CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478.
« These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise, » the agency said in an advisory

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478.
« These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise, » the agency said in an advisory

, ,
https://thehackernews.com/2022/03/cisa-adds-another-95-flaws-to-its.html

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism,

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day.
A new analysis by Israeli cybersecurity company Check Point Research has found that « user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group. »
Prominent among the groups are anti-Russian cyber

,

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day.
A new analysis by Israeli cybersecurity company Check Point Research has found that « user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group. »
Prominent among the groups are anti-Russian cyber

, ,
https://thehackernews.com/2022/03/both-sides-in-russia-ukraine-war.html

40 minutes suffisent pour casser un mot de passe de 8 caractères… il en faut au moins 16 pour être serein

40 minutes suffisent pour casser un mot de passe de 8 caractères… il en faut au moins 16 pour être serein,

Pour être à peu près en sécurité, il faut avoir des codes secrets d’au moins 11 caractères. Mais c’est mieux d’aller au-delà de 16 caractères.

,

Pour être à peu près en sécurité, il faut avoir des codes secrets d’au moins 11 caractères. Mais c’est mieux d’aller au-delà de 16 caractères.

, ,
https://www.01net.com/actualites/40minutes-suffisent-pour-casser-un-mot-de-passe-de-8caracteres-il-en-faut-au-moins-16-pour-etre-serein-2055328.html

Comment les attaques en DDoS vont devenir bien plus puissantes grâce à une nouvelle technique dévastatrice

Comment les attaques en DDoS vont devenir bien plus puissantes grâce à une nouvelle technique dévastatrice,

Cette nouvelle technique s’appuie sur des serveurs intermédiaires dédiés à la surveillance des flux et promet des niveaux d’amplification particulièrement élevés… voire quasi infinis.

,

Cette nouvelle technique s’appuie sur des serveurs intermédiaires dédiés à la surveillance des flux et promet des niveaux d’amplification particulièrement élevés… voire quasi infinis.

, ,
https://www.01net.com/actualites/comment-les-attaques-en-ddos-vont-devenir-bien-plus-puissantes-grace-a-une-nouvelle-technique-devastatrice-2055260.html

New Security Vulnerability Affects Thousands of GitLab Instances

New Security Vulnerability Affects Thousands of GitLab Instances,

Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions

,

Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions

, ,
https://thehackernews.com/2022/03/new-security-vulnerability-affects.html

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks,

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.
Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer

,

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.
Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer

, ,
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption,

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the « first side-channel attack » on homomorphic encryption that could be exploited to leak data as the encryption process is underway.
« Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it

,

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the « first side-channel attack » on homomorphic encryption that could be exploited to leak data as the encryption process is underway.
« Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it

, ,
https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products,

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.
The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a

,

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.
The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a

, ,
https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html

How to Automate Offboarding to Keep Your Company Safe

How to Automate Offboarding to Keep Your Company Safe,

In the midst of ‘The Great Resignation,’ the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. 
When employee counts range into the five-figure territory — and entire networks of contractors have to be

,

In the midst of ‘The Great Resignation,’ the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. 
When employee counts range into the five-figure territory — and entire networks of contractors have to be

, ,
https://thehackernews.com/2022/03/how-to-automate-offboarding-to-keep.html

Ukraine : malwares, sabotage et espionnage, la guerre s’intensifie également dans le cyberespace

Ukraine : malwares, sabotage et espionnage, la guerre s’intensifie également dans le cyberespace,

Sabotage, attaques par déni de services distribué, portes dérobées, espionnage… Désormais, tous les coups sont permis dans ce conflit armé.

,

Sabotage, attaques par déni de services distribué, portes dérobées, espionnage… Désormais, tous les coups sont permis dans ce conflit armé.

, ,
https://www.01net.com/actualites/ukraine-malwares-sabotage-et-espionnage-la-guerre-s-intensifie-egalement-dans-le-cyberespace-2055228.html