MOVEit : deux failles SQLi avec Azure en bout de chaîne
Plusieurs vulnérabilités SQLi ont été détectées dans MOOVit Transfer, un logiciel de transfert sécurisé de fichiers.
Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin
A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023. WooCommerce Stripe Gateway allows e-commerce websites to directly accept
Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the […]
Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer
A novel multi-stage loader called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what’s an advanced attack targeting users in Europe, the U.S., and Latin America. « DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger’s loader stages, »
Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals
It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and impactful consequences for corporate safety. A recent study by GitGuardian found […]
Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations
« Dozens » of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. « Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee’s account and executed an ‘adversary-in-the-middle’ attack […]
Webinar – Mastering API Security: Understanding Your True Attack Surface
Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the « Quantifying […]
Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack
The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through […]
Sécurité du cloud : pourquoi les entreprises doivent adopter une nouvelle approche en 2023
La complexité de la sécurité du cloud est amplifiée par le fait que de nombreuses entreprises utilisent plusieurs solutions basées sur le cloud, chacune avec ses propres paramètres de sécurité spécifiques.
Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been « exploited in a limited number of cases » in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could