Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CISA Insights: Ransomware Outbreak

Original release date: August 21, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights –...
Auteur: US Cert

Cyber Safety for Students

Original release date: August 20, 2019As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with...
Auteur: US Cert

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Original release date: August 15, 2019Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system. The...
Auteur: US Cert

IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan

Original release date: August 14, 2019The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of...
Auteur: US Cert

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Original release date: August 14, 2019Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2...
Auteur: US Cert

Multiple HTTP/2 Implementation Vulnerabilities

Original release date: August 14, 2019The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS)...
Auteur: US Cert

VU#918987: Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate Core Configurations. Bluetooth BR/EDR is used for low-power...
Auteur: US Cert

VU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally covers expected behavior considerations,how...
Auteur: US Cert

Microsoft Releases August 2019 Security Updates

Original release date: August 13, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Intel Releases Security Updates

Original release date: August 13, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected...
Auteur: US Cert

Adobe Releases Security Updates for Multiple Products

Original release date: August 13, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

NCSA Webinar on Cybersecurity for Small Businesses

Original release date: August 9, 2019The National Cyber Security Alliance (NCSA) and INFOSEC are hosting a webinar to educate small businesses on how to protect against phishing, vishing, and smishing threats. The webinar will be held on Tuesday,...
Auteur: US Cert

ACSC Releases Advisory on Password Spraying Attacks

Original release date: August 8, 2019The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: August 8, 2019Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.   The Cybersecurity...
Auteur: US Cert

Cisco Releases Security Updates for Multiple Products

Original release date: August 8, 2019Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

SWAPGS Spectre Side-Channel Vulnerability

Original release date: August 6, 2019The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This...
Auteur: US Cert

El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

Original release date: August 6, 2019In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to...
Auteur: US Cert

VMware Releases Security Updates for Multiple Products

Original release date: August 3, 2019VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Cylance Antivirus Vulnerability

Original release date: August 2, 2019The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Cylance Antivirus products. A remote attacker could exploit this vulnerability to take control of an affected...
Auteur: US Cert

IRS Reminds Tax Professionals: Beware Phishing Emails

Original release date: August 1, 2019The Internal Revenue Service (IRS) has issued a news release warning tax professionals of the continued threat of phishing emails. Phishing emails are one of the most common ways cyber criminals steal...
Auteur: US Cert

NIST Publishes Multifactor Authentication Practice Guide

Original release date: August 1, 2019The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce. The...
Auteur: US Cert

FTC Releases Alert on the Capital One Data Breach

Original release date: August 1, 2019The Federal Trade Commission (FTC) has released an alert on the Capital One data breach that exposed the personal information of 106 million Capital One credit card customers and applicants. FTC reminds users...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: August 1, 2019Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#489481: Cylance Antivirus Products Susceptible to Concatenation Bypass

Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality that uses a machine learning algorithm(specifically,a neural network)to classify executables as malicious or benign. Security researchers isolated properties...
Auteur: US Cert

CIS Releases Newsletter on Cleaning Up Data and Devices

Original release date: July 31, 2019The Center for Internet Security (CIS) July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and...
Auteur: US Cert
First78910111213141516Last

Événements SSI