Les vulnérabilités cyber à suivre cette semaine | 12 juin 2023

Voici la sélection des vulnérabilités de cybersécurité le plus critiques découvertes durant ce dernier tour de veille hebdomadaire.

Bonne lecture et merci pour le café car cette veille est produite avec un vrai cerveau non artificiel 😉

Zyxel Firewalls Under Attack! Urgent Patching Required

Attention all network administrators! Zyxel firewalls under attack! Act now to prevent a potential DoS attack and remote code execution.

https://securityaffairs.com/147150/security/nasa-website-flaw-jeopardizes-astrobiology-fans.html

BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability

Staff at the BBC have been warned that their personal data may now be in the hands of cybercriminals, following the exploitation of a vulnerability in a software tool used by the company that manages…

Honda API flaws exposed customer data, dealer panels, internal docs

Honda’s e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account.

Barracuda urges customers to remove and replace vulnerable hardware exploited by hackers

Barracuda Networks has told customers they must replace Email Security Gateway (ESG) appliances targeted by hackers to exfiltrate data

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant

Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew McWhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie UPDATE (June 9): On June 6, 2023, Mandiant merged UNC4857 into FIN11 based on targeting, infrastructure, certificate and data leak site (DLS) overlaps.