Les vulnérabilités critiques à suivre (17 juillet 2023)

Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.

Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !

Les actus sélectionnées cette semaine

WordPress plugin installed on 1 million+ sites logged plaintext passwords

AIOS bills itself as an « all-in-one » security solution. A just-fixed bug undermined that.

Apple Releases New Security Patch to Patch the Patch It Messed Up

After releasing a Rapid Security Response update that would introduce an additional bug, Apple has released a new security update to fix the issue.

US government emails were hacked by Chinese spies

A China-based hacking group focused on espionage has breached email accounts linked to around 25 organizations, including government agencies in Western Europe and the US.

Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub

A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.

Microsoft Discloses 5 Zero-Days in Voluminous July Security Update

Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others.

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

New report reveals ongoing SCARLETEEL attack campaign targeting AWS Fargate. Cybercriminals escalate privileges, exploit vulnerabilities, and profit t

Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness

20 million stolen from Revolut in a massive cyber attack. Learn how organized criminal groups took advantage of a loophole.

Trois nouvelles vulnérabilités découvertes dans MOVEit

L’éditeur du logiciel de transfert sécurisé n’en finit pas découvrir de nouvelles failles dans son produit.