News

High-Severity RCE Vulnerability Reported in Popular Fastjson Library

High-Severity RCE Vulnerability Reported in Popular Fastjson Library,

Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.
Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called « AutoType. » It was patched by the project maintainers in 

,

Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.
Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called « AutoType. » It was patched by the project maintainers in 

, ,
https://thehackernews.com/2022/06/high-severity-rce-vulnerability.html

• 16 juin, 2022
• Non classé
• More

Pourquoi les petits botnets peuvent générer d’énormes attaques DDoS

Pourquoi les petits botnets peuvent générer d’énormes attaques DDoS,

L’article Pourquoi les petits botnets peuvent générer d’énormes attaques DDoS est à retrouver sur 01net.com.

,

Un site a été confronté à un tsunami de requêtes HTTPS provenant d’un botnet de seulement 5000 systèmes. Explications.

L’article Pourquoi les petits botnets peuvent générer d’énormes attaques DDoS est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/pourquoi-les-petits-botnets-peuvent-generer-denormes-attaques-ddos.html

• 16 juin, 2022
• Actualités, DDoS, Sécurité
• More

Windows : Microsoft corrige une grave faille zero-day… mais en laisse une autre menacer les utilisateurs

Windows : Microsoft corrige une grave faille zero-day… mais en laisse une autre menacer les utilisateurs,

L’article Windows : Microsoft corrige une grave faille zero-day… mais en laisse une autre menacer les utilisateurs est à retrouver sur 01net.com.

,

Microsoft a corrigé 55 vulnérabilités dans Windows, dont trois jugées critiques. En particulier, la faille zero-day Follina est corrigée. Hélas, ce n’est pas le cas de la faille zero-day DogWalk qui reste active.

L’article Windows : Microsoft corrige une grave faille zero-day… mais en laisse une autre menacer les utilisateurs est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/dans-le-cadre-de-son-patch-tuesday-microsoft-corrige-une-faille-zero-day-mais-en-laisse-une-autre-menacer-les-utilisateurs.html

• 16 juin, 2022
• Actualités, Microsoft, Sécurité
• More

MaliBot: A New Android Banking Trojan Spotted in the Wild

MaliBot: A New Android Banking Trojan Spotted in the Wild,

A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot.
The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor

,

A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot.
The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor

, ,
https://thehackernews.com/2022/06/malibot-new-android-banking-trojan.html

• 16 juin, 2022
• Non classé
• More

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication,

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication.
Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper

,

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication.
Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper

, ,
https://thehackernews.com/2022/06/critical-flaw-in-cisco-secure-email-and.html

• 16 juin, 2022
• Non classé
• More

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers,

A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022.
Dubbed Panchan by Akamai Security Research, the malware « utilizes its built-in concurrency features to maximize spreadability and execute malware modules » and « harvests SSH keys to perform lateral movement. »
<!–adsense–>
The feature-packed

,

A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022.
Dubbed Panchan by Akamai Security Research, the malware « utilizes its built-in concurrency features to maximize spreadability and execute malware modules » and « harvests SSH keys to perform lateral movement. »
<!–adsense–>
The feature-packed

, ,
https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html

• 15 juin, 2022
• Non classé
• More

Désinstallez rapidement ces applications Android avant qu’il ne soit trop tard

Désinstallez rapidement ces applications Android avant qu’il ne soit trop tard,

L’article Désinstallez rapidement ces applications Android avant qu’il ne soit trop tard est à retrouver sur 01net.com.

,

Des chercheurs en sécurité ont découvert plusieurs applications Android intégrant des malwares. Toujours disponibles sur le Google Play Store, elles ont été téléchargées plus de deux millions de fois. Méfiance.

L’article Désinstallez rapidement ces applications Android avant qu’il ne soit trop tard est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/desinstallez-rapidement-ces-applications-android-avant-quil-ne-soit-trop-tard.html

• 15 juin, 2022
• Android, Applis, Logiciels, Google, malware, Play Store, Sécurité, trojan
• More

Firefox vous protège encore mieux contre les cookies en activant par défaut sa fonction de protection totale

Firefox vous protège encore mieux contre les cookies en activant par défaut sa fonction de protection totale,

L’article Firefox vous protège encore mieux contre les cookies en activant par défaut sa fonction de protection totale est à retrouver sur 01net.com.

,

Mozilla active par défaut une fonction de protection qui stocke les cookies de chaque site web visité dans des zones séparées, au lieu de les placer dans une zone commune.

L’article Firefox vous protège encore mieux contre les cookies en activant par défaut sa fonction de protection totale est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/firefox-vous-protege-encore-mieux-contre-les-cookies-en-activant-par-defaut-sa-fonction-de-protection-totale.html

• 15 juin, 2022
• mozilla firefox, Sécurité
• More

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs,

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack.
Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal

,

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack.
Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal

, ,
https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html

• 15 juin, 2022
• Non classé
• More

Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR

Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR,

Breaches don’t just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don’t have the financial resources to recover if they

,

Breaches don’t just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don’t have the financial resources to recover if they

, ,
https://thehackernews.com/2022/06/comprehensive-easy-cybersecurity-for.html

• 15 juin, 2022
• Non classé
• More