Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

September 14, 2023

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

Adobe's September 2023 update addresses a new zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader that attackers are exploiting in the wild.

22:37
TheHackersNews, 2023, EN, Adobe, Acrobat, CVE-2023-26369
Argent russe: la place financière suisse rattrapée par une fuite de données

Un ancien ministre de Vladimir Poutine et la famille du patron d'une entreprise publique russe, impliquée dans l'effort de guerre, se retrouvent dans les données inédites repérées par la RTS. Des liens avec la place financière suisse sont mis en lumière.
Ces révélations proviennent des documents confidentiels de la société de gestion de fortune zurichoise Finaport. Tout commence en janvier 2023 lorsque l'entreprise, sponsor officiel de l'Open de tennis de Zoug, est victime d'un piratage, comme le révélait le site Watson.

14:58
rts, FR, CH, 2023, Russie, Argent, exfiltration, journalisme, enquête, Finaport
macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks

The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.

14:48
sentinelone, EN, 2023, macOS, infostealer, MetaStealer
CVE-2023-38146: Arbitrary Code Execution via Windows Themes

This is a fun bug I found while poking around at weird Windows file formats. It's a kind of classic Windows style vulnerability featuring broken signing, sketchy DLL loads, file races, cab files, and Mark-of-the-Web silliness. It was also my first experience submitting to the MSRC Windows bug bounty since leaving Microsoft in April of 2022.

12:31
exploits.forsale, EN, 2023, CVE-2023-38146, Arbitrary, Code, Execution, themebleed, Windows, Themes
Trojanized Free Download Manager found to contain a Linux backdoor

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

12:20
securelist, EN, 2023, Backdoor, Linux, Malware, Supply-chain-attack, Download-Manager
Threat actor leaks sensitive data belonging to Airbus

The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company.
The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.

07:19
securityaffairs, EN, 2023, Airbus, leak, databreach
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.

06:48
bleepingcomputer, EN, 2023, CVE-2023-4863, WebP, Firefox, patch
Critical WebP bug: many apps, not just browsers, under threat

The heap buffer overflow (CVE-2023-4863) vulnerability in the WebP Codec is being actively exploited in the wild.

06:48
stackdiary.com, EN, 2023, CVE-2023-4863, WebP, Codec
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

With 70 zero-days uncovered so far this year, 2023 is on track to set a new record.

00:26
arstechnica, EN, 2023, 0-days, record