Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VU#425163: Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack

This vulnerability results from using gradient descent to determine classification of inputs via a neural network. As such,it is a vulnerability in the algorithm. In plain terms,this means that the currently-standard usage of this type of machine...
Auteur: US Cert

Adobe Releases Security Updates for Multiple Products

Original release date: March 18, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

VMware Releases Security Updates for Multiple Products

Original release date: March 16, 2020VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability

Original release date: March 12, 2020Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker could exploit this...
Auteur: US Cert

Microsoft Server Message Block RCE Vulnerability

Original release date: March 11, 2020Microsoft has released a security advisory to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker can exploit this vulnerability to...
Auteur: US Cert

Unpatched Microsoft Exchange Servers Vulnerable to CVE-2020-0688

Original release date: March 10, 2020Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this...
Auteur: US Cert

Microsoft Releases March 2020 Security Updates

Original release date: March 10, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Intel Releases Security Updates

Original release date: March 10, 2020Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: March 10, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#872016: Microsoft SMBv3 compression remote code execution vulnerability

Microsoft Server Message Block 3.1.1(SMBv3)contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. It...
Auteur: US Cert

Zoho Releases Security Update on ManageEngine Desktop Central

Original release date: March 6, 2020Zoho has released a security update on a vulnerability (CVE-2020-10189) affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an...
Auteur: US Cert

Defending Against COVID-19 Cyber Scams

Original release date: March 6, 2020The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments...
Auteur: US Cert

NCSC Releases Advisory on Securing Internet-Connected Cameras

Original release date: March 5, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: March 5, 2020Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates...
Auteur: US Cert

Point-to-Point Protocol Daemon Vulnerability

Original release date: March 5, 2020The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take...
Auteur: US Cert

Social Security Administration Designates March 5 as National ‘Slam the Scam’ Day

Original release date: March 4, 2020In association with the Federal Trade Commission’s National Consumer Protection Week, the Social Security Administration (SSA) has designated March 5 as National “Slam the Scam” Day to educate Americans about...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: March 4, 2020Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

ACSC Releases Securing Content Management Systems Guide

Original release date: March 4, 2020  The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS). This...
Auteur: US Cert

VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

PPP is the protocol used for establishing internet links over dial-up modems,DSL connections,and many other types of point-to-point links including Virtual Private Networks(VPN)such as Point to Point Tunneling Protocol(PPTP). The pppd software...
Auteur: US Cert

National Consumer Protection Week

Original release date: February 28, 2020National Consumer Protection Week (NCPW) is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: February 27, 2020Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a...
Auteur: US Cert

New CWE List of Common Security Weaknesses

Original release date: February 26, 2020MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list...
Auteur: US Cert

OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability

Original release date: February 25, 2020OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: February 25, 2020Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#498544: ZyXEL NAS pre-authentication command injection in weblogin.cgi

CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter...
Auteur: US Cert
12345678910Last

Événements SSI