Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
‘ONNX’ MFA Bypass Targets Microsoft 365 Accounts
The service, likely a rebrand of a previous operation called « Caffeine, » mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.
Experts found a bug in the Linux version of RansomHub ransomware
The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments.
Atlassian fixed six high-severity bugs in Confluence
Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions.
Phoenix UEFI vulnerability impacts hundreds of Intel PC models
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw.
New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat
Government officials across the U.S. frequently promote the supposed, and often anecdotal, public safety benefits of automated license plate readers (ALPRs), but rarely do they examine how this very same technology poses risks to public safety that may outweigh the crimes they are attempting to…
High-severity vulnerabilities affect a wide range of Asus router models
Many models receive patches; others will need to be replaced.
Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.
Critical Vulnerabilities Exposing Chinese Biometric Readers to Unauthorized Access
Kaspersky Lab have uncovered 24 vulnerabilities within biometric access systems manufactured by ZKTeco, a major Chinese provider
ASUS fixed critical remote authentication bypass bug in several routers
Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models.
Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft
A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.
Microsoft says bug causes Windows 10 apps to display Open With dialogs
Microsoft has confirmed that Windows 10 apps will mistakenly display an « How do you want to open this file? » dialog box when attempting to right-click on the program’s icon and perform a registered task.
Surveillance des messageries sécurisées : Signal met en garde l’UE
Pouvons-nous dire adieu au chiffrement de bout en bout en Europe ? L’UE voudrait surveiller les messageries sécurisées telles que Signal et WhatsApp.
German BSI Forces Microsoft to Disclose Security Measures
Following a legal intervention made by the German federal cybersecurity agency, Microsoft has disclosed additional information on encryption measures it adopted to
Medibank’s lack of multi-factor authentication allowed hackers to infiltrate systems, regulator alleges
Court documents allege insurer’s network was configured so that only a username and password was required to gain access
