New ‘FabricScape’ Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

New ‘FabricScape’ Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

,

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft’s Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster.
The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated

,

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft’s Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster.
The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated

, ,
https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html

La Lituanie durement ciblée par des cyberattaques russes

La Lituanie durement ciblée par des cyberattaques russes,

,

Killnet attaque la Lituanie

Le groupe de pirates Killnet veut inonder le pays balte avec des attaques DDoS, tant que le transit de marchandises vers Kaliningrad ne sera pas totalement rétabli.

L’article La Lituanie durement ciblée par des cyberattaques russes est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/la-lituanie-durement-ciblee-par-des-cyberattaques-russes.html

CISA Warns of Active Exploitation of ‘PwnKit’ Linux Vulnerability in the Wild

CISA Warns of Active Exploitation of ‘PwnKit’ Linux Vulnerability in the Wild

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.
The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit’s pkexec utility, which allows an

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.
The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit’s pkexec utility, which allows an

, ,
https://thehackernews.com/2022/06/cisa-warns-of-active-exploitation-of.html

ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks,

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.
The malware « grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold, »

,

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.
The malware « grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold, »

, ,
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor,

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware.
Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include

,

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware.
Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include

, ,
https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html

Overview of Top Mobile Security Threats in 2022

Overview of Top Mobile Security Threats in 2022,

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. 
Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem?

,

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. 
Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem?

, ,
https://thehackernews.com/2022/06/overview-of-top-mobile-security-threats.html

LockBit, ce ransomware qui vous offre jusqu’à un million de dollars si vous arrivez à le hacker

LockBit, ce ransomware qui vous offre jusqu’à un million de dollars si vous arrivez à le hacker,

,

Les pirates proposent jusqu’à un million de dollars pour ceux qui – entre autres – trouvent des failles dans les sites Web des entreprises ciblées ou dans le réseau Tor.

L’article LockBit, ce ransomware qui vous offre jusqu’à un million de dollars si vous arrivez à le hacker est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/lockbit-le-premier-ransomware-a-vous-offrir-jusqua-un-million-de-dollars-si-vous-arrivez-a-le-hacker.html

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability,

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems.
The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.
<!–adsense–>
Security

,

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems.
The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.
<!–adsense–>
Security

, ,
https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html

New Android Banking Trojan ‘Revive’ Targeting Users of Spanish Financial Services

New Android Banking Trojan ‘Revive’ Targeting Users of Spanish Financial Services

,

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA.
Said to be in its early stages of development, the malware — dubbed Revive by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and distributed by means of phishing campaigns.
« The name Revive has been chosen since one of the

,

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA.
Said to be in its early stages of development, the malware — dubbed Revive by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and distributed by means of phishing campaigns.
« The name Revive has been chosen since one of the

, ,
https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html

Pourquoi les apps de suivi menstruel mettent en danger certaines femmes aux États-Unis

Pourquoi les apps de suivi menstruel mettent en danger certaines femmes aux États-Unis,

,

apps suivi menstruel danger

Les applications de suivi menstruel inquiètent les associations de défense des femmes. Suite à l’abolition du droit à l’avortement aux États-Unis, les données collectées par les apps pourraient être utilisées pour traquer les Américaines ayant subi une IVG.

L’article Pourquoi les apps de suivi menstruel mettent en danger certaines femmes aux États-Unis est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/apps-suivi-menstruel-danger-certaines-femmes.html