Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it
The goal of the exploits was to open Explorer and trick targets into running malicious code.
Exim vulnerability affecting 1.5M servers lets attackers attach malicious files
Enlarge More than 1.5 million email servers are vulnerable…
Signal Is Working to Close a Security Vulnerability in Its Desktop App
The vulnerability has become a subject of focus for Elon Musk and other right-wingers.
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as…
Les passkeys pas si invulnérables que ça
Depuis plusieurs mois, les annonces se succèdent pour l’adoption de la technologie passkey en lieu et place des mots de passe. Jugée (…)
Mastodon: Sicherheitslücke ermöglicht unbefugten Zugriff auf Posts
Betreiber von Mastodon-Instanzen sollten zügig ihre Serversoftware aktualisieren. Eine hochriskant Lücke erlaubt unbefugten Zugriff auf Posts.
New Blast-RADIUS attack bypasses widely-used RADIUS authentication
Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. […]
Critical Exim bug bypasses security filters on 1.5 million mail servers
Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. […]
Hackers Actively Exploiting Microsoft SmartScreen Vulnerability To Deploy Stealer Malware
Hackers attack Microsoft SmartScreen as it’s a cloud-based, anti-phishing, and anti-malware component that determines whether a website is potentially malicious, protecting users from downloading harmful viruses. By…
Critical Citrix NetScaler Vulnerability Allows Attackers to Access Sensitive Information
Citrix has disclosed two critical vulnerabilities affecting its NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent, which could potentially allow attackers to access sensitive information and cause denial…
Critical PHP Vulnerability CVE-2024-4577 Actively Exploited in the Wild
A critical vulnerability in PHP, tracked as CVE-2024-4577, is being actively exploited by threat actors in wild just days after its public disclosure in June 2024. The flaw affects PHP…
CISA Warns of Hackers Exploiting OS Command Injection Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have raised alarms about hackers exploiting OS command injection vulnerabilities. These vulnerabilities,…
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or…
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early…