4 liens privés
Check Point released hotfixes for a VPN zero-day, tracked as CVE-2024-24919, which is actively being exploited in attacks in the wild
Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852)
Vladimir Tokarev will detail a series of critical zero-day vulnerabilities (OVPNX) in OpenVPN, the world's leading VPN solution
If you use FortiClientLinux, update immediately. Critical vulnerability could let attackers run code on your system. Patch now, get the details here.
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.
A severe vulnerability (CVE-2024-24576) in the Rust standard library could lead to command injection attacks on Windows systems.
Episode #451 consacré à la backdoor dépoloyée dans XZ Utils Références : Backdoor XZ :https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/https://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2bhttps://github.com/amlweems/xzbothttps://gynvael.coldwind.pl/?lang=en&id=782https://nvd.nist.gov/vuln/detail/CVE-2024-3094https://tukaani.org/xz-backdoor/https://twitter.com/fr0gger_/status/1774342248437813525/photo/1https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094https://www.openwall.com/lists/oss-security/2024/03/29/4https://www.theregister.com/2024/03/29/malicious_backdoor_xz/ Microsoft Equation Editor :https://support.microsoft.com/en-us/office/equation-editor-6eac7d71-3c74-437b-80d3-c7dea24fdf3f Polyfill :https://github.com/formatjs/formatjs/issues/4363
netsecfish/dlink vulnerability
A new Linux vulnerability puts user passwords at risk. It exploits the "wall" command to potentially leak passwords on Ubuntu & Debian systems.
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.