Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in « significant data loss if exploited by an unauthenticated attacker. » Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of « improper authorization […]
Trojanized PyCharm Software Version Delivered via Google Search Ads
A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. « Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible to people doing a Google search for it, » […]
Canada : WeChat et l’antivirus Kaspersky interdits pour les fonctionnaires
Le gouvernement du Canada interdit l’application chinoise WeChat et l’antivirus Kaspersky Lab, d’origine russe, sur les smartphones à usage professionnel des fonctionnaires fédéraux.
Groupe ADP pilote son MCS avec MITRE ATT&CK
Groupe ADP fonde le pilotage de son Maintien en Condition de Sécurité (MCS ) sur le framework MITRE ATT&CK. Aperçu avec le responsable sécurité pour la DSI.
Canada Bans WeChat and Kaspersky Apps On Government Devices
Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an « unacceptable level of risk to privacy and security. » « The Government of Canada is committed to keeping government information and networks secure, » the Canadian government said. « We regularly monitor potential threats and take immediate action to […]
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war. « This malware is an x64 ELF executable, lacking obfuscation or protective measures, » Security Joes said in a new report published today. « It allows attackers to specify target folders and can potentially destroy an entire
CERTFR-2023-ACT-047 : Bulletin d’actualité CERTFR-2023-ACT-047 (30 octobre 2023)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
New Webinar: 5 Must-Know Trends Impacting AppSec
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it’s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many […]
ServiceNow Data Exposure: A Wake-Up Call for Companies
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data. ServiceNow has since taken steps to fix this issue. This article fully […]
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. « As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging […]