Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 16 décembre 2015

Remote code execution vulnerability in jar analysis (CERT-EU Security Advisory 2015-824)

Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of the most privileged machines on the network. This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 265


Événements SSI