This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-04T12:16:08+00:00 www.secnews.physaphae.fr ProofPoint - Cyber Firms 2024-01-22T06:00:26+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/types-identity-threats-attacks www.secnews.physaphae.fr/article.php?IdArticle=8441709 False Malware,Vulnerability,Threat,Patching,Technical None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach. Successful DevSecOps in a cloud-native world is aided by the right tools. Here are a handful of the most essential cloud security tools and what to look for in them to aid DevSecOps.  Top Essential Cloud Security Tool for DevSecOps: Software Composition Analysis  Software Composition Analysis (SCA) is the bread and butter of cloud security tools for effective DevSecOps and securing the software supply chain.   Why it matters: open-source software (OSS) is handy, but it comes with a few catches. There are vulnerabilities, missed updates, and license risk to be worried about. That\'s where SCA comes in.   SCA takes a proactive approach to finding these risks early. A few things you want to look out for when picking the right SCA tool for you:  Continuous Monitoring  Reporting & Analytics with Peer Benchmarking  Remediation Guidance & Fix Suggestions  Dependency…]]> 2024-01-22T05:10:56+00:00 https://www.veracode.com/blog/managing-appsec/essential-cloud-security-tools-effective-devsecops www.secnews.physaphae.fr/article.php?IdArticle=8441712 False Data Breach,Tool,Vulnerability,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

APIs in peril: Wallarm\'s latest report exposes uptick in API attacks and highlights security predictions for 2024 Annual report analyzed 1.2 billion attacks, more than 22,000 vulnerabilities and over 146 bug bounty reports to predict 2024 API security trends January 18, 2024 09:00 AM Eastern Standard Time - Opinion]]> 2024-01-20T18:46:50+00:00 https://www.globalsecuritymag.fr/apis-in-peril-wallarm-s-latest-report-exposes-uptick-in-api-attacks-and.html www.secnews.physaphae.fr/article.php?IdArticle=8441052 False Vulnerability,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further]]> 2024-01-20T15:53:00+00:00 https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html www.secnews.physaphae.fr/article.php?IdArticle=8440964 False Vulnerability,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities – an authentication bypass]]> 2024-01-20T10:01:00+00:00 https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html www.secnews.physaphae.fr/article.php?IdArticle=8440879 False Vulnerability,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'agence affirme que le bogue est activement exploité et présente un risque pour les réseaux fédéraux.

---

>The agency says the bug is being actively exploited and poses a risk to federal networks. ]]> 2024-01-19T22:13:10+00:00 https://cyberscoop.com/cisa-ivanti-vulnerability-emergency-directive/ www.secnews.physaphae.fr/article.php?IdArticle=8440795 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Les agences civiles du gouvernement américain sont condamnées à réparer immédiatement deux vulnérabilités affectant un outil populaire de la société informatique Ivanti après que le meilleur chien de garde de la cybersécurité de la nation \\ a mis en garde contre une exploitation généralisée.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a sonné l'alarme vendredi à propos de CVE-2023-46805 et CVE-2024-21887 - Deux bogues affectant la politique d'Ivanti Secu

---

Civilian agencies across the U.S. government are being ordered to immediately patch two vulnerabilities affecting a popular tool from IT company Ivanti after the nation\'s top cybersecurity watchdog warned of widespread exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Friday about CVE-2023-46805 and CVE-2024-21887 - two bugs affecting Ivanti Policy Secure]]> 2024-01-19T19:46:00+00:00 https://therecord.media/ivanti-vulnerabilities-cisa-emergency-directive www.secnews.physaphae.fr/article.php?IdArticle=8440747 False Tool,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Though reports say this latest Ivanti bug is being exploited, it\'s unclear exactly how threat actors are using it.]]> 2024-01-19T19:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/third-ivanti-vulnerability-exploited-in-the-wild-cisa-reports www.secnews.physaphae.fr/article.php?IdArticle=8440748 False Vulnerability,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant unc3886 , un groupe d'espionnage China-Nexus très avancé, a exploité CVE-2023-34048 jusqu'à la fin 2021. Ces résultats proviennent de la recherche continue de Maniant \\ de Les nouveaux chemins d'attaque utilisés par unc3886 , qui se concentre historiquement sur les technologies qui ne sont pas en mesure de les déployer par EDR.UNC3886 a une expérience en utilisant des vulnérabilités zéro-jours pour terminer leur mission sans être détectée, et ce dernier exemple démontre en outre leurs capacités. Lorsque vous couvrez

---

While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021.These findings stem from Mandiant\'s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to have EDR deployed to them. UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further demonstrates their capabilities. When covering]]> 2024-01-19T17:30:00+00:00 https://www.mandiant.com/resources/blog/chinese-vmware-exploitation-since-2021 www.secnews.physaphae.fr/article.php?IdArticle=8441523 False Vulnerability,Threat None 4.0000000000000000 Soc Radar - Blog spécialisé SOC Oracle a publié son avis de mise à jour de patch critique pour janvier 2024, visant à remédier aux vulnérabilités ...

---

>Oracle has released its Critical Patch Update advisory for January 2024, aimed at remedying vulnerabilities... ]]> 2024-01-19T14:37:03+00:00 https://socradar.io/oracle-issued-389-new-security-patches-in-january-2024-critical-patch-update/ www.secnews.physaphae.fr/article.php?IdArticle=8440674 False Vulnerability None 3.0000000000000000 HackRead - Chercher Cyber deeba ahmed QuarksLab découvre "Pixiefail" Vulnérabilités: les défauts critiques dans le code UEFI open source nécessitent un correctif immédiat. Ceci est un article de HackRead.com Lire le post original: Critical & # 8220; Pixiefail & # 8221;Les défauts exposent des millions d'appareils aux cyberattaques

---

By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks]]> 2024-01-19T12:32:42+00:00 https://www.hackread.com/critical-pixiefail-flaws-expose-devices-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8440638 False Vulnerability,Patching None 3.0000000000000000 SecurityWeek - Security News Le nombre d'appareils VPN Ivanti compromis par l'exploitation des augmentations de défauts récentes et une autre vulnérabilité est ajoutée à la liste exploitée.

---

>The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list. ]]> 2024-01-19T11:01:38+00:00 https://www.securityweek.com/ivanti-epmm-vulnerability-targeted-in-attacks-as-exploitation-of-vpn-flaws-increases/ www.secnews.physaphae.fr/article.php?IdArticle=8440600 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it\'s being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass]]> 2024-01-19T10:25:00+00:00 https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html www.secnews.physaphae.fr/article.php?IdArticle=8440517 False Vulnerability,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Spotting a plaintext password and using it in research without authorization deemed a crime A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.…]]> 2024-01-19T06:44:06+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/19/germany_fine_security/ www.secnews.physaphae.fr/article.php?IdArticle=8440543 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed."]]> 2024-01-18T22:30:00+00:00 https://www.darkreading.com/vulnerabilities-threats/citrix-discovers-two-vulnerabilities-both-exploited-in-the-wild www.secnews.physaphae.fr/article.php?IdArticle=8440444 False Vulnerability None 3.0000000000000000 Volexity - Cyber Firms Le 15 janvier 2024, la volexité a détaillé l'exploitation généralisée des vulnérabilités VPN sécurisées Ivanti Connect CVE-2024-21887 et CVE-2023-46805.Dans ce billet de blog, la volexité a détaillé un numérisation et une exploitation plus larges par des acteurs de menace utilisant des exploits toujours non publiques pour compromettre de nombreux appareils.Le lendemain, le 16 janvier 2023, le code de preuve de concept pour l'exploit a été rendu public par Rapid7.Par la suite, la volexité a observé une augmentation des attaques de divers acteurs de menace contre les appareils VPN sécurisés Ivanti Connect à partir du même jour.De plus, la volexité a poursuivi son enquête sur l'activité menée par UTA0178 et fait quelques découvertes notables.Le premier se rapporte à la volet de Web GiftedVisitor pour laquelle la volexité a scanné, ce qui a conduit à la découverte initiale de plus de 1 700 dispositifs VPN Secure Ivanti compromis.Le 16 janvier 2024, Volexity a effectué un nouveau scan pour cette porte dérobée et a trouvé 368 appropriés supplémentaires sur les appareils VPN Secure Ivanti compromis, apportant le nombre total de systèmes infectés par [& # 8230;]

---

>On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. The following day, January 16, 2023, proof-of-concept code for the exploit was made public by Rapid7. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day. Additionally, Volexity has continued its investigation into activity conducted by UTA0178 and made a few notable discoveries. The first relates to the GIFTEDVISITOR webshell that Volexity scanned for, which led to the initial discovery of over 1,700 compromised Ivanti Connect Secure VPN devices. On January 16, 2024, Volexity conducted a new scan for this backdoor and found an additional 368 compromised Ivanti Connect Secure VPN appliances, bringing the total count of systems infected by […] ]]> 2024-01-18T18:55:27+00:00 https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/ www.secnews.physaphae.fr/article.php?IdArticle=8440382 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to]]> 2024-01-18T14:49:00+00:00 https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html www.secnews.physaphae.fr/article.php?IdArticle=8440211 False Vulnerability None 2.0000000000000000 Soc Radar - Blog spécialisé SOC L'intégration de l'intelligence artificielle est devenue déterminante dans la fortification des défenses contre l'évolution des menaces.Un ...

---

>The integration of artificial intelligence has become instrumental in fortifying defenses against evolving threats. One... ]]> 2024-01-18T08:30:10+00:00 https://socradar.io/how-can-openai-assistant-feature-help-in-vulnerability-management/ www.secnews.physaphae.fr/article.php?IdArticle=8440569 False Vulnerability None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment observé les circonstances d'un acteur de menace de Coinmin appelé MIMO exploitant diverses vulnérabilités àinstaller des logiciels malveillants.MIMO, également surnommé HEZB, a été retrouvé pour la première fois lorsqu'ils ont installé des co -miners grâce à une exploitation de vulnérabilité Log4Shell en mars 2022. Jusqu'à présent, tous les cas d'attaque impliquaient l'installation de XMRIG Coinmin, appelé MIMO Miner Bot dans l'étape finale.Cependant, il y avait d'autres cas pertinents où le même acteur de menace a installé Mimus Ransomware, Proxyware et Reverse Shell ...

---

AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the installation of XMRig CoinMiner called Mimo Miner Bot in the final stage. However, there were other pertinent cases where the same threat actor installed Mimus ransomware, proxyware, and reverse shell... ]]> 2024-01-18T07:10:53+00:00 https://asec.ahnlab.com/en/60440/ www.secnews.physaphae.fr/article.php?IdArticle=8440173 False Ransomware,Malware,Vulnerability,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus The overlooked vulnerability with real impacts]]> 2024-01-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/ivanti-zero-day-threat-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8440763 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities in the wild beginning as early as December 2023 by a suspected espionage threat actor, currently being tracked as UNC5221. Mandiant is sharing details of five malware families associated with the exploitation of CS and PS devices. These families allow the threat actors to circumvent authentication and provide backdoor access to these devices. #### Reference URL(s) 1. https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day #### Publication Date January 17, 2024 #### Author(s) Tyler Mclellan John Wolfram Gabby Roncone Matt Lin Robert Wallace Dimiter Andonov ]]> 2024-01-17T21:58:17+00:00 https://community.riskiq.com/article/c77cceaf www.secnews.physaphae.fr/article.php?IdArticle=8440049 False Malware,Vulnerability,Threat None 4.0000000000000000 Dark Reading - Informationweek Branch The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies.]]> 2024-01-17T21:15:00+00:00 https://www.darkreading.com/cloud-security/google-chrome-zero-day-bug-attack-code-injection www.secnews.physaphae.fr/article.php?IdArticle=8440044 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for]]> 2024-01-17T19:21:00+00:00 https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html www.secnews.physaphae.fr/article.php?IdArticle=8439909 False Vulnerability,Threat None 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform 2024-01-17T18:46:13+00:00 https://cloud.google.com/support/bulletins/index#gcp-2024-001 www.secnews.physaphae.fr/article.php?IdArticle=8440046 False Vulnerability None None Soc Radar - Blog spécialisé SOC Citrix has recently issued a warning to its customers, advising them to patch Netscaler ADC... ]]> 2024-01-17T16:15:18+00:00 https://socradar.io/zero-day-vulnerabilities-in-citrix-netscaler-adc-and-gateway-amp-google-chrome-cve-2023-6548-cve-2023-6549-and-cve-2024-0519/ www.secnews.physaphae.fr/article.php?IdArticle=8439959 False Vulnerability,Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC L'escalade du nombre de vulnérabilités dans le paysage numérique exige une approche vigilante du ...

---

>The escalating number of vulnerabilities in the digital landscape demands a vigilant approach from the... ]]> 2024-01-17T14:02:46+00:00 https://socradar.io/cisa-kev-timeframe-problems-while-prioritizing-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8439895 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an]]> 2024-01-17T13:11:00+00:00 https://thehackernews.com/2024/01/github-rotates-keys-after-high-severity.html www.secnews.physaphae.fr/article.php?IdArticle=8439800 False Vulnerability None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Atlassian is advising its customers to update their Confluence Data Center and Server to prevent... ]]> 2024-01-17T12:48:29+00:00 https://socradar.io/atlassians-confluence-data-center-and-server-affected-by-critical-rce-vulnerability-cve-2023-22527-patch-now/ www.secnews.physaphae.fr/article.php?IdArticle=8439865 False Vulnerability None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Les utilisateurs écrivent-ils un code plus peu sûr avec des assistants d'IA? & # 8220 ;: Résumé: Nous effectuons la première étude utilisateur à grande échelle en examinant comment les utilisateurs interagissent avec un assistant de code AI pour résoudre une variété de tâches liées à la sécurité dans différents langages de programmation.Dans l'ensemble, nous constatons que les participants qui avaient accès à un assistant d'IA basé sur le modèle Codex-Davinci-002 d'Openai ont écrit du code nettement moins sécurisé que ceux sans accès.De plus, les participants ayant accès à un assistant d'IA étaient plus susceptibles de croire qu'ils ont écrit du code sécurisé que ceux sans accès à l'assistant d'IA.En outre, nous constatons que les participants qui ont fait confiance à l'IA moins et se sont engagés davantage dans le langage et le format de leurs invites (par exemple, le réhabrasage, l'ajustement de la température) a fourni du code avec moins de vulnérabilités de sécurité.Enfin, afin de mieux informer la conception des futurs assistants de code basés sur l'IA, nous fournissons une analyse approfondie des participants & # 8217;Comportement du langage et d'interaction, ainsi que la publication de notre interface utilisateur comme instrument pour mener des études similaires à l'avenir ...

---

Interesting research: “Do Users Write More Insecure Code with AI Assistants?“: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants’ language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future...]]> 2024-01-17T12:14:03+00:00 https://www.schneier.com/blog/archives/2024/01/code-written-with-ai-assistants-is-less-secure.html www.secnews.physaphae.fr/article.php?IdArticle=8439864 False Vulnerability,Studies None 4.0000000000000000 Bleeping Computer - Magazine Américain A new vulnerability dubbed \'LeftoverLocals\' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]]]> 2024-01-17T10:32:06+00:00 https://www.bleepingcomputer.com/news/security/amd-apple-qualcomm-gpus-leak-ai-data-in-leftoverlocals-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8439930 False Vulnerability None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management]]> 2024-01-17T09:44:00+00:00 https://thehackernews.com/2024/01/citrix-vmware-and-atlassian-hit-with.html www.secnews.physaphae.fr/article.php?IdArticle=8439755 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values,]]> 2024-01-17T07:50:00+00:00 https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html www.secnews.physaphae.fr/article.php?IdArticle=8439734 False Vulnerability,Threat None 2.0000000000000000 The Register - Site journalistique Anglais 2024-01-17T01:29:09+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/17/fbi_botnet_warning/ www.secnews.physaphae.fr/article.php?IdArticle=8439723 False Malware,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Anyone who hasn\'t mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.]]> 2024-01-16T21:25:00+00:00 https://www.darkreading.com/cloud-security/ivanti-zero-day-exploits-skyrocket-no-patches www.secnews.physaphae.fr/article.php?IdArticle=8439675 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user\'s network, or brick the device entirely, rendering HVAC unusable.]]> 2024-01-16T19:55:00+00:00 https://www.darkreading.com/ics-ot-security/bosch-smart-thermostat-firmware-bug www.secnews.physaphae.fr/article.php?IdArticle=8439650 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Ivanti a déclaré qu'il voyait un pic dans des pirates ciblant deux vulnérabilités récemment divulguées dans son produit VPN Connect Secure, car les chercheurs en cybersécurité ont également dimensionné l'étendue des dégâts.Depuis émettre un avis la semaine dernière : «Nous avons constaté une forte augmentation de l'activité des acteurs et des analyses des chercheurs en sécurité des acteurs de la menace et des chercheurs en sécurité”Concernant les bogues, un

---

Ivanti said it is seeing a spike in hackers targeting two recently disclosed vulnerabilities in its Connect Secure VPN product, as cybersecurity researchers also sized up the extent of the damage. Since issuing an advisory last week, “we have seen a sharp increase in threat actor activity and security researcher scans” concerning the bugs, an]]> 2024-01-16T19:03:00+00:00 https://therecord.media/ivanti-vpn-vulnerabilities-exploited-devices-worldwide www.secnews.physaphae.fr/article.php?IdArticle=8439652 False Vulnerability,Threat None 4.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Un autre jour, un autre défaut zéro-jour rendant le monde de la cybersécurité fou. Ceci est un article de HackRead.com Lire le post original: Ivanti VPN Flaws Zero-Day Flaws Cyber Attacks Adpread

---

>By Deeba Ahmed Another day, another zero-day flaw driving the cybersecurity world crazy. This is a post from HackRead.com Read the original post: Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks]]> 2024-01-16T17:08:29+00:00 https://www.hackread.com/ivanti-vpn-zero-day-flaws-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8439602 False Vulnerability,Threat None 3.0000000000000000 The Register - Site journalistique Anglais 2024-01-16T15:00:06+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/16/ivanti_zeroday_exploits_explode_into/ www.secnews.physaphae.fr/article.php?IdArticle=8439573 False Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News Two DoS vulnerabilities patched in 2022 and 2023 haunt nearly 180,000 internet-exposed SonicWall firewalls. ]]> 2024-01-16T13:05:23+00:00 https://www.securityweek.com/180k-internet-exposed-sonicwall-firewalls-vulnerable-to-dos-attacks-possibly-rce/ www.secnews.physaphae.fr/article.php?IdArticle=8439553 False Vulnerability None 2.0000000000000000 Soc Radar - Blog spécialisé SOC VMware has addressed a critical vulnerability affecting Aria Automation that, if exploited, could result in... ]]> 2024-01-16T13:02:52+00:00 https://socradar.io/patches-available-for-a-critical-vulnerability-in-vmware-aria-automation-cve-2023-34063/ www.secnews.physaphae.fr/article.php?IdArticle=8439538 False Vulnerability None 3.0000000000000000 Volexity - Cyber Firms Important: si votre organisation utilise Ivanti Connect Secure VPN et que vous n'avez pas appliqué l'atténuation, alors faites-le immédiatement!Les organisations doivent immédiatement examiner les résultats de l'outil de vérification d'intégrité intégré pour les entrées de journal indiquant des fichiers incompatibles ou nouveaux.À partir de la version 9.12, Ivanti a commencé à fournir un outil de vérificateur d'intégrité intégré qui peut être exécuté en tant que numérisation périodique ou planifiée.La volexité a observé qu'il a réussi à détecter les compromis décrits dans ce poste dans les organisations touchées.La semaine dernière, Ivanti a également publié une version mise à jour de l'outil de damier d'intégrité externe qui peut être utilisé pour vérifier et vérifier les systèmes.Le 10 janvier 2024, la volexité a partagé publiquement les détails des attaques ciblées par UTA00178 exploitant deux vulnérabilités de deux jours zéro (CVE-2024-21887 et CVE-2023-46805) dans les appareils VPN Ivanti Secure (ICS).Le même jour, Ivanti a publié une atténuation qui pourrait être appliquée aux appareils VPN ICS pour empêcher l'exploitation de ces [& # 8230;]

---

>Important: If your organization uses Ivanti Connect Secure VPN and you have not applied the mitigation, then please do that immediately! Organizations should immediately review the results of the built-in Integrity Check Tool for log entries indicating mismatched or new files. As of version 9.1R12, Ivanti started providing a built-in Integrity Checker Tool that can be run as a periodic or scheduled scan. Volexity has observed it successfully detecting the compromises described in this post across impacted organizations. Last week, Ivanti also released an updated version of the external Integrity Checker Tool that can be further used to check and verify systems. On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these […] ]]> 2024-01-15T23:35:41+00:00 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ www.secnews.physaphae.fr/article.php?IdArticle=8439368 False Tool,Vulnerability,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that makes it]]> 2024-01-15T19:28:00+00:00 https://thehackernews.com/2024/01/opera-myflaw-bug-could-let-hackers-run.html www.secnews.physaphae.fr/article.php?IdArticle=8439241 False Vulnerability,Vulnerability None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced last week the release of ICS (industrial control system)... ]]> 2024-01-15T19:04:00+00:00 https://industrialcyber.co/cisa/cisa-warns-of-vulnerabilities-in-rapid-software-horner-automation-schneider-electric-siemens-equipment/ www.secnews.physaphae.fr/article.php?IdArticle=8439525 False Vulnerability,Industrial None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Attaquants tirant parti de la vulnérabilité de Windows dans la campagne de logiciels malveillants Phemedrone pour améliorer la furtivité. Ceci est un article de HackRead.com Lire le post d'origine: La vulnérabilité de Windows Defender SmartScreen exploitée avec Phemedrone Stealer

---

>By Deeba Ahmed Attackers Leveraging Windows Vulnerability in Phemedrone Malware Campaign for Enhanced Stealth. This is a post from HackRead.com Read the original post: Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer]]> 2024-01-15T18:55:13+00:00 https://www.hackread.com/windows-defender-smartscreen-vulnerability-phemedrone-stealer/ www.secnews.physaphae.fr/article.php?IdArticle=8439316 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which discovered the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to]]> 2024-01-15T13:46:00+00:00 https://thehackernews.com/2024/01/high-severity-flaws-uncovered-in-bosch.html www.secnews.physaphae.fr/article.php?IdArticle=8439153 False Vulnerability,Industrial None 3.0000000000000000 Bleeping Computer - Magazine Américain A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [...]]]> 2024-01-15T13:32:13+00:00 https://www.bleepingcomputer.com/news/security/windows-smartscreen-flaw-exploited-to-drop-phemedrone-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8439313 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech]]> 2024-01-15T13:15:00+00:00 https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html www.secnews.physaphae.fr/article.php?IdArticle=8439154 False Malware,Vulnerability None 3.0000000000000000 Soc Radar - Blog spécialisé SOC The digital landscape is continually evolving, marked by the constant emergence of new security loopholes... ]]> 2024-01-15T12:40:46+00:00 https://socradar.io/latest-critical-vulnerabilities-affecting-gitlab-apples-magic-keyboard-and-juniper-networks-junos-os/ www.secnews.physaphae.fr/article.php?IdArticle=8439219 False Vulnerability None 3.0000000000000000 SecurityWeek - Security News GitLab a résolu une vulnérabilité d'authentification critique permettant aux attaquants de détourner les mots de passe de réinitialisation des e-mails.

---

>GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails. ]]> 2024-01-15T11:33:27+00:00 https://www.securityweek.com/gitlab-patches-critical-password-reset-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8439202 False Vulnerability None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Les attaques, potentiellement liées au ver de sable russe, ont exploité les vulnérabilités dans les pare-feu zyxel. Ceci est un article de HackRead.com Lire le post original: Le rapport de ForeScout découvre les nouveaux détails dans le piratage de l'énergie danoise

---

>By Deeba Ahmed The attacks, potentially linked to Russian APT Sandworm, exploited vulnerabilities in Zyxel firewalls. This is a post from HackRead.com Read the original post: Forescout Report Uncovers New Details in Danish Energy Hack]]> 2024-01-15T11:23:03+00:00 https://www.hackread.com/forescout-report-new-details-danish-energy-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8439203 False Hack,Vulnerability,Industrial,Technical None 4.0000000000000000 The State of Security - Magazine Américain A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin\'s authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset. The attacker could then log into the site, lock out the legitimate user, and exploit their access to cause...]]> 2024-01-15T08:40:11+00:00 https://www.tripwire.com/state-of-security/critical-flaw-found-wordpress-plugin-used-over-300000-websites www.secnews.physaphae.fr/article.php?IdArticle=8439257 False Vulnerability,Threat None 2.0000000000000000 Techworm - News GitLab security release after a change was made to allow users to reset their password through a secondary email address. “The vulnerability is a result of a bug in the email verification process.” While users who have two-factor authentication (2FA) enabled are vulnerable to password reset, they are not susceptible to account takeover as their second authentication factor is required for successful login. GitLab said it has fixed the security issue in GitLab versions 16.7.2, 16.5.6, and 16.6.4, and the fix has also been backported to GitLab versions 16.1.6, 16.2.9, and 16.3.7. “Within these versions, all authentication mechanisms are impacted. Additionally, users who have two-factor authentication enabled are vulnerable to password reset but not account takeover as their second authentication factor is required to login,” Myers added. While the vulnerability was resolved with the latest security release, the vendor strongly recommends admins of self-managed GitLab instances update all vulnerable versions to a patched version immediately. It also advises users to enable 2FA for all GitLab accounts (and especially for administrator accounts). GitLab says it has not detected any abuse of CVE-2023-7028 on platforms managed by GitLab, including GitLab.com and GitLab Dedicated instances but shared the following signs of compromise for defenders: Check gitlab-rails/production_json.log for HTTP requests to the /users/password path with params.value.email consisting of a JSON array with multiple email addresses. Check gitlab-rails/audit_json.log for entries with meta.caller.id of PasswordsController#create and target_details consisting of a JSON array with multiple email addresses. GitLab also patched the second critical vulnerability identified as CVE-2023-5356 (CVSS score of 9.6 out of 10) as part of the latest update, which allows an attacker to abuse Slack/Mattermost integrations to execute slash commands as another user. There are incorrect authorization]]> 2024-01-13T21:06:02+00:00 https://www.techworm.net/2024/01/gitlab-security-update-fix-account-hijacking-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8438650 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a]]> 2024-01-13T16:15:00+00:00 https://thehackernews.com/2024/01/critical-rce-vulnerability-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8438586 False Vulnerability None 2.0000000000000000 The Register - Site journalistique Anglais Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant\'s threat intel team.…]]> 2024-01-13T02:26:04+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/13/ivanti_zeroday_mandiant_analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8438470 False Malware,Vulnerability,Threat None 3.0000000000000000 The Register - Site journalistique Anglais 2024-01-12T23:54:00+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/ www.secnews.physaphae.fr/article.php?IdArticle=8438433 False Malware,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch It\'s a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.]]> 2024-01-12T22:32:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-adds-critical-microsoft-sharepoint-bug-kev-catalog www.secnews.physaphae.fr/article.php?IdArticle=8438418 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.]]> 2024-01-12T22:30:00+00:00 https://www.darkreading.com/vulnerabilities-threats/gitlab-releases-updates-to-address-critical-vulnerabilities- www.secnews.physaphae.fr/article.php?IdArticle=8438419 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Le fabricant de technologies allemands Bosch a fixé une vulnérabilité affectant une gamme populaire de thermostats intelligents en octobre, a révélé la société cette semaine.Des chercheurs de Bitdefender ont découvert un problème avec les thermostats Bosch BCC100 en août dernier qui permet à un attaquant du même réseau de remplacer le firmware de l'appareil par une version voyou.Bogdan Boozatu, directeur de la recherche sur les menaces

---

German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week. Researchers from Bitdefender discovered an issue with Bosch BCC100 thermostats last August which lets an attacker on the same network replace the device firmware with a rogue version. Bogdan Botezatu, director of threat research]]> 2024-01-12T20:15:00+00:00 https://therecord.media/vulnerability-smart-thermostats-bosch-patch www.secnews.physaphae.fr/article.php?IdArticle=8438390 False Vulnerability,Threat,Industrial None 3.0000000000000000 The Register - Site journalistique Anglais It\'s taken months for crims to hack together a working exploit chain Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US\'s must-patch list.…]]> 2024-01-12T19:34:07+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/12/microsoft_sharepoint_vuln_exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8438371 False Ransomware,Hack,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an]]> 2024-01-12T19:23:00+00:00 https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8438293 False Malware,Vulnerability,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address. The]]> 2024-01-12T18:33:00+00:00 https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8438295 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA\'s advisory provides mitigations for vulnerabilities in ICS products used in critical infrastructure industries like energy, manufacturing and transportation]]> 2024-01-12T15:00:00+00:00 https://www.infosecurity-magazine.com/news/cisa-critical-infrastructure-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8438297 False Vulnerability,Industrial None 2.0000000000000000 Recorded Future - FLux Recorded Future Katie Moussouris peut ne pas se considérer comme une «mère» des programmes de primes de bogues modernes, mais elle dit que «Tante» fera. _Moussouris est le fondateur et PDG de Luta Security, une entreprise de cybersécurité spécialisée dans la gestion de la vulnérabilité.Mais elle est peut-être surtout célèbre pour son travail pour aider les grandes entreprises et les entités gouvernementales, notamment Microsoft et le

---

Katie Moussouris may not consider herself a “mother” of modern bug bounty programs, but she says “auntie” will do. _Moussouris is the founder and CEO of Luta Security, a cybersecurity company specializing in vulnerability management. But she may be most famous for her work helping major corporations and government entities, including Microsoft and the]]> 2024-01-12T14:00:00+00:00 https://therecord.media/katie-moussouris-vulnerability-disclosure-china-european-union www.secnews.physaphae.fr/article.php?IdArticle=8438272 False Vulnerability None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Vulnérabilité du firmware trouvé dans le modèle de thermostat Bosch BCC100: patch maintenant ou gel. Ceci est un article de HackRead.com Lire le post original: Les pirates peuvent détourner votre thermostat Bosch et installer des logiciels malveillants

---

>By Waqas Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze. This is a post from HackRead.com Read the original post: Hackers can hijack your Bosch Thermostat and Install Malware]]> 2024-01-12T13:36:13+00:00 https://www.hackread.com/hackers-hijack-bosch-thermostat-install-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8438271 False Malware,Vulnerability None 3.0000000000000000 Soc Radar - Blog spécialisé SOC CISA has released new advisories concerning security vulnerabilities in Industrial Control Systems (ICS). The focus... ]]> 2024-01-12T13:19:34+00:00 https://socradar.io/cisa-issues-ics-advisories-for-vulnerabilities-affecting-siemens-schneider-electric-rapid-software-horner-automation/ www.secnews.physaphae.fr/article.php?IdArticle=8438270 False Vulnerability,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain]]> 2024-01-12T12:05:00+00:00 https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html www.secnews.physaphae.fr/article.php?IdArticle=8438140 False Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AI and privacy gives rise to a complex interplay where innovative technologies and individual privacy rights collide. In this exploration, we\'ll delve into the nuances of this intersection, dissecting the issues and challenges that accompany the integration of AI and privacy. The intersection of AI and privacy At the core of the AI and privacy nexus lie powerful technologies like machine learning (ML), natural language processing (NLP), and computer vision. ML algorithms, for instance, learn from vast datasets to make predictions or decisions without explicit programming. NLP enables machines to comprehend and respond to human language, while computer vision empowers systems to interpret and make decisions based on visual data. As AI seamlessly integrates into our daily lives, from virtual assistants to facial recognition systems to UX research tools, the collection and processing of personal data become inevitable. AI\'s hunger for data is insatiable, and this appetite raises concerns about how personal information is collected and utilized. From your search history influencing your online shopping recommendations to facial recognition systems tracking your movements, AI has become a silent observer of your digital life. The challenge lies not only in the sheer volume of data but in the potential for misuse and unintended consequences, raising critical questions about consent, security, and the implications of biased decision-making. Key issues and challenges The first issue is informed consent. Obtaining meaningful consent in the age of AI is challenging. Often, complex algorithms and data processing methods make it difficult for individuals to understand the extent of data usage. In automated decision-making scenarios, such as loan approvals or job recruitment, the lack of transparency in how AI reaches conclusions poses a significant hurdle in obtaining informed consent. Another is data security and breaches. The vulnerabilities in AI systems, especially when handling sensitive personal data for identity verification, make them potential targets for cyberattacks. A data breach in an AI-driven ecosystem not only jeopardizes personal privacy but also has far-reaching consequences, affecting individuals, businesses, and society at large. You also need to be watchful for bias and discrimination. Bias in AI algorithms can perpetuate and amplify existing societal prejudices, leading to discriminatory outcomes. The impact of biased AI goes beyond privacy concerns, raising ethical questions about fairness, equality, and the potential reinforcement of societal stereotypes. Regulations and frameworks In response to the escalating concerns surrounding AI and privacy, regulatory frameworks have emerged as beacons of guid]]> 2024-01-12T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-and-privacy-addressing-the-issues-and-challenges www.secnews.physaphae.fr/article.php?IdArticle=8438292 False Data Breach,Vulnerability None 2.0000000000000000 SecurityWeek - Security News Les vulnérabilités ivanti zéro-jour surnommées connexion pourraient avoir un impact sur des milliers de systèmes et les cyberspies chinoises se préparent à la libération de patchs.

---

>Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. ]]> 2024-01-12T10:43:03+00:00 https://www.securityweek.com/malware-used-in-ivanti-zero-day-attacks-shows-hackers-preparing-for-patch-rollout/ www.secnews.physaphae.fr/article.php?IdArticle=8438227 False Malware,Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...]]]> 2024-01-12T10:30:18+00:00 https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-exploited-to-deploy-custom-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8438313 False Malware,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware]]> 2024-01-12T10:00:00+00:00 https://www.infosecurity-magazine.com/news/vulnerability-bosch-smart/ www.secnews.physaphae.fr/article.php?IdArticle=8438183 False Vulnerability None 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-12T06:00:17+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/deterministic-vs-probabilistic-threat-detection www.secnews.physaphae.fr/article.php?IdArticle=8438311 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Techworm - News 2024-01-12T00:50:57+00:00 https://www.techworm.net/2024/01/windows-10-kb5034441-security-update-causing-troubles-during-installation.html www.secnews.physaphae.fr/article.php?IdArticle=8438258 False Vulnerability None 2.0000000000000000 TrendLabs Security - Editeur Antivirus This blog delves into the Phemedrone Stealer campaign\'s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware\'s payload.]]> 2024-01-12T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html www.secnews.physaphae.fr/article.php?IdArticle=8438153 False Malware,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Patches will be available in late January and February, but until then, customers must take mitigation measures.]]> 2024-01-11T21:43:00+00:00 https://www.darkreading.com/vulnerabilities-threats/ivanti-researchers-report-of-two-critical-zero-day-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8438016 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. The vulnerabilities allow unauthenticated remote code execution and have been assigned the following CVEs: CVE-2023-46805 and CVE-2024-21887. The attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance. Volexity discovered that the attacker was placing webshells on multiple internal and external-facing web servers. The attacker modified a legitimate CGI file (compcheckresult.cgi) on the ICS VPN appliance to allow command execution. Further, the attacker also modified a JavaScript file used by the Web SSL VPN component of the device in order to keylog and exfiltrate credentials for users logging into it. Volexity currently attributes this activity to an unknown threat actor it tracks under the alias UTA0178. #### Reference URL(s) 1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways 2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ #### Publication Date January 11, 2024 #### Author(s) Matthew Meltzer Robert Jan Mora Sean Koessel Steven Adair Thomas Lancaster ]]> 2024-01-11T21:11:04+00:00 https://community.riskiq.com/article/cd0f4d68 www.secnews.physaphae.fr/article.php?IdArticle=8438023 False Vulnerability,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (]]> 2024-01-11T19:46:00+00:00 https://thehackernews.com/2024/01/new-poc-exploit-for-apache-ofbiz.html www.secnews.physaphae.fr/article.php?IdArticle=8437896 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update]]> 2024-01-11T15:24:12+00:00 https://www.globalsecuritymag.fr/securityscorecard-threat-research-volt-typhoon-compromises-30-of-cisco-rv320.html www.secnews.physaphae.fr/article.php?IdArticle=8437922 False Vulnerability,Threat,Studies Guam 4.0000000000000000 Soc Radar - Blog spécialisé SOC Cisco has resolved a high-severity security vulnerability in Unity Connection that opens the door for... ]]> 2024-01-11T14:37:34+00:00 https://socradar.io/high-severity-vulnerability-in-cisco-unity-connection-could-enable-root-privileges-cve-2024-20272/ www.secnews.physaphae.fr/article.php?IdArticle=8437898 False Vulnerability None 3.0000000000000000 GoogleSec - Firm Security Blog previous blog post detailing MiraclePtr and its objectives. More platforms We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes: In June 2022, we enabled MiraclePtr for the browser process on Windows and Android. In September 2022, we expanded its coverage to include all processes except renderer processes. In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux. Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level! Evaluating Security Impact First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness. Bug reports Chrome vulnerability reports come from various sources, such as: Chrome Vulnerability Reward Program participants, our fuzzing infrastructure, internal and external teams investigating security incidents. For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria. What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues. Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever]]> 2024-01-11T14:18:14+00:00 http://security.googleblog.com/2024/01/miracleptr-protecting-users-from-use.html www.secnews.physaphae.fr/article.php?IdArticle=8440961 False Tool,Vulnerability,Threat,Mobile None 3.0000000000000000 Soc Radar - Blog spécialisé SOC In mid-December 2023, researchers at Volexity identified suspicious activity within a client’s network. Their investigation... ]]> 2024-01-11T12:56:08+00:00 https://socradar.io/attackers-exploit-ivanti-connect-secure-zero-day-vulnerabilities-to-deploy-webshells-cve-2023-46805-cve-2024-21887/ www.secnews.physaphae.fr/article.php?IdArticle=8437859 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178]]> 2024-01-11T10:59:00+00:00 https://thehackernews.com/2024/01/chinese-hackers-exploit-zero-day-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8437742 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific]]> 2024-01-11T10:25:00+00:00 https://thehackernews.com/2024/01/cisco-fixes-high-risk-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8437743 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti has released mitigation steps after reports of active exploitation of Connect Secure and Policy Secure vulnerabilities]]> 2024-01-11T09:30:00+00:00 https://www.infosecurity-magazine.com/news/two-ivanti-zerodays-actively/ www.secnews.physaphae.fr/article.php?IdArticle=8437803 False Vulnerability None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Deux vulnérabilités, CVE-2023-46805 et CVE-2024-21887 , impactant Ivanti Connect Secure VPN (" CS ", anciennement Secure Secure) et Ivanti Secure (" PS") appareils électroménagers.Une exploitation réussie pourrait entraîner un contournement d'authentification et une injection de commandement, entraînant un autre compromis en aval d'un réseau de victimes.Mandiant a identifié l'exploitation zéro-jour de ces vulnérabilités

---

Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed.On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities]]> 2024-01-11T02:00:00+00:00 https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8438049 False Vulnerability,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus Protect against cybersecurity vulnerabilities & cyber threats by building strategic defenses in Distributed Energy Generation (DEG) systems & infrastructures.]]> 2024-01-11T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/build-cyber-resilience-with-distributed-energy-systems.html www.secnews.physaphae.fr/article.php?IdArticle=8437934 False Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Mercredi, l'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a exhorté les clients de la société informatique Ivanti pour corriger deux vulnérabilités qui sont activement exploitées.Cisa \\ 's Avis suit un Avertissement De Ivanti qu'au moins 10 de ses clients ont été touchés par les vulnérabilités.Les problèmes concernent Ivanti Connect Secure - un outil VPN largement utilisé.

---

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday urged customers of IT company Ivanti to patch two vulnerabilities that are being actively exploited. CISA\'s notice follows a warning from Ivanti that at least 10 of its customers were impacted by the vulnerabilities. The issues relate to Ivanti Connect Secure - a widely-used VPN tool.]]> 2024-01-10T21:00:00+00:00 https://therecord.media/ivanti-customers-patch-chinese-hackers www.secnews.physaphae.fr/article.php?IdArticle=8437630 False Tool,Vulnerability None 2.0000000000000000 Volexity - Cyber Firms La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifié dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.Cependant, une atténuation ne remédie pas à un compromis passé ou continu.Les systèmes devraient simultanément être analysés en profondeur par détails dans ce post pour rechercher des signes de violation.Au cours de la deuxième semaine de décembre 2023, la volexité a détecté un mouvement latéral suspect sur le réseau de l'un de ses clients de services de surveillance de la sécurité de réseau.Après une inspection plus approfondie, Volexity a constaté qu'un attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.Ces détections ont lancé une enquête sur la réponse aux incidents sur plusieurs systèmes que la volexité a finalement retrouvé à l'Ivanti Connect Secure (ICS) de l'organisation (anciennement connu sous le nom de Pulse Connect Secure, ou simplement Pulse Secure).Une inspection plus approfondie [& # 8230;]

---

>Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach. During the second week of December 2023, Volexity detected suspicious lateral movement on the network of one of its Network Security Monitoring service customers. Upon closer inspection, Volexity found that an attacker was placing webshells on multiple internal and external-facing web servers. These detections kicked off an incident response investigation across multiple systems that Volexity ultimately tracked back to the organization\'s Internet-facing Ivanti Connect Secure (ICS) VPN appliance (formerly known as Pulse Connect Secure, or simply Pulse Secure). A closer inspection […] ]]> 2024-01-10T19:00:06+00:00 https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ www.secnews.physaphae.fr/article.php?IdArticle=8437599 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cyber-attacks and misinformation top WEF\'s list of global risks, with cybercrime poised to exploit tech advancements and AI dominance raising concerns about vulnerability]]> 2024-01-10T14:45:00+00:00 https://www.infosecurity-magazine.com/news/top-wef-global-risk-list-2024-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8437536 False Vulnerability,Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) has urged users and... ]]> 2024-01-10T14:20:00+00:00 https://socradar.io/cisa-warned-of-critical-fortinet-vulnerability-cve-2023-44250-and-issued-a-new-ics-advisory/ www.secnews.physaphae.fr/article.php?IdArticle=8437534 False Vulnerability,Industrial None 3.0000000000000000 Soc Radar - Blog spécialisé SOC Microsoft has released its January 2024 Patch Tuesday, addressing a total of 48 security vulnerabilities,... ]]> 2024-01-10T13:20:38+00:00 https://socradar.io/january-2024-microsoft-patch-tuesday-sap-security-patch-day-highlights/ www.secnews.physaphae.fr/article.php?IdArticle=8437516 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Pour les acteurs de l'État-nation ciblant les adversaires dans le cyberespace, les vulnérabilités non corrigées dans les logiciels sont comme des munitions.En tant que matière générale, les agences de renseignement et les pirates militaires dépensent des millions de dollars sur le marché gris et des milliers d'heures d'homme dans le but de déterrer des défauts dans le code que personne n'a encore découvert. _But pour le passé

---

For nation-state actors targeting adversaries in cyberspace, unpatched vulnerabilities in software are like ammunition. As a general matter, intelligence agencies and military hackers spend millions of dollars in the gray market and thousands of man-hours in a bid to dig up flaws in code that no one has discovered yet. _But for the past]]> 2024-01-10T13:00:00+00:00 https://therecord.media/china-vulnerability-disclosure-military-government-dakota-cary www.secnews.physaphae.fr/article.php?IdArticle=8437501 False Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers Gotham Security worked in close partnership with ConnectWise to rapidly identify and address security vulnerabilities in ScreenConnect to prevent major breach for thousands of companies - Security Vulnerability]]> 2024-01-10T12:14:51+00:00 https://www.globalsecuritymag.fr/critical-security-vulnerabilities-identified-in-connectwise-screenconnect-by.html www.secnews.physaphae.fr/article.php?IdArticle=8437504 False Vulnerability None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-01-10T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/social-engineering-attacks-real-life-examples-and-how-to-avoid-them www.secnews.physaphae.fr/article.php?IdArticle=8437464 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The]]> 2024-01-10T10:56:00+00:00 https://thehackernews.com/2024/01/microsofts-january-2024-windows-update.html www.secnews.physaphae.fr/article.php?IdArticle=8437402 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.]]> 2024-01-10T10:20:00+00:00 https://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html www.secnews.physaphae.fr/article.php?IdArticle=8437391 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Critical Hyper-V flaw is one of 12 remote code execution vulnerabilities fixed this Patch Tuesday]]> 2024-01-10T09:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-12-rce-bugs-january/ www.secnews.physaphae.fr/article.php?IdArticle=8437450 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A second, easy-to-exploit critical security vulnerability in Microsoft\'s first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.]]> 2024-01-09T23:00:00+00:00 https://www.darkreading.com/ics-ot-security/critical-windows-kerberos-bug-microsoft-security-bypass www.secnews.physaphae.fr/article.php?IdArticle=8437327 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The vulnerability could lead to remote code execution on affected systems]]> 2024-01-09T16:45:00+00:00 https://www.infosecurity-magazine.com/news/flaw-ai-plugin-exposes-50000-wp/ www.secnews.physaphae.fr/article.php?IdArticle=8437217 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security flaw has been disclosed in Kyocera\'s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the \'Restrict NTLM: Outgoing NTLM]]> 2024-01-09T15:22:00+00:00 https://thehackernews.com/2024/01/alert-new-vulnerabilities-discovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8437087 False Vulnerability None 2.0000000000000000 Bleeping Computer - Magazine Américain The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...]]]> 2024-01-09T14:32:37+00:00 https://www.bleepingcomputer.com/news/security/cisa-warns-agencies-of-fourth-flaw-used-in-triangulation-spyware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8437272 False Vulnerability None 2.0000000000000000