mardi 11 décembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Adobe Releases Security Updates

Original release date: December 06, 2018 Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Apple Releases Multiple Security Updates

Original release date: December 05, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: December 04, 2018 Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected...
Auteur: US Cert

FTC Issues Alert on Recent Marriott Breach

Original release date: December 04, 2018 The Federal Trade Commission (FTC) has released an alert to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood...
Auteur: US Cert

SamSam Ransomware

Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United...
Auteur: US Cert

Protecting Against Identity Theft

Original release date: November 29, 2018 As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and...
Auteur: US Cert

Cisco Releases Security Update

Original release date: November 28, 2018 Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information.NCCIC encourages...
Auteur: US Cert

3ve – Fraudulent Online Advertising

Original release date: November 27, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have released a joint Technical Alert (TA) on a major online ad fraud operation—referred to by the U.S. Government as...
Auteur: US Cert

Samba Releases Security Updates

Original release date: November 27, 2018 The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

VMware Releases Security Updates

Original release date: November 22, 2018 VMware has released security updates to address a vulnerability in Workstation and Fusion. An attacker could exploit this vulnerability to take control of an affected system.NCCIC encourages users...
Auteur: US Cert

Securing Mobile Devices During Holiday Travel

Original release date: November 20, 2018 As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be...
Auteur: US Cert

VMware Releases Security Updates

Original release date: November 20, 2018 VMware has released security updates to address vulnerabilities in vSphere Data Protection. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: November 20, 2018 Adobe has released security updates to address a vulnerability in Adobe Flash Player. An attacker could exploit this vulnerability to take control of an affected system.  NCCIC encourages users and...
Auteur: US Cert

Holiday Scams and Malware Campaigns

Original release date: November 19, 2018 As the holidays approach, NCCIC reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: November 19, 2018 Google has released Chrome version 70.0.3538.110 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.NCCIC...
Auteur: US Cert

Cybersecurity and Infrastructure Security Agency

Original release date: November 19, 2018 On November 16, 2018, the President signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This Act elevates the mission of the former Department of Homeland Security...
Auteur: US Cert

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: November 13, 2018 Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to...
Auteur: US Cert

VMware Releases Security Updates

Original release date: November 09, 2018 VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

NCCIC Releases Analysis Report on JexBoss

Original release date: November 08, 2018 NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: November 07, 2018 Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

Self-Encrypting Solid-State Drive Vulnerabilities

Original release date: November 06, 2018 NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive...
Auteur: US Cert

VU#395981: Self-Encrypting Drives Have Multiple Vulnerabilities

CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end...
Auteur: US Cert

VU#338343: strongSwan VPN charon server vulnerable to buffer underflow

CWE-124: Buffer Underwrite ('Buffer Underflow') - CVE-2018-5388 In stroke_socket.c, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. According...
Auteur: US Cert

VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

CWE-325: Missing Required Cryptographic Step - CVE-2018-5383 Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of...
Auteur: US Cert
123456

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS