Blog - Page 233 sur 358 - Kortex Consulting

08Mar 2024 by

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

Actualités

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete

07Mar 2024 by

ENISA Single Programming Document 2024 – 2026 – Condensed version (ENISA)

Actualités

Work programme 2024

07Mar 2024 by

CERTFR-2024-AVI-0190 : Multiples vulnérabilités dans les produits Cisco (07 mars 2024) (CERT-FR)

Actualités, Sécurité

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).

07Mar 2024 by

CERTFR-2024-AVI-0191 : Multiples vulnérabilités dans GitLab (07 mars 2024) (CERT-FR)

Actualités, Sécurité

De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

07Mar 2024 by

CERTFR-2024-AVI-0192 : Vulnérabilité dans VMware Cloud Director (07 mars 2024) (CERT-FR)

Actualités, Sécurité

Une vulnérabilité a été découverte dans VMware Cloud Director. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

07Mar 2024 by

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

Actualités

The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor. The findings come from ESET, which

07Mar 2024 by

Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks

Actualités

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&

07Mar 2024 by

Navigating through Challenges and Opportunities of Cybersecurity Standardisation (ENISA)

Actualités

On 5 March, the European Standardisation Organisations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise their 8th Cybersecurity Standardisation Conference.

07Mar 2024 by

Human vs. Non-Human Identity in SaaS

Actualités

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more. Not

07Mar 2024 by

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

Actualités

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential