Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ACSC Releases Securing Content Management Systems Guide

Original release date: March 4, 2020  The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS). This...
Auteur: US Cert

VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

PPP is the protocol used for establishing internet links over dial-up modems,DSL connections,and many other types of point-to-point links including Virtual Private Networks(VPN)such as Point to Point Tunneling Protocol(PPTP). The pppd software...
Auteur: US Cert

National Consumer Protection Week

Original release date: February 28, 2020National Consumer Protection Week (NCPW) is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: February 27, 2020Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a...
Auteur: US Cert

New CWE List of Common Security Weaknesses

Original release date: February 26, 2020MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list...
Auteur: US Cert

OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability

Original release date: February 25, 2020OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: February 25, 2020Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#498544: ZyXEL NAS pre-authentication command injection in weblogin.cgi

CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: February 21, 2020Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: February 20, 2020Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates...
Auteur: US Cert

Adobe Releases Security Updates for After Effects and Media Encoder

Original release date: February 20, 2020Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VMware Releases Security Updates for vRealize Operations for Horizon Adapter

Original release date: February 19, 2020VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Be Cautious of Romance Scams

Original release date: February 14, 2020This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain...
Auteur: US Cert

North Korean Malicious Cyber Activity

Original release date: February 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North...
Auteur: US Cert

New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

Original release date: February 12, 2020The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice,...
Auteur: US Cert

FBI Releases IC3 2019 Internet Crime Report

Original release date: February 12, 2020The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3...
Auteur: US Cert

VU#597809: IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI)

IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. Both ServeRAID Manager and Java 1.4.2 are no longer supported. ServeRAID Manager uses a Java remote method invocation(RMI)interface on a TCP port that listens on all...
Auteur: US Cert

Microsoft Releases February 2020 Security Updates

Original release date: February 11, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Intel Releases Security Updates

Original release date: February 11, 2020Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure...
Auteur: US Cert

Adobe Releases Security Updates for Multiple Products

Original release date: February 11, 2020Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Mozilla Releases Security Updates for Multiple Products

Original release date: February 11, 2020Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Safer Internet Day

Original release date: February 10, 2020February 11, 2020, is Safer Internet Day, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's theme—Together for a...
Auteur: US Cert

ACSC Releases Advisory on Mailto Ransomware Incidents

Original release date: February 6, 2020The Australian Cyber Security Centre (ACSC) has released an advisory on Mailto ransomware incidents. The ACSC has limited information regarding the initial intrusion vector for Mailto, also known as...
Auteur: US Cert

Cisco Releases Security Updates for Multiple Products

Original release date: February 6, 2020Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: February 5, 2020Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The...
Auteur: US Cert
12345678910Last

Événements SSI