Archives des Actualités - Page 259 sur 477

26Juin 2024 by

Practical Guidance For Securing Your Software Supply Chain

Actualités

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For example, look no

26Juin 2024 by

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Actualités

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously

26Juin 2024 by

Share your feedback: ENISA public consultation bolsters EU5G Cybersecurity Certification (ENISA)

Actualités

ENISA has released and is seeking feedback on the embedded Universal Integrated Circuit Card (eUICC) specifications of the cybersecurity certification scheme on EU5G, which is carried out under the Common Criteria scheme.

26Juin 2024 by

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Actualités

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information. According to Sucuri, the latest campaign entails making malicious modifications to the

26Juin 2024 by

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Actualités

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis

26Juin 2024 by

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Actualités

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report. Polyfill is a popular library that

25Juin 2024 by

Vulnérabilité dans LibreOffice (25 juin 2024) (CERT-FR)

Actualités, Sécurité

Une vulnérabilité a été découverte dans Libreoffice. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité

25Juin 2024 by

Vulnérabilité dans Citrix Secure Access client (25 juin 2024) (CERT-FR)

Actualités, Sécurité

Une vulnérabilité a été découverte dans Citrix Secure Access client. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

25Juin 2024 by

Multiples vulnérabilités dans WordPress (25 juin 2024) (CERT-FR)

Actualités, Sécurité

De multiples vulnérabilités ont été découvertes dans WordPress. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

25Juin 2024 by

Multiples vulnérabilités dans Google Chrome (25 juin 2024) (CERT-FR)

Actualités, Sécurité

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Catégorie : Actualités