Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.
te dans les produits WithSecure. Elle permet à un attaquant de provoquer un déni de service à dista
ZSB-24008
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.
Fortinet has unveiled a critical security flaw in its SSL VPN, CVE-2024-21762, allowing hackers to execute arbitrary code.
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
Windows encryption feature defeated by $10 and a YouTube tutorial
Episode #442 Consacré aux vulnérabilités découvertes en janvier 2024 dans Ivanti Connect Secure et Policy Secure Gateways Bulletin d’alerte du CERT-FRhttps://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-001/ Ce blog détaille comment l’analyse de la mémoire a révélé l’exploitation de deux vulnérabilités zero-day dans Ivanti Connect Secure VPN1.https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/ Détails sur cinq familles de malwares associées à l’exploitation des appareils CS et PS3.https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day […]
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Supplemental Direction V1: Emergency Directive 24-01:
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system.
Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released.
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.