jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IC3 Issues Alert on Employment Scams

Original release date: January 22, 2020The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as...
Auteur: US Cert

Reminder: Safeguard Websites from Cyberattacks

Original release date: January 21, 2020Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information...
Auteur: US Cert

Samba Releases Security Updates

Original release date: January 21, 2020The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory

Original release date: January 17, 2020Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP...
Auteur: US Cert

Microsoft Releases Security Advisory on Internet Explorer Vulnerability

Original release date: January 17, 2020Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: January 17, 2020Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Microsoft has released Security Advisory ADV200001,which describes a memory corruption vulnerability in the Scripting Engine. This vulnerability is being exploited in the wild.
Auteur: US Cert

Oracle Releases January 2020 Security Bulletin

Original release date: January 14, 2020Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: January 14, 2020Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

VMware Releases Security Update

Original release date: January 14, 2020VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure...
Auteur: US Cert

Intel Releases Security Updates

Original release date: January 14, 2020Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of...
Auteur: US Cert

Microsoft Releases January 2020 Security Updates

Original release date: January 14, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

Original release date: January 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop...
Auteur: US Cert

VU#335217: Multiple caching service providers are vulnerable to HTTP cache poisoning

CDNs use HTTP caching software to provide high availability and high performance by distributing the service spatially relative to end-users. The HTTP caching software interprets the HTTP request from a website visitor(web client)using the...
Auteur: US Cert

VU#849224: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains

The Microsoft Windows CryptoAPI,which is provided by Crypt32.dll,fails to validate ECC certificates in a way that properly leverages the protections that ECC cryptography should provide. As a result,an attacker may be able to craft a certificate...
Auteur: US Cert

VU#491944: Microsoft Windows Remote Desktop Gateway allows for unauthenticated remote code execution

Microsoft Windows Remote Desktop Gateway(RD Gateway)is a Windows Server component that provides access to Remote Desktop services without requiring the client system to be present on the same network as the target system. Originally launched as...
Auteur: US Cert

CISA Releases Test for Citrix ADC and Gateway Vulnerability

Original release date: January 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway...
Auteur: US Cert

Juniper Networks Releases Security Updates

Original release date: January 9, 2020Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

Cisco Releases Security Updates for Multiple Products

Original release date: January 9, 2020Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an...
Auteur: US Cert

Citrix Application Delivery Controller and Citrix Gateway Vulnerability

Original release date: January 8, 2020The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to...
Auteur: US Cert

Mozilla Patches Critical Vulnerability

Original release date: January 8, 2020Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: January 8, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: January 8, 2020Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected...
Auteur: US Cert

VU#619785: Citrix Application Delivery Controller and Citrix Gateway directory traversal vulnerability

Citrix has published a security bulletin that mentions a vulnerability that can be exploited to achieve arbitrary code execution by a remote,unauthenticated attacker. Although the bulletin does not describe details about the vulnerability,the...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: January 7, 2020Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For...
Auteur: US Cert
12345678910Last

Événements SSI