Report Cyber Crime

Blog

Selon HP, 29 % des logiciels malveillants observés étaient précédemment inconnus

Selon HP, 29 % des logiciels malveillants observés étaient précédemment inconnus HP dévoile son nouveau rapport trimestriel Threat Insights, qui analyse les cyberattaques à l’échelle mondiale. 29 % des logiciels malveillants observés étaient précédemment inconnus*. Ce constat traduit la montée en puissance des logiciels malveillants polymorphes conçus pour tromper les outils de détection basés sur les signatures.

Read More

CISA: Patch These Three Fortinet Bugs Now to Avoid Compromise

The US authorities are urging Fortinet customers to patch three legacy vulnerabilities being exploited in the wild to compromise government, commercial and technology service provider networks. A joint cybersecurity advisory from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Friday warned that threat actors are actively scanning for devices via ports 4443, 8443 and

Read More

Medium CVE-2021-27899: Proofpoint Insider threat management

Description: The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server’s certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7. Source link Is your business effected by Cyber Crime? If a cyber crime or

Read More

Fortinet FortiOS flaws actively exploited in the wild

FortiOS, an operating system built by enterprise security provider Fortinet, has a number of high-severity flaws that are currently being exploited in the wild, US government agencies are saying. The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning, explaining that three different vulnerabilities (CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591) are

Read More

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Source Newsletter (April 1, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We hope you’re enjoying Cisco Live this week and only reading this after you’ve caught up on your sessions for the day.  No April Fool’s jokes here (thankfully) — we are just excited to tell you that applications are now open for the Snort scholarship. Find

Read More

US warns of attacks exploiting Fortinet FortiOS flaws to compromise government, enterprise networks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning that Advanced Persistent Threat (APT) actors are exploiting vulnerabilities in Fortinet FortiOS in ongoing attacks against commercial, government, and technology services networks. The two agencies said that in March 2021 they had observed malicious actors scanning Fortinet

Read More

Wanted: Software Developers with a Security Mindset

[ This article was originally published here ] The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the

Read More

533M Facebook users’ personal data leaks online

Phone numbers and personal data of hundreds of millions of Facebook users have been published on a popular cybercrime forum for free. The exposed info includes the personal information of over 533 million Facebook users from 106 countries, including their full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital

Read More

Ransom Gangs Emailing Victim Customers for Leverage – Krebs on Security

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. This letter is from the

Read More

云安全日报210412:Debian Web应用程序发现目录遍历漏洞,需要尽快升级|Debian|云安全|Web应用_新浪科技_新浪网

原标题:云安全日报210412:Debian Web应用程序发现目录遍历漏洞,需要尽快升级 python-django是一个功能强大开放源代码的重量级Web应用框架。4月9日,Debian发布了安全更新,修复了python-django中发现的目录遍历漏洞。以下是漏洞详情: 漏洞详情 CVE-2021-28658 严重程度: 重要 目录遍历(路径遍历)是由于web服务器或者web应用程序对用户输入的文件名称的安全性验证不足而导致的一种安全漏洞,使得攻击者通过利用一些特殊字符就可以绕过服务器的安全限制,访问任意的文件(可以使web根目录以外的文件),甚至执行系统命令。 在2.2.20之前的Django 2.2、3.0.14之前的3.0和3.1.8之前的3.1中存在目录遍历漏洞,MultiPartParser允许通过具有适当格式的文件名的上载文件遍历目录。 受影响产品及版本 上述漏洞影响Debian9 Stretch 1.10.7-2 + deb9u12之前版本 解决方案 对于Debian 9 Stretch,此问题已在版本1.10.7-2 + deb9u12中修复,建议及时更新python-django软件包。 查看更多漏洞信息 以及升级请访问官网: https://www.debian.org/lts/security/ Source link Is your business effected by Cyber Crime? If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats

Read More