Voici la sélection des vulnérabilités de cybersécurité le plus critiques découvertes durant ce dernier tour de veille hebdomadaire.
Bonne lecture et merci pour le café car cette veille est produite avec un vrai cerveau non artificiel 😉
GitLab corrige une faille critique au score CVSS de 10 – Le Monde Informatique
Sécurité : Les utilisateurs des versions Entreprise et Communautaire de GitLab doivent appliquer dès que possible un dernier correctif de sécurité dans la mise…
Unprecedented security risks, electric vehicle chargers – CyberTalk
Electric vehicle chargers present unprecedented cyber security risk. See four ways Electric Vehicle Equipment Suppliers can reduce the risk.
Google Unveils Bug Bounty Program For Android Apps
Rewards range from $750 for certain MiTM scenarios to $30,000 for some ACE vulnerabilities
Hackers target 1.5M WordPress sites with cookie consent plugin exploit
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.
ChatGPT is down worldwide – OpenAI confirms issues
ChatGPT, the famous artificial intelligence chatbot that allows users to converse with various personalities and topics, has connectivity issues worldwide.
Google’s .zip, .mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Google’s new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
NIST Publishes Recommendations for Federal Vulnerability Disclosure Guidelines: NIST SP 800-216 Now Available
Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mi
Android phones are vulnerable to fingerprint brute-force attacks
Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.
CISA orders govt agencies to patch iPhone bugs exploited in attacks
Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks.