Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many…
Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of…
20 Million Trusted Domains Vulnerable to Email Hosting Exploits
Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.
Atlassian Data Center & Server Flaw Let Hackers Execute Arbitrary Code
Atlassian, a leading provider of collaboration and productivity software, has released critical security updates addressing multiple high-severity vulnerabilities in its Data Center and Server products. If exploited, these vulnerabilities could…
Ivanti Endpoint Manager SQLi Vulnerability Allows Remote Code Execution
A critical security flaw, CVE-2024-37381, has been discovered in the Ivanti Endpoint Manager (EPM) 2024 flat. The vulnerability is an unspecified SQL injection flaw in the core server component of EPM, potentially…
New VPN Port Shadow Vulnerability Let Hackers Intercept Encrypted Traffic
Researchers examined how connection tracking, a fundamental function in operating systems, can be exploited to compromise VPN security and identified a new attack method named “port shadow” that allows attackers…
Oracle WebLogic Server Vulnerability Allows Complete Server Take Over
A critical vulnerability identified as CVE-2024-21181 has been discovered in the Oracle WebLogic Server, posing a significant risk to affected systems. This vulnerability, disclosed on July…
HPE Critical 3PAR Processor Flaw Let Remote Attackers Bypass Authentication
Hewlett Packard Enterprise (HPE) has addressed a critical vulnerability in its 3PAR Service Processor software that could have far-reaching implications for organizations relying on HPE 3PAR StoreServ Storage systems. …
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access…
Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide
Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. « CrowdStrike is actively working with…
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the…
Deutsche Marine will ihre Floppy Disks loswerden
Die Deutsche Marine will ihre rund 30 Jahre alten Fregatten der Brandenburg-Klasse modernisieren. Damit will sie auch die in die Jahre gekommenen 8-Zoll-Diskettenlaufwerke ersetzen. Dies geht aus einer Ausschreibung hervor,…