jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Microsoft Releases March 2020 Security Updates

Original release date: March 10, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Intel Releases Security Updates

Original release date: March 10, 2020Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: March 10, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#872016: Microsoft SMBv3 compression remote code execution vulnerability

Microsoft Server Message Block 3.1.1(SMBv3)contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. It...
Auteur: US Cert

Zoho Releases Security Update on ManageEngine Desktop Central

Original release date: March 6, 2020Zoho has released a security update on a vulnerability (CVE-2020-10189) affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an...
Auteur: US Cert

Defending Against COVID-19 Cyber Scams

Original release date: March 6, 2020The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments...
Auteur: US Cert

NCSC Releases Advisory on Securing Internet-Connected Cameras

Original release date: March 5, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: March 5, 2020Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates...
Auteur: US Cert

Point-to-Point Protocol Daemon Vulnerability

Original release date: March 5, 2020The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take...
Auteur: US Cert

Social Security Administration Designates March 5 as National ‘Slam the Scam’ Day

Original release date: March 4, 2020In association with the Federal Trade Commission’s National Consumer Protection Week, the Social Security Administration (SSA) has designated March 5 as National “Slam the Scam” Day to educate Americans about...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: March 4, 2020Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

ACSC Releases Securing Content Management Systems Guide

Original release date: March 4, 2020  The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS). This...
Auteur: US Cert

VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

PPP is the protocol used for establishing internet links over dial-up modems,DSL connections,and many other types of point-to-point links including Virtual Private Networks(VPN)such as Point to Point Tunneling Protocol(PPTP). The pppd software...
Auteur: US Cert

National Consumer Protection Week

Original release date: February 28, 2020National Consumer Protection Week (NCPW) is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: February 27, 2020Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a...
Auteur: US Cert

New CWE List of Common Security Weaknesses

Original release date: February 26, 2020MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list...
Auteur: US Cert

OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability

Original release date: February 25, 2020OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: February 25, 2020Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#498544: ZyXEL NAS pre-authentication command injection in weblogin.cgi

CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: February 21, 2020Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: February 20, 2020Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates...
Auteur: US Cert

Adobe Releases Security Updates for After Effects and Media Encoder

Original release date: February 20, 2020Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VMware Releases Security Updates for vRealize Operations for Horizon Adapter

Original release date: February 19, 2020VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Be Cautious of Romance Scams

Original release date: February 14, 2020This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain...
Auteur: US Cert

North Korean Malicious Cyber Activity

Original release date: February 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North...
Auteur: US Cert
12345678910Last

Événements SSI