Cybersécurité : pourquoi la sécurisation du code source devient un nouveau champ de bataille

Cybersécurité : pourquoi la sécurisation du code source devient un nouveau champ de bataille,

Les programmes regorgent souvent de clés de chiffrement et autres codes d’accès. C’est pourquoi ils sont de plus en plus en ligne de mire des pirates. Explications.

,

Les programmes regorgent souvent de clés de chiffrement et autres codes d’accès. C’est pourquoi ils sont de plus en plus en ligne de mire des pirates. Explications.

, ,
https://www.01net.com/actualites/cybersecurite-pourquoi-la-securisation-du-code-source-devient-un-nouveau-champ-de-bataille-2055990.html

Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform

Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform

,

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE).
The flaw, now patched, made it possible to « execute commands remotely within VirusTotal platform and gain access to its various scans capabilities, » Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report

,

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE).
The flaw, now patched, made it possible to « execute commands remotely within VirusTotal platform and gain access to its various scans capabilities, » Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report

, ,
https://thehackernews.com/2022/04/researchers-report-critical-rce.html

Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies

Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies

,

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim’s wallet.
« By exploiting the vulnerability, it’s possible to decrypt the private keys and seed phrases that are stored in the browser’s local storage, » Israeli cybersecurity company Check Point said in a report shared

,

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim’s wallet.
« By exploiting the vulnerability, it’s possible to decrypt the private keys and seed phrases that are stored in the browser’s local storage, » Israeli cybersecurity company Check Point said in a report shared

, ,
https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices,

A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware.
Dubbed « Lilin Scanner » by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020.
<!-

,

A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware.
Dubbed « Lilin Scanner » by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020.
<!-

, ,
https://thehackernews.com/2022/04/new-botenago-malware-variant-targeting.html

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide,

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November.
Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that’s known to be memory safe and

,

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November.
Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that’s known to be memory safe and

, ,
https://thehackernews.com/2022/04/fbi-warns-of-blackcat-ransomware-that.html

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code,

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks.
The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March prior to the arrest of its

,

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks.
The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March prior to the arrest of its

, ,
https://thehackernews.com/2022/04/t-mobile-admits-lapsus-hackers-gained.html

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability,

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections.
Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira’s authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been

,

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections.
Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira’s authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been

, ,
https://thehackernews.com/2022/04/atlassian-drops-patches-for-critical.html

Researcher Releases PoC for Recent Java Cryptographic Vulnerability

Researcher Releases PoC for Recent Java Cryptographic Vulnerability,

A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. 
The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition –

Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18
Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2

,

A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. 
The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition –

Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18
Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2

, ,
https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html

On pouvait pirater des dizaines de millions de smartphones Android grâce à un seul fichier son

On pouvait pirater des dizaines de millions de smartphones Android grâce à un seul fichier son,

Des failles ont été trouvées dans la version open source du codec Apple Lossless Audio Codec. Elle n’a jamais eu de mises à jour de sécurité depuis… 2011.

,

Des failles ont été trouvées dans la version open source du codec Apple Lossless Audio Codec. Elle n’a jamais eu de mises à jour de sécurité depuis… 2011.

, ,
https://www.01net.com/actualites/on-pouvait-pirater-des-dizaines-de-millions-de-smartphones-android-grace-a-un-seul-fichier-son-2055983.html

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud,

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign.
« It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses, » CrowdStrike said in a new report. « It evades detection by targeting Alibaba Cloud’s monitoring service and disabling it. »
Known to strike

,

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign.
« It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses, » CrowdStrike said in a new report. « It evades detection by targeting Alibaba Cloud’s monitoring service and disabling it. »
Known to strike

, ,
https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html