Info²Sec

150K+ Fortinet Devices Vulnerable to Critical Code Execution Flaw

A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet's FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide.

#vulnérabilité · #fortinet

March 12, 2024 at 12:41:43 PM GMT+1 · permalien

https://cybersecuritynews-com.cdn.ampproject.org/c/s/cybersecuritynews.com/fortinet-devices-vulnerable/amp/

Vulnerability in 16.5K+ VMware ESXi Let Attackers Execute Code

VMware's ESXi, Workstation, and Fusion products, could allow attackers to execute malicious code on affected systems.

#vulnérabilité · #patching

March 11, 2024 at 11:10:11 AM GMT+1 · permalien

https://gbhackers.com/vmware-esxi-vulnerability/

Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.

#vulnérabilité · #patching · #apple

March 7, 2024 at 6:45:01 PM GMT+1 · permalien

https://www.malwarebytes.com/blog/news/2024/03/update-your-iphones-and-ipads-now-apple-patches-security-vulnerabilities-in-ios-and-ipados

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean hackers exploit ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to deploy TODDLERSHARK malware.

#cyberattaque

March 7, 2024 at 6:44:55 PM GMT+1 · permalien

https://thehackernews.com/2024/03/hackers-exploit-connectwise.html?m=1

Portal Kombat : un réseau structuré et coordonné de propagande prorusse

VIGINUM dévoile l’activité d’un réseau baptisé « Portal Kombat », constitué de « portails d’information » numériques diffusant des contenus pro-russes, couvrant positivement l’invasion russe en Ukraine et dénigrant les autorités de Kiev, afin d’influencer les opinions publiques notamment françaises.

#ingérence · #cyberdéfense

February 29, 2024 at 6:39:54 AM GMT+1 · permalien

https://www.sgdsn.gouv.fr/publications/portal-kombat-un-reseau-structure-et-coordonne-de-propagande-prorusse

[MàJ] Vulnérabilité dans Microsoft Outlook – CERT-FR

#vulnérabilité · #microsoft · #certfr

February 27, 2024 at 9:47:39 AM GMT+1 * · permalien

https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-005/

Vulnérabilité dans les produits WithSecure – CERT-FR

te dans les produits WithSecure. Elle permet à un attaquant de provoquer un déni de service à dista

#vulnérabilité · #certfr · #patching

February 27, 2024 at 9:47:11 AM GMT+1 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0166/

On Web-Security and -Insecurity: Insecure Features in PDFs

#vulnérabilité

February 26, 2024 at 10:13:11 AM GMT+1 * · permalien

https://web-in-security.blogspot.com/2021/01/insecure-features-in-pdfs.html

DISPUTED, not REJECTED | daniel.haxx.se

#cve · #réflexion

February 22, 2024 at 5:12:30 PM GMT+1 * · permalien

https://daniel.haxx.se/blog/2024/02/21/disputed-not-rejected/

70,000 AT&T customers are without service across the US | Ars Technica

#disponibilité

February 22, 2024 at 4:15:35 PM GMT+1 * · permalien

https://arstechnica.com/information-technology/2024/02/att-outage-leaves-more-than-70000-phones-without-service/

Logistique : le Français GCA à nouveau victime d’une cyberattaque | LeMagIT

#cyberattaque

February 21, 2024 at 8:58:28 AM GMT+1 * · permalien

https://www.lemagit.fr/actualites/366570358/Logistique-le-Francais-GCA-a-nouveau-victime-dune-cyberattaque

Après la CAF, au tour d’EDF de confirmer les piratages de quelques comptes clients - Numerama

Le fournisseur d’électricité EDF confirme une vingtaine de connexions illicites sur des espaces clients (entreprises-collectivités.edf.fr). Les hackers

#piratage · #fuitededonnees

February 20, 2024 at 8:22:41 AM GMT+1 · permalien

https://www.numerama.com/cyberguerre/1633070-apres-la-caf-au-tour-dedf-de-confirmer-les-piratages-de-quelques-comptes-clients.html

Les polices de 11 pays, dont la France, abattent le site de Lockbit, le plus important gang de hackers - Numerama

Le site des hackers russophones de Lockbit a été mise hors-ligne par les forces de l'ordre de plusieurs pays, dont la Gendarmerie nationale. Ces pirates

#cybersécurité · #ransomware

February 20, 2024 at 8:22:35 AM GMT+1 · permalien

https://www.numerama.com/cyberguerre/1633112-les-polices-de-11-pays-dont-la-france-abattent-le-site-de-lockbit-le-plus-important-gang-de-hackers.html

Cybersécurité : 1,1 milliard de dollars de rançons versées par les entreprises en 2023

Plus nombreuses, plus sophistiquées et plus coûteuses : les attaques au rançongiciel ciblant les entreprises ont enregistré une forte hausse en 2023, après une accalmie en 2022, selon plusieurs études publiées en février.

#cyberattaque · #ransomware

February 19, 2024 at 9:13:10 AM GMT+1 · permalien

https://www.letelegramme.fr/economie/cybersecurite-11-milliard-de-dollars-de-rancons-versees-par-les-entreprises-en-2023-6525144.php

ZSB-24008

#vulnérabilité · #patching

February 19, 2024 at 9:12:24 AM GMT+1 · permalien

https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/?s=09

Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...

#cyberattaque · #cloud

February 16, 2024 at 6:42:32 AM GMT+1 · permalien

https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

German battery maker Varta halts production after cyberattack

Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.

#cyberattaque

February 16, 2024 at 6:42:26 AM GMT+1 · permalien

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/german-battery-maker-varta-halts-production-after-cyberattack/amp/

FCC orders telecom carriers to report PII data breaches within 30 days

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.

#législation · #fuitededonnees

February 14, 2024 at 6:52:50 AM GMT+1 · permalien

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/fcc-orders-telecom-carriers-to-report-pii-data-breaches-within-30-days/amp/

Bank of America warns customers of data breach after vendor hack

Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.

#vulnérabilité

February 14, 2024 at 6:52:39 AM GMT+1 · permalien

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/bank-of-america-warns-customers-of-data-breach-after-vendor-hack/amp/

PSIRT | FortiGuard

#fortinet · #vulnérabilité

February 12, 2024 at 12:20:12 PM GMT+1 · permalien

https://fortiguard.fortinet.com/psirt/FG-IR-24-015