samedi 30 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Release of New CISA Insights on Increased Geopolitical Tensions and Threats

Original release date: January 6, 2020Stakeholders,   Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a CISA Insights document entitled, “Increased Geopolitical Tensions and Threats” pertaining to the increased tension...
Auteur: US Cert

DHS Releases NTAS Bulletin

Original release date: January 4, 2020Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific,...
Auteur: US Cert

Secure New Internet-Connected Devices

Original release date: December 31, 2019During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this...
Auteur: US Cert

Reminder: CISA Publishes Weekly Vulnerability Summaries

Original release date: December 31, 2019Did you know that the Cybersecurity and Infrastructure Security Agency (CISA) publishes a weekly Vulnerability Bulletin? This recurring item provides a summary of all new vulnerabilities that have been...
Auteur: US Cert

Drupal Releases Security Updates

Original release date: December 19, 2019Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. The...
Auteur: US Cert

VU#873161: Telos Automated Message Handling System contains multiple vulnerabilities

Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community(IC)security marking requirements. AMHS versions prior to version 4.1.5.5 contain multiple XSS vulnerabilities and also fail to properly restrict access to...
Auteur: US Cert

VU#941987: Apple devices vulnerable to boot ROM race condition

A vulnerability in the Boot ROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. The Boot ROM,which is located within the processor,contains the first code executed...
Auteur: US Cert

Google Releases Security Updates for Chrome for Windows, Mac, and Linux

Original release date: December 18, 2019Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected...
Auteur: US Cert

Microsoft Releases Out-of-Band Security Updates

Original release date: December 18, 2019Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and...
Auteur: US Cert

Microsoft Releases Information on CVE-2019-1491

Original release date: December 18, 2019 | Last revised: December 19, 2019Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive...
Auteur: US Cert

WordPress Releases Security and Maintenance Updates

Original release date: December 13, 2019WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and...
Auteur: US Cert

Microsoft Releases December 2019 Security Updates

Original release date: December 10, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: December 10, 2019Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected...
Auteur: US Cert

Apple Releases Multiple Security Updates

Original release date: December 10, 2019Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

Intel Releases Security Updates

Original release date: December 10, 2019Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: December 10, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Samba Releases Security Updates

Original release date: December 10, 2019The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

VMware Releases Security Updates for ESXi and Horizon DaaS

Original release date: December 6, 2019VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

ACSC Releases Fundamentals of Cross Domain Solutions

Original release date: December 5, 2019The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles...
Auteur: US Cert

Microsoft Releases Security Advisory for Windows Hello for Business

Original release date: December 5, 2019Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return...
Auteur: US Cert

NCSC-NZ Releases Cyber Governance Resource for Leaders

Original release date: December 5, 2019The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: December 4, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

Original release date: December 2, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require...
Auteur: US Cert

Cyber Monday: Tips for Safeguarding Personal Information

Original release date: December 2, 2019Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security...
Auteur: US Cert

Caller Spoofs CISA’s Phone Number in Extortion Scam

Original release date: November 29, 2019The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a phone scam where a caller pretends to be a CISA Service Desk representative. The scammer, whose spoofed call appear to be from...
Auteur: US Cert
12345678910Last

Événements SSI