3 liens privés
If you use FortiClientLinux, update immediately. Critical vulnerability could let attackers run code on your system. Patch now, get the details here.
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.
A severe vulnerability (CVE-2024-24576) in the Rust standard library could lead to command injection attacks on Windows systems.
Episode #451 consacré à la backdoor dépoloyée dans XZ Utils Références : Backdoor XZ :https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/https://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2bhttps://github.com/amlweems/xzbothttps://gynvael.coldwind.pl/?lang=en&id=782https://nvd.nist.gov/vuln/detail/CVE-2024-3094https://tukaani.org/xz-backdoor/https://twitter.com/fr0gger_/status/1774342248437813525/photo/1https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094https://www.openwall.com/lists/oss-security/2024/03/29/4https://www.theregister.com/2024/03/29/malicious_backdoor_xz/ Microsoft Equation Editor :https://support.microsoft.com/en-us/office/equation-editor-6eac7d71-3c74-437b-80d3-c7dea24fdf3f Polyfill :https://github.com/formatjs/formatjs/issues/4363
netsecfish/dlink vulnerability
A new Linux vulnerability puts user passwords at risk. It exploits the "wall" command to potentially leak passwords on Ubuntu & Debian systems.
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet's FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide.
VMware's ESXi, Workstation, and Fusion products, could allow attackers to execute malicious code on affected systems.
Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.
te dans les produits WithSecure. Elle permet à un attaquant de provoquer un déni de service à dista
ZSB-24008
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.
Fortinet has unveiled a critical security flaw in its SSL VPN, CVE-2024-21762, allowing hackers to execute arbitrary code.