Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Google a trouvé une nouvelle astuce pour améliorer la sécurité de Chrome sur Android
Google est en train de tester une nouvelle fonction de sécurité pour la version mobile de son navigateur. Sur Android, Chrome pourrait bientôt être capable de révoquer de lui-même les…
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed…
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as…
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting…
Juniper Networks Releases Critical Security Update for Routers
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as…
Cisco Patches an Exploited Zero-Day Vulnerability
China-Nexus Hackers Velvet Ant Exploited the Bug in April, Cisco and Sygnia SayCisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary…
Critical Vulnerabilities Found in Rockwell PanelView Plus
Microsoft Uncovers Critical Flaws in Rockwell PanelView PlusMicrosoft has found critical vulnerabilities in Rockwell Automation’s PanelView Plus products that could enable remote code execution and denial-of-service attacks by unauthenticated attackers,…
Critical Vulnerabilities Found in Emerson Gas Chromographs Expose Systems
Multiple critical vulnerabilities have been identified in Emerson gas chromatographs, posing risks such as unauthorized access to sensitive data, denial-of-service conditions, and arbitrary command execution. Gas chromatographs are essential…
Google now pays $250,000 for KVM zero-day vulnerabilities
Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties…
Une autre faille RCE fait trembler Ghostscript
Ghostscript est un véritable dinosaure informatique. Publié pour la première fois en 1988, il s’agt d’un interprète postcript (…)
