vendredi 15 février 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Mozilla Releases Security Update for Thunderbird

Original release date: February 14, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox

Original release date: February 12, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The...
Auteur: US Cert

Microsoft Releases February 2019 Security Updates

Original release date: February 12, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The...
Auteur: US Cert

Internet Romance Scams

Original release date: February 12, 2019 The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and...
Auteur: US Cert

Cisco Releases Security Update

Original release date: February 12, 2019 Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information.The National Cybersecurity...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: February 12, 2019 Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of...
Auteur: US Cert

New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: February 12, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers....
Auteur: US Cert

runc Open-Source Container Vulnerability

Original release date: February 11, 2019 The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several...
Auteur: US Cert

Apple Releases Multiple Security Updates

Original release date: February 07, 2019 Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities...
Auteur: US Cert

Microsoft Releases Security Advisory for Exchange Server

Original release date: February 05, 2019 Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected...
Auteur: US Cert

Marvell Avastar Wi-Fi Vulnerability

Original release date: February 05, 2019 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to...
Auteur: US Cert

VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,and 88W8897). The presentation provides some detail about a block pool memory overflow. During Wi-Fi...
Auteur: US Cert

NSA Releases Updated Guidance on Side-Channel Vulnerabilities

Original release date: February 01, 2019 The National Security Agency (NSA) has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to...
Auteur: US Cert

NCCIC Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: January 30, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs)....
Auteur: US Cert

MS-ISAC Releases Advisory on DNS Flag Day

Original release date: January 30, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and...
Auteur: US Cert

Mozilla Releases Security Update for Thunderbird

Original release date: January 30, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system.The National...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: January 29, 2019 Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.  The...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox

Original release date: January 29, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The National...
Auteur: US Cert

CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

Original release date: January 28, 2019 The CERT Coordination Center (CERT/CC) has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability...
Auteur: US Cert

VU#465632: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks

Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscription,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the...
Auteur: US Cert

CISA Releases Blog on Emergency Directive

Original release date: January 24, 2019 The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs, has released a blog, titled “Why CISA Issued Our First Emergency...
Auteur: US Cert

Tax Identity Theft Awareness Week

Original release date: January 24, 2019 Tax Identity Theft Awareness Week is January 28 to February 1. This annual campaign aims to help consumers be more informed about protecting themselves from tax-related identity theft and scams....
Auteur: US Cert

Cisco Releases Security Updates

Original release date: January 23, 2019 Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The National...
Auteur: US Cert

CISA Emergency Directive on DNS Infrastructure Tampering

Original release date: January 22, 2019 The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to address ongoing incidents associated with global Domain Name...
Auteur: US Cert

Apple Releases Multiple Security Updates

Original release date: January 22, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The National...
Auteur: US Cert
12345678

Événements SSI

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS