Cyberveille

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/

17/10/2023 19:57:30

Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.

Lausanne veut 2,24 millions pour sa sécurité IT https://www.ictjournal.ch/news/2023-10-17/lausanne-veut-224-millions-pour-sa-securite-it

17/10/2023 19:17:23

La Ville de Lausanne a sollicité un crédit d’investissement de 2,24 millions de francs pour poursuivre ses efforts

L’attaque contre Xplain bloque la modernisation de l’IT de la police vaudoise https://www.ictjournal.ch/news/2023-10-16/lattaque-contre-xplain-bloque-la-modernisation-de-lit-de-la-police-vaudoise

16/10/2023 22:43:15

Le projet «Odyssée» consiste à remplacer trois applications obsolètes utilisées par les polices vaudoises.

Breast Imaging During a Cyberattack and Global Pandemic: What We Did to Pick Up the Pieces - ScienceDirect https://www.sciencedirect.com/science/article/abs/pii/S0887217122000750

16/10/2023 10:43:32

Cybersecurity in healthcare is a very real threat with the potential to severely disrupt patient care, place extra burden on an already strained system, and result in significant financial losses for a hospital or healthcare network. In October 2020, on the backdrop of the ongoing COVID-19 pandemic, our institution experienced one of the most significant cyberattacks on a healthcare system to date, lasting for nearly 40 days. By sharing our experience in radiology, and specifically in breast imaging, including the downtime procedures we relied upon and the lessons that we learned emerging from this cyberattack, we hope to help future victims of a healthcare cyberattack successfully weather such an experience.

Les polices vaudoises hésitent à numériser l’ensemble de leurs activités avec Xplain - rts.ch - Vaud https://www.rts.ch/info/regions/vaud/14393723-les-polices-vaudoises-hesitent-a-numeriser-lensemble-de-leurs-activites-avec-xplain.html

16/10/2023 10:20:01

L'un des projets informatiques les plus importants des polices vaudoises est la victime collatérale d’une importante fuite de données, survenue chez la société Xplain, son principal partenaire, a appris le pôle enquête de la RTS. La collaboration avec cette entreprise bernoise est aujourd’hui sur la sellette.

Samba - Security Announcement Archive https://www.samba.org/samba/security/CVE-2023-3961.html

16/10/2023 10:15:52

The SMB 1/2/3 protocols allow clients to connect to named
pipes via the IPC$ (Inter-Process Communication) share
for the process of inter-process communication between
SMB clients and servers.

Disclosing the BLOODALCHEMY backdoor https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor

15/10/2023 19:37:10

BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.

Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641) https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/

13/10/2023 09:53:33

CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

LinkedIn Smart Links Fuel Credential Phishing Campaign https://cofense.com/blog/linkedin-smart-links-credential-phishing-campaign/

13/10/2023 09:21:57

Learn what LinkedIn Smart Links are and how they're being used to bypass email security gateways. Get up-to-date information on this credential phishing threat

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack https://checkmarx.com/blog/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack/

13/10/2023 09:20:30

During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.

The evolution of Windows authentication https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848

13/10/2023 09:18:12

Discover how we’re securing authentication and reducing NTLM usage in Windows.

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins https://blog.sucuri.net/2023/10/balada-injector-targets-unpatched-tagdiv-plugin-newspaper-theme-wordpress-admins.html

13/10/2023 09:13:15

Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.

Steam Adds Security Layer for Devs After Some Had Their Accounts Compromised and Malware Was Injected in Games https://wccftech.com/steam-adds-security-layer-for-devs-after-some-had-their-accounts-compromised-and-malware-was-injected-in-games

12/10/2023 18:23:12

Valve has added a new security layer for developers who publish their games on Steam after a few had their accounts hacked.

The Predator Files: European Spyware Consortium Supplied Despots and Dictators https://www.spiegel.de/international/business/the-predator-files-european-spyware-consortium-supplied-despots-and-dictators-a-2fd8043f-c5c1-4b05-b5a6-e8f8b9949978

12/10/2023 12:58:15

The Intellexa Alliance is the name of the shady group of European companies that supplies dictators and despots with cyberweapons. The mass spyware attacks have also been lucrative for some in Germany.

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits | FortiGuard Labs https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits

11/10/2023 21:30:32

FortiGuard Labs unmasks IZ1H9 and explores the aggressive exploits in the Mirai-Based DDoS Campaign

HTTP/2 Rapid Reset: deconstructing the record-breaking attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

10/10/2023 14:41:55

This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages | Akamai https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer

09/10/2023 20:13:43

Akamai researchers have discovered a novel obfuscation technique that Magecart attackers are using to hide malicious code and infiltrate websites.

AI Risks https://www.schneier.com/blog/archives/2023/10/ai-risks.html

09/10/2023 19:15:15

There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them.

Plus de la moitié des aînés ciblés par des cyber-escrocs https://www.ictjournal.ch/etudes/2023-10-09/plus-de-la-moitie-des-aines-cibles-par-des-cyber-escrocs

09/10/2023 18:47:47

Le nombre d’aînés ciblés par des cyber-escrocs en Suisse est élevé.

Les hôpitaux de Vittel et Neufchâteau victimes d'une cyberattaque https://www.francebleu.fr/infos/faits-divers-justice/les-hopitaux-de-vittel-et-neufchateau-victimes-d-une-cyberattaque-8825941

09/10/2023 08:47:48

C'est le black-out informatique au centre hospitalier de l'Ouest vosgien. Les établissements de Vittel et Neufchâteau ont été victimes d'une cyberattaque dans la nuit de vendredi à samedi. Les urgences restent maintenues, mais les activités programmées sont suspendues jusqu'à lundi inclus.

Liens par page

Filtres