-fortinet-bugs-microsoft-patch-tuesday www.secnews.physaphae.fr/article.php?IdArticle=8638530 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future The European Commission has a new “action plan” to reduce the health sector\'s vulnerability to cyberattacks. For funding, it only offers healthcare entities guidance on opportunities available elsewhere.]]> 2025-01-15T17:52:17+00:00 https://therecord.media/ransomware-hospitals-european-commission-plan www.secnews.physaphae.fr/article.php?IdArticle=8637836 False Ransomware,Vulnerability,Medical None 2.0000000000000000 Recorded Future - FLux Recorded Future A recently discovered bug in Ivanti\'s Connect Secure VPN appears to be a target for malware previously only deployed by China-based hackers, say researchers for Google\'s Mandiant team.]]> 2025-01-09T20:34:07+00:00 https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant www.secnews.physaphae.fr/article.php?IdArticle=8635394 False Malware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The company released an advisory and a corresponding blog about two bugs - CVE-2025-0282 and CVE-2025-0283 - and warned that some customers have already seen CVE-2025-0282 exploited in their environments.]]> 2025-01-08T20:30:24+00:00 https://therecord.media/ivanti-warns-of-hackers-exploiting-new-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8635046 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future The iSeq 100 genetic sequencer has vulnerabilities that could allow attackers to tamper with its operations or install a firmware implant, researchers from cybersecurity firm Eclypsium say.]]> 2025-01-07T19:47:32+00:00 https://therecord.media/dna-sequencer-vulnerabilities-iseq100-eclypsium www.secnews.physaphae.fr/article.php?IdArticle=8634618 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future An account with the name @NSA_Employee39 claimed to have dropped a zero-day vulnerability for the popular file archive software 7-Zip. Nobody could get it to work.]]> 2024-12-30T16:35:58+00:00 https://therecord.media/fake-zero-day-7Zip www.secnews.physaphae.fr/article.php?IdArticle=8631709 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future The Panasonic-owned company said it has no reason to believe recent claims from a cybercrime gang are connected to last month\'s ransomware attack, which caused disruptions at Starbucks, BIC and several major supermarket brands.]]> 2024-12-27T13:29:25+00:00 https://therecord.media/blue-yonder-ransomware-attack-not-connected-to-cleo-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8630598 False Ransomware,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future The agency urged federal civilian agencies to patch a vulnerability that impacts a widely used file-sharing product from the software company Cleo.]]> 2024-12-13T21:54:23+00:00 https://therecord.media/cisa-ransomware-cleo-cyberpanel-bugs www.secnews.physaphae.fr/article.php?IdArticle=8624765 False Ransomware,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future The vulnerability - CVE-2024-50623 - was recently patched by software developer Cleo and affects the company\'s LexiCom, VLTransfer and Harmony products. However, researchers at cybersecurity firm Huntress say the patch “does not mitigate the software flaw."]]> 2024-12-10T21:40:52+00:00 https://therecord.media/multiple-cleo-file-transfer-products-exploited-by-hackers www.secnews.physaphae.fr/article.php?IdArticle=8623077 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Security researchers continued to warn users of certain Palo Alto Networks firewalls to patch the products and protect them from internet exposure after two vulnerabilities began attracting attention from malicious hackers.]]> 2024-11-22T20:17:01+00:00 https://therecord.media/palo-alto-networks-firewall-vulnerabilities-exploited-patched www.secnews.physaphae.fr/article.php?IdArticle=8616230 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Nearly 100 drinking water systems across the U.S. have "high-risk" cybersecurity deficiencies, an Inspector General assessment found.]]> 2024-11-18T23:14:50+00:00 https://therecord.media/us-water-systems-exposed-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8613760 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future The National Institute of Standards and Technology has faced criticism since it became clear that thousands of critical vulnerabilities were not being analyzed or enriched.]]> 2024-11-13T22:12:19+00:00 https://therecord.media/nist-vulnerability-backlog-cleared-cisa www.secnews.physaphae.fr/article.php?IdArticle=8610661 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future In a co-authored advisory, the agencies list the top 15 most routinely exploited vulnerabilities of 2023, with CVE-2023-3519 - an issue affecting Citrix\'s networking product NetScalers - being the most widely used.]]> 2024-11-12T16:07:46+00:00 https://therecord.media/surge-zero-day-exploits-five-eyes-report www.secnews.physaphae.fr/article.php?IdArticle=8609883 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future In a blog post on Friday, Google said it believes the bug is the first public example of an AI tool finding a previously unknown exploitable memory-safety issue in widely used real-world software.]]> 2024-11-04T01:36:00+00:00 https://therecord.media/google-llm-sqlite-vulnerability-artificial-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8605726 False Tool,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future CISA added CVE-2024-40711 to its Known Exploited Vulnerabilities database and specified that the bug in Veeam software products is being used to facilitate ransomware attacks.]]> 2024-10-18T14:16:47+00:00 https://therecord.media/veam-vulnerability-exploited-ransomware-cisa-kev www.secnews.physaphae.fr/article.php?IdArticle=8599765 False Ransomware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.]]> 2024-10-02T21:07:50+00:00 https://therecord.media/ddos-attacks-cups-linux-print-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8590709 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Zimbra has issued a patch for a critical vulnerability tracked as CVE-2024-45519, but experts are warning the bug has been exploited by malicious hackers.]]> 2024-10-02T18:07:15+00:00 https://therecord.media/zimbra-email-vulnerability-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8590639 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Thousands of vulnerabilities were identified and remediated through a government clearinghouse in 2023, according to a new report from the nation\'s top cybersecurity agency.]]> 2024-10-02T00:15:19+00:00 https://therecord.media/cisa-thousands-of-bugs-remediated-vulnerability-disclosure-program www.secnews.physaphae.fr/article.php?IdArticle=8590011 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-09-11T17:53:46+00:00 https://therecord.media/hackers-four-microsoft-vulnerabilities-cisa www.secnews.physaphae.fr/article.php?IdArticle=8574732 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-08-30T19:36:48+00:00 https://therecord.media/suspected-north-korean-hackers-crypto-chromium-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8567065 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-08-27T17:32:01+00:00 https://therecord.media/versa-zero-day-volt-typhoon-china www.secnews.physaphae.fr/article.php?IdArticle=8564847 False Vulnerability,Threat Guam 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-08-19T12:51:26+00:00 https://therecord.media/microsoft-macos-apps-vulnerabilities-cisco www.secnews.physaphae.fr/article.php?IdArticle=8560275 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-08-06T17:18:46+00:00 https://therecord.media/android-zero-day-google-fix-august-patch www.secnews.physaphae.fr/article.php?IdArticle=8552893 False Vulnerability,Threat,Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-07-30T16:14:15+00:00 https://therecord.media/critical-servicenow-vulnerabilities-hackers-cisa www.secnews.physaphae.fr/article.php?IdArticle=8547359 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-07-22T18:13:14+00:00 https://therecord.media/telegram-zero-day-android-app-eset www.secnews.physaphae.fr/article.php?IdArticle=8542204 False Vulnerability,Threat,Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-07-01T21:10:14+00:00 https://therecord.media/cisco-velvet-ant-hackers-china www.secnews.physaphae.fr/article.php?IdArticle=8529343 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-31T21:00:00+00:00 https://therecord.media/thousands-of-devices-vulnerable-checkpoint www.secnews.physaphae.fr/article.php?IdArticle=8510813 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-29T22:25:59+00:00 https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024 www.secnews.physaphae.fr/article.php?IdArticle=8509609 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-24T17:54:36+00:00 https://therecord.media/nist-database-backlog-growing-vulncheck www.secnews.physaphae.fr/article.php?IdArticle=8506241 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-20T20:56:05+00:00 https://therecord.media/epa-enforcement-vulnerabilities-critical-water-sector www.secnews.physaphae.fr/article.php?IdArticle=8503623 False Vulnerability,Legislation None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-01T17:41:32+00:00 https://therecord.media/senate-legislation-update-nvd-cve-program-artificial-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8491944 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-25T21:21:01+00:00 https://therecord.media/vulnerabilities-resolved-through-cisa-pilot www.secnews.physaphae.fr/article.php?IdArticle=8488734 False Ransomware,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-24T19:01:27+00:00 https://therecord.media/cisco-asa-crushftp-vulnerabilities-exploited-cisa www.secnews.physaphae.fr/article.php?IdArticle=8488169 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-19T19:17:22+00:00 https://therecord.media/mitre-breached-ivanti-zero-days www.secnews.physaphae.fr/article.php?IdArticle=8485450 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-18T15:11:02+00:00 https://therecord.media/enisa-will-not-create-vulnerability-database-cyber-resilience-act www.secnews.physaphae.fr/article.php?IdArticle=8484811 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-15T16:43:18+00:00 https://therecord.media/palo-alto-networks-fixes-vpn-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8482845 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-12T14:36:02+00:00 https://therecord.media/vpn-zero-day-palo-alto-networks www.secnews.physaphae.fr/article.php?IdArticle=8480784 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-11T21:11:57+00:00 https://therecord.media/dlink-devices-exploited-vulnerabilities-cisa www.secnews.physaphae.fr/article.php?IdArticle=8480275 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Quatre nouvelles vulnérabilités affectant des milliers de téléviseurs LG ont été trouvées par des chercheurs qui ont déclaré que les problèmes pourraient permettre aux pirates de s'ajouter en tant qu'utilisateurs et de prendre d'autres mesures. & NBSP;Des chercheurs de la société de cybersécurité Bitdefender ont déclaré que les bogues - dont trois obtiennent une cote de gravité de 9,1 sur 10 - Centre sur LG webOS, le

---

Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions.  Researchers from cybersecurity firm Bitdefender said the bugs - three of which carry a 9.1 out 10 severity rating - center on LG WebOS, the]]> 2024-04-09T15:17:30+00:00 https://therecord.media/lg-patches-vulnerabilities-tv www.secnews.physaphae.fr/article.php?IdArticle=8478770 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Plusieurs groupes de piratage basés en Chine, dont Volt Typhoon, visent un trio de vulnérabilités affectant son géant ivanti aux côtés de multiples opérations cybercriminales.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) et plusieurs des principales agences de cybersécurité du monde ont publié des avertissements sur les vulnérabilités - étiquetées CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893 - en raison deleur utilisation généralisée

---

Several China-based hacking groups, including Volt Typhoon, are targeting a trio of vulnerabilities affecting IT giant Ivanti alongside multiple cybercriminal operations. The Cybersecurity and Infrastructure Security Agency (CISA) and several of the world\'s leading cybersecurity agencies have released warnings about the vulnerabilities - labeled CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 - due to their widespread use]]> 2024-04-04T16:40:24+00:00 https://therecord.media/volt-typhoon-china-targeting-energy-defense-ivanti-bugs www.secnews.physaphae.fr/article.php?IdArticle=8476005 False Vulnerability Guam 3.0000000000000000 Recorded Future - FLux Recorded Future Ivanti a annoncé des modifications en gros dans la façon dont elle aborde la cybersécurité après que plusieurs gouvernements ont apporté des violations récentes aux vulnérabilités des produits de la société. & NBSP;Le PDG d'Ivanti, Jeff Abbott, a publié une lettre ouverte et une vidéo de 6 minutes aux clients promettant de réviser la façon dont la société de gestion technologique construit ses produits et comment elle communique avec les clients sur les vulnérabilités.«Événements dans

---

Ivanti announced wholesale changes to how it approaches cybersecurity after multiple governments sourced recent breaches back to vulnerabilities in the company\'s products.  Ivanti CEO Jeff Abbott published an open letter and 6-minute video to customers pledging overhaul how the technology-management company builds its products and how it communicates with customers about vulnerabilities. “Events in]]> 2024-04-03T20:00:43+00:00 https://therecord.media/ivanti-security-overhaul-ceo-jeff-abbott www.secnews.physaphae.fr/article.php?IdArticle=8475423 False Vulnerability None 4.0000000000000000 Recorded Future - FLux Recorded Future L'Institut national des normes et de la technologie (NIST) a blâmé l'augmentation du volume des logiciels et «un changement de support interinstitutions» pour le récent arriéré de vulnérabilités analysées dans la base de données nationale de vulnérabilité de l'organisation (NVD).Pendant des années, le NVD est une ressource inestimable pour les experts et les défenseurs de la cybersécurité qui comptent sur

---

The National Institute of Standards and Technology (NIST) blamed increases in the volume of software and “a change in interagency support” for the recent backlog of vulnerabilities analyzed in the organization\'s National Vulnerability Database (NVD). For years, the NVD has been an invaluable resource for cybersecurity experts and defenders who rely on it for]]> 2024-04-01T20:17:13+00:00 https://therecord.media/vulnerability-database-backlog-nist-support www.secnews.physaphae.fr/article.php?IdArticle=8474225 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future La Federal Communications Commission (FCC) dit qu'elle prend des mesures pour traiter des faiblesses importantes dans les réseaux de télécommunications qui peuvent permettre la cybercriminalité et l'espionnage. & NBSP;L'agence enquête sur la façon dont les vulnérabilités dans le système de signalisation des protocoles n ° 7 (SS7) et le diamètre - qui permettent conjointement les appels téléphoniques \\ 'et les messages texte \' à travers les réseaux - peuvent permettre

---

The Federal Communications Commission (FCC) says it is taking action to address significant weaknesses in telecommunications networks that can enable cybercrime and spying.  The agency is investigating how vulnerabilities in the protocols Signaling System No. 7 (SS7) and Diameter - which jointly enable phone calls\' and text messages\' movement across networks - can allow]]> 2024-04-01T17:50:30+00:00 https://therecord.media/fcc-ss7-diameter-protocols-investigation www.secnews.physaphae.fr/article.php?IdArticle=8474146 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les experts en cybersécurité avertissent que les exploits zéro-jours, qui peuvent être utilisés pour compromettre les appareils avant que quiconque ne sache qu'ils sont vulnérables, sont devenus plus courants en tant que pirates et cybercriminels à l'État-nation et en train de trouver des moyens sophistiqués de mener à bien leurs attaques.Des chercheurs de Google ont déclaré mercredi avoir observé 97 jours zéro exploités dans la nature en 2023, comparés

---

Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they\'re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks. Researchers from Google on Wednesday said they observed 97 zero-days exploited in the wild in 2023, compared]]> 2024-03-27T13:00:00+00:00 https://therecord.media/zero-day-exploits-jumped-in-2023-spyware www.secnews.physaphae.fr/article.php?IdArticle=8471355 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs avertissent que les pirates exploitent activement une vulnérabilité contestée dans un cadre d'IA à source ouverte populaire connue sous le nom de Ray.Cet outil est couramment utilisé pour développer et déployer des applications Python à grande échelle, en particulier pour les tâches telles que l'apprentissage automatique, l'informatique scientifique et le traitement des données.Selon le développeur de Ray \\, tous les domaines, le cadre est utilisé par major

---

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray. This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing. According to Ray\'s developer, Anyscale, the framework is used by major]]> 2024-03-26T18:46:40+00:00 https://therecord.media/thousands-exposed-to-ray-framework-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8470918 False Tool,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Un pirate serait lié à la République de Chine du peuple a exploité deux vulnérabilités populaires pour attaquer les entrepreneurs de la défense américaine, les entités et les institutions gouvernementales du Royaume-Uni en Asie. & NBSP;Un nouveau rapport de la société de sécurité appartenant à Google Mandiant a mis en lumière le travail d'un acteur de menace qu'ils appellent UNC5174.Les chercheurs pensent que l'UNC5174 est un ancien membre

---

A hacker allegedly connected to the People\'s Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.  A new report from Google-owned security firm Mandiant spotlighted the work of a threat actor they call UNC5174. The researchers believe UNC5174 is a former member]]> 2024-03-21T20:38:56+00:00 https://therecord.media/chinese-government-hacker-exploiting-bugs-to-target-defense-government-sectors www.secnews.physaphae.fr/article.php?IdArticle=8468102 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Le géant des logiciels tchèques Jet-Brains a critiqué la société de sécurité Rapid7 cette semaine après une dispute sur deux vulnérabilités récemment découvertes .Dans un article de blog publié lundi,JetBrains a attribué le compromis de plusieurs serveurs de clients à la décision de Rapid7 \\ de divulguer des informations détaillées sur les vulnérabilités.«Après la divulgation complète, nous avons commencé à entendre des clients qui

---

Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers\' servers to Rapid7\'s decision to release detailed information on the vulnerabilities. “After the full disclosure was made, we started hearing from some customers who]]> 2024-03-12T21:23:32+00:00 https://therecord.media/jetbrains-rapid7-silent-patching-dispute www.secnews.physaphae.fr/article.php?IdArticle=8462846 False Vulnerability,Patching None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont violé les systèmes de la Cybersecurity and Infrastructure Security Agency (CISA) en février par le biais de vulnérabilités dans les produits Ivanti, ont déclaré des responsables.Un porte-parole de la CISA a confirmé à enregistrer les futures nouvelles que l'agence «a identifié l'activité indiquant l'exploitation des vulnérabilités dans les produits Ivanti que l'agence utilise» il y a environ un mois.«L'impact a été limité à deux

---

Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said. A CISA spokesperson confirmed to Recorded Future News that the agency “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” about a month ago. “The impact was limited to two]]> 2024-03-08T18:40:58+00:00 https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise www.secnews.physaphae.fr/article.php?IdArticle=8460937 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Le géant du logiciel tchèque JetBrains a conseillé aux utilisateurs de réparer de toute urgence deux vulnérabilités affectant toutes les versions sur site de son produit TeamCity, qui est utilisée par les développeurs pour tester et échanger le code du logiciel avant sa version.JetBrains a publié le conseil dimanche sur les vulnérabilités CVE-2024-27198 et CVE-2024-27199 - notant que les deux ont été découverts le mois dernier par

---

Czech software giant JetBrains has advised users to urgently patch two vulnerabilities affecting all on-premises versions of its TeamCity product, which is used by developers to test and exchange software code before its release. JetBrains published the advisory on Sunday about the vulnerabilities CVE-2024-27198 and CVE-2024-27199 - noting that both were discovered last month by]]> 2024-03-04T22:21:48+00:00 https://therecord.media/jet-brains-advisory-teamcity-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8459029 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates nord-coréens ont exploité une vulnérabilité auparavant inconnue dans une fonctionnalité de sécurité Windows, leur permettant d'obtenir le plus haut niveau d'accès aux systèmes ciblés.Un défaut zéro-jour dans Applocker - un service qui aide les administrateurs à contrôler les applications autorisées à s'exécuter sur un système - était découvert par des chercheurs à la cybersécurité tchèque

---

North Korean hackers exploited a previously unknown vulnerability in a Windows security feature, allowing them to gain the highest level of access to targeted systems. A zero-day flaw in AppLocker - a service that helps administrators control which applications are allowed to run on a system - was discovered by researchers at the Czech cybersecurity]]> 2024-02-29T18:33:17+00:00 https://therecord.media/north-korean-hackers-windows-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8457115 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les cyber-espions russes derrière la violation de Solarwinds adaptent leurs techniques pour pirater des organisations qui ont déplacé leurs réseaux dans des environnements hébergés dans le cloud, les responsables occidentaux avertissent.L'hébergement cloud a posé un défi pour les pirates, car il a effectivement réduit la surface d'attaque en termes de capacité à exploiter les vulnérabilités logicielles que les organisations

---

The Russian cyber spies behind the SolarWinds breach are adapting their techniques to hack into organizations that have moved their networks into cloud-hosted environments, Western officials are warning. Cloud hosting has posed a challenge to hackers because it has effectively reduced the attack surface in terms of their ability to exploit software vulnerabilities that organizations]]> 2024-02-26T13:56:26+00:00 https://therecord.media/russia-svr-espionage-hacking-cloud-five-eyes-warning www.secnews.physaphae.fr/article.php?IdArticle=8455397 False Hack,Vulnerability,Threat,Cloud None 3.0000000000000000 Recorded Future - FLux Recorded Future Une vulnérabilité de sécurité dans un outil d'accès à distance disponible dans le commerce est exploitée par des criminels de ransomware quelques jours seulement après la première fois.La vulnérabilité spécifique, affectant certaines versions du produit ScreenConnect de ConnectWise \\, a reçu le maximum score CVSS de 10 , indiquantqu'il représente une menace critique pour les organisations qui n'ont pas corrigé leur logiciel.

---

A security vulnerability in a commercially available remote access tool is being exploited by ransomware criminals just days after first being disclosed. The specific vulnerability, affecting some versions of ConnectWise\'s ScreenConnect product, has been given the maximum CVSS score of 10, indicating that it poses a critical threat to organizations that haven\'t patched their software.]]> 2024-02-23T12:53:03+00:00 https://therecord.media/connectwise-screenconnect-bug-cybercrime-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8454106 False Ransomware,Tool,Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage lié à la Russie exploite un bogue connu dans un serveur de messagerie Web populaire pour espionner les agences gouvernementales et militaires en Europe, ainsi que les ambassades iraniennes en Russie, selon un nouveau rapport.Dans une récente campagne d'espionnage, les pirates ont suivi le TAG-70 ont utilisé une vulnérabilité de script inter-sites (XSS) dans le Web Roundcube

---

A Russia-linked hacking group is exploiting a known bug in a popular webmail server to spy on government and military agencies in Europe, as well as Iranian embassies in Russia, according to a new report. In a recent espionage campaign, the hackers tracked as TAG-70 used a cross-site scripting (XSS) vulnerability in the Roundcube web-based]]> 2024-02-17T08:00:00+00:00 https://therecord.media/russia-aligned-hackers-target-european-and-iranian-embassies-cyber-espionage www.secnews.physaphae.fr/article.php?IdArticle=8451313 False Hack,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future La société de logiciels Ivanti a identifié une autre nouvelle vulnérabilité dans l'un de ses produits nécessitant un correctif immédiat des utilisateurs.Dans un avis de jeudi après-midi, la société a mis en lumière CVE-2024-22024 - une vulnérabilité affectant Ivanti Connect Secure, Ivanti Policy Secure et ZTA Gateways.La vulnérabilité a un score de gravité de 8,3 et «permet un

---

The software company Ivanti has identified yet another new vulnerability in one of its products requiring an immediate patch from users. In an advisory on Thursday afternoon, the company spotlighted CVE-2024-22024 - a vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. The vulnerability carries a severity score of 8.3 and “allows an]]> 2024-02-08T22:03:42+00:00 https://therecord.media/ivanti-urgent-warning-new-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8448172 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates chinois parrainés par l'État ont fait irruption dans un réseau informatique interne utilisé par le ministère néerlandais de la défense l'année dernière, a annoncé mardi les Pays-Bas.Dans un rare Annonce , les services de sécurité militaires (MIVD) et civils (MIVD) du pays et civil (AIVD) ont déclaré que le ministère avait été piraté à des fins d'espionnage après que l'acteur de menace a exploité une vulnérabilité dans les appareils FortiGate,

---

Chinese state-sponsored hackers broke into an internal computer network used by the Dutch Ministry of Defence last year, the Netherlands said Tuesday. In a rare announcement, both the country\'s military (MIVD) and civilian (AIVD) security services said the ministry had been hacked for espionage purposes after the threat actor exploited a vulnerability in FortiGate devices,]]> 2024-02-06T16:00:22+00:00 https://therecord.media/dutch-find-chinese-hackers-networks-fortinet www.secnews.physaphae.fr/article.php?IdArticle=8447326 False Vulnerability,Threat None 4.0000000000000000 Recorded Future - FLux Recorded Future Une variante d'un botnet de longue date abuse désormais de la vulnérabilité Log4Shell, mais va au-delà des applications orientées Internet et cible tous les hôtes dans un réseau interne d'une victime.Les chercheurs d'Akamai expliquent le changement dans le botnet Fritzfrog - qui existe depuis 2020 - dans un Rapport publié jeudi.Le botnet utilise généralement une force brute

---

A variant of a long-running botnet is now abusing the Log4Shell vulnerability but is going beyond internet-facing applications and is targeting all hosts in a victim\'s internal network. Researchers at Akamai explain the shift in the FritzFrog botnet - which has existed since 2020 - in a report released Thursday. The botnet typically uses brute-force]]> 2024-02-01T20:05:04+00:00 https://therecord.media/botnet-fritzfrog-log4shell-exploitation-internal-networks www.secnews.physaphae.fr/article.php?IdArticle=8445707 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Vendredi, toutes les agences civiles fédérales des États-Unis ont été condamnées à déconnecter les produits Secure et Policy Secure et Policy Secure après que d'autres vulnérabilités aient été trouvées dans les outils cette semaine.Dans un Directive mise à jour publiée mercredi, l'agence de sécurité de cybersécurité et d'infrastructure (CISA) a donné aux agences jusqu'à vendredi à minuit pour supprimer les outils

---

All federal civilian agencies in the U.S. have been ordered to disconnect Ivanti Connect Secure and Policy Secure products by Friday after more vulnerabilities were found in the tools this week. In an updated directive published on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) gave agencies until Friday at midnight to remove the tools]]> 2024-02-01T15:55:03+00:00 https://therecord.media/federal-civilian-agencies-ordered-to-disconnect-at-risk-ivanti-products-cisa www.secnews.physaphae.fr/article.php?IdArticle=8445610 False Tool,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future La société informatique Ivanti a déclaré cette semaine qu'elle avait découvert deux nouvelles vulnérabilités affectant ses produits lors de l'enquête sur les bogues découverts plus tôt dans le mois.Les problèmes affectent la politique sécurisée d'Ivanti et Ivanti Connect Secure VPN qui sont largement utilisés à travers le gouvernement américain et d'autres industries.Les deux vulnérabilités - appelées CVE-2024-21888 et

---

IT company Ivanti said this week that it discovered two new vulnerabilities affecting its products while investigating bugs discovered earlier in the month. The issues affect Ivanti\'s Policy Secure and Ivanti Connect Secure VPN products that are used widely across the U.S. government and other industries. The two vulnerabilities - referred to as CVE-2024-21888 and]]> 2024-01-31T22:20:10+00:00 https://therecord.media/ivanti-warns-of-two-bugs-as-cisa-issues-alert-about-hackers www.secnews.physaphae.fr/article.php?IdArticle=8445343 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Plusieurs nouvelles vulnérabilités sont exploitées par des pirates ces derniers jours, ce qui incite l'alarme à des experts inquiets de la façon dont ils seront utilisés par les cybercriminels et les États-nations.Au cours de la semaine dernière, des vulnérabilités affectant les géants de la technologie, notamment pomme , vmware , Fortra , Apache Et d'autres ont été soulignés à la fois par des experts en cybersécurité et des agences gouvernementales comme les

---

Multiple new vulnerabilities are being exploited by hackers in recent days, prompting alarm from experts worried about how they will be used by cybercriminals and nation states. Over the last week, vulnerabilities affecting tech giants including Apple, VMware, Atlassian, Fortra, Apache and others have been highlighted both by cybersecurity experts and government agencies like the]]> 2024-01-23T21:30:00+00:00 https://therecord.media/cybersecurity-experts-warn-of-vulnerabilities-apple-atlassian-fortra www.secnews.physaphae.fr/article.php?IdArticle=8442284 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Les agences civiles du gouvernement américain sont condamnées à réparer immédiatement deux vulnérabilités affectant un outil populaire de la société informatique Ivanti après que le meilleur chien de garde de la cybersécurité de la nation \\ a mis en garde contre une exploitation généralisée.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a sonné l'alarme vendredi à propos de CVE-2023-46805 et CVE-2024-21887 - Deux bogues affectant la politique d'Ivanti Secu

---

Civilian agencies across the U.S. government are being ordered to immediately patch two vulnerabilities affecting a popular tool from IT company Ivanti after the nation\'s top cybersecurity watchdog warned of widespread exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Friday about CVE-2023-46805 and CVE-2024-21887 - two bugs affecting Ivanti Policy Secure]]> 2024-01-19T19:46:00+00:00 https://therecord.media/ivanti-vulnerabilities-cisa-emergency-directive www.secnews.physaphae.fr/article.php?IdArticle=8440747 False Tool,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Ivanti a déclaré qu'il voyait un pic dans des pirates ciblant deux vulnérabilités récemment divulguées dans son produit VPN Connect Secure, car les chercheurs en cybersécurité ont également dimensionné l'étendue des dégâts.Depuis émettre un avis la semaine dernière : «Nous avons constaté une forte augmentation de l'activité des acteurs et des analyses des chercheurs en sécurité des acteurs de la menace et des chercheurs en sécurité”Concernant les bogues, un

---

Ivanti said it is seeing a spike in hackers targeting two recently disclosed vulnerabilities in its Connect Secure VPN product, as cybersecurity researchers also sized up the extent of the damage. Since issuing an advisory last week, “we have seen a sharp increase in threat actor activity and security researcher scans” concerning the bugs, an]]> 2024-01-16T19:03:00+00:00 https://therecord.media/ivanti-vpn-vulnerabilities-exploited-devices-worldwide www.secnews.physaphae.fr/article.php?IdArticle=8439652 False Vulnerability,Threat None 4.0000000000000000 Recorded Future - FLux Recorded Future Le fabricant de technologies allemands Bosch a fixé une vulnérabilité affectant une gamme populaire de thermostats intelligents en octobre, a révélé la société cette semaine.Des chercheurs de Bitdefender ont découvert un problème avec les thermostats Bosch BCC100 en août dernier qui permet à un attaquant du même réseau de remplacer le firmware de l'appareil par une version voyou.Bogdan Boozatu, directeur de la recherche sur les menaces

---

German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week. Researchers from Bitdefender discovered an issue with Bosch BCC100 thermostats last August which lets an attacker on the same network replace the device firmware with a rogue version. Bogdan Botezatu, director of threat research]]> 2024-01-12T20:15:00+00:00 https://therecord.media/vulnerability-smart-thermostats-bosch-patch www.secnews.physaphae.fr/article.php?IdArticle=8438390 False Vulnerability,Threat,Industrial None 3.0000000000000000 Recorded Future - FLux Recorded Future Katie Moussouris peut ne pas se considérer comme une «mère» des programmes de primes de bogues modernes, mais elle dit que «Tante» fera. _Moussouris est le fondateur et PDG de Luta Security, une entreprise de cybersécurité spécialisée dans la gestion de la vulnérabilité.Mais elle est peut-être surtout célèbre pour son travail pour aider les grandes entreprises et les entités gouvernementales, notamment Microsoft et le

---

Katie Moussouris may not consider herself a “mother” of modern bug bounty programs, but she says “auntie” will do. _Moussouris is the founder and CEO of Luta Security, a cybersecurity company specializing in vulnerability management. But she may be most famous for her work helping major corporations and government entities, including Microsoft and the]]> 2024-01-12T14:00:00+00:00 https://therecord.media/katie-moussouris-vulnerability-disclosure-china-european-union www.secnews.physaphae.fr/article.php?IdArticle=8438272 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Mercredi, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a exhorté les clients de la société informatique Ivanti pour corriger deux vulnérabilités qui sont activement exploitées.Cisa \\ 's Avis suit un Avertissement De Ivanti qu'au moins 10 de ses clients ont été touchés par les vulnérabilités.Les problèmes concernent Ivanti Connect Secure - un outil VPN largement utilisé.

---

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday urged customers of IT company Ivanti to patch two vulnerabilities that are being actively exploited. CISA\'s notice follows a warning from Ivanti that at least 10 of its customers were impacted by the vulnerabilities. The issues relate to Ivanti Connect Secure - a widely-used VPN tool.]]> 2024-01-10T21:00:00+00:00 https://therecord.media/ivanti-customers-patch-chinese-hackers www.secnews.physaphae.fr/article.php?IdArticle=8437630 False Tool,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Pour les acteurs de l'État-nation ciblant les adversaires dans le cyberespace, les vulnérabilités non corrigées dans les logiciels sont comme des munitions.En tant que matière générale, les agences de renseignement et les pirates militaires dépensent des millions de dollars sur le marché gris et des milliers d'heures d'homme dans le but de déterrer des défauts dans le code que personne n'a encore découvert. _But pour le passé

---

For nation-state actors targeting adversaries in cyberspace, unpatched vulnerabilities in software are like ammunition. As a general matter, intelligence agencies and military hackers spend millions of dollars in the gray market and thousands of man-hours in a bid to dig up flaws in code that no one has discovered yet. _But for the past]]> 2024-01-10T13:00:00+00:00 https://therecord.media/china-vulnerability-disclosure-military-government-dakota-cary www.secnews.physaphae.fr/article.php?IdArticle=8437501 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Plusieurs vulnérabilités ont été trouvées dans une ligne populaire de clés à couple pneumatique fabriquées par une filiale de Bosch, une société allemande d'ingénierie et de technologie.Les clés mécaniques se trouvent généralement dans les installations de fabrication qui effectuent des tâches de resserrement critiques, en particulier les lignes de production automobile, selon les chercheurs de la société de cybersécurité industrielle Nozomi Networks.Les vulnérabilités dans

---

Several vulnerabilities have been found in a popular line of pneumatic torque wrenches made by a subsidiary of Bosch, a German engineering and technology corporation. The mechanical wrenches are typically found in manufacturing facilities that perform safety-critical tightening tasks, especially automotive production lines, according to researchers at industrial cybersecurity firm Nozomi Networks. The vulnerabilities in]]> 2024-01-09T14:00:00+00:00 https://therecord.media/bosch-rexroth-pneumatic-wrenches-vulnerabilities-disclosed www.secnews.physaphae.fr/article.php?IdArticle=8437140 False Vulnerability,Industrial None 2.0000000000000000 Recorded Future - FLux Recorded Future Deux nouvelles vulnérabilités ont été ajoutées à la liste des bogues exploités par la Cybersecurity and Infrastructure Security Agency (CISA).CISA a mis en garde mardi une vulnérabilité concernant la bibliothèque Perl open source, classée comme CVE-2023-7101, ainsi qu'un bogue impactant Google Chrome qui a été abordé par la société le mois dernier.Les vulnérabilités ont été ajoutées

---

Two new vulnerabilities have been added to the list of exploited bugs by the Cybersecurity and Infrastructure Security Agency (CISA). CISA on Tuesday warned of a vulnerability concerning the open-source Perl library, classified as CVE-2023-7101, as well as a bug impacting Google Chrome that was addressed by the company last month. The vulnerabilities were added]]> 2024-01-03T21:30:00+00:00 https://therecord.media/cisa-adds-chrome-open-source-bugs www.secnews.physaphae.fr/article.php?IdArticle=8433938 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les cybercriminels ciblent les serveurs Linux SSH mal gérés pour installer des logiciels malveillants pour la cryptomiminage ou l'effort d'attaques distribuées au déni de service, ont révélé des chercheurs.Selon un rapport de AHNLAB publié cette semaine, une mauvaise gestion des mots de passe et un correctif de vulnérabilité laxiste peuvent permettre aux pirates d'exploiter les serveurs pour la cybercriminalité.Les serveurs SSH offrent un accès à distance sécurisé à un

---

Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime. SSH servers provide secure remote access to a]]> 2023-12-28T13:27:00+00:00 https://therecord.media/linux-ssh-servers-cryptomining-ddos-bots www.secnews.physaphae.fr/article.php?IdArticle=8430291 False Malware,Vulnerability,Threat,Patching None 2.0000000000000000 Recorded Future - FLux Recorded Future Google Chrome a publié un correctif de sécurité d'urgence pour un défaut zéro-jour qui a été exploité dans la nature.Cette vulnérabilité, suivie en CVE-2023-7024, affecte les versions de bureau du navigateur sur Mac, Linux et Windows.C'est le huitième activement exploité zéro-jour dans Chrome découvert depuis le début de 2023. Cl & eacute; ment Lecigne et Vlad

---

Google Chrome has released an emergency security fix for a zero-day flaw that has been exploited in the wild. This vulnerability, tracked as CVE-2023-7024, affects the desktop versions of the browser on Mac, Linux and Windows. It is the eighth actively exploited zero-day in Chrome discovered since the start of 2023. Clément Lecigne and Vlad]]> 2023-12-21T13:32:00+00:00 https://therecord.media/google-chrome-zero-day-patch-webrtc www.secnews.physaphae.fr/article.php?IdArticle=8426784 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Le fournisseur de services de télévision par câble et d'Internet Xfinity indique qu'une violation liée à une vulnérabilité généralisée dans la technologie Citrix a exposé des données de près de 36 millions de personnes à la mi-octobre.L'intrusion s'est produite entre le 16 et le 19 octobre, après que Citrix ait annoncé le bogue, mais avant que Xfinity ne répare ses systèmes, a déclaré la société basée à Philadelphie dans un notification déposée lundi

---

Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October. The intrusion happened between October 16-19, after Citrix had announced the bug but before Xfinity patched its systems, the Philadelphia-based company said in a notification filed Monday]]> 2023-12-19T14:30:00+00:00 https://therecord.media/millions-affected-by-xfinity-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8425495 False Data Breach,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les agences gouvernementales aux États-Unis, en Pologne et au Royaume-Uni ont déclaré mercredi que le Service de renseignement étranger de la Russie (SVR) a exploité une vulnérabilité qui a été exposée plus tôt cette année dans un produit populaire du géant du logiciel tchèque Jetbrains.Les responsables ont déclaré qu'ils avaient découverte

---

Government agencies in the U.S., Poland and the U.K. said on Wednesday that Russia\'s Foreign Intelligence Service (SVR) has been exploiting a vulnerability that was exposed earlier this year in a popular product from Czech software giant JetBrains. Officials said they have notified dozens of companies across the U.S., Europe, Asia and Australia after discovering]]> 2023-12-13T18:32:00+00:00 https://therecord.media/russia-svr-exploiting-jetbrains-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8422208 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés à Groupe de Lazarus de la Corée du Nord ont exploité le Vulnérabilité LOG4J Dans une campagne d'attaques ciblant les entreprises dans les secteurs de la fabrication, de l'agriculture et de la sécurité physique.Connu sous le nom de «Faire du forgeron de l'opération», la campagne a vu les pirates de Lazarus utiliser au moins trois nouvelles familles de logiciels malveillants, selon des chercheurs de Cisco Talos qui ont nommé l'un des

---

Hackers connected to North Korea\'s Lazarus Group have been exploiting the Log4j vulnerability in a campaign of attacks targeting companies in the manufacturing, agriculture and physical security sectors. Known as “Operation Blacksmith,” the campaign saw Lazarus hackers use at least three new malware families, according to researchers at Cisco Talos who named one of the]]> 2023-12-11T20:30:00+00:00 https://therecord.media/north-korean-hackers-using-log www.secnews.physaphae.fr/article.php?IdArticle=8421198 False Malware,Vulnerability APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Deux vulnérabilités affectant un outil d'analyse de données populaires ont été ajoutées à la liste des bogues exploités de la Cybersecurity and Infrastructure Security Agency \\ Agency (CISA).Jeudi, cisa ajouté CVE-2023-41265 et CVE-2023-41266 à son catalogue, donnant le fédéralagences civiles jusqu'au 28 décembre pour corriger les problèmes.Les deux bogues étaient TrouvéCet été au sens Qlik -

---

Two vulnerabilities affecting a popular data analytics tool were added to the Cybersecurity and Infrastructure Security Agency\'s (CISA) list of exploited bugs this week. On Thursday, CISA added CVE-2023-41265 and CVE-2023-41266 to its catalog, giving federal civilian agencies until December 28 to patch the issues. Both bugs were found this summer in Qlik Sense -]]> 2023-12-08T22:00:00+00:00 https://therecord.media/cisa-adds-qlik-bugs-to-kev-list www.secnews.physaphae.fr/article.php?IdArticle=8420304 False Tool,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs en cybersécurité ont découvert une autre campagne dans laquelle les pirates associés aux renseignements militaires de la Russie exploitent une vulnérabilité dans les logiciels Microsoft pour cibler des entités critiques, y compris celles des pays membres de l'OTAN.Selon un Rapport par Palo Alto Networks \\ 'Unit 42, l'acteur de menace russe connue sous le nom de Fancy Bear ou APT28 a violé Microsoft Outlook sur

---

Cybersecurity researchers have discovered another campaign in which hackers associated with Russia\'s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries. According to a report by Palo Alto Networks\' Unit 42, the Russian threat actor known as Fancy Bear or APT28 breached Microsoft Outlook over]]> 2023-12-08T15:16:00+00:00 https://therecord.media/microsoft-outlook-vulnerability-apt28-hackers-russia-nato www.secnews.physaphae.fr/article.php?IdArticle=8420218 False Vulnerability,Threat APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs ont découvert plus de 20 défauts de sécurité affectant les routeurs fabriqués par le fournisseur de l'équipement de communication canadien Sierra Wireless.Les routeurs cellulaires Airlink de la société sont souvent utilisés dans des secteurs d'infrastructures critiques, tels que les installations gouvernementales et commerciales, les services d'urgence, l'énergie, le transport, l'eau et les soins de santé.Ces routeurs connectent les réseaux locaux critiques à Internet via cellulaire

---

Researchers have discovered more than 20 security flaws affecting routers manufactured by the Canadian communications equipment vendor Sierra Wireless. The company\'s AirLink cellular routers are often used in critical infrastructure sectors, such as government and commercial facilities, emergency services, energy, transportation, water and healthcare. These routers connect critical local networks to the internet via cellular]]> 2023-12-06T18:00:00+00:00 https://therecord.media/researchers-discover-sierra-wireless-flaws www.secnews.physaphae.fr/article.php?IdArticle=8419650 False Vulnerability,Industrial,Commercial None 4.0000000000000000 Recorded Future - FLux Recorded Future Google a déclaré avoir corrigé trois vulnérabilités dans une version de son matériel de diffusion de médias Chromecast découverte par des chercheurs en sécurité plus tôt cette année.Lorsqu'ils sont enchaînés, les bogues pourraient permettre à quelqu'un d'installer de manière malveillante un système d'exploitation personnalisé et un code non signé sur le Chromecast avec Google TV.Patchs pour les bogues - Tagué comme CVE-2023-48424, CVE-2023-48425 et

---

Google said it patched three vulnerabilities in a version of its Chromecast media-streaming hardware discovered by security researchers earlier this year. When chained together, the bugs could allow someone to maliciously install a custom operating system and unsigned code on the Chromecast with Google TV. Patches for the bugs - tagged as CVE-2023-48424, CVE-2023-48425 and]]> 2023-12-06T17:43:00+00:00 https://therecord.media/chromecast-hardware-vulnerabilities-google-patch www.secnews.physaphae.fr/article.php?IdArticle=8419633 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Les serveurs orientés publics d'une agence fédérale américaine ont été compromis par des pirates en juin et juillet grâce à une vulnérabilité dans un produit populaire d'Adobe, selon l'agence de cybersécurité de la Nation \\.Les pirates non identifiés ont exploité CVE-2023-26360 - Un bogue affectant les versions Adobe Coldfusion 2018 Update 15 (et plus tôt) et 2021 Update 5 (et plus tôt) comme

---

Public-facing servers at a U.S. federal agency were compromised by hackers in June and July through a vulnerability in a popular product from Adobe, according to the nation\'s leading cybersecurity agency. The unidentified hackers exploited CVE-2023-26360 - a bug affecting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) as]]> 2023-12-05T17:16:00+00:00 https://therecord.media/adobe-coldfusion-vulnerability-two-federal-agencies www.secnews.physaphae.fr/article.php?IdArticle=8419339 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates associés aux renseignements militaires de la Russie exploitent toujours activement une vulnérabilité dans les logiciels Microsoft pour accéder aux e-mails des victimes, a annoncé lundi la société.L'acteur de menace, suivi par Microsoft sous le nom de Forest Blizzard mais également connu sous le nom de Fancy Bear ou APT28, a tenté d'utiliser le bogue pour obtenir un accès non autorisé à l'e-mail

---

Hackers associated with Russia\'s military intelligence are still actively exploiting a vulnerability in Microsoft software to gain access to victims\' emails, the company said Monday. The threat actor, tracked by Microsoft as Forest Blizzard but also known as Fancy Bear or APT28, has been attempting to use the bug to gain unauthorized access to email]]> 2023-12-04T15:16:00+00:00 https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear www.secnews.physaphae.fr/article.php?IdArticle=8419047 False Vulnerability,Threat APT 28 2.0000000000000000