Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Apple created post-quantum cryptographic protocol PQ3
Apple announced the implementation of a post-quantum cryptographic protocol called PQ3 will be integrated into iMessage.
CySecurity News – Latest Information Security and Hacking Incidents: Critical DNS Bug Poses Threat to Internet Stability
A 24-year-old security flaw, known as CVE-2023-50387, allows attackers to disrupt DNS servers.
Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn | TechCrunch
Security experts are warning that a pair of high-risk ConnectWise flaws are being exploited by hackers to deploy LockBit ransomware.
Plus de 2000 serveurs Exchange suisses vulnérables à une faille
Environ 97’000 serveurs Exchange dans le monde sont potentiellement concernés par une faille permettant d’effectuer des attaques de relais NTLM. 2’119 serveurs vulnérables ont été identifiés en Suisse.
Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
Cybersecurity firm Bitdefender discovered a vulnerability in Apple Shortcuts, allowing attackers to access sensitive data without prompting users.
AT&T Outage Disrupts Service for Millions of Users Across US
You are not alone, an AT&T outage is happening across the United States, and the company is working to bring back service to normal.
Wyze Cameras Allow Accidental User Spying
About 13,000 users received camera images and feeds that weren’t theirs. This cyber incident takes place only five months after the company experienced a similar issue and failed to be transparent with users about the issues it was facing.
Microsoft rolls out expanded logging six months after Chinese breach
The technology giant has come under heavy criticism for not making robust logging features available by default.
Georgia election officials withheld evidence in voting machine breach, group alleges
A filing accuses county election officials of withholding records related to unauthorized copying of voting software by Trump allies in 2021.
Over 28,500 Exchange servers vulnerable to actively exploited bug
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
VMware urges admins to remove deprecated, vulnerable auth plug-in
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
Microsoft now force installing Windows 11 23H2 on eligible PCs
Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date.
New ScreenConnect RCE flaw exploited in ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
Des paquets Linux obsolètes fragilisent la sécurité d’Ivanti (MAJ) – Le Monde Informatique
Sécurité Informatique : Une série d’attaques sophistiquées vise depuis plusieurs semaines les produits d’Ivanti. Une enquête menée par Eclypsium basée sur du retro…