CERTFR-2023-AVI-0288 : Multiples vulnérabilités dans les produits Cisco (06 avril 2023)
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la …
CERTFR-2023-AVI-0287 : Multiples vulnérabilités dans les produits IBM (06 avril 2023)
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
CERTFR-2023-AVI-0286 : Multiples vulnérabilités dans les produits IBM (05 avril 2023)
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d’entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l’éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military
An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. If found guilty, he faces up to 20 years in prison. […]
Hackers Flood NPM with Bogus Packages Causing a DoS Attack
Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. « The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems’ good reputation on search engines, » Checkmarx’s Jossef Harush Kadouri said in a report
Top 10 Cybersecurity Trends for 2023: From Zero Trust to Cyber Insurance
As technology advances, cyberattacks are becoming more sophisticated. With the increasing use of technology in our daily lives, cybercrime is on the rise, as evidenced by the fact that cyberattacks caused 92% of all data breaches in the first quarter of 2022. Staying current with cybersecurity trends and laws is crucial to combat these threats, which can […]
Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign
Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy’s Sucuri, « leverages all known and recently discovered theme and plugin vulnerabilities » to breach WordPress sites. The attacks are known to play out in waves once every few weeks. « This […]
Protecting your business with Wazuh: The open source security platform
Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes and security solutions to curb these challenges. These solutions include firewalls, antiviruses, data
CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands
Taiwanese PC Company MSI Falls Victim to Ransomware Attack
Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it « promptly » initiated incident response and recovery measures after detecting « network anomalies. » It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics […]