Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VU#766427: Multiple D-Link routers vulnerable to remote command execution

Several D-Link routers contain CGI capability that is exposed to users as/apply_sec.cgi,and dispatched on the device by the binary/www/cgi/ssi. This CGI code contains two flaws: The/apply_sec.cgi code is exposed to unauthenticated users. The...
Auteur: US Cert

FBI Releases Article on Defending Against E-Skimming

Original release date: October 23, 2019The Federal Bureau of Investigation (FBI) has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit...
Auteur: US Cert

Beware of Stalking Apps

Original release date: October 23, 2019The Federal Trade Commission (FTC) has released an article warning consumers of “stalking apps”—spyware that secretly monitors smartphones. These apps can share information like call history, text messages,...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: October 23, 2019Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: October 23, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Juniper Networks Releases Junos OS Security Advisory

Original release date: October 23, 2019Juniper Networks has released a security update to address a vulnerability in Junos OS. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

FTC Promotes International Charity Fraud Awareness Week

Original release date: October 22, 2019The Federal Trade Commission (FTC) has released an article promoting International Charity Fraud Awareness Week (ICFAW), which runs October 21–25. FTC, the National Association of State Charities Officials,...
Auteur: US Cert

NSA and NCSC Release Joint Advisory on Turla Group Activity

Original release date: October 21, 2019The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint advisory on advanced persistent threat (APT) group Turla—widely reported to be Russian....
Auteur: US Cert

ISC Releases Security Advisories for BIND

Original release date: October 17, 2019The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: October 17, 2019Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing...
Auteur: US Cert

Multiple Vulnerabilities in Pulse Secure VPN

Original release date: October 16, 2019The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network (VPN). An attacker could exploit these vulnerabilities to take...
Auteur: US Cert

VU#927237: Multiple vulnerabilities in Pulse Secure VPN

Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24,2019. This addressed a number of vulnerabilities including a Remote Code Execution(RCE)vulnerability with pre-authentication...
Auteur: US Cert

VMware Releases Security Update for Harbor Container Registry for PCF

Original release date: October 16, 2019 VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an...
Auteur: US Cert

Oracle Releases October 2019 Security Bulletin

Original release date: October 15, 2019Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Adobe Releases Security Updates for Multiple Products

Original release date: October 15, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

WordPress Releases Security Update

Original release date: October 15, 2019WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: October 11, 2019Google has released Chrome version 77.0.3865.120 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

Original release date: October 10, 2019In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides...
Auteur: US Cert

ACSC Releases Small Business Cybersecurity Guide

Original release date: October 10, 2019The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small business protect themselves against common cybersecurity...
Auteur: US Cert

Juniper Networks Releases Security Updates

Original release date: October 10, 2019Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

Intel Releases Security Updates

Original release date: October 9, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected...
Auteur: US Cert

iTerm2 Vulnerability

Original release date: October 9, 2019The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of...
Auteur: US Cert

VU#763073: iTerm2 with tmux integration is vulnerable to remote command execution

iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability,identified as CVE-2019-9535,exists in the way that iTerm2...
Auteur: US Cert

VU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

The Cobham EXPLORER 710 is a portable satellite terminal used to provide satellite telecommunications and internet access. For consistency,“device” mentioned in the following section is defined as the Cobham EXPLORER 710. The affected firmware...
Auteur: US Cert

Microsoft Releases October 2019 Security Updates

Original release date: October 8, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert
First45678910111213Last

Événements SSI