VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities,

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks.
Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023.
Tracked as CVE-2022-31706

,

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks.
Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023.
Tracked as CVE-2022-31706

, ,
https://thehackernews.com/2023/01/vmware-releases-patches-for-critical.html

Apple met à jour de (très) vieux iPhone, et vous devriez le faire aussi

Apple met à jour de (très) vieux iPhone, et vous devriez le faire aussi,

apple mac iphone ipad

Un iPhone vintage vient de recevoir une mise à jour de sécurité importante, bien au-delà de sa date de péremption. Plus largement, Apple recommande cette mise à jour à tous les utilisateurs d’iPhone, d’iPad et de Mac pour corriger une vulnérabilité zero-day qui peut être exploitée à distance.

,

apple mac iphone ipad

Un iPhone vintage vient de recevoir une mise à jour de sécurité importante, bien au-delà de sa date de péremption. Plus largement, Apple recommande cette mise à jour à tous les utilisateurs d’iPhone, d’iPad et de Mac pour corriger une vulnérabilité zero-day qui peut être exploitée à distance.

, ,
https://www.01net.com/actualites/apple-met-a-un-jour-de-tres-vieux-iphone-et-vous-devriez-le-faire-aussi.html

Le Samsung Galaxy Store vulnérable aux hackers, installez vite la mise à jour

Le Samsung Galaxy Store vulnérable aux hackers, installez vite la mise à jour,

samsung galaxy store

Deux failles de sécurité viennent d’être repérées sur le Samsung Galaxy Store. L’une d’entre elles permet notamment d’installer des applications sur votre appareil à votre insu.

,

samsung galaxy store

Deux failles de sécurité viennent d’être repérées sur le Samsung Galaxy Store. L’une d’entre elles permet notamment d’installer des applications sur votre appareil à votre insu.

, ,
https://www.01net.com/actualites/le-samsung-galaxy-store-vulnerable-aux-hackers-installez-vite-la-mise-a-jour.html

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection,

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers.
« The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation, » SentinelOne said in an analysis published today.
A striking

,

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers.
« The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation, » SentinelOne said in an analysis published today.
A striking

, ,
https://thehackernews.com/2023/01/chinese-hackers-utilize-golang-malware.html

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft,

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022.
The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber

,

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022.
The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber

, ,
https://thehackernews.com/2023/01/fbi-says-north-korean-hackers-behind.html

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium,

Vulnerability analysis results in Orange Cyberdefenses’ Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning.
Age of VOC findings
Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding

,

Vulnerability analysis results in Orange Cyberdefenses’ Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning.
Age of VOC findings
Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding

, ,
https://thehackernews.com/2023/01/security-navigator-research-some.html

Emotet Malware Makes a Comeback with New Evasion Techniques

Emotet Malware Makes a Comeback with New Evasion Techniques,

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.
Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that’s distributed via

,

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.
Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that’s distributed via

, ,
https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability,

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.
The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.
While it was originally addressed by the company on November

,

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.
The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.
While it was originally addressed by the company on November

, ,
https://thehackernews.com/2023/01/apple-issues-updates-for-older-devices.html

Facebook Introduces New Features for End-to-End Encrypted Messenger App

Facebook Introduces New Features for End-to-End Encrypted Messenger App,

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default.
« Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption, » Meta’s Melissa Miranda said.
The social media behemoth said it intends to notify

,

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default.
« Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption, » Meta’s Melissa Miranda said.
The social media behemoth said it intends to notify

, ,
https://thehackernews.com/2023/01/facebook-introduces-new-features-for.html

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud,

Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.
The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung

,

Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.
The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung

, ,
https://thehackernews.com/2023/01/samsung-galaxy-store-app-found.html